1 /* GENERATED SOURCE. DO NOT MODIFY. */ 2 /* 3 * Copyright (C) 2010 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package com.android.org.conscrypt; 19 20 import java.security.Provider; 21 22 /** 23 * Provider that uses BoringSSL to perform the actual cryptographic operations. 24 * <p> 25 * Every algorithm should have its IANA assigned OID as an alias. See the following URLs for each 26 * type: <ul> <li><a 27 * href="http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml">Hash 28 * functions</a></li> <li><a href="http://www.iana.org/assignments/dssc/dssc.xml">Signature 29 * algorithms</a></li> <li><a 30 * href="http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html">NIST cryptographic 31 * algorithms</a></li> 32 * </ul> 33 * @hide This class is not part of the Android public SDK API 34 */ 35 @libcore.api.IntraCoreApi 36 @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE) 37 @Internal 38 public final class OpenSSLProvider extends Provider { 39 private static final long serialVersionUID = 2996752495318905136L; 40 41 private static final String PREFIX = OpenSSLProvider.class.getPackage().getName() + "."; 42 43 private static final String STANDARD_EC_PRIVATE_KEY_INTERFACE_CLASS_NAME = 44 "java.security.interfaces.ECPrivateKey"; 45 private static final String STANDARD_XEC_PRIVATE_KEY_INTERFACE_CLASS_NAME = 46 "java.security.interfaces.XECPrivateKey"; 47 private static final String STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME = 48 "java.security.interfaces.RSAPrivateKey"; 49 private static final String STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME = 50 "java.security.interfaces.RSAPublicKey"; 51 52 @android.compat.annotation.UnsupportedAppUsage 53 @libcore.api.IntraCoreApi 54 @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE) OpenSSLProvider()55 public OpenSSLProvider() { 56 this(Platform.getDefaultProviderName()); 57 } 58 59 @SuppressWarnings("deprecation") OpenSSLProvider(String providerName)60 public OpenSSLProvider(String providerName) { 61 this(providerName, Platform.provideTrustManagerByDefault(), "TLSv1.3"); 62 } 63 OpenSSLProvider(String providerName, boolean includeTrustManager, String defaultTlsProtocol)64 OpenSSLProvider(String providerName, boolean includeTrustManager, String defaultTlsProtocol) { 65 super(providerName, 1.0, "Android's OpenSSL-backed security provider"); 66 67 // Ensure that the native library has been loaded. 68 NativeCrypto.checkAvailability(); 69 70 // Make sure the platform is initialized. 71 Platform.setup(); 72 73 /* === SSL Contexts === */ 74 String classOpenSSLContextImpl = PREFIX + "OpenSSLContextImpl"; 75 String tls12SSLContextSuffix = "$TLSv12"; 76 String tls13SSLContextSuffix = "$TLSv13"; 77 String defaultSSLContextSuffix; 78 switch (defaultTlsProtocol) { 79 case "TLSv1.2": 80 defaultSSLContextSuffix = tls12SSLContextSuffix; 81 break; 82 case "TLSv1.3": 83 defaultSSLContextSuffix = tls13SSLContextSuffix; 84 break; 85 default: 86 throw new IllegalArgumentException( 87 "Choice of default protocol is unsupported: " + defaultTlsProtocol); 88 } 89 // Keep SSL as an alias to TLS 90 put("SSLContext.SSL", classOpenSSLContextImpl + defaultSSLContextSuffix); 91 put("SSLContext.TLS", classOpenSSLContextImpl + defaultSSLContextSuffix); 92 put("SSLContext.TLSv1", classOpenSSLContextImpl + "$TLSv1"); 93 put("SSLContext.TLSv1.1", classOpenSSLContextImpl + "$TLSv11"); 94 put("SSLContext.TLSv1.2", classOpenSSLContextImpl + tls12SSLContextSuffix); 95 put("SSLContext.TLSv1.3", classOpenSSLContextImpl + tls13SSLContextSuffix); 96 put("SSLContext.Default", PREFIX + "DefaultSSLContextImpl" + defaultSSLContextSuffix); 97 98 if (includeTrustManager) { 99 put("TrustManagerFactory.PKIX", TrustManagerFactoryImpl.class.getName()); 100 put("Alg.Alias.TrustManagerFactory.X509", "PKIX"); 101 } 102 103 put("KeyManagerFactory.PKIX", KeyManagerFactoryImpl.class.getName()); 104 