Skip to content

Commit

Permalink
JNI: wrap wolfSSL_set_tls13_secret_cb() in WolfSSLSession.setTls13Sec…
Browse files Browse the repository at this point in the history 
…retCb(), along with example in Client.java
  • Loading branch information
@cconlon
cconlon committed Mar 27, 2024
1 parent ecd67a4 commit 2bba86a
Show file tree
Hide file tree
Showing 11 changed files with 873 additions and 30 deletions.
24 changes: 24 additions & 0 deletions examples/Client.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,9 @@ public void run(String[] args) {
int logCallback = 0; /* use test logging callback */
int usePsk = 0; /* use pre shared keys */

boolean useSecretCallback = false; /* enable TLS 1.3 secret cb */
String keyLogFile = "sslkeylog.log"; /* output keylog file */

long session = 0; /* pointer to WOLFSSL_SESSION */
boolean resumeSession = false; /* try one session resumption */

Expand Down Expand Up @@ -201,6 +204,16 @@ public void run(String[] args) {
} else if (arg.equals("-r")) {
resumeSession = true;

} else if (arg.equals("-tls13secretcb")) {
if (!WolfSSL.secretCallbackEnabled()) {
printUsage();
}
if (args.length < i+2) {
printUsage();
}
useSecretCallback = true;
keyLogFile = args[++i];

} else {
printUsage();
}
Expand Down Expand Up @@ -451,6 +464,15 @@ public void run(String[] args) {
}
}

/* Set TLS 1.3 secret callback if enabled */
if (useSecretCallback) {
MyTls13SecretCallback tsc = new MyTls13SecretCallback();
ssl.keepArrays();
ssl.setTls13SecretCb(tsc, null);
System.out.println("Writing TLS 1.3 secrets to keylog file: " +
keyLogFile);
}

/* open Socket */
if (doDTLS == 1) {
dsock = new DatagramSocket();
Expand Down Expand Up @@ -757,6 +779,8 @@ void printUsage() {
System.out.println("-U\t\tEnable Atomic User Record Layer Callbacks");
if (WolfSSL.isEnabledPKCallbacks() == 1)
System.out.println("-P\t\tPublic Key Callbacks");
if (WolfSSL.secretCallbackEnabled())
System.out.println("-tls13secretcb\tEnable TLS 1.3 secret callback");
System.exit(1);
}

Expand Down
141 changes: 141 additions & 0 deletions examples/MyTls13SecretCallback.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
/* MyTls13SecretCallback.java
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/

import java.io.FileWriter;
import java.io.PrintWriter;
import java.io.IOException;

import com.wolfssl.WolfSSL;
import com.wolfssl.WolfSSLSession;
import com.wolfssl.WolfSSLTls13SecretCallback;
import com.wolfssl.WolfSSLJNIException;

/**
* Example TLS 1.3 secret callback implementation.
*
* This is provided as an example only, and used with the example JNI
* applications provided in this package. Users in production environments
* should write their own implementation to conform to desired goals.
*/
class MyTls13SecretCallback implements WolfSSLTls13SecretCallback
{
/* SSL keylog file to output secrets to */
private String sslKeyLogFile = "sslkeylog.log";

/**
* Create new MyTls13SecretCallback using default "sslkeylog.log" file
* path.
*/
public MyTls13SecretCallback() {
}

/**
* Create new MyTls13SecretCallback object specifying SSL keylog file
* path.
*
* @param keyLogFile path to output file (ex: sslkeylog.log) to use
* for writing TLS 1.3 secrets into.
*/
public MyTls13SecretCallback(String keyLogFile) {
this.sslKeyLogFile = keyLogFile;
}

