1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package libcore.java.security; 18 19 import static org.junit.Assert.assertNotNull; 20 import static org.junit.Assert.assertTrue; 21 22 import java.security.Provider; 23 import java.security.Security; 24 import java.security.spec.DSAPrivateKeySpec; 25 import java.security.spec.DSAPublicKeySpec; 26 import java.security.spec.ECPrivateKeySpec; 27 import java.security.spec.ECPublicKeySpec; 28 import java.security.spec.KeySpec; 29 import java.security.spec.RSAPrivateCrtKeySpec; 30 import java.security.spec.RSAPublicKeySpec; 31 import java.util.Arrays; 32 import java.util.HashMap; 33 import java.util.HashSet; 34 import java.util.List; 35 import java.util.Locale; 36 import java.util.Map; 37 import java.util.Set; 38 import javax.crypto.spec.DHPrivateKeySpec; 39 import javax.crypto.spec.DHPublicKeySpec; 40 41 /** 42 * This class defines expected string names for protocols, key types, 43 * client and server auth types, cipher suites. 44 * 45 * Initially based on "Appendix A: Standard Names" of 46 * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA"> 47 * Java ™ Secure Socket Extension (JSSE) Reference Guide 48 * for the Java ™ 2 Platform Standard Edition 5 49 * </a>. 50 * 51 * Updated based on the 52 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html"> 53 * Java ™ Cryptography Architecture Oracle Providers Documentation 54 * for Java ™ Platform Standard Edition 7 55 * </a>. 56 * See also the 57 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html"> 58 * Java ™ Cryptography Architecture Standard Algorithm Name Documentation 59 * </a>. 60 * 61 * Further updates based on the 62 * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html"> 63 * Java ™ PKCS#11 Reference Guide 64 * </a>. 65 */ 66 public final class StandardNames { 67 68 public static final boolean IS_RI 69 = !"Dalvik Core Library".equals(System.getProperty("java.specification.name")); 70 71 public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC"; 72 73 public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS"; 74 75 /** 76 * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 77 */ 78 private static final String CIPHER_SUITE_SECURE_RENEGOTIATION 79 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 80 81 /** 82 * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...) 83 */ 84 static final Map<String,Set<String>> PROVIDER_ALGORITHMS 85 = new HashMap<>(); 86 87 private static final Map<String,Set<String>> CIPHER_MODES 88 = new HashMap<>(); 89 90 private static final Map<String,Set<String>> CIPHER_PADDINGS 91 = new HashMap<>(); 92 provide(String type, String algorithm)93 private static void provide(String type, String algorithm) { 94 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 95 if (algorithms == null) { 96 algorithms = new HashSet<>(); 97 PROVIDER_ALGORITHMS.put(type, algorithms); 98 } 99 assertTrue("Duplicate " + type + " " + algorithm, 100 algorithms.add(algorithm.toUpperCase(Locale.ROOT))); 101 } 102 // Only add to PROVIDER_ALGORITHMS if actually present provideOptional(String type, String algorithm)103 private static void provideOptional(String type, String algorithm) { 104 for (Provider p : Security.getProviders()) { 105 if (p.getService(type, algorithm) != null) { 106 provide(type, algorithm); 107 return; 108 } 109 } 110 } unprovide(String type, String algorithm)111 private static void unprovide(String type, String algorithm) { 112 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 113 assertNotNull(algorithms); 114 assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT))); 115 if (algorithms.isEmpty()) { 116 assertNotNull(PROVIDER_ALGORITHMS.remove(type)); 117 } 118 } provideCipherModes(String algorithm, String newModes[])119 private static void provideCipherModes(String algorithm, String newModes[]) { 120 Set<String> modes = CIPHER_MODES.get(algorithm); 121 if (modes == null) { 122 modes = new HashSet<>(); 123 CIPHER_MODES.put(algorithm, modes); 124 } 125 modes.addAll(Arrays.asList(newModes)); 126 } provideCipherPaddings(String algorithm, String newPaddings[])127 private static void provideCipherPaddings(String algorithm, String newPaddings[]) { 128 Set<String> paddings = CIPHER_PADDINGS.get(algorithm); 129 if (paddings == null) { 130 paddings = new HashSet<>(); 131 CIPHER_PADDINGS.put(algorithm, paddings); 132 } 133 paddings.addAll(Arrays.asList(newPaddings)); 134 } 135 static { 136 provide("AlgorithmParameterGenerator", "DSA"); 137 provide("AlgorithmParameterGenerator", "DiffieHellman"); 138 provide("AlgorithmParameters", "AES"); 139 provide("AlgorithmParameters", "Blowfish"); 140 provide("AlgorithmParameters", "DES"); 141 provide("AlgorithmParameters", "DESede"); 142 provide("AlgorithmParameters", "DSA"); 143 provide("AlgorithmParameters", "DiffieHellman"); 144 provide("AlgorithmParameters", "GCM"); 145 provide("AlgorithmParameters", "OAEP"); 146 provide("AlgorithmParameters", "PBEWithMD5AndDES"); 147 provide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 148 provide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 149 provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 150 provide("AlgorithmParameters", "PSS"); 151 provide("AlgorithmParameters", "RC2"); 152 provide("AlgorithmParameters", "PBEWITHHMACSHA1ANDAES_128"); 153 provide("AlgorithmParameters", "PBEWITHHMACSHA1ANDAES_256"); 154 provide("AlgorithmParameters", "PBEWITHHMACSHA224ANDAES_128"); 155 provide("AlgorithmParameters", "PBEWITHHMACSHA224ANDAES_256"); 156 provide("AlgorithmParameters", "PBEWITHHMACSHA256ANDAES_128"); 157 provide("AlgorithmParameters", "PBEWITHHMACSHA256ANDAES_256"); 158 provide("AlgorithmParameters", "PBEWITHHMACSHA384ANDAES_128"); 159 provide("AlgorithmParameters", "PBEWITHHMACSHA384ANDAES_256"); 160 provide("AlgorithmParameters", "PBEWITHHMACSHA512ANDAES_128"); 161 provide("AlgorithmParameters", "PBEWITHHMACSHA512ANDAES_256"); 162 provide("SecretKeyFactory", "PBEWITHHMACSHA1ANDAES_128"); 163 provide("SecretKeyFactory", "PBEWITHHMACSHA1ANDAES_256"); 164 provide("SecretKeyFactory", "PBEWITHHMACSHA224ANDAES_128"); 165 provide("SecretKeyFactory", "PBEWITHHMACSHA224ANDAES_256"); 166 provide("SecretKeyFactory", "PBEWITHHMACSHA256ANDAES_128"); 167 provide("SecretKeyFactory", "PBEWITHHMACSHA256ANDAES_256"); 168 provide("SecretKeyFactory", "PBEWITHHMACSHA384ANDAES_128"); 169 provide("SecretKeyFactory", "PBEWITHHMACSHA384ANDAES_256"); 170 provide("SecretKeyFactory", "PBEWITHHMACSHA512ANDAES_128"); 171 provide("SecretKeyFactory", "PBEWITHHMACSHA512ANDAES_256"); 172 provide("CertPathBuilder", "PKIX"); 173 provide("CertPathValidator", "PKIX"); 174 provide("CertStore", "Collection"); 175 provide("CertStore", "LDAP"); 176 provide("CertificateFactory", "X.509"); 177 // TODO: provideCipherModes and provideCipherPaddings for other Ciphers 178 provide("Cipher", "AES"); 179 provideCipherModes("AES", new String[] { "CBC", "CFB", "CTR", "CTS", "ECB", "OFB" }); 180 provideCipherPaddings("AES", new String[] { "NoPadding", "PKCS5Padding" }); 181 provide("Cipher", "AESWrap"); 182 provide("Cipher", "ARCFOUR"); 183 provide("Cipher", "Blowfish"); 184 provide("Cipher", "DES"); 185 provide("Cipher", "DESede"); 186 provide("Cipher", "DESedeWrap"); 187 provide("Cipher", "PBEWithMD5AndDES"); 188 provide("Cipher", "PBEWithMD5AndTripleDES"); 189 provide("Cipher", "PBEWithSHA1AndDESede"); 190 provide("Cipher", "PBEWithSHA1AndRC2_40"); 191 provide("Cipher", "RC2"); 192 provide("Cipher", "RSA"); 193 // TODO: None? 194 provideCipherModes("RSA", new String[] { "ECB" }); 195 // TODO: OAEPPadding 196 provideCipherPaddings("RSA", new String[] { "NoPadding", "PKCS1Padding" }); 197 provide("Configuration", "JavaLoginConfig"); 198 provide("KeyAgreement", "DiffieHellman"); 199 provide("KeyFactory", "DSA"); 200 provide("KeyFactory", "DiffieHellman"); 201 provide("KeyFactory", "RSA"); 202 provide("KeyGenerator", "AES"); 203 provide("KeyGenerator", "ARCFOUR"); 204 provide("KeyGenerator", "Blowfish"); 205 provide("KeyGenerator", "DES"); 206 provide("KeyGenerator", "DESede"); 207 provide("KeyGenerator", "HmacMD5"); 208 provide("KeyGenerator", "HmacSHA1"); 209 provide("KeyGenerator", "HmacSHA224"); 210 provide("KeyGenerator", "HmacSHA256"); 211 provide("KeyGenerator", "HmacSHA384"); 212 provide("KeyGenerator", "HmacSHA512"); 213 provide("KeyGenerator", "RC2"); 214 provide("KeyInfoFactory", "DOM"); 215 provide("KeyManagerFactory", "PKIX"); 216 provide("KeyPairGenerator", "DSA"); 