/* WolfSSL.java * * Copyright (C) 2006-2016 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ package com.wolfssl; import java.net.InetSocketAddress; import java.net.Socket; /** * Base class which wraps the native WolfSSL embedded SSL library. * This class contains library init and cleanup methods, general callback * methods, as well as error codes and general wolfSSL codes. * * @author wolfSSL * @version 1.1, September 2013 */ public class WolfSSL { /* ----------------------- wolfSSL codes ---------------------------- */ public final static int SSL_ERROR_NONE = 0; public final static int SSL_FAILURE = 0; public final static int SSL_SUCCESS = 1; public final static int SSL_BAD_CERTTYPE = -8; public final static int SSL_BAD_STAT = -7; public final static int SSL_BAD_PATH = -6; public final static int SSL_BAD_FILETYPE = -5; public final static int SSL_BAD_FILE = -4; public final static int SSL_NOT_IMPLEMENTED = -3; public final static int SSL_UNKNOWN = -2; public final static int SSL_FATAL_ERROR = -1; public final static int SSL_FILETYPE_ASN1 = 2; public final static int SSL_FILETYPE_PEM = 1; /** ASN1 */ public final static int SSL_FILETYPE_DEFAULT = 2; /** NTRU raw key blog */ public final static int SSL_FILETYPE_RAW = 3; /** * Verification mode for peer certificates. *

* Client mode: the client will not verify the certificate * received from the server and the handshake will continue as normal. *
* Server mode: the server will not send a certificate request * to the client. As such, client verification will not be enabled. * * @see WolfSSLContext#setVerify(long, int, WolfSSLVerifyCallback) */ public final static int SSL_VERIFY_NONE = 0; /** * Verification mode for peer certificates. *

* Client mode: the client will verify the certificate received * from the server during the handshake. This is turned on by default * in wolfSSL, therefore, using this option has no effect. *
* Server mode: the server will send a certificate request to the * client and verify the client certificate which is received. * * @see WolfSSLContext#setVerify(long, int, WolfSSLVerifyCallback) */ public final static int SSL_VERIFY_PEER = 1; /** * Verification mode for peer certificates. *

* Client mode: no effect when used on the client side. *
* Server mode: the verification will fail on the server side * if the client fails to send a certificate when requested to do so * (when using SSL_VERIFY_PEER on the SSL server). * * @see WolfSSLContext#setVerify(long, int, WolfSSLVerifyCallback) */ public final static int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2; public final static int SSL_VERIFY_CLIENT_ONCE = 4; public final static int SSL_SESS_CACHE_OFF = 30; public final static int SSL_SESS_CACHE_CLIENT = 31; public final static int SSL_SESS_CACHE_SERVER = 32; public final static int SSL_SESS_CACHE_BOTH = 33; public final static int SSL_SESS_CACHE_NO_AUTO_CLEAR = 34; public final static int SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35; public final static int SSL_ERROR_WANT_READ = 2; public final static int SSL_ERROR_WANT_WRITE = 3; public final static int SSL_ERROR_WANT_CONNECT = 7; public final static int SSL_ERROR_WANT_ACCEPT = 8; public final static int SSL_ERROR_SYSCALL = 5; public final static int SSL_ERROR_WANT_X509_LOOKUP = 83; public final static int SSL_ERROR_ZERO_RETURN = 6; public final static int SSL_ERROR_SSL = 85; /* extra definitions from ssl.h */ public final static int WOLFSSL_CRL_CHECKALL = 1; public final static int WOLFSSL_OCSP_URL_OVERRIDE = 1; public final static int WOLFSSL_OCSP_NO_NONCE = 2; /* I/O callback default errors, pulled from wolfssl/ssl.h IOerrors */ public final static int WOLFSSL_CBIO_ERR_GENERAL = -1; public final static int WOLFSSL_CBIO_ERR_WANT_READ = -2; public final static int WOLFSSL_CBIO_ERR_WANT_WRITE = -2; public final static int WOLFSSL_CBIO_ERR_CONN_RST = -3; public final static int WOLFSSL_CBIO_ERR_ISR = -4; public final static int WOLFSSL_CBIO_ERR_CONN_CLOSE = -5; public final static int WOLFSSL_CBIO_ERR_TIMEOUT = -6; /* Atomic User Needs, from ssl.h */ public final static int WOLFSSL_SERVER_END = 0; public final static int WOLFSSL_CLIENT_END = 1; public final static int WOLFSSL_BLOCK_TYPE = 2; public final static int WOLFSSL_STREAM_TYPE = 3; public final static int WOLFSSL_AEAD_TYPE = 4; public final static int WOLFSSL_TLS_HMAC_INNER_SZ = 13; /* GetBulkCipher enum, pulled in from ssl.h for Atomic Record layer */ public final static int wolfssl_cipher_null = 0; public final static int wolfssl_rc4 = 1; public final static int wolfssl_rc2 = 2; public final static int wolfssl_des = 3; public final static int wolfssl_triple_des = 4; public final static int wolfssl_des40 = 5; public final static int wolfssl_idea = 6; public final static int wolfssl_aes = 7; public final static int wolfssl_aes_gcm = 8; public final static int wolfssl_aes_ccm = 9; public final static int wolfssl_hc128 = 10; public final static int wolfssl_rabbit = 11; /* wolfSSL error codes, pulled in from wolfssl/error.h wolfSSL_ErrorCodes */ public final static int GEN_COOKIE_E = -277; public final static int SSL_SENT_SHUTDOWN = 1; public final static int SSL_RECEIVED_SHUTDOWN = 2; public final static int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4; public final static int SSL_OP_NO_SSLv2 = 8; public final static int SSL_HANDSHAKE_FAILURE = 101; public final static int SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102; public final static int SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103; public final static int SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104; /** Monitor this CRL directory flag */ public final static int WOLFSSL_CRL_MONITOR = 0x01; /** Start CRL monitoring flag */ public final static int WOLFSSL_CRL_START_MON = 0x02; /** Bad mutex */ public final static int BAD_MUTEX_ERROR = -256; /** Bad path for opendir */ public final static int BAD_PATH_ERROR = -258; /** CRL Monitor already running */ public final static int MONITOR_RUNNING_E = -263; /** Thread create error */ public final static int THREAD_CREATE_E = -264; /** Cache header match error */ public final static int CACHE_MATCH_ERROR = -280; /* ---------------------- wolfCrypt codes ---------------------------- */ /** Out of memory error */ public final static int MEMORY_E = -125; /** Output buffer too small or input too large */ public final static int BUFFER_E = -132; /** ASN input error, not enough data */ public final static int ASN_INPUT_E = -154; /** Bad function argument provided */ public final static int BAD_FUNC_ARG = -173; /** Feature not compiled in */ public final static int NOT_COMPILED_IN = -174; /** No password provided by user */ public final static int NO_PASSWORD = -176; /* hmac codes, from wolfssl/wolfcrypt/hmac.h */ public final static int MD5 = 0; public final static int SHA = 1; public final static int SHA256 = 2; public final static int SHA512 = 4; public final static int SHA384 = 5; /* ------------------------ constructors ---------------------------- */ /** * Initializes the wolfSSL library for use. * * @throws com.wolfssl.WolfSSLException if wolfSSL library fails to * initialize correctly */ public WolfSSL() throws WolfSSLException { int ret = init(); if (ret != SSL_SUCCESS) { throw new WolfSSLException("Failed to initialize wolfSSL library: " + ret); } } /* ------------------- private/protected methods -------------------- */ private native int init(); static native void nativeFree(long ptr); /* ------------------------- Java methods --------------------------- */ /** * Loads JNI library; must be called prior to any other calls in this class. * @throws UnsatisfiedLinkError if the library is not found. */ public static void loadLibrary() throws UnsatisfiedLinkError { System.loadLibrary("wolfSSL"); } /** * Load JNI library; must be called prior to any other calls in this * package. * @param libPath path to native JNI library * @throws UnsatisfiedLinkError if the library is not found. */ public static void loadLibrary(String libPath) throws UnsatisfiedLinkError { System.loadLibrary(libPath); } /* ---------------- native SSL/TLS version functions ---------------- */ /** * Indicates that the application is a server and will only support the * SSL 3.0 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) * @deprecated SSL 3.0 is now considered insecure. */ @Deprecated public final static native long SSLv3_ServerMethod(); /** * Indicates that the application is a client and will only support the * SSL 3.0 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) * @deprecated SSL 3.0 is now considered insecure. */ @Deprecated public final static native long SSLv3_ClientMethod(); /** * Indicates that the application is a server and will only support the * TLS 1.0 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long TLSv1_ServerMethod(); /** * Indicates that the application is a client and will only support the * TLS 1.0 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long TLSv1_ClientMethod(); /** * Indicates that the application is a server and will only support the * TLS 1.1 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long TLSv1_1_ServerMethod(); /** * Indicates that the application is a client and will only support the * TLS 1.1 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long TLSv1_1_ClientMethod(); /** * Indicates that the application is a server and will only support the * TLS 1.2 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long TLSv1_2_ServerMethod(); /** * Indicates that the application is a client and will only support the * TLS 1.2 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long TLSv1_2_ClientMethod(); /** * Indicates that the application is a server and will only support the * DTLS 1.0 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long DTLSv1_ServerMethod(); /** * Indicates that the application is a client and will only support the * DTLS 1.0 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long DTLSv1_ClientMethod(); /** * Indicates that the application is a server and will only support the * DTLS 1.2 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long DTLSv1_2_ServerMethod(); /** * Indicates that the application is a client and will only support the * DTLS 1.2 protocol. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long DTLSv1_2_ClientMethod(); /** * Indicates that the application is a server and will use the highest * possible SSL/TLS version from SSL 3.0 up to TLS 1.2. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long SSLv23_ServerMethod(); /** * Indicates that the application is a client and will use the highest * possible SSL/TLS version from SSL 3.0 up to TLS 1.2. * This method allocates memory for and initializes a new native * WOLFSSL_METHOD structure to be used when creating the SSL/TLS * context with newContext(). * * @return A pointer to the created WOLFSSL_METHOD structure if * successful, null on failure. * @see WolfSSLContext#newContext(long) */ public final static native long SSLv23_ClientMethod(); /** * Converts an error code returned by getError() into a more human- * readable error string. * The maximum length of the returned string is 80 characters by * default, as defined by MAX_ERROR_SZ in the native wolfSSL * error.h header file. * * @param errNumber error code returned by getError() * @return output String containing human-readable error * string matching errNumber * on success. On failure, this method returns a * String with the appropriate failure reason. * @see WolfSSLSession#getError(long, int) */ public final static native String getErrorString(long errNumber); /** * Un-initializes the wolfSSL library from further use. * Doesn't have to be called, though it will free any resources used by * the library. * * @return SSL_SUCCESS upon success, BAD_MUTEX_ERROR * on mutex error. */ public final static native int cleanup(); /** * Turns on debug logging at runtime. * To enable logging at build time, use --enable-debug or define * DEBUG_WOLFSSL. Debugging must be enabled at build time in order * for the method to have any effect. * * @return SSL_SUCCESS upon success. NOT_COMPILED_IN * if logging isnt' enabled for this wolfSSL build. * @see #debuggingOFF() * @see #setLoggingCb(WolfSSLLoggingCallback) */ public final static native int debuggingON(); /** * Turns off runtime debug log messages. * If they're already off, no action is taken. * * @see #debuggingON() * @see #setLoggingCb(WolfSSLLoggingCallback) */ public final static native void debuggingOFF(); /** * Registers the callback to be used for Logging debug and trace * messages. * * @param cb Callback to be used for logging debug messages * @return SSL_ERROR_NONE upon success, * BAD_FUNC_ARG if input is null, * NOT_COMPILED_IN if wolfSSL was not * compiled with debugging support enabled. * @see #debuggingON() * @see #debuggingOFF() */ public final static native int