1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package libcore.java.security; 18 19 import static org.junit.Assert.assertEquals; 20 import static org.junit.Assert.assertNotNull; 21 import static org.junit.Assert.assertTrue; 22 23 import java.security.Security; 24 import java.security.spec.DSAPrivateKeySpec; 25 import java.security.spec.DSAPublicKeySpec; 26 import java.security.spec.ECPrivateKeySpec; 27 import java.security.spec.ECPublicKeySpec; 28 import java.security.spec.KeySpec; 29 import java.security.spec.RSAPrivateCrtKeySpec; 30 import java.security.spec.RSAPublicKeySpec; 31 import java.util.Arrays; 32 import java.util.Collections; 33 import java.util.HashMap; 34 import java.util.HashSet; 35 import java.util.LinkedHashSet; 36 import java.util.List; 37 import java.util.Locale; 38 import java.util.Map; 39 import java.util.Set; 40 import java.util.TreeSet; 41 import javax.crypto.spec.DHPrivateKeySpec; 42 import javax.crypto.spec.DHPublicKeySpec; 43 44 /** 45 * This class defines expected string names for protocols, key types, 46 * client and server auth types, cipher suites. 47 * 48 * Initially based on "Appendix A: Standard Names" of 49 * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA"> 50 * Java ™ Secure Socket Extension (JSSE) Reference Guide 51 * for the Java ™ 2 Platform Standard Edition 5 52 * </a>. 53 * 54 * Updated based on the 55 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html"> 56 * Java ™ Cryptography Architecture Oracle Providers Documentation 57 * for Java ™ Platform Standard Edition 7 58 * </a>. 59 * See also the 60 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html"> 61 * Java ™ Cryptography Architecture Standard Algorithm Name Documentation 62 * </a>. 63 * 64 * Further updates based on the 65 * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html"> 66 * Java ™ PKCS#11 Reference Guide 67 * </a>. 68 */ 69 public final class StandardNames { 70 public static final boolean IS_RI = 71 !"Dalvik Core Library".equals(System.getProperty("java.specification.name")); 72 public static final String JSSE_PROVIDER_NAME = "AndroidOpenSSL"; 73 public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC"; 74 75 public static final String KEY_MANAGER_FACTORY_DEFAULT = (IS_RI) ? "SunX509" : "PKIX"; 76 public static final String TRUST_MANAGER_FACTORY_DEFAULT = "PKIX"; 77 78 public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS"; 79 80 /** 81 * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 82 */ 83 public static final String CIPHER_SUITE_SECURE_RENEGOTIATION = 84 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 85 86 /** 87 * From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it is a 88 * signaling cipher suite value (SCSV) to indicate that this request is a 89 * protocol fallback (e.g., TLS 1.0 -> SSL 3.0) because the server didn't respond 90 * to the first request. 91 */ 92 public static final String CIPHER_SUITE_FALLBACK = "TLS_FALLBACK_SCSV"; 93 94 /** 95 * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...) 96 */ 97 public static final HashMap<String, HashSet<String>> PROVIDER_ALGORITHMS = 98 new HashMap<String, HashSet<String>>(); 99 100 public static final HashMap<String, HashSet<String>> CIPHER_MODES = 101 new HashMap<String, HashSet<String>>(); 102 103 public static final HashMap<String, HashSet<String>> CIPHER_PADDINGS = 104 new HashMap<String, HashSet<String>>(); 105 106 private static final HashMap<String, String[]> SSL_CONTEXT_PROTOCOLS_ENABLED = 107 new HashMap<String, String[]>(); 108 provide(String type, String algorithm)109 private static void provide(String type, String algorithm) { 110 HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type); 111 if (algorithms == null) { 112 algorithms = new HashSet<String>(); 113 PROVIDER_ALGORITHMS.put(type, algorithms); 114 } 115 assertTrue("Duplicate " + type + " " + algorithm, 116 algorithms.add(algorithm.toUpperCase(Locale.ROOT))); 117 } unprovide(String type, String algorithm)118 private static void unprovide(String type, String algorithm) { 119 HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type); 120 assertNotNull(algorithms); 121 assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT))); 122 if (algorithms.isEmpty()) { 123 assertNotNull(PROVIDER_ALGORITHMS.remove(type)); 124 } 125 } provideCipherModes(String algorithm, String newModes[])126 private static void provideCipherModes(String algorithm, String newModes[]) { 127 HashSet<String> modes = CIPHER_MODES.get(algorithm); 128 if (modes == null) { 129 modes = new HashSet<String>(); 130 CIPHER_MODES.put(algorithm, modes); 131 } 132 modes.addAll(Arrays.asList(newModes)); 133 } provideCipherPaddings(String algorithm, String newPaddings[])134 private static void provideCipherPaddings(String algorithm, String newPaddings[]) { 135 HashSet<String> paddings = CIPHER_PADDINGS.get(algorithm); 136 if (paddings == null) { 137 paddings = new HashSet<String>(); 138 CIPHER_PADDINGS.put(algorithm, paddings); 139 } 140 paddings.addAll(Arrays.asList(newPaddings)); 141 } provideSslContextEnabledProtocols( String algorithm, TLSVersion minimum, TLSVersion maximum)142 private static void provideSslContextEnabledProtocols( 143 String algorithm, TLSVersion minimum, TLSVersion maximum) { 144 if (minimum.ordinal() > maximum.ordinal()) { 145 throw new RuntimeException("TLS version: minimum > maximum"); 146 } 147 int versionsLength = maximum.ordinal() - minimum.ordinal() + 1; 148 String[] versionNames = new String[versionsLength]; 149 for (int i = 0; i < versionsLength; i++) { 150 versionNames[i] = TLSVersion.values()[i + minimum.ordinal()].name; 151 } 152 SSL_CONTEXT_PROTOCOLS_ENABLED.put(algorithm, versionNames); 153 } 154 static { 155 provide("AlgorithmParameterGenerator", "DSA"); 156 provide("AlgorithmParameterGenerator", "DiffieHellman"); 157 provide("AlgorithmParameters", "AES"); 