• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2010 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package libcore.java.security;
18 
19 import static org.junit.Assert.assertEquals;
20 import static org.junit.Assert.assertNotNull;
21 import static org.junit.Assert.assertTrue;
22 
23 import java.security.Security;
24 import java.security.spec.DSAPrivateKeySpec;
25 import java.security.spec.DSAPublicKeySpec;
26 import java.security.spec.ECPrivateKeySpec;
27 import java.security.spec.ECPublicKeySpec;
28 import java.security.spec.KeySpec;
29 import java.security.spec.RSAPrivateCrtKeySpec;
30 import java.security.spec.RSAPublicKeySpec;
31 import java.util.ArrayList;
32 import java.util.Arrays;
33 import java.util.Collections;
34 import java.util.HashMap;
35 import java.util.HashSet;
36 import java.util.LinkedHashSet;
37 import java.util.List;
38 import java.util.Locale;
39 import java.util.Map;
40 import java.util.Set;
41 import javax.crypto.spec.DHPrivateKeySpec;
42 import javax.crypto.spec.DHPublicKeySpec;
43 
44 /**
45  * This class defines expected string names for protocols, key types,
46  * client and server auth types, cipher suites.
47  *
48  * Initially based on "Appendix A: Standard Names" of
49  * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA">
50  * Java &trade; Secure Socket Extension (JSSE) Reference Guide
51  * for the Java &trade; 2 Platform Standard Edition 5
52  * </a>.
53  *
54  * Updated based on the
55  * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html">
56  * Java &trade; Cryptography Architecture Oracle Providers Documentation
57  * for Java &trade; Platform Standard Edition 7
58  * </a>.
59  * See also the
60  * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html">
61  * Java &trade; Cryptography Architecture Standard Algorithm Name Documentation
62  * </a>.
63  *
64  * Further updates based on the
65  * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html">
66  * Java &trade; PKCS#11 Reference Guide
67  * </a>.
68  */
69 public final class StandardNames {
70     public static final boolean IS_RI =
71             !"Dalvik Core Library".equals(System.getProperty("java.specification.name"));
72     public static final String JSSE_PROVIDER_NAME = (IS_RI) ? "SunJSSE" : "AndroidOpenSSL";
73     public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC";
74 
75     public static final String KEY_MANAGER_FACTORY_DEFAULT = (IS_RI) ? "SunX509" : "PKIX";
76     public static final String TRUST_MANAGER_FACTORY_DEFAULT = "PKIX";
77 
78     public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS";
79 
80     /**
81      * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation
82      */
83     public static final String CIPHER_SUITE_SECURE_RENEGOTIATION =
84             "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
85 
86     /**
87      * From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it is a
88      * signaling cipher suite value (SCSV) to indicate that this request is a
89      * protocol fallback (e.g., TLS 1.0 -> SSL 3.0) because the server didn't respond
90      * to the first request.
91      */
92     public static final String CIPHER_SUITE_FALLBACK = "TLS_FALLBACK_SCSV";
93 
94     /**
95      * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...)
96      */
97     public static final HashMap<String, HashSet<String>> PROVIDER_ALGORITHMS =
98             new HashMap<String, HashSet<String>>();
99 
100     public static final HashMap<String, HashSet<String>> CIPHER_MODES =
101             new HashMap<String, HashSet<String>>();
102 
103     public static final HashMap<String, HashSet<String>> CIPHER_PADDINGS =
104             new HashMap<String, HashSet<String>>();
105 
106     private static final HashMap<String, String[]> SSL_CONTEXT_PROTOCOLS_ENABLED =
107             new HashMap<String, String[]>();
108 
provide(String type, String algorithm)109     private static void provide(String type, String algorithm) {
110         HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type);
111         if (algorithms == null) {
112             algorithms = new HashSet<String>();
113             PROVIDER_ALGORITHMS.put(type, algorithms);
114         }
115         assertTrue("Duplicate " + type + " " + algorithm,
116                 algorithms.add(algorithm.toUpperCase(Locale.ROOT)));
117     }
unprovide(String type, String algorithm)118     private static void unprovide(String type, String algorithm) {
119         HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type);
120         assertNotNull(algorithms);
121         assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT)));
122         if (algorithms.isEmpty()) {
123             assertNotNull(PROVIDER_ALGORITHMS.remove(type));
124         }
125     }
provideCipherModes(String algorithm, String newModes[])126     private static void provideCipherModes(String algorithm, String newModes[]) {
127         HashSet<String> modes = CIPHER_MODES.get(algorithm);
128         if (modes == null) {
129             modes = new HashSet<String>();
130             CIPHER_MODES.put(algorithm, modes);
131         }
132         modes.addAll(Arrays.asList(newModes));
133     }
provideCipherPaddings(String algorithm, String newPaddings[])134     private static void provideCipherPaddings(String algorithm, String newPaddings[]) {
135         HashSet<String> paddings = CIPHER_PADDINGS.get(algorithm);
136         if (paddings == null) {
137             paddings = new HashSet<String>();
138             CIPHER_PADDINGS.put(algorithm, paddings);
139         }
140         paddings.addAll(Arrays.asList(newPaddings));
141     }
provideSslContextEnabledProtocols( String algorithm, TLSVersion minimum, TLSVersion maximum)142     private static void provideSslContextEnabledProtocols(
143             String algorithm, TLSVersion minimum, TLSVersion maximum) {
144         if (minimum.ordinal() > maximum.ordinal()) {
145             throw new RuntimeException("TLS version: minimum > maximum");
146         }
147         int versionsLength = maximum.ordinal() - minimum.ordinal() + 1;
148         String[] versionNames = new String[versionsLength];
149         for (int i = 0; i < versionsLength; i++) {
150             versionNames[i] = TLSVersion.values()[i + minimum.ordinal()].name;
151         }
152         SSL_CONTEXT_PROTOCOLS_ENABLED.put(algorithm, versionNames);
153     }
154     static {
155         provide("AlgorithmParameterGenerator", "DSA");
156         provide("AlgorithmParameterGenerator", "DiffieHellman");
157         provide("AlgorithmParameters", "AES");
158         provide("AlgorithmParameters", "Blowfish");
159         provide("AlgorithmParameters", "DES");
160         provide("AlgorithmParameters", "DESede");
161         provide("AlgorithmParameters", "DSA");
162         provide("AlgorithmParameters", "DiffieHellman");
163         provide("AlgorithmParameters", "GCM");
