WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

JNI: wrap wolfSSL_CTX_UseSupportedCurve() in com.wolfssl.WolfSSLContext

pull/158/head
Chris Conlon 2023-11-10 10:21:00 -07:00
parent 454d0e6e80
commit f95e446b87
7 changed files with 181 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
native/com_wolfssl_WolfSSL.c
View File

@ -376,6 +376,32 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_RsaEnabled
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Curve25519Enabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if defined(HAVE_CURVE25519)
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Curve448Enabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if defined(HAVE_CURVE448)
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_FileSystemEnabled
(JNIEnv* jenv, jclass jcl)
{

16
native/com_wolfssl_WolfSSL.h
View File

@ -503,6 +503,22 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_EccEnabled
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_RsaEnabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: Curve25519Enabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Curve25519Enabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: Curve448Enabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Curve448Enabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: FileSystemEnabled

24
native/com_wolfssl_WolfSSLContext.c
View File

@ -5449,6 +5449,30 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_usePskIdentityHint
#endif
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_useSupportedCurve
(JNIEnv* jenv, jobject jcl, jlong ctxPtr, jint name)
{
#ifdef HAVE_SUPPORTED_CURVES
int ret = 0;
WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)(uintptr_t)ctxPtr;
(void)jcl;
if (jenv == NULL || ctx == NULL) {
return (jint)SSL_FAILURE;
}
ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)name);
return (jint)ret;
#else
(void)jenv;
(void)jcl;
(void)ctxPtr;
(void)name;
return (jint)NOT_COMPILED_IN;
#endif
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_useSecureRenegotiation
(JNIEnv* jenv, jobject jcl, jlong ctx)
{

8
native/com_wolfssl_WolfSSLContext.h
View File

@ -367,6 +367,14 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setPskServerCb
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_usePskIdentityHint
(JNIEnv *, jobject, jlong, jstring);
/*
* Class: com_wolfssl_WolfSSLContext
* Method: useSupportedCurve
* Signature: (JI)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_useSupportedCurve
(JNIEnv *, jobject, jlong, jint);
/*
* Class: com_wolfssl_WolfSSLContext
* Method: useSecureRenegotiation

16
src/java/com/wolfssl/WolfSSL.java
View File

@ -664,6 +664,22 @@ public class WolfSSL {
*/
public static native boolean RsaEnabled();
/**
* Tests if Curve25519/X25519 support has been compiled into the native
* wolfSSL library.
*
* @return true if enabled, otherwise false if not compiled in.
*/
public static native boolean Curve25519Enabled();
/**
* Tests if Curve448/X448 support has been compiled into the native
* wolfSSL library.
*
* @return true if enabled, otherwise false if not compiled in.
*/
public static native boolean Curve448Enabled();
/**
* Tests if filesystem support has been compiled into the wolfSSL library.
*

39
src/java/com/wolfssl/WolfSSLContext.java
View File

@ -381,6 +381,7 @@ public class WolfSSLContext {
private native void setPskClientCb(long ctx);
private native void setPskServerCb(long ctx);
private native int usePskIdentityHint(long ssl, String hint);
private native int useSupportedCurve(long ctx, int name);
private native int useSecureRenegotiation(long ctx);
private native int setMinDhKeySz(long ctx, int keySzBits);
private native int setMinRsaKeySz(long ctx, int keySzBits);
@ -1861,6 +1862,44 @@ public class WolfSSLContext {
}
}
/**
* Sets the TLS Supported Curves to be used in the ClientHello
* extension if enabled in native wolfSSL.
*
* @param curveNames String array of ECC curve names to set into the
* Supported Curve extension. String values should match names from
* the following list:
* "sect163k1", "sect163r1", "sect163r2", "sect193r1",
* "sect193r2", "sect233k1", "sect233r1", "sect239k1",
* "sect283k1", "sect283r1", "sect409k1", "sect409r1",
* "sect571k1", "sect571r1", "secp160k1", "secp160r1",
* "secp160r2", "secp192k1", "secp192r1", "secp224k1",
* "secp224r1", "secp256k1", "secp256r1", "secp384r1",
* "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
* "brainpoolP512r1", "x25519", "x448", "sm2P256v1",
* "ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144",
* "ffdhe8192"
*
* @return <code>WolfSSL.SSL_SUCCESS</code> on success, otherwise
* negative on error.
* @throws IllegalStateException WolfSSLContext has been freed
*/
public int useSupportedCurves(String[] curveNames)
throws IllegalStateException {
int ret = 0;
int curveEnum = 0;
for (String curve : curveNames) {
curveEnum = WolfSSL.getNamedGroupFromString(curve);
synchronized (ctxLock) {
ret = useSupportedCurve(getContextPtr(), curveEnum);
}
}
return ret;
}
/**
* Enable use of secure renegotiation on this session. Calling this
* API does not initiate secure renegotiation, but enables it. If enabled,

52
src/test/com/wolfssl/test/WolfSSLContextTest.java
View File

@ -75,6 +75,7 @@ public class WolfSSLContextTest {
test_WolfSSLContext_setPskServerCb();
test_WolfSSLContext_usePskIdentityHint();
test_WolfSSLContext_useSecureRenegotiation();
test_WolfSSLContext_useSupportedCurves();
test_WolfSSLContext_setMinRSAKeySize();
test_WolfSSLContext_setMinECCKeySize();
test_WolfSSLContext_free();
@ -359,6 +360,57 @@ public class WolfSSLContextTest {
System.out.println("\t... passed");
}
public void test_WolfSSLContext_useSupportedCurves() {
int ret;
String[] singleEccSecp256r1 = new String[] { "secp256r1" };
String[] allEccCurves = new String[] {
"secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1",
"secp224k1", "secp224r1", "secp256k1", "secp256r1", "secp384r1",
"secp521r1"
};
String[] x25519Curve = new String[] { "x25519" };
String[] x448Curve = new String[] { "x448" };
System.out.print("\tuseSupportedCurves()");
try {
ret = ctx.useSupportedCurves(singleEccSecp256r1);
if (ret != WolfSSL.SSL_SUCCESS &&
ret != WolfSSL.NOT_COMPILED_IN) {
System.out.println("\t... failed");
fail("useSupportedCurves(singleEccSecp256r1) failed");
}
ret = ctx.useSupportedCurves(allEccCurves);
if (ret != WolfSSL.SSL_SUCCESS &&
ret != WolfSSL.NOT_COMPILED_IN) {
System.out.println("\t... failed");
fail("useSupportedCurves(allEccCurves) failed");
}
if (WolfSSL.Curve25519Enabled()) {
ret = ctx.useSupportedCurves(x25519Curve);
if (ret != WolfSSL.SSL_SUCCESS &&
ret != WolfSSL.NOT_COMPILED_IN) {
System.out.println("\t... failed");
fail("useSupportedCurves(x25519Curve) failed");
}
}
if (WolfSSL.Curve448Enabled()) {
ret = ctx.useSupportedCurves(x448Curve);
if (ret != WolfSSL.SSL_SUCCESS &&
ret != WolfSSL.NOT_COMPILED_IN) {
System.out.println("\t... failed");
fail("useSupportedCurves(x448Curve) failed");
}
}
System.out.println("\t...passed");
} catch (IllegalStateException e) {
System.out.println("\t... failed");
fail("useSupportedCurves failed");
e.printStackTrace();
}
}
public void test_WolfSSLContext_setMinRSAKeySize() {
int ret = 0;