Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add JNI and VaultIC provisioning #397

Draft
wants to merge 10 commits into
base: master
Choose a base branch
from
Draft

Add JNI and VaultIC provisioning #397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
9c6c6ca
Update to include initial provisioning support
billphipps Aug 29, 2023
ba0c703
Initial update with working JNI as prototype interface.
billphipps Aug 30, 2023
558de63
Updates to finalize JNI API with stubs.
billphipps Aug 30, 2023
828097a
Update to MainActivity
billphipps Aug 31, 2023
b6ab88f
Updates to finish loading and most of provisioning. App is broken.
billphipps Sep 5, 2023
0928209
Updates with working provisioning and kdf users.
billphipps Sep 6, 2023
3cdf6f5
Added missing file.
billphipps Sep 6, 2023
516e46b
Fix missing comma.
billphipps Sep 6, 2023
ce7318a
Correct const pointer warning.
billphipps Sep 6, 2023
1e955c9
Minor updates to improve compatibility with servers and certs.
billphipps Oct 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 18 additions & 5 deletions android/wolfssljni-ndk-gradle/app/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,14 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
-DWOLFSSL_AKID_NAME -DHAVE_CTS -DNO_DES3 -DGCM_TABLE_4BIT
-DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT
-DHAVE_AESGCM -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8

-DHAVE_SECURE_RENEGOTIATION
#-DHAVE_SERVER_RENEGOTIATION_INFO
-DWOLFSSL_ALT_CERT_CHAINS

# Defines added for debugging. These can be removed if debug logging is not needed
# and will increase performance and reduce library footprint size if removed.
-DEBUG_WOLFSSL
-DEBUG_WOLFSSL -DWOLFSSL_ANDROID_DEBUG

# Defines added for wolfCrypt test and benchmark only, may not be needed for your
# own application.
Expand Down Expand Up @@ -272,8 +276,8 @@ target_link_libraries(

# --------------------------- wolfCrypt CryptoCb Source Files --------------------------------------
# set which cryptocb subsystem (if any) will be used
set(WOLFSSL_CRYPTOCB_TYPE "")
#set(WOLFSSL_CRYPTOCB_TYPE "ccb_vaultic")
#set(WOLFSSL_CRYPTOCB_TYPE "")
set(WOLFSSL_CRYPTOCB_TYPE "ccb_vaultic")

# Support for ccb_vaultic
if("${WOLFSSL_CRYPTOCB_TYPE}" MATCHES "ccb_vaultic")
Expand All @@ -288,15 +292,18 @@ if("${WOLFSSL_CRYPTOCB_TYPE}" MATCHES "ccb_vaultic")
add_library(ccbvaultic SHARED
${cryptocb_DIR}/ccb_vaultic.c)

add_library(ccbvaulticjni SHARED
${cryptocb_DIR}/com_wolfssl_ccbvaultic_ccbVaultic.c)

# TODO Add support for other architectures
if("${ANDROID_ABI}" MATCHES "arm64-v8a")
add_definitions(
-DHAVE_CCBVAULTIC -DWC_USE_DEVID=0x56490420 -DBENCH_EMBEDDED
#-DCCBVAULTIC_NO_AES
#-DCCBVAULTIC_NO_RSA
-DCCBVAULTIC_NO_SHA
#-DCCBVAULTIC_DEBUG
#-DCCBVAULTIC_DEBUG_TIMING
-DCCBVAULTIC_DEBUG
-DCCBVAULTIC_DEBUG_TIMING
)

set(VAULTIC_DIR ${cryptocb_DIR}/VaultIC-TLS_420/vaultic_tls-4xx)
Expand Down Expand Up @@ -336,4 +343,10 @@ if("${WOLFSSL_CRYPTOCB_TYPE}" MATCHES "ccb_vaultic")
wolfssljni
ccbvaultic
)
# Link ccbvaulticjni to ccbvaultic
target_link_libraries(
ccbvaulticjni
ccbvaultic
)

endif() #ccb_vaultic
2 changes: 2 additions & 0 deletions android/wolfssljni-ndk-gradle/app/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ android {
sourceSets {
// wolfSSL JNI Java source files are added here
main.java.srcDirs += '../wolfssljni/src/java'
// ccbVaultIc JNI Java source files
main.java.srcDirs += '../../../ccb_vaultic/java'
}
namespace 'com.wolfssl.wolfssljni_ndk_gradle'
}
Expand Down
254 changes: 191 additions & 63 deletions ...lfssljni-ndk-gradle/app/src/main/java/com/wolfssl/wolfssljni_ndk_gradle/MainActivity.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,22 @@
import android.widget.TextView;

import com.wolfssl.WolfSSL;
import com.wolfssl.provider.jsse.WolfSSLKeyX509;
import com.wolfssl.provider.jsse.WolfSSLProvider;

import com.wolfssl.ccbvaultic.ccbVaultIc;

import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.security.Security;
import java.util.concurrent.Executors;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

public class MainActivity extends AppCompatActivity {

Expand Down Expand Up @@ -76,23 +83,51 @@ private void appendDisplayText(String s)
});
};