164         provide("AlgorithmParameters", "OAEP");
165         provide("AlgorithmParameters", "PBEWithMD5AndDES");
166         provide("AlgorithmParameters", "PBEWithMD5AndTripleDES");
167         provide("AlgorithmParameters", "PBEWithSHA1AndDESede");
168         provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40");
169         provide("AlgorithmParameters", "PSS");
170         provide("AlgorithmParameters", "RC2");
171         provide("CertPathBuilder", "PKIX");
172         provide("CertPathValidator", "PKIX");
173         provide("CertStore", "Collection");
174         provide("CertStore", "LDAP");
175         provide("CertificateFactory", "X.509");
176         // TODO: provideCipherModes and provideCipherPaddings for other Ciphers
177         provide("Cipher", "AES");
178         provideCipherModes("AES", new String[] {"CBC", "CFB", "CTR", "CTS", "ECB", "OFB"});
179         provideCipherPaddings("AES", new String[] {"NoPadding", "PKCS5Padding"});
180         provide("Cipher", "AESWrap");
181         provide("Cipher", "ARCFOUR");
182         provide("Cipher", "Blowfish");
183         provide("Cipher", "DES");
184         provide("Cipher", "DESede");
185         provide("Cipher", "DESedeWrap");
186         provide("Cipher", "PBEWithMD5AndDES");
187         provide("Cipher", "PBEWithMD5AndTripleDES");
188         provide("Cipher", "PBEWithSHA1AndDESede");
189         provide("Cipher", "PBEWithSHA1AndRC2_40");
190         provide("Cipher", "RC2");
191         provide("Cipher", "RSA");
192         // TODO: None?
193         provideCipherModes("RSA", new String[] {"ECB"});
194         // TODO: OAEPPadding
195         provideCipherPaddings("RSA", new String[] {"NoPadding", "PKCS1Padding"});
196         provide("Configuration", "JavaLoginConfig");
197         provide("KeyAgreement", "DiffieHellman");
198         provide("KeyFactory", "DSA");
199         provide("KeyFactory", "DiffieHellman");
200         provide("KeyFactory", "RSA");
201         provide("KeyGenerator", "AES");
202         provide("KeyGenerator", "ARCFOUR");
203         provide("KeyGenerator", "Blowfish");
204         provide("KeyGenerator", "DES");
205         provide("KeyGenerator", "DESede");
206         provide("KeyGenerator", "HmacMD5");
207         provide("KeyGenerator", "HmacSHA1");
208         provide("KeyGenerator", "HmacSHA224");
209         provide("KeyGenerator", "HmacSHA256");
210         provide("KeyGenerator", "HmacSHA384");
211         provide("KeyGenerator", "HmacSHA512");
212         provide("KeyGenerator", "RC2");
213         provide("KeyInfoFactory", "DOM");
214         provide("KeyManagerFactory", "PKIX");
215         provide("KeyPairGenerator", "DSA");
216         provide("KeyPairGenerator", "DiffieHellman");
217         provide("KeyPairGenerator", "RSA");
218         provide("KeyStore", "JCEKS");
219         provide("KeyStore", "JKS");
220         provide("KeyStore", "PKCS12");
221         provide("Mac", "HmacMD5");
222         provide("Mac", "HmacSHA1");
223         provide("Mac", "HmacSHA224");
224         provide("Mac", "HmacSHA256");
225         provide("Mac", "HmacSHA384");
226         provide("Mac", "HmacSHA512");
227         provide("Mac", "PBEWITHHMACSHA224");
228         provide("Mac", "PBEWITHHMACSHA256");
229         provide("Mac", "PBEWITHHMACSHA384");
230         provide("Mac", "PBEWITHHMACSHA512");
231         // If adding a new MessageDigest, consider adding it to JarVerifier
232         provide("MessageDigest", "MD2");
233         provide("MessageDigest", "MD5");
234         provide("MessageDigest", "SHA-224");
235         provide("MessageDigest", "SHA-256");
236         provide("MessageDigest", "SHA-384");
237         provide("MessageDigest", "SHA-512");
238         provide("Policy", "JavaPolicy");
239         // Android does not support SSLv3
240         if (IS_RI) {
241             provide("SSLContext", "SSLv3");
242         }
243         provide("SSLContext", "TLSv1");
244         provide("SSLContext", "TLSv1.1");
245         provide("SSLContext", "TLSv1.2");
246         provide("SecretKeyFactory", "DES");
247         provide("SecretKeyFactory", "DESede");
248         provide("SecretKeyFactory", "PBEWithMD5AndDES");
249         provide("SecretKeyFactory", "PBEWithMD5AndTripleDES");
250         provide("SecretKeyFactory", "PBEWithSHA1AndDESede");
251         provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40");
252         provide("SecretKeyFactory", "PBKDF2WithHmacSHA1");
253         provide("SecretKeyFactory", "PBKDF2WithHmacSHA224");
254         provide("SecretKeyFactory", "PBKDF2WithHmacSHA256");
255         provide("SecretKeyFactory", "PBKDF2WithHmacSHA384");
256         provide("SecretKeyFactory", "PBKDF2WithHmacSHA512");
257         provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit");
258         provide("SecureRandom", "SHA1PRNG");
259         provide("Signature", "MD2withRSA");
260         provide("Signature", "MD5withRSA");
261         provide("Signature", "NONEwithDSA");
262         provide("Signature", "SHA1withDSA");
263         provide("Signature", "SHA224withDSA");
264         provide("Signature", "SHA256withDSA");
265         provide("Signature", "SHA1withRSA");
266         provide("Signature", "SHA224withRSA");
267         provide("Signature", "SHA256withRSA");
268         provide("Signature", "SHA384withRSA");
269         provide("Signature", "SHA512withRSA");
270         provide("TerminalFactory", "PC/SC");
271         provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64");
272         provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature");
273         provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#");
274         provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
275         provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2");
276         provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116");
277         provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116");
278         provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
279         provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
280         provide("TrustManagerFactory", "PKIX");
281         provide("XMLSignatureFactory", "DOM");
282 
283         // Not clearly documented by RI
284         provide("GssApiMechanism", "1.2.840.113554.1.2.2");
285         provide("GssApiMechanism", "1.3.6.1.5.5.2");
286 
287         // Not correctly documented by RI which left off the Factory suffix
288         provide("SaslClientFactory", "CRAM-MD5");
289         provide("SaslClientFactory", "DIGEST-MD5");
290         provide("SaslClientFactory", "EXTERNAL");
291         provide("SaslClientFactory", "GSSAPI");
292         provide("SaslClientFactory", "PLAIN");
293         provide("SaslServerFactory", "CRAM-MD5");
294         provide("SaslServerFactory", "DIGEST-MD5");
295         provide("SaslServerFactory", "GSSAPI");
296 