put("Alg.Alias.KeyManagerFactory.X509", "PKIX"); 105 106 /* === AlgorithmParameters === */ 107 put("AlgorithmParameters.AES", PREFIX + "IvParameters$AES"); 108 put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.2", "AES"); 109 put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.22", "AES"); 110 put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.42", "AES"); 111 112 put("AlgorithmParameters.ChaCha20", PREFIX + "IvParameters$ChaCha20"); 113 114 put("AlgorithmParameters.DESEDE", PREFIX + "IvParameters$DESEDE"); 115 put("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); 116 put("Alg.Alias.AlgorithmParameters.1.2.840.113549.3.7", "DESEDE"); 117 118 put("AlgorithmParameters.GCM", PREFIX + "GCMParameters"); 119 put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.6", "GCM"); 120 put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.26", "GCM"); 121 put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.46", "GCM"); 122 put("AlgorithmParameters.OAEP", PREFIX + "OAEPParameters"); 123 put("AlgorithmParameters.PSS", PREFIX + "PSSParameters"); 124 put("AlgorithmParameters.EC", PREFIX + "ECParameters"); 125 126 /* === Message Digests === */ 127 put("MessageDigest.SHA-1", PREFIX + "OpenSSLMessageDigestJDK$SHA1"); 128 put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); 129 put("Alg.Alias.MessageDigest.SHA", "SHA-1"); 130 put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA-1"); 131 132 put("MessageDigest.SHA-224", PREFIX + "OpenSSLMessageDigestJDK$SHA224"); 133 put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); 134 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); 135 136 put("MessageDigest.SHA-256", PREFIX + "OpenSSLMessageDigestJDK$SHA256"); 137 put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); 138 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); 139 140 put("MessageDigest.SHA-384", PREFIX + "OpenSSLMessageDigestJDK$SHA384"); 141 put("Alg.Alias.MessageDigest.SHA384", "SHA-384"); 142 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); 143 144 put("MessageDigest.SHA-512", PREFIX + "OpenSSLMessageDigestJDK$SHA512"); 145 put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); 146 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); 147 148 // iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) md5(5) 149 put("MessageDigest.MD5", PREFIX + "OpenSSLMessageDigestJDK$MD5"); 150 put("Alg.Alias.MessageDigest.1.2.840.113549.2.5", "MD5"); 151 152 /* == KeyGenerators == */ 153 put("KeyGenerator.ARC4", PREFIX + "KeyGeneratorImpl$ARC4"); 154 put("Alg.Alias.KeyGenerator.RC4", "ARC4"); 155 put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4"); 156 157 put("KeyGenerator.AES", PREFIX + "KeyGeneratorImpl$AES"); 158 159 put("KeyGenerator.ChaCha20", PREFIX + "KeyGeneratorImpl$ChaCha20"); 160 161 put("KeyGenerator.DESEDE", PREFIX + "KeyGeneratorImpl$DESEDE"); 162 put("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); 163 164 put("KeyGenerator.HmacMD5", PREFIX + "KeyGeneratorImpl$HmacMD5"); 165 put("Alg.Alias.KeyGenerator.1.3.6.1.5.5.8.1.1", "HmacMD5"); 166 put("Alg.Alias.KeyGenerator.HMAC-MD5", "HmacMD5"); 167 put("Alg.Alias.KeyGenerator.HMAC/MD5", "HmacMD5"); 168 169 put("KeyGenerator.HmacSHA1", PREFIX + "KeyGeneratorImpl$HmacSHA1"); 170 put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); 171 put("Alg.Alias.KeyGenerator.1.3.6.1.5.5.8.1.2", "HmacSHA1"); 172 put("Alg.Alias.KeyGenerator.HMAC-SHA1", "HmacSHA1"); 173 put("Alg.Alias.KeyGenerator.HMAC/SHA1", "HmacSHA1"); 174 175 put("KeyGenerator.HmacSHA224", PREFIX + "KeyGeneratorImpl$HmacSHA224"); 176 put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); 177 put("Alg.Alias.KeyGenerator.HMAC-SHA224", "HmacSHA224"); 178 put("Alg.Alias.KeyGenerator.HMAC/SHA224", "HmacSHA224"); 179 180 put("KeyGenerator.HmacSHA256", PREFIX + "KeyGeneratorImpl$HmacSHA256"); 181 put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); 182 