158 provide("AlgorithmParameters", "Blowfish"); 159 provide("AlgorithmParameters", "DES"); 160 provide("AlgorithmParameters", "DESede"); 161 provide("AlgorithmParameters", "DSA"); 162 provide("AlgorithmParameters", "DiffieHellman"); 163 provide("AlgorithmParameters", "GCM"); 164 provide("AlgorithmParameters", "OAEP"); 165 provide("AlgorithmParameters", "PBEWithMD5AndDES"); 166 provide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 167 provide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 168 provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 169 provide("AlgorithmParameters", "PSS"); 170 provide("AlgorithmParameters", "RC2"); 171 provide("CertPathBuilder", "PKIX"); 172 provide("CertPathValidator", "PKIX"); 173 provide("CertStore", "Collection"); 174 provide("CertStore", "LDAP"); 175 provide("CertificateFactory", "X.509"); 176 // TODO: provideCipherModes and provideCipherPaddings for other Ciphers 177 provide("Cipher", "AES"); 178 provideCipherModes("AES", new String[] {"CBC", "CFB", "CTR", "CTS", "ECB", "OFB"}); 179 provideCipherPaddings("AES", new String[] {"NoPadding", "PKCS5Padding"}); 180 provide("Cipher", "AESWrap"); 181 provide("Cipher", "ARCFOUR"); 182 provide("Cipher", "Blowfish"); 183 provide("Cipher", "DES"); 184 provide("Cipher", "DESede"); 185 provide("Cipher", "DESedeWrap"); 186 provide("Cipher", "PBEWithMD5AndDES"); 187 provide("Cipher", "PBEWithMD5AndTripleDES"); 188 provide("Cipher", "PBEWithSHA1AndDESede"); 189 provide("Cipher", "PBEWithSHA1AndRC2_40"); 190 provide("Cipher", "RC2"); 191 provide("Cipher", "RSA"); 192 // TODO: None? 193 provideCipherModes("RSA", new String[] {"ECB"}); 194 // TODO: OAEPPadding 195 provideCipherPaddings("RSA", new String[] {"NoPadding", "PKCS1Padding"}); 196 provide("Configuration", "JavaLoginConfig"); 197 provide("KeyAgreement", "DiffieHellman"); 198 provide("KeyFactory", "DSA"); 199 provide("KeyFactory", "DiffieHellman"); 200 provide("KeyFactory", "RSA"); 201 provide("KeyGenerator", "AES"); 202 provide("KeyGenerator", "ARCFOUR"); 203 provide("KeyGenerator", "Blowfish"); 204 provide("KeyGenerator", "DES"); 205 provide("KeyGenerator", "DESede"); 206 provide("KeyGenerator", "HmacMD5"); 207 provide("KeyGenerator", "HmacSHA1"); 208 provide("KeyGenerator", "HmacSHA224"); 209 provide("KeyGenerator", "HmacSHA256"); 210 provide("KeyGenerator", "HmacSHA384"); 211 provide("KeyGenerator", "HmacSHA512"); 212 provide("KeyGenerator", "RC2"); 213 provide("KeyInfoFactory", "DOM"); 214 provide("KeyManagerFactory", "PKIX"); 215 provide("KeyPairGenerator", "DSA"); 216 provide("KeyPairGenerator", "DiffieHellman"); 217 provide("KeyPairGenerator", "RSA"); 218 provide("KeyStore", "JCEKS"); 219 provide("KeyStore", "JKS"); 220 provide("KeyStore", "PKCS12"); 221 provide("Mac", "HmacMD5"); 222 provide("Mac", "HmacSHA1"); 223 provide("Mac", "HmacSHA224"); 224 provide("Mac", "HmacSHA256"); 225 provide("Mac", "HmacSHA384"); 226 provide("Mac", "HmacSHA512"); 227 provide("Mac", "PBEWITHHMACSHA224"); 228 provide("Mac", "PBEWITHHMACSHA256"); 229 provide("Mac", "PBEWITHHMACSHA384"); 230 provide("Mac", "PBEWITHHMACSHA512"); 231 // If adding a new MessageDigest, consider adding it to JarVerifier 232 provide("MessageDigest", "MD2"); 233 provide("MessageDigest", "MD5"); 234 provide("MessageDigest", "SHA-224"); 235 provide("MessageDigest", "SHA-256"); 236 provide("MessageDigest", "SHA-384"); 237 provide("MessageDigest", "SHA-512"); 238 provide("Policy", "JavaPolicy"); 239 provide("SSLContext", "TLSv1"); 240 provide("SSLContext", "TLSv1.1"); 241 provide("SSLContext", "TLSv1.2"); 242 provide("SecretKeyFactory", "DES"); 243 provide("SecretKeyFactory", "DESede"); 244 provide("SecretKeyFactory", "PBEWithMD5AndDES"); 245 provide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 246 provide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 247 provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 248 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1"); 249 provide("SecretKeyFactory", "PBKDF2WithHmacSHA224"); 250 provide("SecretKeyFactory", "PBKDF2WithHmacSHA256"); 251 provide("SecretKeyFactory", "PBKDF2WithHmacSHA384"); 252 provide("SecretKeyFactory", "PBKDF2WithHmacSHA512"); 253 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit"); 254 provide("SecureRandom", "SHA1PRNG"); 255 provide("Signature", "MD2withRSA"); 256 provide("Signature", "MD5withRSA"); 257 provide("Signature", "NONEwithDSA"); 258 provide("Signature", "SHA1withDSA"); 259 provide("Signature", "SHA224withDSA"); 260 provide("Signature", "SHA256withDSA"); 261 provide("Signature", "SHA1withRSA"); 262 provide("Signature", "SHA224withRSA"); 263 provide("Signature", "SHA256withRSA"); 264 provide("Signature", "SHA384withRSA"); 265 provide("Signature", "SHA512withRSA"); 266 provide("TerminalFactory", "PC/SC"); 267 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64"); 268 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); 269 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#"); 270 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"); 271 provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2"); 272 provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116"); 273 provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116"); 274 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); 275 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); 276 provide("TrustManagerFactory", "PKIX"); 277 provide("XMLSignatureFactory", "DOM"); 278 279 // Not clearly documented by RI 280 provide("GssApiMechanism", "1.2.840.113554.1.2.2"); 281 provide("GssApiMechanism", "1.3.6.1.5.5.2"); 282 283 // Not correctly documented by RI which left off the Factory suffix 284 provide("SaslClientFactory", "CRAM-MD5"); 285 provide("SaslClientFactory", "DIGEST-MD5"); 286 provide("SaslClientFactory", "EXTERNAL"); 287 