297         // Documentation seems to list alias instead of actual name
298         // provide("MessageDigest", "SHA-1");
299         provide("MessageDigest", "SHA");
300 
301         // Mentioned in javadoc, not documentation
302         provide("SSLContext", "Default");
303 
304         // Not documented as in RI 6 but mentioned in Standard Names
305         provide("AlgorithmParameters", "PBE");
306         // Android does not support SSLv3
307         if (IS_RI) {
308             provide("SSLContext", "SSL");
309         }
310         provide("SSLContext", "TLS");
311 
312         // Not documented as in RI 6 but that exist in RI 6
313         if (IS_RI) {
314             provide("CertStore", "com.sun.security.IndexedCollection");
315             provide("KeyGenerator", "SunTlsKeyMaterial");
316             provide("KeyGenerator", "SunTlsMasterSecret");
317             provide("KeyGenerator", "SunTlsPrf");
318             provide("KeyGenerator", "SunTlsRsaPremasterSecret");
319             provide("KeyStore", "CaseExactJKS");
320             provide("Mac", "HmacPBESHA1");
321             provide("Mac", "SslMacMD5");
322             provide("Mac", "SslMacSHA1");
323             provide("SecureRandom", "NativePRNG");
324             provide("Signature", "MD5andSHA1withRSA");
325             provide("TrustManagerFactory", "SunX509");
326         }
327 
328         // Only available with the SunPKCS11-NSS provider,
329         // which seems to be enabled in OpenJDK 6 but not Oracle Java 6
330         if (Security.getProvider("SunPKCS11-NSS") != null) {
331             provide("Cipher", "AES/CBC/NOPADDING");
332             provide("Cipher", "DES/CBC/NOPADDING");
333             provide("Cipher", "DESEDE/CBC/NOPADDING");
334             provide("Cipher", "RSA/ECB/PKCS1PADDING");
335             provide("KeyAgreement", "DH");
336             provide("KeyFactory", "DH");
337             provide("KeyPairGenerator", "DH");
338             provide("KeyStore", "PKCS11");
339             provide("MessageDigest", "SHA1");
340             provide("SecretKeyFactory", "AES");
341             provide("SecretKeyFactory", "ARCFOUR");
342             provide("SecureRandom", "PKCS11");
343             provide("Signature", "DSA");
344             provide("Signature", "RAWDSA");
345         }
346 
347         if (Security.getProvider("SunPKCS11-NSS") != null
348                 || Security.getProvider("SunEC") != null) {
349             provide("AlgorithmParameters", "EC");
350             provide("KeyAgreement", "ECDH");
351             provide("KeyFactory", "EC");
352             provide("KeyPairGenerator", "EC");
353             provide("Signature", "NONEWITHECDSA");
354             provide("Signature", "SHA1WITHECDSA");
355             provide("Signature", "SHA224WITHECDSA");
356             provide("Signature", "SHA256WITHECDSA");
357             provide("Signature", "SHA384WITHECDSA");
358             provide("Signature", "SHA512WITHECDSA");
359         }
360 
361         // Documented as Standard Names, but do not exit in RI 6
362         if (IS_RI) {
363             unprovide("SSLContext", "TLSv1.1");
364             unprovide("SSLContext", "TLSv1.2");
365         }
366 
367         // Fixups for the RI
368         if (IS_RI) {
369             // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or
370             // NewSunX509
371             unprovide("KeyManagerFactory", "PKIX");
372             provide("KeyManagerFactory", "SunX509");
373             provide("KeyManagerFactory", "NewSunX509");
374         }
375 
376         // Fixups for dalvik
377         if (!IS_RI) {
378             // whole types that we do not provide
379             PROVIDER_ALGORITHMS.remove("Configuration");
380             PROVIDER_ALGORITHMS.remove("GssApiMechanism");
381             PROVIDER_ALGORITHMS.remove("KeyInfoFactory");
382             PROVIDER_ALGORITHMS.remove("Policy");
383             PROVIDER_ALGORITHMS.remove("SaslClientFactory");
384             PROVIDER_ALGORITHMS.remove("SaslServerFactory");
385             PROVIDER_ALGORITHMS.remove("TerminalFactory");
386             PROVIDER_ALGORITHMS.remove("TransformService");
387             PROVIDER_ALGORITHMS.remove("XMLSignatureFactory");
388 
389             // different names Diffie-Hellman vs DH
390             unprovide("AlgorithmParameterGenerator", "DiffieHellman");
391             provide("AlgorithmParameterGenerator", "DH");
392             unprovide("AlgorithmParameters", "DiffieHellman");
393             provide("AlgorithmParameters", "DH");
394             unprovide("KeyAgreement", "DiffieHellman");
395             provide("KeyAgreement", "DH");
396             unprovide("KeyFactory", "DiffieHellman");
397             provide("KeyFactory", "DH");
398             unprovide("KeyPairGenerator", "DiffieHellman");
399             provide("KeyPairGenerator", "DH");
400 
401             // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC
402             unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede");
403             unprovide("Cipher", "PBEWithSHA1AndDESede");
404             unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede");
405             provide("AlgorithmParameters", "PKCS12PBE");
406             provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC");
407             provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC");
408 
409             // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA
410             unprovide("MessageDigest", "SHA");
411             provide("MessageDigest", "SHA-1");
412 
413             // Added to support Android KeyStore operations
414             provide("Signature", "NONEwithRSA");
415             provide("Cipher", "RSA/ECB/NOPADDING");
416             provide("Cipher", "RSA/ECB/PKCS1PADDING");
417             provide("Cipher", "RSA/ECB/OAEPPadding");
418             provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
419             provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding");
420             provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
421             provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding");
422             provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
423             provide("SecretKeyFactory", "AES");
424             provide("SecretKeyFactory", "HmacSHA1");
425             provide("SecretKeyFactory", "HmacSHA224");
426             provide("SecretKeyFactory", "HmacSHA256");
427             provide("SecretKeyFactory", "HmacSHA384");
428             provide("SecretKeyFactory", "HmacSHA512");
429             provide("Signature", "SHA1withRSA/PSS");
430             provide("Signature", "SHA224withRSA/PSS");
431             provide("Signature", "SHA256withRSA/PSS");
432             provide("Signature", "SHA384withRSA/PSS");
433             provide("Signature", "SHA512withRSA/PSS");
434 