put("Alg.Alias.KeyGenerator.2.16.840.1.101.3.4.2.1", "HmacSHA256"); 183 put("Alg.Alias.KeyGenerator.HMAC-SHA256", "HmacSHA256"); 184 put("Alg.Alias.KeyGenerator.HMAC/SHA256", "HmacSHA256"); 185 186 put("KeyGenerator.HmacSHA384", PREFIX + "KeyGeneratorImpl$HmacSHA384"); 187 put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); 188 put("Alg.Alias.KeyGenerator.HMAC-SHA384", "HmacSHA384"); 189 put("Alg.Alias.KeyGenerator.HMAC/SHA384", "HmacSHA384"); 190 191 put("KeyGenerator.HmacSHA512", PREFIX + "KeyGeneratorImpl$HmacSHA512"); 192 put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); 193 put("Alg.Alias.KeyGenerator.HMAC-SHA512", "HmacSHA512"); 194 put("Alg.Alias.KeyGenerator.HMAC/SHA512", "HmacSHA512"); 195 196 /* == KeyPairGenerators == */ 197 put("KeyPairGenerator.RSA", PREFIX + "OpenSSLRSAKeyPairGenerator"); 198 put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); 199 put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.7", "RSA"); 200 put("Alg.Alias.KeyPairGenerator.2.5.8.1.1", "RSA"); 201 202 put("KeyPairGenerator.EC", PREFIX + "OpenSSLECKeyPairGenerator"); 203 put("Alg.Alias.KeyPairGenerator.1.2.840.10045.2.1", "EC"); 204 put("Alg.Alias.KeyPairGenerator.1.3.133.16.840.63.0.2", "EC"); 205 206 put("KeyPairGenerator.XDH", PREFIX + "OpenSSLXDHKeyPairGenerator"); 207 put("Alg.Alias.KeyPairGenerator.1.3.101.110", "XDH"); 208 209 /* == KeyFactory == */ 210 put("KeyFactory.RSA", PREFIX + "OpenSSLRSAKeyFactory"); 211 put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); 212 put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.7", "RSA"); 213 put("Alg.Alias.KeyFactory.2.5.8.1.1", "RSA"); 214 215 put("KeyFactory.EC", PREFIX + "OpenSSLECKeyFactory"); 216 put("Alg.Alias.KeyFactory.1.2.840.10045.2.1", "EC"); 217 put("Alg.Alias.KeyFactory.1.3.133.16.840.63.0.2", "EC"); 218 219 put("KeyFactory.XDH", PREFIX + "OpenSSLXDHKeyFactory"); 220 put("Alg.Alias.KeyFactory.1.3.101.110", "XDH"); 221 222 /* == SecretKeyFactory == */ 223 put("SecretKeyFactory.DESEDE", PREFIX + "DESEDESecretKeyFactory"); 224 put("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); 225 226 /* == KeyAgreement == */ 227 putECDHKeyAgreementImplClass("OpenSSLECDHKeyAgreement"); 228 putXDHKeyAgreementImplClass("OpenSSLXDHKeyAgreement"); 229 230 /* == Signatures == */ 231 putSignatureImplClass("MD5withRSA", "OpenSSLSignature$MD5RSA"); 232 put("Alg.Alias.Signature.MD5withRSAEncryption", "MD5withRSA"); 233 put("Alg.Alias.Signature.MD5/RSA", "MD5withRSA"); 234 put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); 235 put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); 236 put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5withRSA"); 237 238 putSignatureImplClass("SHA1withRSA", "OpenSSLSignature$SHA1RSA"); 239 put("Alg.Alias.Signature.SHA1withRSAEncryption", "SHA1withRSA"); 240 put("Alg.Alias.Signature.SHA1/RSA", "SHA1withRSA"); 241 put("Alg.Alias.Signature.SHA-1/RSA", "SHA1withRSA"); 242 put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); 243 put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); 244 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1withRSA"); 245 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1withRSA"); 246 put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); 247 put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA"); 248 249 putSignatureImplClass("SHA224withRSA", "OpenSSLSignature$SHA224RSA"); 250 put("Alg.Alias.Signature.SHA224withRSAEncryption", "SHA224withRSA"); 251 put("Alg.Alias.Signature.SHA224/RSA", "SHA224withRSA"); 252 put("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA"); 253 put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA"); 254 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1", 255 "SHA224withRSA"); 256 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.14", 257 "SHA224withRSA"); 258 259 putSignatureImplClass("SHA256withRSA", "OpenSSLSignature$SHA256RSA"); 260 