217 provide("KeyPairGenerator", "DiffieHellman"); 218 provide("KeyPairGenerator", "RSA"); 219 provide("KeyStore", "JCEKS"); 220 provide("KeyStore", "JKS"); 221 provide("KeyStore", "PKCS12"); 222 provide("Mac", "HmacMD5"); 223 provide("Mac", "HmacSHA1"); 224 provide("Mac", "HmacSHA224"); 225 provide("Mac", "HmacSHA256"); 226 provide("Mac", "HmacSHA384"); 227 provide("Mac", "HmacSHA512"); 228 provide("Mac", "PBEWITHHMACSHA224"); 229 provide("Mac", "PBEWITHHMACSHA256"); 230 provide("Mac", "PBEWITHHMACSHA384"); 231 provide("Mac", "PBEWITHHMACSHA512"); 232 // If adding a new MessageDigest, consider adding it to JarVerifier 233 provide("MessageDigest", "MD2"); 234 provide("MessageDigest", "MD5"); 235 provide("MessageDigest", "SHA-224"); 236 provide("MessageDigest", "SHA-256"); 237 provide("MessageDigest", "SHA-384"); 238 provide("MessageDigest", "SHA-512"); 239 provide("Policy", "JavaPolicy"); 240 // Android does not support SSLv3 241 if (IS_RI) { 242 provide("SSLContext", "SSLv3"); 243 } 244 provide("SSLContext", "TLSv1"); 245 provide("SSLContext", "TLSv1.1"); 246 provide("SSLContext", "TLSv1.2"); 247 provide("SSLContext", "TLSv1.3"); 248 provide("SecretKeyFactory", "DES"); 249 provide("SecretKeyFactory", "DESede"); 250 provide("SecretKeyFactory", "PBEWithMD5AndDES"); 251 provide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 252 provide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 253 provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 254 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1"); 255 provide("SecretKeyFactory", "PBKDF2WithHmacSHA224"); 256 provide("SecretKeyFactory", "PBKDF2WithHmacSHA256"); 257 provide("SecretKeyFactory", "PBKDF2WithHmacSHA384"); 258 provide("SecretKeyFactory", "PBKDF2WithHmacSHA512"); 259 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit"); 260 provide("SecureRandom", "SHA1PRNG"); 261 provide("Signature", "MD2withRSA"); 262 provide("Signature", "MD5withRSA"); 263 provide("Signature", "NONEwithDSA"); 264 provide("Signature", "SHA1withDSA"); 265 provide("Signature", "SHA224withDSA"); 266 provide("Signature", "SHA256withDSA"); 267 provide("Signature", "SHA1withRSA"); 268 provide("Signature", "SHA224withRSA"); 269 provide("Signature", "SHA256withRSA"); 270 provide("Signature", "SHA384withRSA"); 271 provide("Signature", "SHA512withRSA"); 272 provide("TerminalFactory", "PC/SC"); 273 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64"); 274 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); 275 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#"); 276 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"); 277 provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2"); 278 provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116"); 279 provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116"); 280 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); 281 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); 282 provide("TrustManagerFactory", "PKIX"); 283 provide("XMLSignatureFactory", "DOM"); 284 285 // Not clearly documented by RI 286 provide("GssApiMechanism", "1.2.840.113554.1.2.2"); 287 provide("GssApiMechanism", "1.3.6.1.5.5.2"); 288 289 // Not correctly documented by RI which left off the Factory suffix 290 provide("SaslClientFactory", "CRAM-MD5"); 291 provide("SaslClientFactory", "DIGEST-MD5"); 292 provide("SaslClientFactory", "EXTERNAL"); 293 provide("SaslClientFactory", "GSSAPI"); 294 provide("SaslClientFactory", "PLAIN"); 295 provide("SaslServerFactory", "CRAM-MD5"); 296 provide("SaslServerFactory", "DIGEST-MD5"); 297 provide("SaslServerFactory", "GSSAPI"); 298 299 // Documentation seems to list alias instead of actual name 300 // provide("MessageDigest", "SHA-1"); 301 provide("MessageDigest", "SHA"); 302 303 // Mentioned in javadoc, not documentation 304 provide("SSLContext", "Default"); 305 306 // Not documented as in RI 6 but mentioned in Standard Names 307 provide("AlgorithmParameters", "PBE"); 308 provide("SSLContext", "SSL"); 309 provide("SSLContext", "TLS"); 310 311 // Not documented as in RI 6 but that exist in RI 6 312 if (IS_RI) { 313 provide("CertStore", "com.sun.security.IndexedCollection"); 314 