provide("SaslClientFactory", "GSSAPI"); 288 provide("SaslClientFactory", "PLAIN"); 289 provide("SaslServerFactory", "CRAM-MD5"); 290 provide("SaslServerFactory", "DIGEST-MD5"); 291 provide("SaslServerFactory", "GSSAPI"); 292 293 // Documentation seems to list alias instead of actual name 294 // provide("MessageDigest", "SHA-1"); 295 provide("MessageDigest", "SHA"); 296 297 // Mentioned in javadoc, not documentation 298 provide("SSLContext", "Default"); 299 300 // Not documented as in RI 6 but mentioned in Standard Names 301 provide("AlgorithmParameters", "PBE"); 302 provide("SSLContext", "TLS"); 303 304 // Not documented as in RI 6 but that exist in RI 6 305 if (IS_RI) { 306 provide("CertStore", "com.sun.security.IndexedCollection"); 307 provide("KeyGenerator", "SunTlsKeyMaterial"); 308 provide("KeyGenerator", "SunTlsMasterSecret"); 309 provide("KeyGenerator", "SunTlsPrf"); 310 provide("KeyGenerator", "SunTlsRsaPremasterSecret"); 311 provide("KeyStore", "CaseExactJKS"); 312 provide("Mac", "HmacPBESHA1"); 313 provide("Mac", "SslMacMD5"); 314 provide("Mac", "SslMacSHA1"); 315 provide("SecureRandom", "NativePRNG"); 316 provide("Signature", "MD5andSHA1withRSA"); 317 provide("TrustManagerFactory", "SunX509"); 318 } 319 320 // Only available with the SunPKCS11-NSS provider, 321 // which seems to be enabled in OpenJDK 6 but not Oracle Java 6 322 if (Security.getProvider("SunPKCS11-NSS") != null) { 323 provide("Cipher", "AES/CBC/NOPADDING"); 324 provide("Cipher", "DES/CBC/NOPADDING"); 325 provide("Cipher", "DESEDE/CBC/NOPADDING"); 326 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 327 provide("KeyAgreement", "DH"); 328 provide("KeyFactory", "DH"); 329 provide("KeyPairGenerator", "DH"); 330 provide("KeyStore", "PKCS11"); 331 provide("MessageDigest", "SHA1"); 332 provide("SecretKeyFactory", "AES"); 333 provide("SecretKeyFactory", "ARCFOUR"); 334 provide("SecureRandom", "PKCS11"); 335 provide("Signature", "DSA"); 336 provide("Signature", "RAWDSA"); 337 } 338 339 if (Security.getProvider("SunPKCS11-NSS") != null 340 || Security.getProvider("SunEC") != null) { 341 provide("AlgorithmParameters", "EC"); 342 provide("KeyAgreement", "ECDH"); 343 provide("KeyFactory", "EC"); 344 provide("KeyPairGenerator", "EC"); 345 provide("Signature", "NONEWITHECDSA"); 346 provide("Signature", "SHA1WITHECDSA"); 347 provide("Signature", "SHA224WITHECDSA"); 348 provide("Signature", "SHA256WITHECDSA"); 349 provide("Signature", "SHA384WITHECDSA"); 350 provide("Signature", "SHA512WITHECDSA"); 351 } 352 353 // Documented as Standard Names, but do not exit in RI 6 354 if (IS_RI) { 355 unprovide("SSLContext", "TLSv1.1"); 356 unprovide("SSLContext", "TLSv1.2"); 357 } 358 359 // Fixups for the RI 360 if (IS_RI) { 361 // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or 362 // NewSunX509 363 unprovide("KeyManagerFactory", "PKIX"); 364 provide("KeyManagerFactory", "SunX509"); 365 provide("KeyManagerFactory", "NewSunX509"); 366 } 367 368 // Fixups for dalvik 369 if (!IS_RI) { 370 // whole types that we do not provide 371 PROVIDER_ALGORITHMS.remove("Configuration"); 372 PROVIDER_ALGORITHMS.remove("GssApiMechanism"); 373 PROVIDER_ALGORITHMS.remove("KeyInfoFactory"); 374 PROVIDER_ALGORITHMS.remove("Policy"); 375 PROVIDER_ALGORITHMS.remove("SaslClientFactory"); 376 PROVIDER_ALGORITHMS.remove("SaslServerFactory"); 377 PROVIDER_ALGORITHMS.remove("TerminalFactory"); 378 PROVIDER_ALGORITHMS.remove("TransformService"); 379 PROVIDER_ALGORITHMS.remove("XMLSignatureFactory"); 380 381 // different names Diffie-Hellman vs DH 382 unprovide("AlgorithmParameterGenerator", "DiffieHellman"); 383 provide("AlgorithmParameterGenerator", "DH"); 384 unprovide("AlgorithmParameters", "DiffieHellman"); 385 provide("AlgorithmParameters", "DH"); 386 unprovide("KeyAgreement", "DiffieHellman"); 387 provide("KeyAgreement", "DH"); 388 unprovide("KeyFactory", "DiffieHellman"); 389 provide("KeyFactory", "DH"); 390 unprovide("KeyPairGenerator", "DiffieHellman"); 391 provide("KeyPairGenerator", "DH"); 392 393 // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC 394 unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 395 unprovide("Cipher", "PBEWithSHA1AndDESede"); 396 unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 397 provide("AlgorithmParameters", "PKCS12PBE"); 398 provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 399 provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 400 401 // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA 402 unprovide("MessageDigest", "SHA"); 403 provide("MessageDigest", "SHA-1"); 404 405 // Added to support Android KeyStore operations 406 provide("Signature", "NONEwithRSA"); 407 provide("Cipher", "RSA/ECB/NOPADDING"); 408 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 409 provide("Cipher", "RSA/ECB/OAEPPadding"); 410 provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 411 provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding"); 412 provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 413 provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding"); 414 provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 415 provide("SecretKeyFactory", "AES"); 416 provide("SecretKeyFactory", "HmacSHA1"); 417 provide("SecretKeyFactory", "HmacSHA224"); 418 provide("SecretKeyFactory", "HmacSHA256"); 419 provide("SecretKeyFactory", "HmacSHA384"); 420 provide("SecretKeyFactory", "HmacSHA512"); 421 provide("Signature", "SHA1withRSA/PSS"); 422 provide("Signature", "SHA224withRSA/PSS"); 423 provide("Signature", "SHA256withRSA/PSS"); 424 provide("Signature", "SHA384withRSA/PSS"); 425 provide("Signature", "SHA512withRSA/PSS"); 426 427 // different names: ARCFOUR vs ARC4 428 unprovide("Cipher", "ARCFOUR"); 429 provide("Cipher", "ARC4"); 430 unprovide("KeyGenerator", "ARCFOUR"); 431 provide("KeyGenerator", "ARC4"); 432 433 // different