435             // different names: ARCFOUR vs ARC4
436             unprovide("Cipher", "ARCFOUR");
437             provide("Cipher", "ARC4");
438             unprovide("KeyGenerator", "ARCFOUR");
439             provide("KeyGenerator", "ARC4");
440 
441             // different case names: Blowfish vs BLOWFISH
442             unprovide("AlgorithmParameters", "Blowfish");
443             provide("AlgorithmParameters", "BLOWFISH");
444             unprovide("Cipher", "Blowfish");
445             provide("Cipher", "BLOWFISH");
446             unprovide("KeyGenerator", "Blowfish");
447             provide("KeyGenerator", "BLOWFISH");
448 
449             // Harmony has X.509, BouncyCastle X509
450             // TODO remove one, probably Harmony's
451             provide("CertificateFactory", "X509");
452 
453             // not just different names, but different binary formats
454             unprovide("KeyStore", "JKS");
455             provide("KeyStore", "BKS");
456             unprovide("KeyStore", "JCEKS");
457             provide("KeyStore", "BouncyCastle");
458 
459             // Noise to support KeyStore.PKCS12
460             provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL");
461             provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL");
462             provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL");
463             provide("Cipher", "PBEWITHMD5ANDRC2");
464             provide("Cipher", "PBEWITHSHA1ANDDES");
465             provide("Cipher", "PBEWITHSHA1ANDRC2");
466             provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC");
467             provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC");
468             provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC");
469             provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC");
470             provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC");
471             provide("Cipher", "PBEWITHSHAAND128BITRC4");
472             provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC");
473             provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
474             provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC");
475             provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC");
476             provide("Cipher", "PBEWITHSHAAND40BITRC4");
477             provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC");
478             provide("Mac", "PBEWITHHMACSHA");
479             provide("Mac", "PBEWITHHMACSHA1");
480             provide("SecretKeyFactory", "PBEWITHHMACSHA1");
481             provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL");
482             provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL");
483             provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL");
484             provide("SecretKeyFactory", "PBEWITHMD5ANDRC2");
485             provide("SecretKeyFactory", "PBEWITHSHA1ANDDES");
486             provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2");
487             provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC");
488             provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC");
489             provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC");
490             provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC");
491             provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC");
492             provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4");
493             provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC");
494             provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
495             provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC");
496             provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC");
497             provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4");
498             provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC");
499 
500             // Needed by our OpenSSL provider
501             provide("Cipher", "AES/CBC/NOPADDING");
502             provide("Cipher", "AES/CBC/PKCS5PADDING");
503             provide("Cipher", "AES/CBC/PKCS7PADDING");
504             provide("Cipher", "AES/CFB/NOPADDING");
505             provide("Cipher", "AES/CFB/PKCS5PADDING");
506             provide("Cipher", "AES/CFB/PKCS7PADDING");
507             provide("Cipher", "AES/CTR/NOPADDING");
508             provide("Cipher", "AES/CTR/PKCS5PADDING");
509             provide("Cipher", "AES/CTR/PKCS7PADDING");
510             provide("Cipher", "AES/ECB/NOPADDING");
511             provide("Cipher", "AES/ECB/PKCS5PADDING");
512             provide("Cipher", "AES/ECB/PKCS7PADDING");
513             provide("Cipher", "AES/GCM/NOPADDING");
514             provide("Cipher", "AES/OFB/NOPADDING");
515             provide("Cipher", "AES/OFB/PKCS5PADDING");
516             provide("Cipher", "AES/OFB/PKCS7PADDING");
517             provide("Cipher", "DESEDE/CBC/NOPADDING");
518             provide("Cipher", "DESEDE/CBC/PKCS5PADDING");
519             provide("Cipher", "DESEDE/CBC/PKCS7PADDING");
520             provide("Cipher", "DESEDE/CFB/NOPADDING");
521             provide("Cipher", "DESEDE/CFB/PKCS5PADDING");
522             provide("Cipher", "DESEDE/CFB/PKCS7PADDING");
523             provide("Cipher", "DESEDE/ECB/NOPADDING");
524             provide("Cipher", "DESEDE/ECB/PKCS5PADDING");
525             provide("Cipher", "DESEDE/ECB/PKCS7PADDING");
526             provide("Cipher", "DESEDE/OFB/NOPADDING");
527             provide("Cipher", "DESEDE/OFB/PKCS5PADDING");
528             provide("Cipher", "DESEDE/OFB/PKCS7PADDING");
529 
530             // Provided by our OpenSSL provider
531             provideCipherPaddings("AES", new String[] {"PKCS7Padding"});
532 
533             // removed LDAP
534             unprovide("CertStore", "LDAP");
535 
536             // removed MD2
537             unprovide("MessageDigest", "MD2");
538             unprovide("Signature", "MD2withRSA");
539 
540             // removed RC2
541             // NOTE the implementation remains to support PKCS12 keystores
542             unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40");
543             unprovide("AlgorithmParameters", "RC2");
544             unprovide("Cipher", "PBEWithSHA1AndRC2_40");
545             unprovide("Cipher", "RC2");
546             unprovide("KeyGenerator", "RC2");
547             unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40");
548 
549             // PBEWithMD5AndTripleDES is Sun proprietary
550             unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES");
551             unprovide("Cipher", "PBEWithMD5AndTripleDES");
552             unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES");
553 
554             // missing from Bouncy Castle
555             // Standard Names document says to use specific PBEWith*And*
