Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JNI: wrap wolfSSL_set_tls13_secret_cb() in WolfSSLSession.setTls13SecretCb() #181

Merged
merged 1 commit into from
Mar 28, 2024
Merged

JNI: wrap wolfSSL_set_tls13_secret_cb() in WolfSSLSession.setTls13SecretCb() #181

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions examples/Client.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,9 @@ public void run(String[] args) {
int logCallback = 0; /* use test logging callback */
int usePsk = 0; /* use pre shared keys */

boolean useSecretCallback = false; /* enable TLS 1.3 secret cb */
String keyLogFile = "sslkeylog.log"; /* output keylog file */

long session = 0; /* pointer to WOLFSSL_SESSION */
boolean resumeSession = false; /* try one session resumption */

Expand Down Expand Up @@ -201,6 +204,16 @@ public void run(String[] args) {
} else if (arg.equals("-r")) {
resumeSession = true;

} else if (arg.equals("-tls13secretcb")) {
if (!WolfSSL.secretCallbackEnabled()) {
printUsage();
}
if (args.length < i+2) {
printUsage();
}
useSecretCallback = true;
keyLogFile = args[++i];

} else {
printUsage();
}
Expand Down Expand Up @@ -451,6 +464,16 @@ public void run(String[] args) {
}
}

/* Set TLS 1.3 secret callback if enabled */
if (useSecretCallback) {
MyTls13SecretCallback tsc =
new MyTls13SecretCallback(keyLogFile);
ssl.keepArrays();
ssl.setTls13SecretCb(tsc, null);
System.out.println("Writing TLS 1.3 secrets to keylog file: " +
keyLogFile);
}

/* open Socket */
if (doDTLS == 1) {
dsock = new DatagramSocket();
Expand Down Expand Up @@ -757,6 +780,8 @@ void printUsage() {
System.out.println("-U\t\tEnable Atomic User Record Layer Callbacks");
if (WolfSSL.isEnabledPKCallbacks() == 1)
System.out.println("-P\t\tPublic Key Callbacks");
if (WolfSSL.secretCallbackEnabled())
System.out.println("-tls13secretcb\tEnable TLS 1.3 secret callback");
System.exit(1);
}

Expand Down
141 changes: 141 additions & 0 deletions examples/MyTls13SecretCallback.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
/* MyTls13SecretCallback.java
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/

import java.io.FileWriter;
import java.io.PrintWriter;
import java.io.IOException;

import com.wolfssl.WolfSSL;
import com.wolfssl.WolfSSLSession;
import com.wolfssl.WolfSSLTls13SecretCallback;
import com.wolfssl.WolfSSLJNIException;

/**
* Example TLS 1.3 secret callback implementation.
*
* This is provided as an example only, and used with the example JNI
* applications provided in this package. Users in production environments
* should write their own implementation to conform to desired goals.
*/
class MyTls13SecretCallback implements WolfSSLTls13SecretCallback
{
/* SSL keylog file to output secrets to */
private String sslKeyLogFile = "sslkeylog.log";

/**
* Create new MyTls13SecretCallback using default "sslkeylog.log" file
* path.
*/
public MyTls13SecretCallback() {
}

/**
* Create new MyTls13SecretCallback object specifying SSL keylog file
* path.
*
* @param keyLogFile path to output file (ex: sslkeylog.log) to use
* for writing TLS 1.3 secrets into.
*/
public MyTls13SecretCallback(String keyLogFile) {
this.sslKeyLogFile = keyLogFile;
}

/**
* Callback method for printing/saving TLS 1.3 secrets, for use
* with Wireshark. Called by native wolfSSL when each secret is available.
*
* @param ssl the current SSL session object from which the
* callback was initiated.
* @param id Identifier specifying what type of secret this callback
* is being called with, one of the following:
* WolfSSL.CLIENT_EARLY_TRAFFIC_SECRET
* WolfSSL.EARLY_EXPORTER_SECRET
* WolfSSL.CLIENT_HANDSHAKE_TRAFFIC_SECRET
* WolfSSL.SERVER_HANDSHAKE_TRAFFIC_SECRET
* WolfSSL.CLIENT_TRAFFIC_SECRET
* WolfSSL.SERVER_TRAFFIC_SECRET
* WolfSSL.EXPORTER_SECRET
* @param secret Current secret as byte array
* @param ctx Optional user context if set
*
* @return 0 on success, otherwise negative if callback encounters
* an error.
*/
public int tls13SecretCallback(WolfSSLSession ssl, int id, byte[] secret,
Object ctx) {

int i;
String str = null;
FileWriter fw = null;
PrintWriter pw = null;
byte[] clientRandom = null;

try {
/* Open FileWriter in append mode */
fw = new FileWriter(sslKeyLogFile, true);
pw = new PrintWriter(fw);

clientRandom = ssl.getClientRandom();
if (clientRandom == null || clientRandom.length == 0) {
System.out.println("Error getting client random");
}

/* Set secret label based on ID */
if (id == WolfSSL.CLIENT_EARLY_TRAFFIC_SECRET) {
str = "CLIENT_EARLY_TRAFFIC_SECRET";
} else if (id == WolfSSL.EARLY_EXPORTER_SECRET) {
str = "EARLY_EXPORTER_SECRET";
} else if (id == WolfSSL.CLIENT_HANDSHAKE_TRAFFIC_SECRET) {
str = "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
} else if (id == WolfSSL.SERVER_HANDSHAKE_TRAFFIC_SECRET) {
str = "SERVER_HANDSHAKE_TRAFFIC_SECRET";
} else if (id == WolfSSL.CLIENT_TRAFFIC_SECRET) {
str = "CLIENT_TRAFFIC_SECRET";
} else if (id == WolfSSL.SERVER_TRAFFIC_SECRET) {
str = "SERVER_TRAFFIC_SECRET";
} else if (id == WolfSSL.EXPORTER_SECRET) {
str = "EXPORTER_SECRET";
} else {
pw.close();
return WolfSSL.TLS13_SECRET_CB_E;
}

pw.printf("%s ", str);
for (i = 0; i < clientRandom.length; i++) {
pw.printf("%02x", clientRandom[i]);
}
pw.printf(" ");
for (i = 0; i < clientRandom.length; i++) {
pw.printf("%02x", secret[i]);
}
pw.printf("\n");

pw.close();

return 0;

} catch (IOException | WolfSSLJNIException e) {
e.printStackTrace();
return WolfSSL.TLS13_SECRET_CB_E;
}
}
}

104 changes: 104 additions & 0 deletions native/com_wolfssl_WolfSSL.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,97 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getBulkCipherAlgorithmEnumCAMELL
return wolfssl_camellia;
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1CLIENT_1EARLY_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return CLIENT_EARLY_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1CLIENT_1HANDSHAKE_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return CLIENT_HANDSHAKE_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1SERVER_1HANDSHAKE_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return SERVER_HANDSHAKE_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1CLIENT_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return CLIENT_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1SERVER_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return SERVER_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1EARLY_1EXPORTER_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return EARLY_EXPORTER_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1EXPORTER_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return EXPORTER_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_TLSv1Enabled
(JNIEnv* jenv, jclass jcl)
{
Expand Down Expand Up @@ -519,6 +610,19 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_sessionTicketEnabled
#endif
}

JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_secretCallbackEnabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#ifdef HAVE_SECRET_CALLBACK
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}

JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_SSLv3_1ServerMethod
(JNIEnv* jenv, jclass jcl)
{
Expand Down
66 changes: 66 additions & 0 deletions native/com_wolfssl_WolfSSL.h
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading