Skip to content

refactor: Implement major interfaces of Java Cryptography Architecture and reorganize existed services into OpenSslProvider #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lqhuang wants to merge 43 commits into
base: main
Choose a base branch
from
Open

refactor: Implement major interfaces of Java Cryptography Architecture and reorganize existed services into OpenSslProvider #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
8649b03
feat: Add `SSLHandshakeException` and `SSLException`
lqhuang Aug 19, 2025
301b479
feat: Add `GeneralSecurityException`, `KeyException` and `KeyManageme…
lqhuang Aug 19, 2025
64b4406
feat: Add classes `KeyException`, `KeyManagementException`, and `NoSu…
lqhuang Aug 19, 2025
b7443a7
feat: Add classes `HandShakeCompletedEvent`, `HandshakeCompletedListe…
lqhuang Aug 20, 2025
01554ca
feat: Add signature of `SSLContext` and basic interface and impls of …
lqhuang Aug 20, 2025
4c9333d
refactor: Remove classes under `javax.net.ssl`
lqhuang Aug 25, 2025
bf6d424
feat: Add `Principal` and `auth.Callback`
lqhuang Aug 26, 2025
8293ad5
feat: Add `Certificate` related classes
lqhuang Aug 26, 2025
d03685c
refactor: Improve signatures for classes under `java.security.cert`
lqhuang Aug 26, 2025
2285a9a
feat: Improve and implement classes in module `spec`
lqhuang Aug 26, 2025
bd3b9a1
refactor: Improve sigs
lqhuang Aug 26, 2025
e43ca07
feat: Add `AlgorithmParameters`, `Signature` and related
lqhuang Aug 26, 2025
61221b0
docs: Add an impl notes for `AlgorithmParameters`
lqhuang Aug 26, 2025
e4990d5
feat: Improve `KeyStore` class
lqhuang Aug 28, 2025
0034f7a
refactor: Fix to compile successfully
lqhuang Aug 28, 2025
655d992
feat: Add `Provider` and `Security` classes
lqhuang Aug 30, 2025
983f83e
fix: Refactor to compile sucessfully for Scala 2.12, 2.13 and 3
lqhuang Aug 30, 2025
0e2d118
refactor: Polish signature of `Provider` class
lqhuang Sep 30, 2025
51c385c
feat: First impls for `Security.scala`
lqhuang Oct 14, 2025
682ca87
refactor: Improve private Criterion class
lqhuang Oct 14, 2025
c89bb7d
docs: Try to redirect refs to JDK 25 (LTS)
lqhuang Oct 14, 2025
9e6a653
feat: Add signature for `Cipher` classes and serveral Exception classes
lqhuang Oct 14, 2025
63e9bd4
feat: Add signatures for `KeyPair`, `KeyPairGenerator`, `KeyAgreement…
lqhuang Oct 14, 2025
6351785
docs: Improve docs block add add plan into README
lqhuang Oct 16, 2025
a1b8bb5
refactor: Simplify not implemented error
lqhuang Oct 16, 2025
2ef935e
refactor: Improve architecture for Scala Native based JCE and depreca…
lqhuang Oct 16, 2025
0392a08
debug: Let CI pass and rename `build.mill.scala` to `build.mill`
lqhuang Oct 16, 2025
d9ebcab
refactor: Remove JDK 25 preview only freature `DEREncodable` interface
lqhuang Oct 16, 2025
317bc15
refactor!: Unify how MessageDigset and Mac implemented
lqhuang Oct 17, 2025
4ed725a
ci: Add `workflow_dispatch` to allow manual trigger
lqhuang Oct 18, 2025
d8deccd
feat: Clean up to fix problems to pass CI
lqhuang Oct 18, 2025
f859f97
chore: Improve compile options across different systems
lqhuang Oct 18, 2025
e656f45
ci: Upgrade version of actions and disable Java 25
lqhuang Oct 23, 2025
dec711d
Update Mill and Scala versions
lolgab Oct 23, 2025
20cbbbb
Merge remote-tracking branch 'upstream/mill1' into try-to-impl-ssl-co…
lqhuang Oct 23, 2025
caafafe
ci: Add Java 25 back to matrix
lqhuang Oct 23, 2025
beca7fc
ci: Fix test command for mill
lqhuang Oct 23, 2025
b8ba198
Merge remote-tracking branch 'origin/main' into try-to-impl-ssl-conte…
lolgab Oct 23, 2025
9e24fbd
Revert change from test to testLocal
lolgab Oct 23, 2025
226324c
bug: Fix NPE to pass all tests
lqhuang Oct 23, 2025
b840f11
ci: Remove `cache: maven`
lqhuang Oct 23, 2025
08bd032
test: Improve how `CryptoPrimitive` simulate Java enums and add unit …
lqhuang Oct 23, 2025
4648003
lint: Remove extra scalafmt hints
lqhuang Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.mill linguist-language=Scala
69 changes: 35 additions & 34 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,46 +9,46 @@ on:
pull_request:
branches:
- main
workflow_dispatch:

jobs:
build:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
strategy:
matrix:
java:
- '11'
- '17'
- '21'
- "11"
- "17"
- "21"
- "25"
name: Build and Test with Java ${{ matrix.java }}
steps:
- uses: actions/checkout@v3
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get install -y libssl-dev
- uses: actions/setup-java@v3
with:
java-version: '${{ matrix.java }}'
architecture: 'x64'
distribution: 'temurin'
- name: Check formatting
run:
./mill --no-server mill.scalalib.scalafmt.ScalafmtModule/checkFormatAll __.sources
# ./mill mill.scalalib.scalafmt.ScalafmtModule/checkFormatAll --sources buildSources
# - name: Check scalafix
# run:
# ./mill --no-server __.fix --check
- name: Compile
run:
./mill --no-server __.compile
- name: Test
run:
./mill --no-server __.test
- name: Test publishArtifacts
run:
./mill --no-server show __.publishArtifacts
- uses: actions/checkout@v5
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get install -y libssl-dev
- uses: actions/setup-java@v5
with:
java-version: "${{ matrix.java }}"
architecture: "x64"
distribution: "temurin"
- name: Check formatting
run:
./mill --no-server mill.scalalib.scalafmt.ScalafmtModule/checkFormatAll __.sources
# ./mill mill.scalalib.scalafmt.ScalafmtModule/checkFormatAll --sources buildSources
# - name: Check scalafix
# run:
# ./mill --no-server __.fix --check
- name: Compile
run: ./mill --no-server __.compile
- name: Test
run: ./mill --no-server __.test
- name: Test publishArtifacts
run: ./mill --no-server show __.publishArtifacts

publish-sonatype:
if: github.repository == 'lolgab/scala-native-crypto' && contains(github.ref, 'refs/tags/')
needs: build
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
env:
SONATYPE_PGP_PRIVATE_KEY: ${{ secrets.SONATYPE_PGP_PRIVATE_KEY }}
SONATYPE_PGP_PRIVATE_KEY_PASSWORD: ${{ secrets.SONATYPE_PGP_PRIVATE_KEY_PASSWORD }}
Expand All @@ -58,14 +58,15 @@ jobs:
LC_MESSAGES: "en_US.UTF-8"
LC_ALL: "en_US.UTF-8"
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get install -y libssl-dev
- uses: actions/setup-java@v3
- uses: actions/setup-java@v5
with:
java-version: '11'
architecture: 'x64'
distribution: 'temurin'
java-version: "11"
architecture: "x64"
distribution: "temurin"
cache: maven
- name: Publish to Maven Central
run: |
if [[ $(git tag --points-at HEAD) != '' ]]; then
Expand Down
5 changes: 4 additions & 1 deletion .scalafmt.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
version = "3.8.3"
runner.dialect = scala213
runner.dialect = scala213

# automatically appended by scalafmt itself
project.excludePaths = ["glob:**/out/**", "glob:**/jwt-scala-tests/src/**"]
Copy link
Owner

@lolgab lolgab Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why excluding jwt-scala-tests? Doesn't sound correct.