556             unprovide("AlgorithmParameters", "PBE");
557 
558             // missing from Bouncy Castle
559             // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters
560             // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead
561             unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3
562 
563             // EC support
564             // provide("AlgorithmParameters", "EC");
565             provide("KeyAgreement", "ECDH");
566             provide("KeyFactory", "EC");
567             provide("KeyPairGenerator", "EC");
568             provide("Signature", "NONEWITHECDSA");
569             provide("Signature", "SHA1WITHECDSA");
570             provide("Signature", "SHA224WITHECDSA");
571             provide("Signature", "SHA256WITHECDSA");
572             provide("Signature", "SHA384WITHECDSA");
573             provide("Signature", "SHA512WITHECDSA");
574 
575             // Android's CA store
576             provide("KeyStore", "AndroidCAStore");
577 
578             // Android's KeyStore provider
579             if (Security.getProvider("AndroidKeyStore") != null) {
580                 provide("KeyStore", "AndroidKeyStore");
581             }
582 
583             // TimaKeyStore provider
584             if (Security.getProvider("TimaKeyStore") != null) {
585                 provide("KeyStore", "TimaKeyStore");
586             }
587         }
588 
589         if (IS_RI) {
590             provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv1);
591             provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv1);
592             provideSslContextEnabledProtocols("TLS", TLSVersion.SSLv3, TLSVersion.TLSv1);
593             provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv1);
594             provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv11);
595             provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12);
596             provideSslContextEnabledProtocols("Default", TLSVersion.SSLv3, TLSVersion.TLSv1);
597         } else {
598             provideSslContextEnabledProtocols("TLS", TLSVersion.TLSv1, TLSVersion.TLSv12);
599             provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12);
600             provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12);
601             provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12);
602             provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12);
603         }
604     }
605 
606     public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default";
607     public static final Set<String> SSL_CONTEXT_PROTOCOLS = new HashSet<String>(
608             Arrays.asList(SSL_CONTEXT_PROTOCOLS_DEFAULT, "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"));
609     public static final String SSL_CONTEXT_PROTOCOL_DEFAULT = "TLS";
610 
611     public static final Set<String> KEY_TYPES = new HashSet<String>(
612             Arrays.asList("RSA", "DSA", "DH_RSA", "DH_DSA", "EC", "EC_EC", "EC_RSA"));
613     static {
614         if (IS_RI) {
615             // DH_* are specified by standard names, but do not seem to be supported by RI
616             KEY_TYPES.remove("DH_RSA");
617             KEY_TYPES.remove("DH_DSA");
618         }
619     }
620 
621     public static final Set<String> SSL_SOCKET_PROTOCOLS =
622             new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2"));
623     public static final Set<String> SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT =
624             new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2"));
625     public static final Set<String> SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT =
626             new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2"));
627     static {
628         if (IS_RI) {
629             /* Even though we use OpenSSL's SSLv23_method which
630              * supports sending SSLv2 client hello messages, the
631              * OpenSSL implementation in s23_client_hello disables
632              * this if SSL_OP_NO_SSLv2 is specified, which we always
633              * do to disable general use of SSLv2.
634              */
635             SSL_SOCKET_PROTOCOLS.add("SSLv2Hello");
636 
637             /* The RI still has SSLv3 as a default protocol. */
638             SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT.add("SSLv3");
639             SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT.add("SSLv3");
640         }
641     }
642 
643     private static enum TLSVersion {
644         SSLv3("SSLv3"),
645         TLSv1("TLSv1"),
646         TLSv11("TLSv1.1"),
647         TLSv12("TLSv1.2");
648 
649         private final String name;
650 
TLSVersion(String name)651         TLSVersion(String name) {
652             this.name = name;
653         }
654     }
655     ;
656 
657     /**
658      * Valid values for X509TrustManager.checkClientTrusted authType,
659      * either the algorithm of the public key or UNKNOWN.
660      */
661     public static final Set<String> CLIENT_AUTH_TYPES =
662             new HashSet<String>(Arrays.asList("RSA", "DSA", "EC", "UNKNOWN"));
663 
664     /**
665      * Valid values for X509TrustManager.checkServerTrusted authType,
666      * either key exchange algorithm part of the cipher suite
667      * or UNKNOWN.
668      */
669     public static final Set<String> SERVER_AUTH_TYPES = new HashSet<String>(Arrays.asList("DHE_DSS",
670             "DHE_DSS_EXPORT", "DHE_RSA", "DHE_RSA_EXPORT", "DH_DSS_EXPORT", "DH_RSA_EXPORT",
671             "DH_anon", "DH_anon_EXPORT", "KRB5", "KRB5_EXPORT", "RSA", "RSA_EXPORT",
672             "RSA_EXPORT1024", "ECDH_ECDSA", "ECDH_RSA", "ECDHE_ECDSA", "ECDHE_RSA", "UNKNOWN"));
673 
674     public static final String CIPHER_SUITE_INVALID = "SSL_NULL_WITH_NULL_NULL";
675 
676     public static final Set<String> CIPHER_SUITES_NEITHER = new HashSet<String>();
677 
678     public static final Set<String> CIPHER_SUITES_RI = new LinkedHashSet<String>();
679     public static final Set<String> CIPHER_SUITES_OPENSSL = new LinkedHashSet<String>();
680 
681     public static final Set<String> CIPHER_SUITES;
682 
addRi(String cipherSuite)683     private static final void addRi(String cipherSuite) {
684         CIPHER_SUITES_RI.add(cipherSuite);
685     }
686 
addOpenSsl(String cipherSuite)687     private static final void addOpenSsl(String cipherSuite) {
688         CIPHER_SUITES_OPENSSL.add(cipherSuite);
689     }
690 
addBoth(String cipherSuite)691     private static final void addBoth(String cipherSuite) {
692         addRi(cipherSuite);
693         addOpenSsl(cipherSuite);
694     }
695 
addNeither(String cipherSuite)696     private static final void addNeither(String cipherSuite) {
697         CIPHER_SUITES_NEITHER.add(cipherSuite);
698     }
699 
700     static {
701         // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
702         // javax.net.ssl.SSLEngine.
