NativeCrypto.java revision 0d4ee1f9b8c37fb33cd74da4efac5905ba138e45
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package org.apache.harmony.xnet.provider.jsse; 18 19import java.io.FileDescriptor; 20import java.io.IOException; 21import java.net.SocketTimeoutException; 22import java.nio.ByteOrder; 23import java.security.MessageDigest; 24import java.security.NoSuchAlgorithmException; 25import java.security.SignatureException; 26import java.security.cert.Certificate; 27import java.security.cert.CertificateEncodingException; 28import java.security.cert.CertificateException; 29import java.security.cert.X509Certificate; 30import java.util.ArrayList; 31import java.util.HashMap; 32import java.util.LinkedHashMap; 33import java.util.List; 34import java.util.Map; 35import javax.crypto.BadPaddingException; 36import javax.crypto.IllegalBlockSizeException; 37import javax.net.ssl.SSLException; 38import javax.security.auth.x500.X500Principal; 39import libcore.io.Memory; 40 41/** 42 * Provides the Java side of our JNI glue for OpenSSL. 43 */ 44public final class NativeCrypto { 45 46 // --- OpenSSL library initialization -------------------------------------- 47 static { 48 clinit(); 49 } 50 51 private native static void clinit(); 52 53 // --- ENGINE functions ---------------------------------------------------- 54 public static native void ENGINE_load_dynamic(); 55 56 public static native int ENGINE_by_id(String id); 57 58 public static native int ENGINE_add(int e); 59 60 public static native int ENGINE_init(int e); 61 62 public static native int ENGINE_finish(int e); 63 64 public static native int ENGINE_free(int e); 65 66 public static native int ENGINE_load_private_key(int e, String key_id); 67 68 // --- DSA/RSA public/private key handling functions ----------------------- 69 70 public static native int EVP_PKEY_new_DSA(byte[] p, byte[] q, byte[] g, 71 byte[] pub_key, byte[] priv_key); 72 73 public static native int EVP_PKEY_new_RSA(byte[] n, byte[] e, byte[] d, byte[] p, byte[] q, 74 byte[] dmp1, byte[] dmq1, byte[] iqmp); 75 76 public static native int EVP_PKEY_new_mac_key(int type, byte[] key); 77 78 public static native int EVP_PKEY_size(int pkey); 79 80 public static native int EVP_PKEY_type(int pkey); 81 82 public static native String EVP_PKEY_print_public(int pkeyRef); 83 84 public static native String EVP_PKEY_print_private(int pkeyRef); 85 86 public static native void EVP_PKEY_free(int pkey); 87 88 public static native int EVP_PKEY_cmp(int pkey1, int pkey2); 89 90 public static native byte[] i2d_PKCS8_PRIV_KEY_INFO(int pkey); 91 92 public static native int d2i_PKCS8_PRIV_KEY_INFO(byte[] data); 93 94 public static native byte[] i2d_PUBKEY(int pkey); 95 96 public static native int d2i_PUBKEY(byte[] data); 97 98 public static native int RSA_generate_key_ex(int modulusBits, byte[] publicExponent); 99 100 public static native int RSA_size(int pkey); 101 102 public static native int RSA_private_encrypt(int flen, byte[] from, byte[] to, int pkey, 103 int padding); 104 105 public static native int RSA_public_decrypt(int flen, byte[] from, byte[] to, int pkey, 106 int padding) throws BadPaddingException, SignatureException; 107 108 public static native int RSA_public_encrypt(int flen, byte[] from, byte[] to, int pkey, 109 int padding); 110 111 public static native int RSA_private_decrypt(int flen, byte[] from, byte[] to, int pkey, 112 int padding) throws BadPaddingException, SignatureException; 113 114 /** 115 * @return array of {n, e} 116 */ 117 public static native byte[][] get_RSA_public_params(int rsa); 118 119 /** 120 * @return array of {n, e, d, p, q, dmp1, dmq1, iqmp} 121 */ 122 public static native byte[][] get_RSA_private_params(int rsa); 123 124 public static native int DSA_generate_key(int primeBits, byte[] seed, byte[] g, byte[] p, 125 byte[] q); 126 127 /** 128 * @return array of {g, p, q, y(pub), x(priv)} 129 */ 130 public static native byte[][] get_DSA_params(int dsa); 131 132 public static native byte[] i2d_RSAPublicKey(int rsa); 133 134 public static native byte[] i2d_RSAPrivateKey(int rsa); 135 136 public static native byte[] i2d_DSAPublicKey(int dsa); 137 138 public static native byte[] i2d_DSAPrivateKey(int dsa); 139 140 // --- EC functions -------------------------- 141 142 /** 143 * Used to request EC_GROUP_new_curve_GFp to EC_GROUP_new_curve 144 */ 145 public static final int EC_CURVE_GFP = 1; 146 147 /** 148 * Used to request EC_GROUP_new_curve_GF2m to EC_GROUP_new_curve 149 */ 150 public static final int EC_CURVE_GF2M = 2; 151 152 /** 153 * EC_GROUP_set_asn1_flag: indicates an EC_GROUP is a NamedCurve. 