put("Alg.Alias.Signature.SHA256withRSAEncryption", "SHA256withRSA"); 261 put("Alg.Alias.Signature.SHA256/RSA", "SHA256withRSA"); 262 put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); 263 put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); 264 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1", 265 "SHA256withRSA"); 266 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11", 267 "SHA256withRSA"); 268 269 putSignatureImplClass("SHA384withRSA", "OpenSSLSignature$SHA384RSA"); 270 put("Alg.Alias.Signature.SHA384withRSAEncryption", "SHA384withRSA"); 271 put("Alg.Alias.Signature.SHA384/RSA", "SHA384withRSA"); 272 put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); 273 put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA"); 274 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1", 275 "SHA384withRSA"); 276 277 putSignatureImplClass("SHA512withRSA", "OpenSSLSignature$SHA512RSA"); 278 put("Alg.Alias.Signature.SHA512withRSAEncryption", "SHA512withRSA"); 279 put("Alg.Alias.Signature.SHA512/RSA", "SHA512withRSA"); 280 put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); 281 put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA"); 282 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1", 283 "SHA512withRSA"); 284 285 putRAWRSASignatureImplClass("OpenSSLSignatureRawRSA"); 286 287 putSignatureImplClass("NONEwithECDSA", "OpenSSLSignatureRawECDSA"); 288 289 putSignatureImplClass("SHA1withECDSA", "OpenSSLSignature$SHA1ECDSA"); 290 put("Alg.Alias.Signature.ECDSA", "SHA1withECDSA"); 291 put("Alg.Alias.Signature.ECDSAwithSHA1", "SHA1withECDSA"); 292 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1) 293 put("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA"); 294 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "SHA1withECDSA"); 295 296 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 297 putSignatureImplClass("SHA224withECDSA", "OpenSSLSignature$SHA224ECDSA"); 298 put("Alg.Alias.Signature.SHA224/ECDSA", "SHA224withECDSA"); 299 // ecdsa-with-SHA224(1) 300 put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA"); 301 put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.1", "SHA224withECDSA"); 302 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1", "SHA224withECDSA"); 303 304 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 305 putSignatureImplClass("SHA256withECDSA", "OpenSSLSignature$SHA256ECDSA"); 306 put("Alg.Alias.Signature.SHA256/ECDSA", "SHA256withECDSA"); 307 // ecdsa-with-SHA256(2) 308 put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA"); 309 put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.2", "SHA256withECDSA"); 310 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA"); 311 312 putSignatureImplClass("SHA384withECDSA", "OpenSSLSignature$SHA384ECDSA"); 313 put("Alg.Alias.Signature.SHA384/ECDSA", "SHA384withECDSA"); 314 // ecdsa-with-SHA384(3) 315 put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA"); 316 put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.3", "SHA384withECDSA"); 317 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA"); 318 319 putSignatureImplClass("SHA512withECDSA", "OpenSSLSignature$SHA512ECDSA"); 320 put("Alg.Alias.Signature.SHA512/ECDSA", "SHA512withECDSA"); 321 // ecdsa-with-SHA512(4) 322 put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA"); 323 put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.4", "SHA512withECDSA"); 324 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA"); 325 326 putSignatureImplClass("SHA1withRSA/PSS", "OpenSSLSignature$SHA1RSAPSS"); 327 put("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); 328 329 putSignatureImplClass("SHA224withRSA/PSS", "OpenSSLSignature$SHA224RSAPSS"); 330 put("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); 331 332 putSignatureImplClass("SHA256withRSA/PSS", "OpenSSLSignature$SHA256RSAPSS"); 333 put("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); 334 335 