JNI: add NULL checks before curve25519 key dereference in export functions, add Curve25519 JUnit tests

Author: cconlon

jni/include/com_wolfssl_wolfcrypt_Curve25519.h

@@ -278,6 +278,11 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1private(
         return NULL;
     }
 
+    if (curve25519 == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_curve25519_size(curve25519);
 
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -287,9 +292,7 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1private(
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!curve25519)
-        ? BAD_FUNC_ARG
-        : wc_curve25519_export_private_raw(curve25519, output, &outputSz);
+    ret = wc_curve25519_export_private_raw(curve25519, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);
@@ -334,6 +337,11 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1public (
         return NULL;
     }
 
+    if (curve25519 == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_curve25519_size(curve25519);
 
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -343,9 +351,7 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1export_1public (
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!curve25519)
-        ? BAD_FUNC_ARG
-        : wc_curve25519_export_public(curve25519, output, &outputSz);
+    ret = wc_curve25519_export_public(curve25519, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);
@@ -397,18 +403,21 @@ Java_com_wolfssl_wolfcrypt_Curve25519_wc_1curve25519_1make_1shared_1secret(
         return NULL;
     }
 
+    if (curve25519 == NULL || pub == NULL) {
+        throwWolfCryptExceptionFromError(env, BAD_FUNC_ARG);
+        return NULL;
+    }
+
     outputSz = wc_curve25519_size(curve25519);
     output = XMALLOC(outputSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (output == NULL) {
         throwOutOfMemoryException(env,
-                                     "Failed to allocate shared secret buffer");
+            "Failed to allocate shared secret buffer");
         return result;
     }
     XMEMSET(output, 0, outputSz);
 
-    ret = (!curve25519 || !pub)
-        ? BAD_FUNC_ARG
-        : wc_curve25519_shared_secret(curve25519, pub, output, &outputSz);
+    ret = wc_curve25519_shared_secret(curve25519, pub, output, &outputSz);
 
     if (ret == 0) {
         result = (*env)->NewByteArray(env, outputSz);

jni/jni_curve25519.c

@@ -31,6 +31,11 @@ public class Curve25519 extends NativeStruct {
     /** Lock around object state */
     protected final Object stateLock = new Object();
 
+    /**
+     * Curve25519 key size, from native CURVE25519_KEYSIZE.
+     */
+    public static final int CURVE25519_KEY_SIZE = 32;
+
     /**
      * Create new Curve25519 object.
      *