Copy link
Author

@lqhuang lqhuang Oct 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no idea, I can remove it. Since these also aren't added by myself either. scalafmt (via metals) will hint these while opening current project with IDE combo: VS Code + metals + mill

97 changes: 97 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,13 @@ def ivyDeps = super.ivyDeps() ++ Agg(ivy"com.github.lolgab::scala-native-crypto:
You need also to install OpenSSL:

On Ubuntu:

```
sudo apt install libssl-dev
```

On Mac OS X (with Homebrew):

```
brew install openssl
```
Expand All @@ -51,5 +53,100 @@ def nativeLinkingOptions = super.nativeLinkingOptions() ++ Seq("-L/usr/local/opt

## Implemented classes

According [JDK Security Algorithm Implementation Requirements](https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html#security-algorithm-implementation-requirements), the following classes and algorithm checked are implemented and those unchecked are minimal requirements for interoperable JDK shims.

(The sequence is in the same order of the reference table)

- `java.security..AlgorithmParameterGenerator`
- [ ] DiffieHellman (1024, 2048)
- [ ] DSA (1024, 2048)
- `java.security.AlgorithmParameters`
- [ ] AES
- [ ] ChaCha20-Poly1305
- [ ] DESede
- [ ] DiffieHellman
- [ ] DSA
- [ ] EC (secp256r1, secp384r1)
- [ ] RSASSA-PSS (MGF1 mask generation function and SHA-256 or SHA-384 hash algorithms)
- `java.security.cert.CertificateFactory`
- [ ] X.509
- `java.security.cert.CertPath` Encoding
- [ ] PKCS7
- [ ] PkiPath
- `java.security.cert.CertPathBuilder`
- [ ] PKIX
- `java.security.cert.CertPathValidator`
- [ ] PKIX
- `java.security.cert.CertStore`
- [ ] Collection
- `javax.crypto.Cipher`
- [ ] AES/CBC/NoPadding (128)
- [ ] AES/CBC/PKCS5Padding (128)
- [ ] AES/ECB/NoPadding (128)
- [ ] AES/ECB/PKCS5Padding (128)
- [ ] AES/GCM/NoPadding (128, 256)
- [ ] ChaCha20-Poly1305
- [ ] DESede/CBC/NoPadding (168)
- [ ] DESede/CBC/PKCS5Padding (168)
- [ ] DESede/ECB/NoPadding (168)
- [ ] DESede/ECB/PKCS5Padding (168)
- [ ] RSA/ECB/PKCS1Padding (1024, 2048)
- [ ] RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
- [ ] RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)
- `javax.crypto.KeyAgreement`
- [ ] DiffieHellman
- [ ] ECDH (secp256r1, secp384r1)
- [ ] X25519
- `java.security.KeyFactory`
- [ ] DiffieHellman
- [ ] DSA
- [ ] EC
- [ ] RSA
- [ ] RSASSA-PSS
- [ ] X25519
- `javax.crypto.KeyGenerator`
- [ ] AES (128, 256)
- [ ] ChaCha20
- [ ] DESede (168)
- [ ] HmacSHA1
- [ ] HmacSHA256
- `java.security.KeyPairGenerator`
- [ ] DiffieHellman (1024, 2048, 3072, 4096)
- [ ] DSA (1024, 2048)
- [ ] EC (secp256r1, secp384r1)
- [ ] RSA (1024, 2048, 3072, 4096)
- [ ] RSASSA-PSS (2048, 3072, 4096)
- [ ] X25519
- `java.security.KeyStore`
- [ ] PKCS12
- `javax.crypto.Mac`
- [x] HmacSHA1
- [x] HmacSHA256
- extra
- [x] HmacSHA224
- [x] HmacSHA384
- [x] HmacSHA512
- [x] HmacSHA3-224
- [x] HmacSHA3-256
- [x] HmacSHA3-384
- [x] HmacSHA3-512
- `java.security.MessageDigest`
- [x] SHA-1
- [x] SHA-256
- [x] SHA-384
- extra
- [x] SHA3-224
- [x] SHA3-256
- [x] SHA3-384
- [x] SHA3-512
- `javax.crypto.SecretKeyFactory`
- [ ] DESede
- `java.security.SecureRandom`
- `java.security.Signature`
- `javax.net.ssl.SSLContext`: See downstream project [lqhuang/scala-native-http](https://github.com/lqhuang/scala-native-http)
- [ ] TLSv1.2
- [ ] TLSv1.3
- `javax.net.ssl.TrustManagerFactory`: See downstream project [lqhuang/scala-native-http](https://github.com/lqhuang/scala-native-http)
- [ ] PKIX