provide("KeyGenerator", "SunTlsKeyMaterial"); 315 provide("KeyGenerator", "SunTlsMasterSecret"); 316 provide("KeyGenerator", "SunTlsPrf"); 317 provide("KeyGenerator", "SunTlsRsaPremasterSecret"); 318 provide("KeyStore", "CaseExactJKS"); 319 provide("Mac", "HmacPBESHA1"); 320 provide("Mac", "SslMacMD5"); 321 provide("Mac", "SslMacSHA1"); 322 provide("SecureRandom", "NativePRNG"); 323 provide("Signature", "MD5andSHA1withRSA"); 324 provide("TrustManagerFactory", "SunX509"); 325 } 326 327 // Only available with the SunPKCS11-NSS provider, 328 // which seems to be enabled in OpenJDK 6 but not Oracle Java 6 329 if (Security.getProvider("SunPKCS11-NSS") != null) { 330 provide("Cipher", "AES/CBC/NOPADDING"); 331 provide("Cipher", "DES/CBC/NOPADDING"); 332 provide("Cipher", "DESEDE/CBC/NOPADDING"); 333 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 334 provide("KeyAgreement", "DH"); 335 provide("KeyFactory", "DH"); 336 provide("KeyPairGenerator", "DH"); 337 provide("KeyStore", "PKCS11"); 338 provide("MessageDigest", "SHA1"); 339 provide("SecretKeyFactory", "AES"); 340 provide("SecretKeyFactory", "ARCFOUR"); 341 provide("SecureRandom", "PKCS11"); 342 provide("Signature", "DSA"); 343 provide("Signature", "RAWDSA"); 344 } 345 346 if (Security.getProvider("SunPKCS11-NSS") != null || 347 Security.getProvider("SunEC") != null) { 348 provide("AlgorithmParameters", "EC"); 349 provide("KeyAgreement", "ECDH"); 350 provide("KeyFactory", "EC"); 351 provide("KeyPairGenerator", "EC"); 352 provide("Signature", "NONEWITHECDSA"); 353 provide("Signature", "SHA1WITHECDSA"); 354 provide("Signature", "SHA224WITHECDSA"); 355 provide("Signature", "SHA256WITHECDSA"); 356 provide("Signature", "SHA384WITHECDSA"); 357 provide("Signature", "SHA512WITHECDSA"); 358 } 359 360 // Documented as Standard Names, but do not exit in RI 6 361 if (IS_RI) { 362 unprovide("SSLContext", "TLSv1.1"); 363 unprovide("SSLContext", "TLSv1.2"); 364 } 365 366 // Fixups for the RI 367 if (IS_RI) { 368 // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or NewSunX509 369 unprovide("KeyManagerFactory", "PKIX"); 370 provide("KeyManagerFactory", "SunX509"); 371 provide("KeyManagerFactory", "NewSunX509"); 372 } 373 374 // Fixups for dalvik 375 if (!IS_RI) { 376 377 // whole types that we do not provide 378 PROVIDER_ALGORITHMS.remove("Configuration"); 379 PROVIDER_ALGORITHMS.remove("GssApiMechanism"); 380 PROVIDER_ALGORITHMS.remove("KeyInfoFactory"); 381 PROVIDER_ALGORITHMS.remove("Policy"); 382 PROVIDER_ALGORITHMS.remove("SaslClientFactory"); 383 PROVIDER_ALGORITHMS.remove("SaslServerFactory"); 384 PROVIDER_ALGORITHMS.remove("TerminalFactory"); 385 PROVIDER_ALGORITHMS.remove("TransformService"); 386 PROVIDER_ALGORITHMS.remove("XMLSignatureFactory"); 387 388 // different names Diffie-Hellman vs DH 389 unprovide("AlgorithmParameterGenerator", "DiffieHellman"); 390 provide("AlgorithmParameterGenerator", "DH"); 391 unprovide("AlgorithmParameters", "DiffieHellman"); 392 provide("AlgorithmParameters", "DH"); 393 unprovide("KeyAgreement", "DiffieHellman"); 394 provide("KeyAgreement", "DH"); 395 unprovide("KeyFactory", "DiffieHellman"); 396 provide("KeyFactory", "DH"); 397 unprovide("KeyPairGenerator", "DiffieHellman"); 398 provide("KeyPairGenerator", "DH"); 399 400 // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC 401 unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 402 unprovide("Cipher", "PBEWithSHA1AndDESede"); 403 unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 404 provide("AlgorithmParameters", "PKCS12PBE"); 405 provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 406 provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 407 408 // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA 409 unprovide("MessageDigest", "SHA"); 410 provide("MessageDigest", "SHA-1"); 411 412 // Added to support Android KeyStore operations 413 provide("Signature", "NONEwithRSA"); 414 provide("Cipher", "RSA/ECB/NOPADDING"); 415 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 416 provide("Cipher", "RSA/ECB/OAEPPadding"); 417 provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 418 provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding"); 419 provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 