src/main/java/com/wolfssl/wolfcrypt/Curve25519.java

@@ -0,0 +1,200 @@
+/* Curve25519Test.java
+ *
+ * Copyright (C) 2006-2026 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+package com.wolfssl.wolfcrypt.test;
+
+import static org.junit.Assert.*;
+
+import org.junit.Assume;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.Rule;
+import org.junit.rules.TestRule;
+
+import com.wolfssl.wolfcrypt.Curve25519;
+import com.wolfssl.wolfcrypt.Rng;
+import com.wolfssl.wolfcrypt.test.TimedTestWatcher;
+import com.wolfssl.wolfcrypt.NativeStruct;
+import com.wolfssl.wolfcrypt.WolfCryptError;
+import com.wolfssl.wolfcrypt.WolfCryptException;
+
+public class Curve25519Test {
+
+    private static Rng rng = new Rng();
+    private static final Object rngLock = new Object();
+
+    @Rule(order = Integer.MIN_VALUE)
+    public TestRule testWatcher = TimedTestWatcher.create();
+
+    @BeforeClass
+    public static void setUpRng() {
+        synchronized (rngLock) {
+            rng.init();
+        }
+    }
+
+    @BeforeClass
+    public static void checkAvailability() {
+        try {
+            new Curve25519();
+            System.out.println("JNI Curve25519 Class");
+
+        } catch (WolfCryptException e) {
+            if (e.getError() == WolfCryptError.NOT_COMPILED_IN)
+                System.out.println("Curve25519 test skipped: " + e.getError());
+            Assume.assumeNoException(e);
+        }
+    }
+
+    /**
+     * Skip test if WolfCryptException is NOT_COMPILED_IN, otherwise rethrow.
+     */
+    private static void skipIfNotCompiledIn(WolfCryptException e) {
+
+        if (e.getError() == WolfCryptError.NOT_COMPILED_IN) {
+            Assume.assumeNoException(e);
+        }
+        throw e;
+    }
+
+    @Test
+    public void constructorShouldNotInitializeNativeStruct() {
+        assertEquals(NativeStruct.NULL, new Curve25519().getNativeStruct());
+    }
+
+    @Test
+    public void sharedSecretShouldMatch() {
+
+        Curve25519 alice = new Curve25519();
+        Curve25519 bob = new Curve25519();
+
+        synchronized (rngLock) {
+            alice.makeKey(rng, Curve25519.CURVE25519_KEY_SIZE);
+            bob.makeKey(rng, Curve25519.CURVE25519_KEY_SIZE);
+        }
+
+        byte[] secretA;
+        byte[] secretB;
+        try {
+            secretA = alice.makeSharedSecret(bob);
+            secretB = bob.makeSharedSecret(alice);
+        } catch (WolfCryptException e) {
+            alice.releaseNativeStruct();
+            bob.releaseNativeStruct();
+            skipIfNotCompiledIn(e);
+            return;
+        }
+
+        assertNotNull(secretA);
+        assertNotNull(secretB);
+        assertTrue(secretA.length > 0);
+        assertArrayEquals(secretA, secretB);
+
+        alice.releaseNativeStruct();
+        bob.releaseNativeStruct();
+    }
+
+    @Test
+    public void exportImportPublicAndSharedSecret() {
+
+        Curve25519 alice = new Curve25519();
+        Curve25519 bob = new Curve25519();
+
+        synchronized (rngLock) {
+            alice.makeKey(rng, Curve25519.CURVE25519_KEY_SIZE);
+            bob.makeKey(rng, Curve25519.CURVE25519_KEY_SIZE);
+        }
+
+        /* Export and reimport Alice's public key */
+        byte[] alicePub;
+        try {
+            alicePub = alice.exportPublic();
+        } catch (WolfCryptException e) {
+            alice.releaseNativeStruct();
+            bob.releaseNativeStruct();
+            skipIfNotCompiledIn(e);
+            return;
+        }
+        assertNotNull(alicePub);
+        assertTrue(alicePub.length > 0);
+
+        Curve25519 alicePubOnly = new Curve25519();
+        alicePubOnly.importPublic(alicePub);
+
+        /* Bob's shared secret with original and reimported should match */
+        byte[] secret1;
+        byte[] secret2;
+        try {
+            secret1 = bob.makeSharedSecret(alice);
+            secret2 = bob.makeSharedSecret(alicePubOnly);
+        } catch (WolfCryptException e) {
+            alice.releaseNativeStruct();
+            bob.releaseNativeStruct();
+            alicePubOnly.releaseNativeStruct();
+            skipIfNotCompiledIn(e);
+            return;
+        }
+        assertArrayEquals(secret1, secret2);
+
+        alice.releaseNativeStruct();
+        bob.releaseNativeStruct();
+        alicePubOnly.releaseNativeStruct();
+    }
+
+    @Test
+    public void exportImportPrivateKey() {
+
+        Curve25519 origKey = new Curve25519();
+
+        synchronized (rngLock) {
+            origKey.makeKey(rng, Curve25519.CURVE25519_KEY_SIZE);
+        }
+
+        byte[] privKey;
+        byte[] pubKey;
+        try {
+            privKey = origKey.exportPrivate();
+            pubKey = origKey.exportPublic();
+        } catch (WolfCryptException e) {
+            origKey.releaseNativeStruct();
+            skipIfNotCompiledIn(e);
+            return;
+        }
+        assertNotNull(privKey);
+        assertNotNull(pubKey);
+        assertTrue(privKey.length > 0);
+        assertTrue(pubKey.length > 0);
+
+        /* Import private + public into new key object */
+        Curve25519 importedKey = new Curve25519();
+        importedKey.importPrivate(privKey, pubKey);
+
+        /* Verify exported keys match original */
+        byte[] reExportedPriv = importedKey.exportPrivate();
+        byte[] reExportedPub = importedKey.exportPublic();
+        assertArrayEquals(privKey, reExportedPriv);
+        assertArrayEquals(pubKey, reExportedPub);
+
+        origKey.releaseNativeStruct();
+        importedKey.releaseNativeStruct();
+    }
+}
+

src/test/java/com/wolfssl/wolfcrypt/test/Curve25519Test.java

@@ -52,6 +52,7 @@
     DhTest.class,
     EccTest.class,
     Ed25519Test.class,
+    Curve25519Test.class,
     WolfObjectTest.class,
     WolfSSLCertManagerOCSPTest.class,
     WolfSSLX509StoreCtxTest.class,