case names: Blowfish vs BLOWFISH 434 unprovide("AlgorithmParameters", "Blowfish"); 435 provide("AlgorithmParameters", "BLOWFISH"); 436 unprovide("Cipher", "Blowfish"); 437 provide("Cipher", "BLOWFISH"); 438 unprovide("KeyGenerator", "Blowfish"); 439 provide("KeyGenerator", "BLOWFISH"); 440 441 // Harmony has X.509, BouncyCastle X509 442 // TODO remove one, probably Harmony's 443 provide("CertificateFactory", "X509"); 444 445 // not just different names, but different binary formats 446 unprovide("KeyStore", "JKS"); 447 provide("KeyStore", "BKS"); 448 unprovide("KeyStore", "JCEKS"); 449 provide("KeyStore", "BouncyCastle"); 450 451 // Noise to support KeyStore.PKCS12 452 provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 453 provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 454 provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 455 provide("Cipher", "PBEWITHMD5ANDRC2"); 456 provide("Cipher", "PBEWITHSHA1ANDDES"); 457 provide("Cipher", "PBEWITHSHA1ANDRC2"); 458 provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC"); 459 provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC"); 460 provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC"); 461 provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC"); 462 provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC"); 463 provide("Cipher", "PBEWITHSHAAND128BITRC4"); 464 provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC"); 465 provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 466 provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC"); 467 provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC"); 468 provide("Cipher", "PBEWITHSHAAND40BITRC4"); 469 provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC"); 470 provide("Mac", "PBEWITHHMACSHA"); 471 provide("Mac", "PBEWITHHMACSHA1"); 472 provide("SecretKeyFactory", "PBEWITHHMACSHA1"); 473 provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 474 provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 475 provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 476 provide("SecretKeyFactory", "PBEWITHMD5ANDRC2"); 477 provide("SecretKeyFactory", "PBEWITHSHA1ANDDES"); 478 provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2"); 479 provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC"); 480 provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC"); 481 provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC"); 482 provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC"); 483 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC"); 484 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4"); 485 provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC"); 486 provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 487 provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC"); 488 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC"); 489 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4"); 490 provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC"); 491 492 // Needed by our OpenSSL provider 493 provide("Cipher", "AES/CBC/NOPADDING"); 494 provide("Cipher", "AES/CBC/PKCS5PADDING"); 495 provide("Cipher", "AES/CBC/PKCS7PADDING"); 496 provide("Cipher", "AES/CFB/NOPADDING"); 497 provide("Cipher", "AES/CFB/PKCS5PADDING"); 498 provide("Cipher", "AES/CFB/PKCS7PADDING"); 499 provide("Cipher", "AES/CTR/NOPADDING"); 500 provide("Cipher", "AES/CTR/PKCS5PADDING"); 501 provide("Cipher", "AES/CTR/PKCS7PADDING"); 502 provide("Cipher", "AES/ECB/NOPADDING"); 503 provide("Cipher", "AES/ECB/PKCS5PADDING"); 504 provide("Cipher", "AES/ECB/PKCS7PADDING"); 505 provide("Cipher", "AES/GCM/NOPADDING"); 506 provide("Cipher", "AES/OFB/NOPADDING"); 507 provide("Cipher", "AES/OFB/PKCS5PADDING"); 508 provide("Cipher", "AES/OFB/PKCS7PADDING"); 509 provide("Cipher", "DESEDE/CBC/NOPADDING"); 510 provide("Cipher", "DESEDE/CBC/PKCS5PADDING"); 511 provide("Cipher", "DESEDE/CBC/PKCS7PADDING"); 512 provide("Cipher", "DESEDE/CFB/NOPADDING"); 513 provide("Cipher", "DESEDE/CFB/PKCS5PADDING"); 514 provide("Cipher", "DESEDE/CFB/PKCS7PADDING"); 515 provide("Cipher", "DESEDE/ECB/NOPADDING"); 516 provide("Cipher", "DESEDE/ECB/PKCS5PADDING"); 517 provide("Cipher", "DESEDE/ECB/PKCS7PADDING"); 518 provide("Cipher", "DESEDE/OFB/NOPADDING"); 519 provide("Cipher", "DESEDE/OFB/PKCS5PADDING"); 520 provide("Cipher", "DESEDE/OFB/PKCS7PADDING"); 521 522 // Provided by our OpenSSL provider 523 provideCipherPaddings("AES", new String[] {"PKCS7Padding"}); 524 525 // removed LDAP 526 unprovide("CertStore", "LDAP"); 527 528 // removed MD2 529 unprovide("MessageDigest", "MD2"); 530 unprovide("Signature", "MD2withRSA"); 531 532 // removed RC2 533 // NOTE the implementation remains to support PKCS12 keystores 534 unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 535 unprovide("AlgorithmParameters", "RC2"); 536 unprovide("Cipher", "PBEWithSHA1AndRC2_40"); 537 unprovide("Cipher", "RC2"); 538 unprovide("KeyGenerator", "RC2"); 539 unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 540 541 // PBEWithMD5AndTripleDES is Sun proprietary 542 unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 543 unprovide("Cipher", "PBEWithMD5AndTripleDES"); 544 unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 545 546 // missing from Bouncy Castle 547 // Standard Names document says to use specific PBEWith*And* 548 unprovide("AlgorithmParameters", "PBE"); 549 550 // missing from Bouncy Castle 551 // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters 552 // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead 553 unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3 554 555 // EC support 556 // provide("AlgorithmParameters", "EC"); 557 provide("KeyAgreement", "ECDH"); 558 provide("KeyFactory", "EC"); 559 provide("KeyPairGenerator", "EC"); 560 provide("Signature", "NONEWITHECDSA"); 561 