/**
* Callback method for printing/saving TLS 1.3 secrets, for use
* with Wireshark. Called by native wolfSSL when each secret is available.
*
* @param ssl the current SSL session object from which the
* callback was initiated.
* @param id Identifier specifying what type of secret this callback
* is being called with, one of the following:
* WolfSSL.CLIENT_EARLY_TRAFFIC_SECRET
* WolfSSL.EARLY_EXPORTER_SECRET
* WolfSSL.CLIENT_HANDSHAKE_TRAFFIC_SECRET
* WolfSSL.SERVER_HANDSHAKE_TRAFFIC_SECRET
* WolfSSL.CLIENT_TRAFFIC_SECRET
* WolfSSL.SERVER_TRAFFIC_SECRET
* WolfSSL.EXPORTER_SECRET
* @param secret Current secret as byte array
* @param ctx Optional user context if set
*
* @return 0 on success, otherwise negative if callback encounters
* an error.
*/
public int tls13SecretCallback(WolfSSLSession ssl, int id, byte[] secret,
Object ctx) {

int i;
String str = null;
FileWriter fw = null;
PrintWriter pw = null;
byte[] clientRandom = null;

try {
/* Open FileWriter in append mode */
fw = new FileWriter(sslKeyLogFile, true);
pw = new PrintWriter(fw);

clientRandom = ssl.getClientRandom();
if (clientRandom == null || clientRandom.length == 0) {
System.out.println("Error getting client random");
}

/* Set secret label based on ID */
if (id == WolfSSL.CLIENT_EARLY_TRAFFIC_SECRET) {
str = "CLIENT_EARLY_TRAFFIC_SECRET";
} else if (id == WolfSSL.EARLY_EXPORTER_SECRET) {
str = "EARLY_EXPORTER_SECRET";
} else if (id == WolfSSL.CLIENT_HANDSHAKE_TRAFFIC_SECRET) {
str = "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
} else if (id == WolfSSL.SERVER_HANDSHAKE_TRAFFIC_SECRET) {
str = "SERVER_HANDSHAKE_TRAFFIC_SECRET";
} else if (id == WolfSSL.CLIENT_TRAFFIC_SECRET) {
str = "CLIENT_TRAFFIC_SECRET";
} else if (id == WolfSSL.SERVER_TRAFFIC_SECRET) {
str = "SERVER_TRAFFIC_SECRET";
} else if (id == WolfSSL.EXPORTER_SECRET) {
str = "EXPORTER_SECRET";
} else {
pw.close();
return WolfSSL.TLS13_SECRET_CB_E;
}

pw.printf("%s ", str);
for (i = 0; i < clientRandom.length; i++) {
pw.printf("%02x", clientRandom[i]);
}
pw.printf(" ");
for (i = 0; i < clientRandom.length; i++) {
pw.printf("%02x", secret[i]);
}
pw.printf("\n");

pw.close();

return 0;

} catch (IOException | WolfSSLJNIException e) {
e.printStackTrace();
return WolfSSL.TLS13_SECRET_CB_E;
}
}
}

104 changes: 104 additions & 0 deletions native/com_wolfssl_WolfSSL.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,97 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getBulkCipherAlgorithmEnumCAMELL
return wolfssl_camellia;
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1CLIENT_1EARLY_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return CLIENT_EARLY_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1CLIENT_1HANDSHAKE_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return CLIENT_HANDSHAKE_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1SERVER_1HANDSHAKE_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return SERVER_HANDSHAKE_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1CLIENT_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return CLIENT_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1SERVER_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return SERVER_TRAFFIC_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1EARLY_1EXPORTER_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return EARLY_EXPORTER_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1EXPORTER_1SECRET
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
return EXPORTER_SECRET;
#else
return NOT_COMPILED_IN;
#endif
}

JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_TLSv1Enabled
(JNIEnv* jenv, jclass jcl)
{
Expand Down Expand Up @@ -519,6 +610,19 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_sessionTicketEnabled
#endif
}

JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_secretCallbackEnabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;

#ifdef HAVE_SECRET_CALLBACK
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}

JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_SSLv3_1ServerMethod
(JNIEnv* jenv, jclass jcl)
{
Expand Down
66 changes: 66 additions & 0 deletions native/com_wolfssl_WolfSSL.h
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 2bba86a

Please sign in to comment.