putSignatureImplClass("SHA384withRSA/PSS", "OpenSSLSignature$SHA384RSAPSS"); 336 put("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); 337 338 putSignatureImplClass("SHA512withRSA/PSS", "OpenSSLSignature$SHA512RSAPSS"); 339 put("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); 340 341 /* === SecureRandom === */ 342 /* 343 * We have to specify SHA1PRNG because various documentation mentions 344 * that algorithm by name instead of just recommending calling 345 * "new SecureRandom()" 346 */ 347 put("SecureRandom.SHA1PRNG", PREFIX + "OpenSSLRandom"); 348 put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); 349 350 /* === Cipher === */ 351 putRSACipherImplClass("RSA/ECB/NoPadding", "OpenSSLCipherRSA$Raw"); 352 put("Alg.Alias.Cipher.RSA/None/NoPadding", "RSA/ECB/NoPadding"); 353 putRSACipherImplClass("RSA/ECB/PKCS1Padding", "OpenSSLCipherRSA$PKCS1"); 354 put("Alg.Alias.Cipher.RSA/None/PKCS1Padding", "RSA/ECB/PKCS1Padding"); 355 356 putRSACipherImplClass("RSA/ECB/OAEPPadding", "OpenSSLCipherRSA$OAEP$SHA1"); 357 put("Alg.Alias.Cipher.RSA/None/OAEPPadding", "RSA/ECB/OAEPPadding"); 358 putRSACipherImplClass("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", "OpenSSLCipherRSA$OAEP$SHA1"); 359 put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-1AndMGF1Padding", 360 "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 361 putRSACipherImplClass( 362 "RSA/ECB/OAEPWithSHA-224AndMGF1Padding", "OpenSSLCipherRSA$OAEP$SHA224"); 363 put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-224AndMGF1Padding", 364 "RSA/ECB/OAEPWithSHA-224AndMGF1Padding"); 365 putRSACipherImplClass( 366 "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", "OpenSSLCipherRSA$OAEP$SHA256"); 367 put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-256AndMGF1Padding", 368 "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 369 putRSACipherImplClass( 370 "RSA/ECB/OAEPWithSHA-384AndMGF1Padding", "OpenSSLCipherRSA$OAEP$SHA384"); 371 put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-384AndMGF1Padding", 372 "RSA/ECB/OAEPWithSHA-384AndMGF1Padding"); 373 putRSACipherImplClass( 374 "RSA/ECB/OAEPWithSHA-512AndMGF1Padding", "OpenSSLCipherRSA$OAEP$SHA512"); 375 put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-512AndMGF1Padding", 376 "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 377 378 /* 379 * OpenSSL only supports a subset of modes, so we'll name them 380 * explicitly here. 381 * 382 * Moreover, OpenSSL only supports PKCS#7 padding. PKCS#5 padding 383 * is also supported because it's a special case of PKCS#7 for 64-bit 384 * blocks. PKCS#5 technically supports only 64-bit blocks and won't 385 * produce the same result as PKCS#7 for blocks that are not 64 bits 386 * long. However, everybody assumes PKCS#7 when they say PKCS#5. For 387 * example, lots of code uses PKCS#5 with AES whose blocks are longer 388 * than 64 bits. We solve this confusion by making PKCS7Padding an 389 * alias for PKCS5Padding. 390 */ 391 putSymmetricCipherImplClass("AES/ECB/NoPadding", "OpenSSLEvpCipherAES$AES$ECB$NoPadding"); 392 putSymmetricCipherImplClass( 393 "AES/ECB/PKCS5Padding", "OpenSSLEvpCipherAES$AES$ECB$PKCS5Padding"); 394 put("Alg.Alias.Cipher.AES/ECB/PKCS7Padding", "AES/ECB/PKCS5Padding"); 395 putSymmetricCipherImplClass("AES/CBC/NoPadding", "OpenSSLEvpCipherAES$AES$CBC$NoPadding"); 396 putSymmetricCipherImplClass( 397 "AES/CBC/PKCS5Padding", "OpenSSLEvpCipherAES$AES$CBC$PKCS5Padding"); 398 put("Alg.Alias.Cipher.AES/CBC/PKCS7Padding", "AES/CBC/PKCS5Padding"); 399 putSymmetricCipherImplClass("AES/CTR/NoPadding", "OpenSSLEvpCipherAES$AES$CTR"); 400 401 putSymmetricCipherImplClass( 402 "AES_128/ECB/NoPadding", "OpenSSLEvpCipherAES$AES_128$ECB$NoPadding"); 403 putSymmetricCipherImplClass( 404 "AES_128/ECB/PKCS5Padding", "OpenSSLEvpCipherAES$AES_128$ECB$PKCS5Padding"); 405 put("Alg.Alias.Cipher.AES_128/ECB/PKCS7Padding", "AES_128/ECB/PKCS5Padding"); 406 putSymmetricCipherImplClass( 