provide("Signature", "SHA1WITHECDSA"); 562 provide("Signature", "SHA224WITHECDSA"); 563 provide("Signature", "SHA256WITHECDSA"); 564 provide("Signature", "SHA384WITHECDSA"); 565 provide("Signature", "SHA512WITHECDSA"); 566 567 // Android's CA store 568 provide("KeyStore", "AndroidCAStore"); 569 570 // Android's KeyStore provider 571 if (Security.getProvider("AndroidKeyStore") != null) { 572 provide("KeyStore", "AndroidKeyStore"); 573 } 574 575 // TimaKeyStore provider 576 if (Security.getProvider("TimaKeyStore") != null) { 577 provide("KeyStore", "TimaKeyStore"); 578 } 579 } 580 581 provideSslContextEnabledProtocols("TLS", TLSVersion.TLSv1, TLSVersion.TLSv12); 582 provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12); 583 provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12); 584 provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12); 585 provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12); 586 } 587 588 public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default"; 589 public static final Set<String> SSL_CONTEXT_PROTOCOLS = new HashSet<String>( 590 Arrays.asList(SSL_CONTEXT_PROTOCOLS_DEFAULT, "TLS", "TLSv1", "TLSv1.1", "TLSv1.2")); 591 public static final String SSL_CONTEXT_PROTOCOL_DEFAULT = "TLS"; 592 593 public static final Set<String> KEY_TYPES = new HashSet<String>( 594 Arrays.asList("RSA", "DSA", "DH_RSA", "DH_DSA", "EC", "EC_EC", "EC_RSA")); 595 static { 596 if (IS_RI) { 597 // DH_* are specified by standard names, but do not seem to be supported by RI 598 KEY_TYPES.remove("DH_RSA"); 599 KEY_TYPES.remove("DH_DSA"); 600 } 601 } 602 603 public static final Set<String> SSL_SOCKET_PROTOCOLS = 604 new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 605 public static final Set<String> SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT = 606 new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 607 public static final Set<String> SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT = 608 new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 609 610 private enum TLSVersion { 611 SSLv3("SSLv3"), 612 TLSv1("TLSv1"), 613 TLSv11("TLSv1.1"), 614 TLSv12("TLSv1.2"); 615 616 private final String name; 617 TLSVersion(String name)618 TLSVersion(String name) { 619 this.name = name; 620 } 621 } 622 623 /** 624 * Valid values for X509TrustManager.checkClientTrusted authType, 625 * either the algorithm of the public key or UNKNOWN. 626 */ 627 public static final Set<String> CLIENT_AUTH_TYPES = 628 new HashSet<String>(Arrays.asList("RSA", "DSA", "EC", "UNKNOWN")); 629 630 /** 631 * Valid values for X509TrustManager.checkServerTrusted authType, 632 * either key exchange algorithm part of the cipher suite 633 * or UNKNOWN. 634 */ 635 public static final Set<String> SERVER_AUTH_TYPES = new HashSet<String>(Arrays.asList("DHE_DSS", 636 "DHE_DSS_EXPORT", "DHE_RSA", "DHE_RSA_EXPORT", "DH_DSS_EXPORT", "DH_RSA_EXPORT", 637 "DH_anon", "DH_anon_EXPORT", "KRB5", "KRB5_EXPORT", "RSA", "RSA_EXPORT", 638 "RSA_EXPORT1024", "ECDH_ECDSA", "ECDH_RSA", "ECDHE_ECDSA", "ECDHE_RSA", "UNKNOWN")); 639 640 public static final String CIPHER_SUITE_INVALID = "SSL_NULL_WITH_NULL_NULL"; 641 642 public static final Set<String> CIPHER_SUITES_NEITHER = new HashSet<String>(); 643 644 public static final Set<String> CIPHER_SUITES_RI = new LinkedHashSet<String>(); 645 public static final Set<String> CIPHER_SUITES_OPENSSL = new LinkedHashSet<String>(); 646 647 public static final Set<String> CIPHER_SUITES; 648 addRi(String cipherSuite)649 private static final void addRi(String cipherSuite) { 650 CIPHER_SUITES_RI.add(cipherSuite); 651 } 652 addOpenSsl(String cipherSuite)653 private static final void addOpenSsl(String cipherSuite) { 654 CIPHER_SUITES_OPENSSL.add(cipherSuite); 655 } 656 addBoth(String cipherSuite)657 private static final void addBoth(String cipherSuite) { 658 addRi(cipherSuite); 659 addOpenSsl(cipherSuite); 660 } 661 addNeither(String cipherSuite)662 private static final void addNeither(String cipherSuite) { 663 CIPHER_SUITES_NEITHER.add(cipherSuite); 664 } 665 666 static { 667 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 668 // javax.net.ssl.SSLEngine. 669 addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 670 addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 671 addBoth("TLS_RSA_WITH_AES_256_CBC_SHA"); 672 addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 673 addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 674 addBoth("TLS_RSA_WITH_AES_128_CBC_SHA"); 675 addBoth("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 676 677 // TLSv1.2 cipher suites 678 addBoth("TLS_RSA_WITH_AES_128_CBC_SHA256"); 679 addBoth("TLS_RSA_WITH_AES_256_CBC_SHA256"); 680 addOpenSsl("TLS_RSA_WITH_AES_128_GCM_SHA256"); 681 addOpenSsl("TLS_RSA_WITH_AES_256_GCM_SHA384"); 682 addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 683 addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 684 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); 685 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); 686 addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 687 addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 688 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); 689 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); 690 addOpenSsl("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); 691 addOpenSsl("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); 692 693 // Pre-Shared Key (PSK) cipher suites 694 addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA"); 695 addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA"); 696 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); 697 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); 698 addOpenSsl("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"); 699 700 // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 