703         addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
704         addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
705         addBoth("TLS_RSA_WITH_AES_256_CBC_SHA");
706         addBoth("TLS_DHE_RSA_WITH_AES_256_CBC_SHA");
707         addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
708         addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
709         addBoth("TLS_RSA_WITH_AES_128_CBC_SHA");
710         addBoth("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
711         addBoth("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
712 
713         // TLSv1.2 cipher suites
714         addBoth("TLS_RSA_WITH_AES_128_CBC_SHA256");
715         addBoth("TLS_RSA_WITH_AES_256_CBC_SHA256");
716         addOpenSsl("TLS_RSA_WITH_AES_128_GCM_SHA256");
717         addOpenSsl("TLS_RSA_WITH_AES_256_GCM_SHA384");
718         addBoth("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
719         addBoth("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256");
720         addOpenSsl("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256");
721         addOpenSsl("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
722         addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
723         addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
724         addOpenSsl("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
725         addOpenSsl("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
726         addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
727         addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
728         addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
729         addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
730         addOpenSsl("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256");
731         addOpenSsl("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
732 
733         // Pre-Shared Key (PSK) cipher suites
734         addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA");
735         addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA");
736         addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA");
737         addOpenSsl("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA");
738         addOpenSsl("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256");
739 
740         // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation
741         addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION);
742 
743         // From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 to indicate
744         // TLS fallback request
745         addOpenSsl(CIPHER_SUITE_FALLBACK);
746 
747         // non-defaultCipherSuites
748 
749         // Android does not have Kerberos support
750         addRi("TLS_KRB5_WITH_RC4_128_SHA");
751         addRi("TLS_KRB5_WITH_RC4_128_MD5");
752         addRi("TLS_KRB5_WITH_3DES_EDE_CBC_SHA");
753         addRi("TLS_KRB5_WITH_3DES_EDE_CBC_MD5");
754         addRi("TLS_KRB5_WITH_DES_CBC_SHA");
755         addRi("TLS_KRB5_WITH_DES_CBC_MD5");
756         addRi("TLS_KRB5_EXPORT_WITH_RC4_40_SHA");
757         addRi("TLS_KRB5_EXPORT_WITH_RC4_40_MD5");
758         addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA");
759         addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5");
760 
761         // Android does not have DSS support
762         addRi("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
763         addRi("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA");
764         addRi("SSL_DHE_DSS_WITH_DES_CBC_SHA");
765         addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
766         addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256");
767         addNeither("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256");
768         addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA");
769         addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256");
770         addNeither("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384");
771 
772         // Android does not have RC4 support
773         addRi("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
774         addRi("TLS_ECDHE_RSA_WITH_RC4_128_SHA");
775         addRi("SSL_RSA_WITH_RC4_128_SHA");
776         addRi("SSL_RSA_WITH_RC4_128_MD5");
777 
778         // Dropped
779         addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA");
780         addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA");
781         addRi("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA");
782         addRi("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA");
783         addRi("SSL_DHE_RSA_WITH_DES_CBC_SHA");
784         addRi("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA");
785         addRi("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5");
786         addRi("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
787         addRi("SSL_DH_anon_WITH_DES_CBC_SHA");
788         addRi("SSL_DH_anon_WITH_RC4_128_MD5");
789         addRi("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA");
790         addRi("SSL_RSA_EXPORT_WITH_RC4_40_MD5");
791         addRi("SSL_RSA_WITH_DES_CBC_SHA");
792         addRi("SSL_RSA_WITH_NULL_MD5");
793         addRi("SSL_RSA_WITH_NULL_SHA");
794         addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA");
795         addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA256");
796         addNeither("TLS_DH_anon_WITH_AES_128_GCM_SHA256");
797         addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA");
798         addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA256");
799         addNeither("TLS_DH_anon_WITH_AES_256_GCM_SHA384");
800         addRi("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
801         addRi("TLS_ECDHE_ECDSA_WITH_NULL_SHA");
802         addRi("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
803         addRi("TLS_ECDHE_RSA_WITH_NULL_SHA");
804         addRi("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
805         addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
806         addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256");
807         addNeither("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
808         addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
809         addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384");
810         addNeither("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384");
811         addRi("TLS_ECDH_ECDSA_WITH_NULL_SHA");
812         addRi("TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
813         addRi("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
814         addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
815         addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256");
816         addNeither("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256");
817         addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
818         addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384");
819         addNeither("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384");
820         addRi("TLS_ECDH_RSA_WITH_NULL_SHA");
821         addRi("TLS_ECDH_RSA_WITH_RC4_128_SHA");
822         addRi("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA");
823         addRi("TLS_ECDH_anon_WITH_AES_128_CBC_SHA");
824         addRi("TLS_ECDH_anon_WITH_AES_256_CBC_SHA");
825         addRi("TLS_ECDH_anon_WITH_NULL_SHA");
826         addRi("TLS_ECDH_anon_WITH_RC4_128_SHA");
827         addNeither("TLS_PSK_WITH_3DES_EDE_CBC_SHA");
828         addRi("TLS_RSA_WITH_NULL_SHA256");
829 
830         // Old non standard exportable encryption
831         addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA");
832         addNeither("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA");
833 
834         // No RC2
835         addNeither("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5");
836         addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA");
837         addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5");
838 
839         CIPHER_SUITES = (IS_RI) ? CIPHER_SUITES_RI : CIPHER_SUITES_OPENSSL;
840     }
841 
842     /**
843      * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI.