407 "AES_128/CBC/NoPadding", "OpenSSLEvpCipherAES$AES_128$CBC$NoPadding"); 408 putSymmetricCipherImplClass( 409 "AES_128/CBC/PKCS5Padding", "OpenSSLEvpCipherAES$AES_128$CBC$PKCS5Padding"); 410 put("Alg.Alias.Cipher.AES_128/CBC/PKCS7Padding", "AES_128/CBC/PKCS5Padding"); 411 412 put("Alg.Alias.Cipher.PBEWithHmacSHA1AndAES_128", "AES_128/CBC/PKCS5PADDING"); 413 put("Alg.Alias.Cipher.PBEWithHmacSHA224AndAES_128", "AES_128/CBC/PKCS5PADDING"); 414 put("Alg.Alias.Cipher.PBEWithHmacSHA256AndAES_128", "AES_128/CBC/PKCS5PADDING"); 415 put("Alg.Alias.Cipher.PBEWithHmacSHA384AndAES_128", "AES_128/CBC/PKCS5PADDING"); 416 put("Alg.Alias.Cipher.PBEWithHmacSHA512AndAES_128", "AES_128/CBC/PKCS5PADDING"); 417 418 putSymmetricCipherImplClass( 419 "AES_256/ECB/NoPadding", "OpenSSLEvpCipherAES$AES_256$ECB$NoPadding"); 420 putSymmetricCipherImplClass( 421 "AES_256/ECB/PKCS5Padding", "OpenSSLEvpCipherAES$AES_256$ECB$PKCS5Padding"); 422 put("Alg.Alias.Cipher.AES_256/ECB/PKCS7Padding", "AES_256/ECB/PKCS5Padding"); 423 putSymmetricCipherImplClass( 424 "AES_256/CBC/NoPadding", "OpenSSLEvpCipherAES$AES_256$CBC$NoPadding"); 425 putSymmetricCipherImplClass( 426 "AES_256/CBC/PKCS5Padding", "OpenSSLEvpCipherAES$AES_256$CBC$PKCS5Padding"); 427 put("Alg.Alias.Cipher.AES_256/CBC/PKCS7Padding", "AES_256/CBC/PKCS5Padding"); 428 429 put("Alg.Alias.Cipher.PBEWithHmacSHA1AndAES_256", "AES_256/CBC/PKCS5PADDING"); 430 put("Alg.Alias.Cipher.PBEWithHmacSHA224AndAES_256", "AES_256/CBC/PKCS5PADDING"); 431 put("Alg.Alias.Cipher.PBEWithHmacSHA256AndAES_256", "AES_256/CBC/PKCS5PADDING"); 432 put("Alg.Alias.Cipher.PBEWithHmacSHA384AndAES_256", "AES_256/CBC/PKCS5PADDING"); 433 put("Alg.Alias.Cipher.PBEWithHmacSHA512AndAES_256", "AES_256/CBC/PKCS5PADDING"); 434 435 putSymmetricCipherImplClass("DESEDE/CBC/NoPadding", "OpenSSLEvpCipherDESEDE$CBC$NoPadding"); 436 putSymmetricCipherImplClass( 437 "DESEDE/CBC/PKCS5Padding", "OpenSSLEvpCipherDESEDE$CBC$PKCS5Padding"); 438 put("Alg.Alias.Cipher.DESEDE/CBC/PKCS7Padding", "DESEDE/CBC/PKCS5Padding"); 439 440 putSymmetricCipherImplClass("ARC4", "OpenSSLEvpCipherARC4"); 441 put("Alg.Alias.Cipher.ARCFOUR", "ARC4"); 442 put("Alg.Alias.Cipher.RC4", "ARC4"); 443 put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); 444 put("Alg.Alias.Cipher.OID.1.2.840.113549.3.4", "ARC4"); 445 446 putSymmetricCipherImplClass("AES/GCM/NoPadding", "OpenSSLAeadCipherAES$GCM"); 447 put("Alg.Alias.Cipher.GCM", "AES/GCM/NoPadding"); 448 put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES/GCM/NoPadding"); 449 put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES/GCM/NoPadding"); 450 put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES/GCM/NoPadding"); 451 putSymmetricCipherImplClass("AES_128/GCM/NoPadding", "OpenSSLAeadCipherAES$GCM$AES_128"); 452 putSymmetricCipherImplClass("AES_256/GCM/NoPadding", "OpenSSLAeadCipherAES$GCM$AES_256"); 453 454 putSymmetricCipherImplClass("AES/GCM-SIV/NoPadding", "OpenSSLAeadCipherAES$GCM_SIV"); 455 putSymmetricCipherImplClass( 456 "AES_128/GCM-SIV/NoPadding", "OpenSSLAeadCipherAES$GCM_SIV$AES_128"); 457 putSymmetricCipherImplClass( 458 "AES_256/GCM-SIV/NoPadding", "OpenSSLAeadCipherAES$GCM_SIV$AES_256"); 459 460 putSymmetricCipherImplClass("ChaCha20", 461 "OpenSSLCipherChaCha20"); 462 putSymmetricCipherImplClass("ChaCha20/Poly1305/NoPadding", "OpenSSLAeadCipherChaCha20"); 463 put("Alg.Alias.Cipher.ChaCha20-Poly1305", "ChaCha20/Poly1305/NoPadding"); 464 465 /* === Mac === */ 466 467 putMacImplClass("HmacMD5", "OpenSSLMac$HmacMD5"); 468 put("Alg.Alias.Mac.1.3.6.1.5.5.8.1.1", "HmacMD5"); 469 put("Alg.Alias.Mac.HMAC-MD5", "HmacMD5"); 470 put("Alg.Alias.Mac.HMAC/MD5", "HmacMD5"); 471 472 // PKCS#2 - iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 473 // http://www.oid-info.com/get/1.2.840.113549.2 474 475 // HMAC-SHA-1 PRF (7) 476 putMacImplClass("HmacSHA1", "OpenSSLMac$HmacSHA1"); 477 put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); 