701 addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION); 702 703 // From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 to indicate 704 // TLS fallback request 705 addOpenSsl(CIPHER_SUITE_FALLBACK); 706 707 // non-defaultCipherSuites 708 709 // Android does not have Kerberos support 710 addRi("TLS_KRB5_WITH_RC4_128_SHA"); 711 addRi("TLS_KRB5_WITH_RC4_128_MD5"); 712 addRi("TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); 713 addRi("TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); 714 addRi("TLS_KRB5_WITH_DES_CBC_SHA"); 715 addRi("TLS_KRB5_WITH_DES_CBC_MD5"); 716 addRi("TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); 717 addRi("TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); 718 addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); 719 addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); 720 721 // Android does not have DSS support 722 addRi("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); 723 addRi("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); 724 addRi("SSL_DHE_DSS_WITH_DES_CBC_SHA"); 725 addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); 726 addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); 727 addNeither("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"); 728 addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); 729 addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"); 730 addNeither("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"); 731 732 // Android does not have RC4 support 733 addRi("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); 734 addRi("TLS_ECDHE_RSA_WITH_RC4_128_SHA"); 735 addRi("SSL_RSA_WITH_RC4_128_SHA"); 736 addRi("SSL_RSA_WITH_RC4_128_MD5"); 737 738 // Dropped 739 addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"); 740 addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"); 741 addRi("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 742 addRi("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); 743 addRi("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 744 addRi("SSL_DH_anon_WITH_DES_CBC_SHA"); 745 addRi("SSL_DH_anon_WITH_RC4_128_MD5"); 746 addRi("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 747 addRi("SSL_RSA_EXPORT_WITH_RC4_40_MD5"); 748 addRi("SSL_RSA_WITH_DES_CBC_SHA"); 749 addRi("SSL_RSA_WITH_NULL_MD5"); 750 addRi("SSL_RSA_WITH_NULL_SHA"); 751 addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA"); 752 addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 753 addNeither("TLS_DH_anon_WITH_AES_128_GCM_SHA256"); 754 addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA"); 755 addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 756 addNeither("TLS_DH_anon_WITH_AES_256_GCM_SHA384"); 757 addRi("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 758 addRi("TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 759 addRi("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 760 addRi("TLS_ECDHE_RSA_WITH_NULL_SHA"); 761 addRi("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 762 addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 763 addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 764 addNeither("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); 765 addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 766 addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 767 addNeither("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); 768 addRi("TLS_ECDH_ECDSA_WITH_NULL_SHA"); 769 addRi("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); 770 addRi("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 771 addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 772 addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 773 addNeither("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); 774 addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 775 addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 776 addNeither("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); 777 addRi("TLS_ECDH_RSA_WITH_NULL_SHA"); 778 addRi("TLS_ECDH_RSA_WITH_RC4_128_SHA"); 779 addRi("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 780 addRi("TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 781 addRi("TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 782 addRi("TLS_ECDH_anon_WITH_NULL_SHA"); 783 addRi("TLS_ECDH_anon_WITH_RC4_128_SHA"); 784 addNeither("TLS_PSK_WITH_3DES_EDE_CBC_SHA"); 785 addRi("TLS_RSA_WITH_NULL_SHA256"); 786 787 // Old non standard exportable encryption 788 addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"); 789 addNeither("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"); 790 791 // No RC2 792 addNeither("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); 793 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); 794 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); 795 796 CIPHER_SUITES = CIPHER_SUITES_OPENSSL; 797 } 798 799 /** 800 * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI. 801 */ 802 public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 = Arrays.asList( 803 "SSL_RSA_WITH_DES_CBC_SHA", 804 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 805 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 806 "SSL_DH_anon_WITH_DES_CBC_SHA", 807 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 808 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 809 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 810 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 811 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 812 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 813 814 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 815 // javax.net.ssl.SSLEngine. 