844      */
845     public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 = Arrays.asList(
846             "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA",
847             "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA",
848             "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
849             "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
850             "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA");
851 
852     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
853     // javax.net.ssl.SSLEngine.
854     private static final List<String> CIPHER_SUITES_ANDROID_AES_HARDWARE = Arrays.asList(
855             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
856             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
857             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
858             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
859             "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
860             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
861             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
862             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256",
863             "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA",
864             "TLS_RSA_WITH_AES_256_CBC_SHA", CIPHER_SUITE_SECURE_RENEGOTIATION);
865 
866     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
867     // javax.net.ssl.SSLEngine.
868     private static final List<String> CIPHER_SUITES_ANDROID_SOFTWARE = Arrays.asList(
869             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
870             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
871             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
872             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
873             "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
874             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
875             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
876             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256",
877             "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA",
878             "TLS_RSA_WITH_AES_256_CBC_SHA", CIPHER_SUITE_SECURE_RENEGOTIATION);
879 
880     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
881     // javax.net.ssl.SSLEngine.
882     public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI)
883             ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
884                       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256",
885                       "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
886                       "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
887                       "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
888                       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
889                       "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
890                       "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
891                       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
892                       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256",
893                       "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
894                       "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
895                       "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
896                       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA",
897                       "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
898                       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
899                       "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
900                       "SSL_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
901                       "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
902                       "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
903                       "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
904                       "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
905                       "SSL_RSA_WITH_RC4_128_MD5", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV")
906             : CpuFeatures.isAESHardwareAccelerated() ? CIPHER_SUITES_ANDROID_AES_HARDWARE
907                                                      : CIPHER_SUITES_ANDROID_SOFTWARE;
908 
909     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
910     // javax.net.ssl.SSLEngine.
911     public static final List<String> CIPHER_SUITES_DEFAULT_PSK =
912             Arrays.asList("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
913                     "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
914                     "TLS_PSK_WITH_AES_128_CBC_SHA", "TLS_PSK_WITH_AES_256_CBC_SHA");
915 
916     // Should be updated to match BoringSSL's defaults when they change.
917     // https://android.googlesource.com/platform/external/boringssl/+/master/src/ssl/t1_lib.c#305
918     public static final List<String> ELLIPTIC_CURVES_DEFAULT =
919             Arrays.asList("x25519 (29)", "secp256r1 (23)", "secp384r1 (24)", "secp521r1 (25)");
920 
921     private static final Set<String> PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = new HashSet<String>(
922             Arrays.asList("RSA", "DHE_RSA", "DHE_DSS", "ECDHE_RSA", "ECDHE_ECDSA"));
923 
924     private static final Set<String> PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS =
925             new HashSet<String>(Arrays.asList("AES_128_CBC", "AES_256_CBC", "AES_128_GCM",
926                     "AES_256_GCM", "CHACHA20_POLY1305"));
927 
928     private static final Set<String> PERMITTED_DEFAULT_MACS =
929             new HashSet<String>(Arrays.asList("SHA", "SHA256", "SHA384"));
930 
931     public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES;
932     public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES;
933     public static final Map<String, Integer> MINIMUM_KEY_SIZE;
934     static {
935         PRIVATE_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>();
936         PUBLIC_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>();
937         MINIMUM_KEY_SIZE = new HashMap<String, Integer>();
938         PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class);
939         PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class);
940         MINIMUM_KEY_SIZE.put("RSA", 512);
941         PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class);
942         PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class);
943         MINIMUM_KEY_SIZE.put("DSA", 512);
944         PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class);
945         PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class);
946         MINIMUM_KEY_SIZE.put("DH", 256);
947         PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class);
948         PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class);
949         MINIMUM_KEY_SIZE.put("EC", 256);
950     }
951 
getPrivateKeySpecClass(String algName)952     public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) {
953         return PRIVATE_KEY_SPEC_CLASSES.get(algName);
954     }
955 
getPublicKeySpecClass(String algName)956     public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) {
957         return PUBLIC_KEY_SPEC_CLASSES.get(algName);
958     }
959 
getMinimumKeySize(String algName)960     public static int getMinimumKeySize(String algName) {
961         return MINIMUM_KEY_SIZE.get(algName);
962     }
963 
964     /**
965      * Asserts that the cipher suites array is non-null and that it
966      * all of its contents are cipher suites known to this
967      * implementation. As a convenience, returns any unenabled cipher
968      * suites in a test for those that want to verify separately that
969      * all cipher suites were included.
970      */
assertValidCipherSuites( Set<String> expected, String[] cipherSuites)971     private static Set<String> assertValidCipherSuites(
972             Set<String> expected, String[] cipherSuites) {
973         assertNotNull(cipherSuites);
974         assertTrue(cipherSuites.length != 0);
975 
976         // Make sure all cipherSuites names are expected
977         HashSet<String> remainingCipherSuites = new HashSet<String>(expected);
978         HashSet<String> unknownCipherSuites = new HashSet<String>();
979         for (String cipherSuite : cipherSuites) {
980             boolean removed = remainingCipherSuites.remove(cipherSuite);
981             if (!removed) {
982                 unknownCipherSuites.add(cipherSuite);
983             }
984         }
985         assertEquals("Unknown cipher suites", Collections.EMPTY_SET, unknownCipherSuites);
986         return remainingCipherSuites;
987     }
988 
989     /**
990      * After using assertValidCipherSuites on cipherSuites,
991      * assertSupportedCipherSuites additionally verifies that all
992      * supported cipher suites where in the input array.
993      */
assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites)994     private static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) {
995         Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites);
996         assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites);
997         assertEquals(expected.size(), cipherSuites.length);
998     }
999 
1000     /**
1001      * Asserts that the protocols array is non-null and that it all of
1002      * its contents are protocols known to this implementation. As a
1003      * convenience, returns any unenabled protocols in a test for
1004      * those that want to verify separately that all protocols were
1005      * included.