154 */ 155 public static final int OPENSSL_EC_NAMED_CURVE = 0x001; 156 157 /** 158 * EC_GROUP_set_point_conversion_form: indicates compressed ASN.1 format 159 */ 160 public static final int POINT_CONVERSION_COMPRESSED = 2; 161 162 /** 163 * EC_GROUP_set_point_conversion_form: indicates uncompressed ASN.1 format 164 */ 165 public static final int POINT_CONVERSION_UNCOMPRESSED = 4; 166 167 /** 168 * EC_GROUP_set_point_conversion_form: indicates hybrid ASN.1 format 169 */ 170 public static final int POINT_CONVERSION_HYBRID = 4; 171 172 public static native int EVP_PKEY_new_EC_KEY(int groupRef, int pubkeyRef, byte[] privkey); 173 174 public static native int EC_GROUP_new_by_curve_name(String curveName); 175 176 public static native int EC_GROUP_new_curve(int type, byte[] p, byte[] a, byte[] b); 177 178 public static native void EC_GROUP_set_asn1_flag(int groupRef, int flag); 179 180 public static native void EC_GROUP_set_point_conversion_form(int groupRef, int form); 181 182 public static native int EC_GROUP_get_curve_name(int groupRef); 183 184 public static native byte[][] EC_GROUP_get_curve(int groupRef); 185 186 public static native void EC_GROUP_clear_free(int ctx); 187 188 public static native boolean EC_GROUP_cmp(int ctx1, int ctx2); 189 190 public static native void EC_GROUP_set_generator(int groupCtx, int pointCtx, byte[] n, byte[] h); 191 192 public static native int EC_GROUP_get_generator(int groupCtx); 193 194 public static native int get_EC_GROUP_type(int groupCtx); 195 196 public static native byte[] EC_GROUP_get_order(int groupCtx); 197 198 public static native byte[] EC_GROUP_get_cofactor(int groupCtx); 199 200 public static native int EC_POINT_new(int groupRef); 201 202 public static native void EC_POINT_clear_free(int pointRef); 203 204 public static native boolean EC_POINT_cmp(int groupRef, int pointRef1, int pointRef2); 205 206 public static native byte[][] EC_POINT_get_affine_coordinates(int groupCtx, int pointCtx); 207 208 public static native void EC_POINT_set_affine_coordinates(int groupCtx, int pointCtx, byte[] x, 209 byte[] y); 210 211 public static native int EC_KEY_generate_key(int groupRef); 212 213 public static native int EC_KEY_get0_group(int pkeyRef); 214 215 public static native byte[] EC_KEY_get_private_key(int keyRef); 216 217 public static native int EC_KEY_get_public_key(int keyRef); 218 219 // --- Message digest functions -------------- 220 221 public static native int EVP_get_digestbyname(String name); 222 223 public static native int EVP_MD_size(int evp_md); 224 225 public static native int EVP_MD_block_size(int evp_md); 226 227 // --- Message digest context functions -------------- 228 229 public static native int EVP_MD_CTX_create(); 230 231 public static native void EVP_MD_CTX_init(int ctx); 232 233 public static native void EVP_MD_CTX_destroy(int ctx); 234 235 public static native int EVP_MD_CTX_copy(int ctx); 236 237 // --- Digest handling functions ------------------------------------------- 238 239 public static native int EVP_DigestInit(int evp_md); 240 241 public static native void EVP_DigestUpdate(int ctx, byte[] buffer, int offset, int length); 242 243 public static native int EVP_DigestFinal(int ctx, byte[] hash, int offset); 244 245 // --- MAC handling functions ---------------------------------------------- 246 247 public static native void EVP_DigestSignInit(int evp_md_ctx, int evp_md, int evp_pkey); 248 249 public static native void EVP_DigestSignUpdate(int evp_md_ctx, byte[] in); 250 251 public static native byte[] EVP_DigestSignFinal(int evp_md_ctx); 252 253 // --- Signature handling functions ---------------------------------------- 254 255 public static native int EVP_SignInit(String algorithm); 256 257 public static native void EVP_SignUpdate(int ctx, byte[] buffer, 258 int offset, int length); 259 260 public static native int EVP_SignFinal(int ctx, byte[] signature, int offset, int key); 261 262 public static native int EVP_VerifyInit(String algorithm); 263 264 public static native void EVP_VerifyUpdate(int ctx, byte[] buffer, 