816 private static final List<String> CIPHER_SUITES_AES_HARDWARE = Arrays.asList( 817 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 818 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 819 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 820 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 821 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 822 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 823 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 824 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 825 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 826 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 827 "TLS_RSA_WITH_AES_128_GCM_SHA256", 828 "TLS_RSA_WITH_AES_256_GCM_SHA384", 829 "TLS_RSA_WITH_AES_128_CBC_SHA", 830 "TLS_RSA_WITH_AES_256_CBC_SHA", 831 CIPHER_SUITE_SECURE_RENEGOTIATION); 832 833 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 834 // javax.net.ssl.SSLEngine. 835 private static final List<String> CIPHER_SUITES_SOFTWARE = Arrays.asList( 836 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 837 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 838 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 839 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 840 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 841 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 842 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 843 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 844 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 845 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 846 "TLS_RSA_WITH_AES_128_GCM_SHA256", 847 "TLS_RSA_WITH_AES_256_GCM_SHA384", 848 "TLS_RSA_WITH_AES_128_CBC_SHA", 849 "TLS_RSA_WITH_AES_256_CBC_SHA", 850 CIPHER_SUITE_SECURE_RENEGOTIATION); 851 852 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 853 // javax.net.ssl.SSLEngine. 854 public static final List<String> CIPHER_SUITES_DEFAULT = CpuFeatures.isAESHardwareAccelerated() 855 ? CIPHER_SUITES_AES_HARDWARE 856 : CIPHER_SUITES_SOFTWARE; 857 858 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 859 // javax.net.ssl.SSLEngine. 860 public static final List<String> CIPHER_SUITES_DEFAULT_PSK = Arrays.asList( 861 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 862 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 863 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 864 "TLS_PSK_WITH_AES_128_CBC_SHA", 865 "TLS_PSK_WITH_AES_256_CBC_SHA"); 866 867 // Should be updated to match BoringSSL's defaults when they change. 868 // https://boringssl.googlesource.com/boringssl/+/master/ssl/t1_lib.c#306 869 public static final List<String> ELLIPTIC_CURVES_DEFAULT = 870 Arrays.asList("x25519 (29)", "secp256r1 (23)", "secp384r1 (24)"); 871 872 private static final Set<String> PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = new HashSet<String>( 873 Arrays.asList("RSA", "DHE_RSA", "DHE_DSS", "ECDHE_RSA", "ECDHE_ECDSA")); 874 875 private static final Set<String> PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS = 876 new HashSet<String>(Arrays.asList( 877 "AES_128_CBC", 878 "AES_256_CBC", 879 "AES_128_GCM", 880 "AES_256_GCM", 881 "CHACHA20_POLY1305")); 882 883 private static final Set<String> PERMITTED_DEFAULT_MACS = 884 new HashSet<String>(Arrays.asList("SHA", "SHA256", "SHA384")); 885 886 public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES; 887 public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES; 888 public static final Map<String, Integer> MINIMUM_KEY_SIZE; 889 static { 890 PRIVATE_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 891 PUBLIC_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 892 MINIMUM_KEY_SIZE = new HashMap<String, Integer>(); 893 PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class); 894 PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class); 895 MINIMUM_KEY_SIZE.put("RSA", 512); 896 PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class); 897 PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class); 898 MINIMUM_KEY_SIZE.put("DSA", 512); 899 PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class); 900 PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class); 901 MINIMUM_KEY_SIZE.put("DH", 256); 902 PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class); 903 PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class); 904 MINIMUM_KEY_SIZE.put("EC", 256); 905 } 906 getPrivateKeySpecClass(String algName)907 public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) { 908 return PRIVATE_KEY_SPEC_CLASSES.get(algName); 909 } 910 getPublicKeySpecClass(String algName)911 public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) { 912 return PUBLIC_KEY_SPEC_CLASSES.get(algName); 913 } 914 getMinimumKeySize(String algName)915 public static int getMinimumKeySize(String algName) { 916 return MINIMUM_KEY_SIZE.get(algName); 917 } 918 919 /** 920 * Asserts that the cipher suites array is non-null and that it 921 * all of its contents are cipher suites known to this 922 * implementation. As a convenience, returns any unenabled cipher 923 * suites in a test for those that want to verify separately that 924 * all cipher suites were included. 925 */ assertValidCipherSuites( Set<String> expected, String[] cipherSuites)926 private static Set<String> assertValidCipherSuites( 927 Set<String> expected, String[] cipherSuites) { 928 assertNotNull(cipherSuites); 929 assertTrue(cipherSuites.length != 0); 930 931 // Make sure all cipherSuites names are expected 932 HashSet<String> remainingCipherSuites = new HashSet<String>(expected); 933 HashSet<String> unknownCipherSuites = new HashSet<String>(); 934 for (String cipherSuite : cipherSuites) { 935 boolean removed = remainingCipherSuites.remove(cipherSuite); 936 if (!removed) { 937 unknownCipherSuites.add(cipherSuite); 938 } 939 } 940 assertEquals("Unknown cipher suites", Collections.EMPTY_SET, unknownCipherSuites); 941 return remainingCipherSuites; 942 } 943 944 /** 945 * After using assertValidCipherSuites on cipherSuites, 946 * assertSupportedCipherSuites additionally verifies that all 947 * supported cipher suites where in the input array. 