Skip to content

Comments

Add DH AlgorithmParameters, AlgorithmParameterGenerator, KeyFactory, and related fixes#161

Merged
rlm2002 merged 8 commits intowolfSSL:masterfrom
cconlon:dhAlgorithmParams
Oct 20, 2025
Merged

Add DH AlgorithmParameters, AlgorithmParameterGenerator, KeyFactory, and related fixes#161
rlm2002 merged 8 commits intowolfSSL:masterfrom
cconlon:dhAlgorithmParams

Conversation

@cconlon
Copy link
Member

@cconlon cconlon commented Oct 16, 2025

This PR adds DH AlgorithmParameters, AlgorithmParameterGenerator, and KeyFactory implementations as well as fixes some KeyAgreement implementation issues to match SunJCE behavior.

New DH Components

  • AlgorithmParameters: WolfCryptDhParameters - Encode/decode DH parameters using ASN.1
  • AlgorithmParameterGenerator: WolfCryptDhParameterGenerator - Generate DH domain parameters (p, g)
  • KeyFactory: WolfCryptDHKeyFactory - Convert between DH key specs (DHPublicKeySpec, DHPrivateKeySpec, X509EncodedKeySpec, PKCS8EncodedKeySpec)
  • Public/Private Key implementations: WolfCryptDHPublicKey and WolfCryptDHPrivateKey

JNI Layer

  • Added support for parameter generation, key generation, and shared secret computation in jni_dh.c

KeyAgreement Fixes

  1. SecretKey generation (engineGenerateSecret(String)): Now returns SecretKeySpec instead of incorrectly casting DESKeySpec/DESedeKeySpec to SecretKey interface. Added proper AES key size handling (128/192/256-bit).
  2. DH padding (engineGenerateSecret(byte[], int)): Pad DH shared secrets to prime length with leading zeros per JDK-7146728, matching SunJCE post-Java 8 behavior and RFC 2631 (2.1.2).

Test Coverage

  • WolfCryptDHKeyFactoryTest: added DH KeyFactory tests
  • WolfCryptAlgorithmParametersTest: testing DH parameter encoding/decoding
  • WolfCryptAlgorithmParameterGeneratorTest: testing parameter generation
  • WolfCryptASN1UtilTest: testing ASN.1 utilities
  • WolfCryptKeyAgreementTest: Added testDHKeyAgreementPadding() regression test and updated existing tests for AES key generation
  • WolfCryptKeyPairGeneratorTest: Added DH-specific tests

Other Changes

  • Updated CLAUDE.md with XMALLOC usage
  • Updated README_JCE.md documenting new DH support
  • Added new files to scripts/infer.sh for static analysis
  • Registered new services in WolfCryptProvider

@cconlon cconlon self-assigned this Oct 16, 2025
@cconlon cconlon requested a review from Copilot October 16, 2025 23:39
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds comprehensive DH (Diffie-Hellman) support to wolfJCE by implementing AlgorithmParameters, AlgorithmParameterGenerator, and KeyFactory, along with fixing KeyAgreement implementation issues to match SunJCE behavior.

Key changes:

  • Implemented DH AlgorithmParameters for encoding/decoding DH parameters using ASN.1
  • Added DH AlgorithmParameterGenerator supporting both FFDHE standard groups and dynamic parameter generation
  • Created DH KeyFactory with support for key conversion between various KeySpec formats
  • Fixed KeyAgreement secret key generation and DH padding behavior to match SunJCE post-Java 8

Reviewed Changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated no comments.

Show a summary per file
File Description
WolfCryptProvider.java Registered new DH services (AlgorithmParameters, AlgorithmParameterGenerator, KeyFactory)
Dh.java Added native methods and constants for FFDHE groups, parameter generation, and key operations
WolfCryptKeyPairGenerator.java Added default FFDHE parameter initialization and FFDHE key size support for DH
WolfCryptKeyAgreement.java Fixed DH padding and secret key generation to match SunJCE behavior
WolfCryptDhParameters.java New class implementing DH AlgorithmParameters with ASN.1 encoding/decoding
WolfCryptDhParameterGenerator.java New class for generating DH parameters using FFDHE groups or dynamic generation
WolfCryptDHKeyFactory.java New class for DH key conversion between KeySpec formats
WolfCryptDHPublicKey.java New class implementing DHPublicKey with X.509 encoding
WolfCryptDHPrivateKey.java New class implementing DHPrivateKey with PKCS#8 encoding
WolfCryptASN1Util.java New utility class for ASN.1/DER encoding operations
jni_dh.c Added JNI implementations for new DH operations
jni_aesgcm.c Fixed constant name from WC_AES_BLOCK_SIZE to AES_BLOCK_SIZE
jni_aesccm.c Fixed constant name from WC_AES_BLOCK_SIZE to AES_BLOCK_SIZE
Test files Added comprehensive test coverage for new DH functionality
Documentation Updated README_JCE.md and CLAUDE.md with new features and guidelines
Comments suppressed due to low confidence (1)

jni/jni_dh.c:1

  • The changes to jni_aesgcm.c and jni_aesccm.c replace WC_AES_BLOCK_SIZE with AES_BLOCK_SIZE. Verify that AES_BLOCK_SIZE is defined in the wolfSSL version being used, as WC_AES_BLOCK_SIZE is the standard wolfSSL constant name. If AES_BLOCK_SIZE is not available in older wolfSSL versions, this could cause compilation failures.
/* jni_dh.c

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@cconlon cconlon force-pushed the dhAlgorithmParams branch 2 times, most recently from 4b288b9 to 4de44cf Compare October 17, 2025 17:59
@cconlon cconlon assigned rlm2002 and unassigned cconlon Oct 17, 2025
@rlm2002 rlm2002 merged commit 28787ca into wolfSSL:master Oct 20, 2025
46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rlm2002 rlm2002 rlm2002 approved these changes

Assignees

@rlm2002 rlm2002

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cconlon @rlm2002