1006      */
assertValidProtocols(Set<String> expected, String[] protocols)1007     private static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) {
1008         assertNotNull(protocols);
1009         assertTrue(protocols.length != 0);
1010 
1011         // Make sure all protocols names are expected
1012         HashSet<String> remainingProtocols = new HashSet<String>(expected);
1013         HashSet<String> unknownProtocols = new HashSet<String>();
1014         for (String protocol : protocols) {
1015             if (!remainingProtocols.remove(protocol)) {
1016                 unknownProtocols.add(protocol);
1017             }
1018         }
1019         assertEquals("Unknown protocols", Collections.EMPTY_SET, unknownProtocols);
1020         return remainingProtocols;
1021     }
1022 
1023     /**
1024      * After using assertValidProtocols on protocols,
1025      * assertSupportedProtocols additionally verifies that all
1026      * supported protocols where in the input array.
1027      */
assertSupportedProtocols(Set<String> expected, String[] protocols)1028     private static void assertSupportedProtocols(Set<String> expected, String[] protocols) {
1029         Set<String> remainingProtocols = assertValidProtocols(expected, protocols);
1030         assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols);
1031         assertEquals(expected.size(), protocols.length);
1032     }
1033 
1034     /**
1035      * Asserts that the provided list of protocols matches the supported list of protocols.
1036      */
assertSupportedProtocols(String[] protocols)1037     public static void assertSupportedProtocols(String[] protocols) {
1038         assertSupportedProtocols(SSL_SOCKET_PROTOCOLS, protocols);
1039     }
1040 
1041     /**
1042      * Assert that the provided list of cipher suites contains only the supported cipher suites.
1043      */
assertValidCipherSuites(String[] cipherSuites)1044     public static void assertValidCipherSuites(String[] cipherSuites) {
1045         assertValidCipherSuites(CIPHER_SUITES, cipherSuites);
1046     }
1047 
1048     /**
1049      * Assert that the provided list of cipher suites matches the supported list.
1050      */
assertSupportedCipherSuites(String[] cipherSuites)1051     public static void assertSupportedCipherSuites(String[] cipherSuites) {
1052         assertSupportedCipherSuites(CIPHER_SUITES, cipherSuites);
1053     }
1054 
1055     /**
1056      * Assert cipher suites match the default list in content and priority order and contain
1057      * only cipher suites permitted by default.
1058      */
assertDefaultCipherSuites(String[] cipherSuites)1059     public static void assertDefaultCipherSuites(String[] cipherSuites) {
1060         assertValidCipherSuites(cipherSuites);
1061         assertEquals(CIPHER_SUITES_DEFAULT, Arrays.asList(cipherSuites));
1062 
1063         // Assert that all the cipher suites are permitted to be in the default list.
1064         // This assertion is a backup for the stricter assertion above.
1065         //
1066         // There is no point in asserting this for the RI as it's outside of our control.
1067         if (!IS_RI) {
1068             List<String> disallowedDefaultCipherSuites = new ArrayList<String>();
1069             for (String cipherSuite : cipherSuites) {
1070                 if (!isPermittedDefaultCipherSuite(cipherSuite)) {
1071                     disallowedDefaultCipherSuites.add(cipherSuite);
1072                 }
1073             }
1074             assertEquals(Collections.EMPTY_LIST, disallowedDefaultCipherSuites);
1075         }
1076     }
1077 
assertDefaultEllipticCurves(String[] curves)1078     public static void assertDefaultEllipticCurves(String[] curves) {
1079         assertEquals(ELLIPTIC_CURVES_DEFAULT, Arrays.asList(curves));
1080     }
1081 
assertSSLContextEnabledProtocols(String version, String[] protocols)1082     public static void assertSSLContextEnabledProtocols(String version, String[] protocols) {
1083         assertEquals("For protocol \"" + version + "\"",
1084                 Arrays.toString(SSL_CONTEXT_PROTOCOLS_ENABLED.get(version)),
1085                 Arrays.toString(protocols));
1086     }
1087 
isPermittedDefaultCipherSuite(String cipherSuite)1088     private static boolean isPermittedDefaultCipherSuite(String cipherSuite) {
1089         assertNotNull(cipherSuite);
1090         if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) {
1091             return true;
1092         }
1093         assertTrue(cipherSuite, cipherSuite.startsWith("TLS_") || cipherSuite.startsWith("SSL_"));
1094 
1095         // Example: RSA_WITH_AES_128_CBC_SHA
1096         String remainder = cipherSuite.substring("TLS_".length());
1097         int macDelimiterIndex = remainder.lastIndexOf('_');
1098         assertTrue(cipherSuite, macDelimiterIndex != -1);
1099         // Example: SHA
1100         String mac = remainder.substring(macDelimiterIndex + 1);
1101 
1102         // Example: RSA_WITH_AES_128_CBC
1103         remainder = remainder.substring(0, macDelimiterIndex);
1104         int withDelimiterIndex = remainder.indexOf("_WITH_");
1105         assertTrue(cipherSuite, withDelimiterIndex != -1);
1106 
1107         // Example: RSA
1108         String keyExchange = remainder.substring(0, withDelimiterIndex);
1109         // Example: AES_128_CBC
1110         String bulkEncryptionCipher = remainder.substring(withDelimiterIndex + "_WITH_".length());
1111 
1112         if (!PERMITTED_DEFAULT_MACS.contains(mac)) {
1113             return false;
1114         }
1115         if (!PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS.contains(keyExchange)) {
1116             return false;
1117         }
1118         if (!PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS.contains(bulkEncryptionCipher)) {
1119             return false;
1120         }
1121 
1122         return true;
1123     }
1124 
1125     /**
1126      * Get all supported mode names for the given cipher.
1127      */
getModesForCipher(String cipher)1128     public static Set<String> getModesForCipher(String cipher) {
1129         return CIPHER_MODES.get(cipher);
1130     }
1131 
1132     /**
1133      * Get all supported padding names for the given cipher.
1134      */
getPaddingsForCipher(String cipher)1135     public static Set<String> getPaddingsForCipher(String cipher) {
1136         return CIPHER_PADDINGS.get(cipher);
1137     }
1138 }
1139