String[] filenames = {"/key.pem","/crt.pem",null}; //"/ca.pem"

byte[] debugPin = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07};

byte[] debugMac = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F};
byte[] debugEnc = { 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F};


byte[] debugKey = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F};
byte[] debugLabel = "Debug Label".getBytes();

byte[] debugFile1 = "FILE1".getBytes();
byte[] debugFile2 = "FILE2".getBytes();


public String getCmd = "GET / HTTP/1.1\r\n" +
"Host: www.wolfssl.com\r\n" +
"Accept: */*\r\n\r\n";

private final View.OnClickListener sslSocketConnectListener = v -> {
setDisplayText("Making simple SSL/TLS connection to:\n" +
setDisplayText("Making simple SSL/TLS connection to:" +
host + ":" + port + "\n" +
"See logcat output for details (adb logcat).\n" +
"...\n");
"See logcat output for details (adb logcat).\n");
Executors.newSingleThreadExecutor().execute(() -> {
try {
/* Enable wolfJSSE debug messages */
System.setProperty("wolfjsse.debug", "true");

/* Select The devId which will be registered and used on every other invocation */
/* Unique devId's are compiled into wolfssljni */
//int devId = 0x56490420; /* VaultIC 420 */
int devId = WolfSSL.INVALID_DEVID; /* No hardware offload */
int devId = 0x56490420; /* VaultIC 420 */
//int devId = WolfSSL.INVALID_DEVID; /* No hardware offload */

/* Select if the cipher suites and protocols will be limited */
boolean limitCipherProtocol = false;
boolean limitCipherProtocol = true;
//boolean limitCipherProtocol = false;

/* Select if using Debug or KDF user for HW provisioning and connection */
boolean useKdfUser = true;
//boolean useKdfUser = false;

long[] ts = new long[10];

Expand All @@ -104,70 +139,163 @@ private void appendDisplayText(String s)
ts[1] = System.currentTimeMillis();
connectCount++;

if (((connectCount % 2) == 0) && (devId != WolfSSL.INVALID_DEVID)) {
appendDisplayText("B. Using hardware offload\n");
wolfProv.registerDevId(devId);
wolfProv.setDevId(devId);
} else {
appendDisplayText("B. Using software crypto.\n");
KeyManager[] km = null;
TrustManager[] tm = null;
long totalRead = 0;
ccbVaultIc cv = new ccbVaultIc();

if(devId != WolfSSL.INVALID_DEVID) {
switch(connectCount % 3) {
case 1: //SW
{
appendDisplayText("B. Using software crypto.\n");
wolfProv.setDevId(WolfSSL.INVALID_DEVID);
};break;
case 2: //HW Manu
{
appendDisplayText("B. Using hardware offload - MANU\n");

// MANU
cv.UpdateDefaultAuth_Manu(debugPin);

wolfProv.registerDevId(devId);
wolfProv.setDevId(devId);

int rc = 0;
if(useKdfUser) {
rc = cv.ProvisionAction_App(
devId, Boolean.TRUE,
debugKey, debugLabel,
filenames[0], debugFile1,
filenames[1], debugFile2,
null, null);
} else {
rc = cv.ProvisionAction_Debug(
devId, Boolean.TRUE,
debugMac, debugEnc,
filenames[0], debugFile1,
filenames[1], debugFile2,
null, null);
}
appendDisplayText("Provision rc=" + rc + "\n" );
byte[] data = new byte[ccbVaultIc.CCBVAULTIC_INFO_LEN];
rc = cv.GetInfoText(devId, data);
appendDisplayText("GetInfoText rc=" + rc + "\n" + new String(data));

rc = cv.PerformSelfTest(devId);
appendDisplayText("SelfTest rc=" + rc + "\n");
// Skip the connection tests
};break;
case 0: //HW App
{
appendDisplayText("B. Using hardware offload - APP\n");

if(useKdfUser) {
cv.UpdateDefaultAuth_App(debugKey, debugLabel);
} else {
cv.UpdateDefaultAuth_Debug(debugMac, debugEnc);
}

wolfProv.registerDevId(devId);
wolfProv.setDevId(devId);

//Load static data
//km = cv.GenerateKM(medKeyFile.getBytes(), medCrtFile.getBytes());

//Load data from VaultIC
ccbVaultIc.LoadFiles loadFiles = cv.LoadAction(devId,
filenames[0], filenames[1],filenames[2]);
if (loadFiles.rc == 0) {
int[] sizes = new int[3];
if (loadFiles.file1 != null) sizes[0] = loadFiles.file1.length;
if (loadFiles.file2 != null) sizes[1] = loadFiles.file2.length;
if (loadFiles.file3 != null) sizes[2] = loadFiles.file3.length;
appendDisplayText("Loaded File sizes: " +
" 1:" + sizes[0] +
" 2:" + sizes[1] +
" 3:" + sizes[2] +
"\n");
km = cv.GenerateKM(loadFiles.file1, loadFiles.file2);
tm = cv.GenerateTM(loadFiles.file3);
}

byte[] data = new byte[ccbVaultIc.CCBVAULTIC_INFO_LEN];
int rc = cv.GetInfoText(devId, data);
appendDisplayText("GetInfoText rc=" + rc + "\n" + new String(data));
};break;
}
}
else {
appendDisplayText("B. Using internal crypto.\n");
wolfProv.setDevId(WolfSSL.INVALID_DEVID);
}

ts[2] = System.currentTimeMillis();
appendDisplayText("C. Setting up context and socket\n");