420 provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding"); 421 provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 422 provide("SecretKeyFactory", "AES"); 423 provide("SecretKeyFactory", "HmacSHA1"); 424 provide("SecretKeyFactory", "HmacSHA224"); 425 provide("SecretKeyFactory", "HmacSHA256"); 426 provide("SecretKeyFactory", "HmacSHA384"); 427 provide("SecretKeyFactory", "HmacSHA512"); 428 provide("Signature", "SHA1withRSA/PSS"); 429 provide("Signature", "SHA224withRSA/PSS"); 430 provide("Signature", "SHA256withRSA/PSS"); 431 provide("Signature", "SHA384withRSA/PSS"); 432 provide("Signature", "SHA512withRSA/PSS"); 433 provideOptional("Signature", "ED25519"); 434 435 // different names: ARCFOUR vs ARC4 436 unprovide("Cipher", "ARCFOUR"); 437 provide("Cipher", "ARC4"); 438 unprovide("KeyGenerator", "ARCFOUR"); 439 provide("KeyGenerator", "ARC4"); 440 441 // different case names: Blowfish vs BLOWFISH 442 unprovide("AlgorithmParameters", "Blowfish"); 443 provide("AlgorithmParameters", "BLOWFISH"); 444 unprovide("Cipher", "Blowfish"); 445 provide("Cipher", "BLOWFISH"); 446 unprovide("KeyGenerator", "Blowfish"); 447 provide("KeyGenerator", "BLOWFISH"); 448 449 // Harmony has X.509, BouncyCastle X509 450 // TODO remove one, probably Harmony's 451 provide("CertificateFactory", "X509"); 452 453 // not just different names, but different binary formats 454 unprovide("KeyStore", "JKS"); 455 provide("KeyStore", "BKS"); 456 unprovide("KeyStore", "JCEKS"); 457 provide("KeyStore", "BouncyCastle"); 458 459 // Noise to support KeyStore.PKCS12 460 provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 461 provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 462 provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 463 provide("Cipher", "PBEWITHMD5ANDRC2"); 464 provide("Cipher", "PBEWITHSHA1ANDDES"); 465 provide("Cipher", "PBEWITHSHA1ANDRC2"); 466 provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC"); 467 provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC"); 468 provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC"); 469 provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC"); 470 provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC"); 471 provide("Cipher", "PBEWITHSHAAND128BITRC4"); 472 provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC"); 473 provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 474 provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC"); 475 provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC"); 476 provide("Cipher", "PBEWITHSHAAND40BITRC4"); 477 provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC"); 478 provide("Cipher", "PBEWithHmacSHA1AndAES_128"); 479 provide("Cipher", "PBEWithHmacSHA224AndAES_128"); 480 provide("Cipher", "PBEWithHmacSHA256AndAES_128"); 481 provide("Cipher", "PBEWithHmacSHA384AndAES_128"); 482 provide("Cipher", "PBEWithHmacSHA512AndAES_128"); 483 provide("Cipher", "PBEWithHmacSHA1AndAES_256"); 484 provide("Cipher", "PBEWithHmacSHA224AndAES_256"); 485 provide("Cipher", "PBEWithHmacSHA256AndAES_256"); 486 provide("Cipher", "PBEWithHmacSHA384AndAES_256"); 487 provide("Cipher", "PBEWithHmacSHA512AndAES_256"); 488 provide("Mac", "PBEWITHHMACSHA"); 489 provide("Mac", "PBEWITHHMACSHA1"); 490 provide("SecretKeyFactory", "PBEWITHHMACSHA1"); 491 provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 492 provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 493 provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 494 provide("SecretKeyFactory", "PBEWITHMD5ANDRC2"); 495 provide("SecretKeyFactory", "PBEWITHSHA1ANDDES"); 496 provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2"); 497 provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC"); 498 provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC"); 499 provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC"); 500 provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC"); 501 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC"); 502 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4"); 503 provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC"); 504 provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 505 provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC"); 506 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC"); 507 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4"); 508 provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC"); 509 510 // Needed by our OpenSSL provider 511 provide("Cipher", "AES/CBC/NOPADDING"); 512 provide("Cipher", "AES/CBC/PKCS5PADDING"); 513 provide("Cipher", "AES/CBC/PKCS7PADDING"); 514 provide("Cipher", "AES/CFB/NOPADDING"); 515 provide("Cipher", "AES/CFB/PKCS5PADDING"); 516 provide("Cipher", "AES/CFB/PKCS7PADDING"); 517 provide("Cipher", "AES/CTR/NOPADDING"); 518 provide("Cipher", "AES/CTR/PKCS5PADDING"); 519 provide("Cipher", "AES/CTR/PKCS7PADDING"); 520 provide("Cipher", "AES/ECB/NOPADDING"); 521 provide("Cipher", "AES/ECB/PKCS5PADDING"); 522 provide("Cipher", "AES/ECB/PKCS7PADDING"); 523 provide("Cipher", "AES/GCM/NOPADDING"); 524 provide("Cipher", "AES/GCM-SIV/NOPADDING"); 525 provide("Cipher", "AES/OFB/NOPADDING"); 526 provide("Cipher", "AES/OFB/PKCS5PADDING"); 527 provide("Cipher", "AES/OFB/PKCS7PADDING"); 528 provide("Cipher", "AES_128/CBC/NOPADDING"); 529 provide("Cipher", "AES_128/CBC/PKCS5PADDING"); 530 provide("Cipher", "AES_128/CBC/PKCS7PADDING"); 531 provide("Cipher", "AES_128/ECB/NOPADDING"); 532 provide("Cipher", "AES_128/ECB/PKCS5PADDING"); 533 provide("Cipher", "AES_128/ECB/PKCS7PADDING"); 534 provide("Cipher", "AES_128/GCM/NOPADDING"); 535 provide("Cipher", "AES_128/GCM-SIV/NOPADDING"); 536 provide("Cipher", "AES_256/CBC/NOPADDING"); 537 provide("Cipher", "AES_256/CBC/PKCS5PADDING"); 538 provide("Cipher", "AES_256/CBC/PKCS7PADDING"); 539 provide("Cipher", "AES_256/ECB/NOPADDING"); 540 provide("Cipher", "AES_256/ECB/PKCS5PADDING"); 541 provide("Cipher", "AES_256/ECB/PKCS7PADDING"); 542 provide("Cipher", "AES_256/GCM/NOPADDING"); 543 provide("Cipher", "AES_256/GCM-SIV/NOPADDING"); 544 provide("Cipher", "DESEDE/CBC/NOPADDING"); 545 provide("Cipher", "DESEDE/CBC/PKCS5PADDING"); 546 provide("Cipher", "DESEDE/CBC/PKCS7PADDING"); 547 provide("Cipher", "DESEDE/CFB/NOPADDING"); 548 provide("Cipher", "DESEDE/CFB/PKCS5PADDING"); 549 provide("Cipher", "DESEDE/CFB/PKCS7PADDING"); 550 provide("Cipher", "DESEDE/ECB/NOPADDING"); 551 provide("Cipher", "DESEDE/ECB/PKCS5PADDING"); 552 provide("Cipher", "DESEDE/ECB/PKCS7PADDING"); 553 provide("Cipher", "DESEDE/OFB/NOPADDING"); 554 provide("Cipher", "DESEDE/OFB/PKCS5PADDING"); 555 provide("Cipher", "DESEDE/OFB/PKCS7PADDING"); 556 557 // Provided by our OpenSSL provider 558 provide("AlgorithmParameters", "ChaCha20"); 559 provide("Cipher", "ChaCha20"); 560 provide("Cipher", "ChaCha20/Poly1305/NoPadding"); 561 provide("KeyGenerator", "ChaCha20"); 562 provideCipherPaddings("AES", new String[] { "PKCS7Padding" }); 563 564 // removed LDAP 565 unprovide("CertStore", "LDAP"); 566 567 // removed MD2 568 unprovide("MessageDigest", "MD2"); 569 unprovide("Signature", "MD2withRSA"); 570 571 // removed RC2 572 // NOTE the implementation remains to support PKCS12 keystores 573 unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 574 unprovide("AlgorithmParameters", "RC2"); 575 unprovide("Cipher", "PBEWithSHA1AndRC2_40"); 576 unprovide("Cipher", "RC2"); 577 unprovide("KeyGenerator", "RC2"); 578 unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 579 580 // PBEWithMD5AndTripleDES is Sun proprietary 581 unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 582 unprovide("Cipher", "PBEWithMD5AndTripleDES"); 583 unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 584 585 // missing from Bouncy Castle 586 // Standard Names document says to use specific PBEWith*And* 587 unprovide("AlgorithmParameters", "PBE"); 588 589 // missing from Bouncy Castle 590 // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters 591 // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead 592 unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3 593 594 // EC support 595 provide("AlgorithmParameters", "EC"); 596 provide("KeyAgreement", "ECDH"); 597 provide("KeyFactory", "EC"); 598 provide("KeyPairGenerator", "EC"); 599 provide("Signature", "NONEWITHECDSA"); 600 provide("Signature", "SHA1WITHECDSA"); 601 provide("Signature", "SHA224WITHECDSA"); 602 provide("Signature", "SHA256WITHECDSA"); 