setLoggingCb(WolfSSLLoggingCallback cb); /** * Persists session cache to memory buffer. * This method can be used to persist the current session cache to a * memory buffer for storage. The cache can be loaded back into wolfSSL * using the corresponding memrestoreSessionCache() method. * * @param mem buffer to store session cache in * @param sz size of the input buffer, mem * @return SSL_SUCCESS on success, * SSL_FAILURE on general failure, * BUFFER_E if the memory buffer is too * small to store the session cache in, * BAD_MUTEX_ERROR if the session cache * mutex lock failed, * BAD_FUNC_ARG if invalid parameters are * used. * @see #memrestoreSessionCache(byte[], int) * @see #getSessionCacheMemsize() * @see WolfSSLContext#memsaveCertCache(long, byte[], int, int[]) * @see WolfSSLContext#memrestoreCertCache(long, byte[], int) * @see WolfSSLContext#getCertCacheMemsize(long) */ public static native int memsaveSessionCache(byte[] mem, int sz); /** * Restores the persistant session cache from memory buffer. * This function restores a session cache that was previously saved to * a memory buffer. * * @param mem buffer containing persistant session cache to be restored * @param sz size of the input buffer, mem * @return SSL_SUCCESS upon success, * SSL_FAILURE upon general failure, * BUFFER_E if the memory buffer is too * small, CACHE_MATCH_ERROR if the * session cache header match failed and there were * differences in how the cache and the current library * are configured, BAD_MUTEX_ERROR * if the session cache mutex lock failed, * BAD_FUNC_ARG if invalid parameters are * used. * @see #memsaveSessionCache(byte[], int) * @see #getSessionCacheMemsize() * @see WolfSSLContext#memsaveCertCache(long, byte[], int, int[]) * @see WolfSSLContext#memrestoreCertCache(long, byte[], int) * @see WolfSSLContext#getCertCacheMemsize(long) */ public static native int memrestoreSessionCache(byte[] mem, int sz); /** * Gets how big the session cache save buffer needs to be. * Use this method to determine how large the buffer needs to be to * store the persistant session cache into memory. * * @return size, in bytes, of how large the output buffer should be * to store the session cache into memory. * @see #memsaveSessionCache(byte[], int) * @see #memrestoreSessionCache(byte[], int) * @see WolfSSLContext#memsaveCertCache(long, byte[], int, int[]) * @see WolfSSLContext#memrestoreCertCache(long, byte[], int) * @see WolfSSLContext#getCertCacheMemsize(long) */ public static native int getSessionCacheMemsize(); /** * Returns the DER-encoded form of the certificate pointed to by * x509. * * @param x509 pointer (long) to a native WOLFSSL_X509 object. This * objects represents an X.509 certificate. * @return DER-encoded certificate or * null if the input buffer is null. * */ public static native byte[] x509_getDer(long x509); /** * Returns the wolfSSL max HMAC digest size. * Specifically, returns the value of the native wolfSSL * MAX_DIGEST_SIZE define. * * @return value of native MAX_DIGEST_SIZE define */ public static native int getHmacMaxSize(); /* ------------------------- isEnabled methods -------------------------- */ /** * Checks if CRL support is enabled in wolfSSL native library. * * @return 1 if enabled, 0 if not compiled in */ public static native int isEnabledCRL(); /** * Checks if CRL Monitor support is enabled in wolfSSL native library. * * @return 1 if enabled, 0 if not compiled in */ public static native int isEnabledCRLMonitor(); /** * Checks if OCSP support is enabled in wolfSSL native library. * * @return 1 if enabled, 0 if not compiled in */ public static native int isEnabledOCSP(); /** * Checks if PSK support is enabled in wolfSSL native library. * * @return 1 if enabled, 0 if not compiled in */ public static native int isEnabledPSK(); /** * Checks if DTLS support is enabled in wolfSSL native library. * * @return 1 if enabled, 0 if not compiled in */ public static native int isEnabledDTLS(); /** * Checks if Atomic User support is enabled in wolfSSL native library. * * @return 1 if enabled, 0 if not compiled in */ public static native int isEnabledAtomicUser(); /** * Checks if Public Key Callback support is enabled in wolfSSL * native library. * * @return 1 if enabled, 0 if not compiled in */ public static native int isEnabledPKCallbacks(); } /* end WolfSSL */