/* not setting up KeyStore or TrustStore, wolfJSSE will load
* CA certs from the Android system KeyStore by default. */
SSLContext ctx = SSLContext.getInstance("TLS", wolfProv.getName());
ctx.init(null, null, null);

SSLSocketFactory sf = ctx.getSocketFactory();
SSLSocket sock = (SSLSocket) sf.createSocket(host, port);

if (limitCipherProtocol) {
/* Limit cipherSuites and protocol */
String[] cipherSuites = new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"};
sock.setEnabledCipherSuites(cipherSuites);
String[] protocols = new String[]{"TLSv1.2"};
sock.setEnabledProtocols(protocols);
}

ts[3] = System.currentTimeMillis();
appendDisplayText("D. Starting Handshake\n");
sock.startHandshake();

ts[4] = System.currentTimeMillis();
appendDisplayText("E. Sending GET Request\n");
String getCmd = "GET / HTTP/1.1\r\n" +
"Host: www.wolfssl.com\r\n" +
"Accept: */*\r\n\r\n";
sock.getOutputStream().write(getCmd.getBytes());

ts[5] = System.currentTimeMillis();
long sizeLimit = 10 * 1024;
appendDisplayText("F. Receiving at least " + sizeLimit + " bytes\n");
byte[] data = new byte[4 * 1024];
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
long totalRead = 0;
/* Read the first 10kB */
while (totalRead < sizeLimit) {
int nRead = sock.getInputStream().read(data, 0, data.length);
if (nRead < 0) break;
buffer.write(data, 0, nRead);
totalRead = totalRead + nRead;
// Skip the connection if we are doing HW MANU
if((devId == WolfSSL.INVALID_DEVID)||((connectCount % 3) != 2)) {
appendDisplayText("C. Setting up context and socket\n");

SSLContext ctx = SSLContext.getInstance("TLS", wolfProv.getName());
/* not setting up KeyStore or TrustStore, wolfJSSE will load
* CA certs from the Android system KeyStore by default. */
ctx.init(km, tm, null);

SSLSocketFactory sf = ctx.getSocketFactory();
SSLSocket sock = (SSLSocket) sf.createSocket(host, port);

if (limitCipherProtocol) {
/* Limit cipherSuites and protocol */
String[] cipherSuites = new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"};
sock.setEnabledCipherSuites(cipherSuites);
String[] protocols = new String[]{"TLSv1.2"};
sock.setEnabledProtocols(protocols);
}

ts[3] = System.currentTimeMillis();
appendDisplayText("D. Starting Handshake\n");
sock.startHandshake();

ts[4] = System.currentTimeMillis();
appendDisplayText("E. Sending GET Request\n");
sock.getOutputStream().write(getCmd.getBytes());

ts[5] = System.currentTimeMillis();
long sizeLimit = 10 * 1024;
appendDisplayText("F. Receiving at least " + sizeLimit + " bytes\n");
byte[] data = new byte[4 * 1024];
ByteArrayOutputStream buffer = new ByteArrayOutputStream();

/* Read the first 10kB */
while (totalRead < sizeLimit) {
int nRead = sock.getInputStream().read(data, 0, data.length);
if (nRead < 0) break;
buffer.write(data, 0, nRead);
totalRead = totalRead + nRead;
}

ts[6] = System.currentTimeMillis();
appendDisplayText("G. Closing socket\n");
sock.close();

ts[7] = System.currentTimeMillis();
}

ts[6] = System.currentTimeMillis();
appendDisplayText("G. Closing socket\n");
sock.close();

ts[7] = System.currentTimeMillis();
if (((connectCount % 2) == 0) && (devId != WolfSSL.INVALID_DEVID)) {
appendDisplayText("H. Disabling hardware offload\n");
wolfProv.setDevId(WolfSSL.INVALID_DEVID);
wolfProv.unRegisterDevId(devId);
if(devId != WolfSSL.INVALID_DEVID) {
switch(connectCount % 3) {
case 1: //SW
{
appendDisplayText("H. Software crypto still enabled\n");
};break;
case 0: //HW -App
case 2: //HW - Manu
{
appendDisplayText("H. Disabling hardware offload\n");
wolfProv.setDevId(WolfSSL.INVALID_DEVID);
wolfProv.unRegisterDevId(devId);
};break;
}
} else {
appendDisplayText("H. Software crypto still enabled\n");
appendDisplayText("H. Internal crypto still enabled\n");
}

ts[8] = System.currentTimeMillis();
Expand Down
Loading