948 */ assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites)949 private static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { 950 Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); 951 assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); 952 assertEquals(expected.size(), cipherSuites.length); 953 } 954 955 /** 956 * Asserts that the protocols array is non-null and that it all of 957 * its contents are protocols known to this implementation. As a 958 * convenience, returns any unenabled protocols in a test for 959 * those that want to verify separately that all protocols were 960 * included. 961 */ assertValidProtocols(Set<String> expected, String[] protocols)962 private static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { 963 assertNotNull(protocols); 964 assertTrue(protocols.length != 0); 965 966 // Make sure all protocols names are expected 967 HashSet<String> remainingProtocols = new HashSet<String>(expected); 968 HashSet<String> unknownProtocols = new HashSet<String>(); 969 for (String protocol : protocols) { 970 if (!remainingProtocols.remove(protocol)) { 971 unknownProtocols.add(protocol); 972 } 973 } 974 assertEquals("Unknown protocols", Collections.EMPTY_SET, unknownProtocols); 975 return remainingProtocols; 976 } 977 978 /** 979 * After using assertValidProtocols on protocols, 980 * assertSupportedProtocols additionally verifies that all 981 * supported protocols where in the input array. 982 */ assertSupportedProtocols(Set<String> expected, String[] protocols)983 private static void assertSupportedProtocols(Set<String> expected, String[] protocols) { 984 Set<String> remainingProtocols = assertValidProtocols(expected, protocols); 985 assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); 986 assertEquals(expected.size(), protocols.length); 987 } 988 989 /** 990 * Asserts that the provided list of protocols matches the supported list of protocols. 991 */ assertSupportedProtocols(String[] protocols)992 public static void assertSupportedProtocols(String[] protocols) { 993 assertSupportedProtocols(SSL_SOCKET_PROTOCOLS, protocols); 994 } 995 996 /** 997 * Assert that the provided list of cipher suites contains only the supported cipher suites. 998 */ assertValidCipherSuites(String[] cipherSuites)999 public static void assertValidCipherSuites(String[] cipherSuites) { 1000 assertValidCipherSuites(CIPHER_SUITES, cipherSuites); 1001 } 1002 1003 /** 1004 * Assert that the provided list of cipher suites matches the supported list. 1005 */ assertSupportedCipherSuites(String[] cipherSuites)1006 public static void assertSupportedCipherSuites(String[] cipherSuites) { 1007 assertSupportedCipherSuites(CIPHER_SUITES, cipherSuites); 1008 } 1009 1010 /** 1011 * Assert cipher suites match the default list in content and priority order and contain 1012 * only cipher suites permitted by default. 1013 */ assertDefaultCipherSuites(String[] cipherSuites)1014 public static void assertDefaultCipherSuites(String[] cipherSuites) { 1015 assertValidCipherSuites(cipherSuites); 1016 1017 Set<String> expected = new TreeSet<>(CIPHER_SUITES_DEFAULT); 1018 Set<String> actual = new TreeSet<>(Arrays.asList(cipherSuites)); 1019 assertEquals(expected, actual); 1020 } 1021 assertDefaultEllipticCurves(String[] curves)1022 public static void assertDefaultEllipticCurves(String[] curves) { 1023 assertEquals(ELLIPTIC_CURVES_DEFAULT, Arrays.asList(curves)); 1024 } 1025 assertSSLContextEnabledProtocols(String version, String[] protocols)1026 public static void assertSSLContextEnabledProtocols(String version, String[] protocols) { 1027 assertEquals("For protocol \"" + version + "\"", 1028 Arrays.toString(SSL_CONTEXT_PROTOCOLS_ENABLED.get(version)), 1029 Arrays.toString(protocols)); 1030 } 1031 isPermittedDefaultCipherSuite(String cipherSuite)1032 private static boolean isPermittedDefaultCipherSuite(String cipherSuite) { 1033 assertNotNull(cipherSuite); 1034 if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) { 1035 return true; 1036 } 1037 assertTrue(cipherSuite, cipherSuite.startsWith("TLS_") || cipherSuite.startsWith("SSL_")); 1038 1039 // Example: RSA_WITH_AES_128_CBC_SHA 1040 String remainder = cipherSuite.substring("TLS_".length()); 1041 int macDelimiterIndex = remainder.lastIndexOf('_'); 1042 assertTrue(cipherSuite, macDelimiterIndex != -1); 1043 // Example: SHA 1044 String mac = remainder.substring(macDelimiterIndex + 1); 1045 1046 // Example: RSA_WITH_AES_128_CBC 1047 remainder = remainder.substring(0, macDelimiterIndex); 1048 int withDelimiterIndex = remainder.indexOf("_WITH_"); 1049 assertTrue(cipherSuite, withDelimiterIndex != -1); 1050 1051 // Example: RSA 1052 String keyExchange = remainder.substring(0, withDelimiterIndex); 1053 // Example: AES_128_CBC 1054 String bulkEncryptionCipher = remainder.substring(withDelimiterIndex + "_WITH_".length()); 1055 1056 if (!PERMITTED_DEFAULT_MACS.contains(mac)) { 1057 return false; 1058 } 1059 if (!PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS.contains(keyExchange)) { 1060 return false; 1061 } 1062 if (!PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS.contains(bulkEncryptionCipher)) { 1063 return false; 1064 } 1065 1066 return true; 1067 } 1068 1069 /** 1070 * Get all supported mode names for the given cipher. 1071 */ getModesForCipher(String cipher)1072 public static Set<String> getModesForCipher(String cipher) { 1073 return CIPHER_MODES.get(cipher); 1074 } 1075 1076 /** 1077 * Get all supported padding names for the given cipher. 1078 */ getPaddingsForCipher(String cipher)1079 public static Set<String> getPaddingsForCipher(String cipher) { 1080 return CIPHER_PADDINGS.get(cipher); 1081 } 1082 } 1083