603 provide("Signature", "SHA384WITHECDSA"); 604 provide("Signature", "SHA512WITHECDSA"); 605 606 // Android's CA store 607 provide("KeyStore", "AndroidCAStore"); 608 609 // Android's KeyStore provider 610 if (Security.getProvider("AndroidKeyStore") != null) { 611 provide("KeyStore", "AndroidKeyStore"); 612 } 613 614 // TimaKeyStore provider 615 if (Security.getProvider("TimaKeyStore") != null) { 616 provide("KeyStore", "TimaKeyStore"); 617 } 618 // KnoxAndroidKeyStore provider 619 if (Security.getProvider("KnoxAndroidKeyStore") != null) { 620 provide("KeyStore", "KnoxAndroidKeyStore"); 621 } 622 623 // Elliptic curve Diffie-Hellman 624 provide("KeyAgreement", "XDH"); 625 provide("KeyFactory", "XDH"); 626 provide("KeyPairGenerator", "XDH"); 627 628 // AES-CMAC Mac 629 provide("Mac", "AESCMAC"); 630 } 631 } 632 633 public static final Set<String> KEY_TYPES = new HashSet<>(Arrays.asList( 634 "RSA", 635 "DSA", 636 "DH_RSA", 637 "DH_DSA", 638 "EC", 639 "EC_EC", 640 "EC_RSA")); 641 static { 642 if (IS_RI) { 643 // DH_* are specified by standard names, but do not seem to be supported by RI 644 KEY_TYPES.remove("DH_RSA"); 645 KEY_TYPES.remove("DH_DSA"); 646 } 647 } 648 649 /** 650 * Valid values for X509TrustManager.checkClientTrusted authType, 651 * either the algorithm of the public key or UNKNOWN. 652 */ 653 public static final Set<String> CLIENT_AUTH_TYPES = new HashSet<>(Arrays.asList( 654 "RSA", 655 "DSA", 656 "EC", 657 "UNKNOWN")); 658 659 /** 660 * Valid values for X509TrustManager.checkServerTrusted authType, 661 * either key exchange algorithm part of the cipher suite, UNKNOWN, 662 * or GENERIC (for TLS 1.3 cipher suites that don't imply a specific 663 * key exchange method). 664 */ 665 public static final Set<String> SERVER_AUTH_TYPES = new HashSet<>(Arrays.asList( 666 "DHE_DSS", 667 "DHE_DSS_EXPORT", 668 "DHE_RSA", 669 "DHE_RSA_EXPORT", 670 "DH_DSS_EXPORT", 671 "DH_RSA_EXPORT", 672 "DH_anon", 673 "DH_anon_EXPORT", 674 "KRB5", 675 "KRB5_EXPORT", 676 "RSA", 677 "RSA_EXPORT", 678 "RSA_EXPORT1024", 679 "ECDH_ECDSA", 680 "ECDH_RSA", 681 "ECDHE_ECDSA", 682 "ECDHE_RSA", 683 "UNKNOWN", 684 "GENERIC")); 685 686 /** 687 * Cipher suites that are only supported with TLS 1.3. 688 */ 689 public static final List<String> CIPHER_SUITES_TLS13 = Arrays.asList( 690 "TLS_AES_128_GCM_SHA256", 691 "TLS_AES_256_GCM_SHA384", 692 "TLS_CHACHA20_POLY1305_SHA256"); 693 694 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 695 // javax.net.ssl.SSLEngine. 696 private static final List<String> CIPHER_SUITES_ANDROID_AES_HARDWARE = Arrays.asList( 697 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 698 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 699 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 700 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 701 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 702 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 703 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 704 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 705 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 706 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 707 "TLS_RSA_WITH_AES_128_GCM_SHA256", 708 "TLS_RSA_WITH_AES_256_GCM_SHA384", 709 "TLS_RSA_WITH_AES_128_CBC_SHA", 710 "TLS_RSA_WITH_AES_256_CBC_SHA", 711 CIPHER_SUITE_SECURE_RENEGOTIATION 712 ); 713 714 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 715 // javax.net.ssl.SSLEngine. 716 private static final List<String> CIPHER_SUITES_ANDROID_SOFTWARE = Arrays.asList( 717 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 718 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 719 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 720 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 721 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 722 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 723 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 724 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 725 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 726 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 727 "TLS_RSA_WITH_AES_128_GCM_SHA256", 728 "TLS_RSA_WITH_AES_256_GCM_SHA384", 729 "TLS_RSA_WITH_AES_128_CBC_SHA", 730 "TLS_RSA_WITH_AES_256_CBC_SHA", 731 CIPHER_SUITE_SECURE_RENEGOTIATION 732 ); 733 734 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 735 // javax.net.ssl.SSLEngine. 