478 put("Alg.Alias.Mac.1.3.6.1.5.5.8.1.2", "HmacSHA1"); 479 put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1"); 480 put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1"); 481 482 // id-hmacWithSHA224 (8) 483 putMacImplClass("HmacSHA224", "OpenSSLMac$HmacSHA224"); 484 put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); 485 put("Alg.Alias.Mac.HMAC-SHA224", "HmacSHA224"); 486 put("Alg.Alias.Mac.HMAC/SHA224", "HmacSHA224"); 487 put("Alg.Alias.Mac.PBEWITHHMACSHA224", "HmacSHA224"); 488 489 // id-hmacWithSHA256 (9) 490 putMacImplClass("HmacSHA256", "OpenSSLMac$HmacSHA256"); 491 put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); 492 put("Alg.Alias.Mac.2.16.840.1.101.3.4.2.1", "HmacSHA256"); 493 put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256"); 494 put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256"); 495 put("Alg.Alias.Mac.PBEWITHHMACSHA256", "HmacSHA256"); 496 497 // id-hmacWithSHA384 (10) 498 putMacImplClass("HmacSHA384", "OpenSSLMac$HmacSHA384"); 499 put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); 500 put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384"); 501 put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384"); 502 put("Alg.Alias.Mac.PBEWITHHMACSHA384", "HmacSHA384"); 503 504 // id-hmacWithSHA384 (11) 505 putMacImplClass("HmacSHA512", "OpenSSLMac$HmacSHA512"); 506 put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); 507 put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512"); 508 put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512"); 509 put("Alg.Alias.Mac.PBEWITHHMACSHA512", "HmacSHA512"); 510 511 putMacImplClass("AESCMAC", "OpenSSLMac$AesCmac"); 512 513 /* === Certificate === */ 514 515 put("CertificateFactory.X509", PREFIX + "OpenSSLX509CertificateFactory"); 516 put("Alg.Alias.CertificateFactory.X.509", "X509"); 517 } 518 putMacImplClass(String algorithm, String className)519 private void putMacImplClass(String algorithm, String className) { 520 // Accept only keys for which any of the following is true: 521 // * the key is from this provider (subclass of OpenSSLKeyHolder), 522 // * the key provides its key material in "RAW" encoding via Key.getEncoded. 523 String supportedKeyClasses = PREFIX + "OpenSSLKeyHolder"; 524 String supportedKeyFormats = "RAW"; 525 putImplClassWithKeyConstraints( 526 "Mac." + algorithm, 527 PREFIX + className, 528 supportedKeyClasses, 529 supportedKeyFormats); 530 } 531 putSymmetricCipherImplClass(String transformation, String className)532 private void putSymmetricCipherImplClass(String transformation, String className) { 533 // Accept only keys for which any of the following is true: 534 // * the key provides its key material in "RAW" encoding via Key.getEncoded. 535 String supportedKeyClasses = null; // ignored -- filtered based on encoding format only 536 String supportedKeyFormats = "RAW"; 537 putImplClassWithKeyConstraints( 538 "Cipher." + transformation, 539 PREFIX + className, 540 supportedKeyClasses, 541 supportedKeyFormats); 542 } 543 putRSACipherImplClass(String transformation, String className)544 private void putRSACipherImplClass(String transformation, String className) { 545 // Accept only keys for which any of the following is true: 546 // * the key is instance of OpenSSLRSAPrivateKey, RSAPrivateKey, OpenSSLRSAPublicKey, or 547 // RSAPublicKey. 548 String supportedKeyClasses = PREFIX + "OpenSSLRSAPrivateKey" 549 + "|" + STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME 550 + "|" + PREFIX + "OpenSSLRSAPublicKey" 551 + "|" + STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME; 552 String supportedKeyFormats = null; // ignored -- filtered based on class only 553 putImplClassWithKeyConstraints( 554 "Cipher." + transformation, 555 PREFIX + className, 556 supportedKeyClasses, 557 supportedKeyFormats); 558 } 559 putSignatureImplClass(String algorithm, String className)560 private void putSignatureImplClass(String algorithm, String className) { 561 // Accept only keys for which any of the following is true: 562 // * the key is from this provider (subclass of OpenSSLKeyHolder), 563 // * the key provides its key material in "PKCS#8" or "X.509" encodings via Key.getEncoded. 