Welcome contributions to implement the missing algorithms/classes.
23 changes: 23 additions & 0 deletions build.mill
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ import com.goyeau.mill.scalafix.ScalafixModule
import mill.util.VcsVersion
import mill.contrib.buildinfo.BuildInfo

import scala.util.Properties

val scala212 = "2.12.20"
val scala213 = "2.13.17"
val scala3 = "3.3.6"
Expand Down Expand Up @@ -60,6 +62,27 @@ trait ScalaNativeCryptoModule extends Shared with Publish {
def scalacOptions = super.scalacOptions() ++ Seq(
"-P:scalanative:genStaticForwardersForNonTopLevelObjects"
)

val osName = {
val _osName = Properties.osName.toLowerCase()
if (_osName.contains("mac")) "darwin"
else if (_osName.contains("windows")) "windows"
else "linux"
}
val archName = Properties.propOrEmpty("os.arch").toLowerCase() match {
case "amd64" => "x86_64" // try to follow llvm triple
case "arm64" => "aarch64"
case s => s
}
Comment on lines +66 to +76
Copy link
Owner

@lolgab lolgab Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would avoid this indirection to make java os.arch and osName to look like clang target triple values.

Copy link
Author

@lqhuang lqhuang Oct 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or follow the GCC triple? I copy similar conditional detections from mill project to detect platform (win/linux/mac). But the os.arch triple is added by myself. I thought scala-native is LLVM based, so I use the LLVM style.

The main purpose is to provide basic snippets for finding proper include libs. Do you have better ideas?

val openSslIncludePath: String = (osName, archName) match {
case ("linux", "x86_64") => "-I/usr/include/openssl"
case ("darwin", "x86_64") => "-I/usr/local/homebrew/opt/openssl/include"
case ("darwin", "aarch64") => "-I/opt/homebrew/opt/openssl/include"
case (_, _) => ""
}

def nativeCompileOptions = super.nativeCompileOptions() ++ Seq(openSslIncludePath)

// Remove class and tasty files
override def jar = Task {
val jar = Task.dest / "out.jar"
Expand Down
51 changes: 51 additions & 0 deletions scala-native-crypto/src/com/github/lolgab/scalanativecrypto/JcaSerivce.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
package com.github.lolgab.scalanativecrypto

// Java Cryptography Architecture (JCA) Service identifier
// for better type safety
class JcaService(
val name: String
) extends AnyVal

object JcaService {
val AlgorithmParameterGenerator = new JcaService(
"AlgorithmParameterGenerator"
)
val AlgorithmParameters = new JcaService("AlgorithmParameters")
val CertificateFactory = new JcaService("CertificateFactory")
val CertPath = new JcaService("CertPath")
val CertPathBuilder = new JcaService("CertPathBuilder")
val CertPathValidator = new JcaService("CertPathValidator")
val CertStore = new JcaService("CertStore")
val Cipher = new JcaService("Cipher")
val KeyAgreement = new JcaService("KeyAgreement")
val KeyFactory = new JcaService("KeyFactory")
val KeyGenerator = new JcaService("KeyGenerator")
val KeyPairGenerator = new JcaService("KeyPairGenerator")
val KeyStore = new JcaService("KeyStore")
val Mac = new JcaService("Mac")
val MessageDigest = new JcaService("MessageDigest")
val SecretKeyFactory = new JcaService("SecretKeyFactory")
val SecureRandom = new JcaService("SecureRandom")
val Signature = new JcaService("Signature")

val names: Set[String] = Set(
AlgorithmParameterGenerator.name,
AlgorithmParameters.name,
CertificateFactory.name,
CertPath.name,
CertPathBuilder.name,
CertPathValidator.name,
CertStore.name,
Cipher.name,
KeyAgreement.name,
KeyFactory.name,
KeyGenerator.name,
KeyPairGenerator.name,
KeyStore.name,
Mac.name,
MessageDigest.name,
SecretKeyFactory.name,
SecureRandom.name,
Signature.name
).map(_.toUpperCase())
}
Loading