736 public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI) 737 ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 738 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 739 "TLS_RSA_WITH_AES_256_CBC_SHA256", 740 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 741 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 742 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 743 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 744 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 745 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 746 "TLS_RSA_WITH_AES_256_CBC_SHA", 747 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 748 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 749 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 750 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 751 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 752 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 753 "TLS_RSA_WITH_AES_128_CBC_SHA256", 754 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 755 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 756 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 757 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 758 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 759 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 760 "TLS_RSA_WITH_AES_128_CBC_SHA", 761 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 762 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 763 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 764 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 765 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 766 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 767 "SSL_RSA_WITH_RC4_128_SHA", 768 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 769 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 770 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 771 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 772 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 773 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 774 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 775 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 776 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 777 "SSL_RSA_WITH_RC4_128_MD5", 778 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV") 779 : CpuFeatures.isAesHardwareAccelerated() ? CIPHER_SUITES_ANDROID_AES_HARDWARE 780 : CIPHER_SUITES_ANDROID_SOFTWARE; 781 782 private static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES; 783 private static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES; 784 private static final Map<String, Integer> MINIMUM_KEY_SIZE; 785 static { 786 PRIVATE_KEY_SPEC_CLASSES = new HashMap<>(); 787 PUBLIC_KEY_SPEC_CLASSES = new HashMap<>(); 788 MINIMUM_KEY_SIZE = new HashMap<>(); 789 PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class); 790 PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class); 791 MINIMUM_KEY_SIZE.put("RSA", 512); 792 PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class); 793 PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class); 794 MINIMUM_KEY_SIZE.put("DSA", 512); 795 PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class); 796 PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class); 797 MINIMUM_KEY_SIZE.put("DH", 256); 798 PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class); 799 PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class); 800 MINIMUM_KEY_SIZE.put("EC", 256); 801 } 802 getPrivateKeySpecClass(String algName)803 public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) { 804 return PRIVATE_KEY_SPEC_CLASSES.get(algName); 805 } 806 getPublicKeySpecClass(String algName)807 public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) { 808 return PUBLIC_KEY_SPEC_CLASSES.get(algName); 809 } 810 getMinimumKeySize(String algName)811 public static int getMinimumKeySize(String algName) { 812 return MINIMUM_KEY_SIZE.get(algName); 813 } 814 815 } 816