564 // * the key is a transparent private key (subclass of RSAPrivateKey or ECPrivateKey). For 565 // some reason this provider's Signature implementation does not unconditionally accept 566 // transparent public keys -- it only accepts them if they provide their key material in 567 // encoded form (see above). 568 String supportedKeyClasses = PREFIX + "OpenSSLKeyHolder" 569 + "|" + STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME 570 + "|" + STANDARD_EC_PRIVATE_KEY_INTERFACE_CLASS_NAME 571 + "|" + STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME; 572 String supportedKeyFormats = "PKCS#8|X.509"; 573 putImplClassWithKeyConstraints( 574 "Signature." + algorithm, 575 PREFIX + className, 576 supportedKeyClasses, 577 supportedKeyFormats); 578 } 579 putRAWRSASignatureImplClass(String className)580 private void putRAWRSASignatureImplClass(String className) { 581 // Accept only keys for which any of the following is true: 582 // * the key is instance of OpenSSLRSAPrivateKey, RSAPrivateKey, OpenSSLRSAPublicKey, or 583 // RSAPublicKey. 584 String supportedKeyClasses = PREFIX + "OpenSSLRSAPrivateKey" 585 + "|" + STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME 586 + "|" + PREFIX + "OpenSSLRSAPublicKey" 587 + "|" + STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME; 588 String supportedKeyFormats = null; // ignored -- filtered based on class only 589 putImplClassWithKeyConstraints( 590 "Signature.NONEwithRSA", 591 PREFIX + className, 592 supportedKeyClasses, 593 supportedKeyFormats); 594 } 595 putECDHKeyAgreementImplClass(String className)596 private void putECDHKeyAgreementImplClass(String className) { 597 // Accept only keys for which any of the following is true: 598 // * the key is from this provider (subclass of OpenSSLKeyHolder), 599 // * the key provides its key material in "PKCS#8" encoding via Key.getEncoded. 600 // * the key is a transparent EC private key (subclass of ECPrivateKey). 601 String supportedKeyClasses = PREFIX + "OpenSSLKeyHolder" 602 + "|" + STANDARD_EC_PRIVATE_KEY_INTERFACE_CLASS_NAME; 603 String supportedKeyFormats = "PKCS#8"; 604 putImplClassWithKeyConstraints( 605 "KeyAgreement.ECDH", 606 PREFIX + className, 607 supportedKeyClasses, 608 supportedKeyFormats); 609 } 610 putXDHKeyAgreementImplClass(String className)611 private void putXDHKeyAgreementImplClass(String className) { 612 // Accept only keys for which any of the following is true: 613 // * the key is from this provider (subclass of OpenSSLKeyHolder), 614 // * the key provides its key material in "PKCS#8" encoding via Key.getEncoded. 615 // * the key is a transparent XEC private key (subclass of XECPrivateKey). 616 String supportedKeyClasses = PREFIX + "OpenSSLKeyHolder" 617 + "|" + STANDARD_XEC_PRIVATE_KEY_INTERFACE_CLASS_NAME + "|" + PREFIX 618 + "OpenSSLX25519PrivateKey"; 619 String supportedKeyFormats = "PKCS#8"; 620 putImplClassWithKeyConstraints( 621 "KeyAgreement.XDH", PREFIX + className, supportedKeyClasses, supportedKeyFormats); 622 } 623 putImplClassWithKeyConstraints(String typeAndAlgName, String fullyQualifiedClassName, String supportedKeyClasses, String supportedKeyFormats)624 private void putImplClassWithKeyConstraints(String typeAndAlgName, 625 String fullyQualifiedClassName, 626 String supportedKeyClasses, 627 String supportedKeyFormats) { 628 put(typeAndAlgName, fullyQualifiedClassName); 629 if (supportedKeyClasses != null) { 630 put(typeAndAlgName + " SupportedKeyClasses", supportedKeyClasses); 631 } 632 if (supportedKeyFormats != null) { 633 put(typeAndAlgName + " SupportedKeyFormats", supportedKeyFormats); 634 } 635 } 636 } 637