265 int offset, int length); 266 267 public static native int EVP_VerifyFinal(int ctx, byte[] signature, 268 int offset, int length, int key); 269 270 271 // --- Block ciphers ------------------------------------------------------- 272 273 public static native int EVP_get_cipherbyname(String string); 274 275 public static native void EVP_CipherInit_ex(int ctx, int evpCipher, byte[] key, byte[] iv, 276 boolean encrypting); 277 278 public static native int EVP_CipherUpdate(int ctx, byte[] out, int outOffset, byte[] in, 279 int inOffset, int inLength); 280 281 public static native int EVP_CipherFinal_ex(int ctx, byte[] out, int outOffset) 282 throws BadPaddingException, IllegalBlockSizeException; 283 284 public static native int EVP_CIPHER_iv_length(int evpCipher); 285 286 public static native int EVP_CIPHER_CTX_new(); 287 288 public static native int EVP_CIPHER_CTX_block_size(int ctx); 289 290 public static native int get_EVP_CIPHER_CTX_buf_len(int ctx); 291 292 public static native void EVP_CIPHER_CTX_set_padding(int ctx, boolean enablePadding); 293 294 public static native void EVP_CIPHER_CTX_set_key_length(int ctx, int keyBitSize); 295 296 public static native void EVP_CIPHER_CTX_cleanup(int ctx); 297 298 // --- RAND seeding -------------------------------------------------------- 299 300 public static final int RAND_SEED_LENGTH_IN_BYTES = 1024; 301 302 public static native void RAND_seed(byte[] seed); 303 304 public static native int RAND_load_file(String filename, long max_bytes); 305 306 public static native void RAND_bytes(byte[] output); 307 308 // --- ASN.1 objects ------------------------------------------------------- 309 310 public static native int OBJ_txt2nid(String oid); 311 312 public static native String OBJ_txt2nid_longName(String oid); 313 314 public static native String OBJ_txt2nid_oid(String oid); 315 316 // --- X509_NAME ----------------------------------------------------------- 317 318 public static int X509_NAME_hash(X500Principal principal) { 319 return X509_NAME_hash(principal, "SHA1"); 320 } 321 public static int X509_NAME_hash_old(X500Principal principal) { 322 return X509_NAME_hash(principal, "MD5"); 323 } 324 private static int X509_NAME_hash(X500Principal principal, String algorithm) { 325 try { 326 byte[] digest = MessageDigest.getInstance(algorithm).digest(principal.getEncoded()); 327 return Memory.peekInt(digest, 0, ByteOrder.LITTLE_ENDIAN); 328 } catch (NoSuchAlgorithmException e) { 329 throw new AssertionError(e); 330 } 331 } 332 333 // --- SSL handling -------------------------------------------------------- 334 335 private static final String SUPPORTED_PROTOCOL_SSLV3 = "SSLv3"; 336 private static final String SUPPORTED_PROTOCOL_TLSV1 = "TLSv1"; 337 private static final String SUPPORTED_PROTOCOL_TLSV1_1 = "TLSv1.1"; 338 private static final String SUPPORTED_PROTOCOL_TLSV1_2 = "TLSv1.2"; 339 340 public static final Map<String, String> OPENSSL_TO_STANDARD_CIPHER_SUITES 341 = new HashMap<String, String>(); 342 public static final Map<String, String> STANDARD_TO_OPENSSL_CIPHER_SUITES 343 = new LinkedHashMap<String, String>(); 344 345 private static void add(String standard, String openssl) { 346 OPENSSL_TO_STANDARD_CIPHER_SUITES.put(openssl, standard); 347 STANDARD_TO_OPENSSL_CIPHER_SUITES.put(standard, openssl); 348 } 349 350 /** 351 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is RFC 5746's renegotiation 352 * indication signaling cipher suite value. It is not a real 353 * cipher suite. It is just an indication in the default and 354 * supported cipher suite lists indicates that the implementation 355 * supports secure renegotiation. 356 * 357 * In the RI, its presence means that the SCSV is sent in the 358 * cipher suite list to indicate secure renegotiation support and 359 * its absense means to send an empty TLS renegotiation info 360 * extension instead. 361 * 362 * However, OpenSSL doesn't provide an API to give this level of 363 * control, instead always sending the SCSV and always including 364 * the empty renegotiation info if TLS is used (as opposed to 365 * SSL). So we simply allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to 366 * be passed for compatibility as to provide the hint that we 367 * support secure renegotiation. 368 */ 369 public static final String TLS_EMPTY_RENEGOTIATION_INFO_SCSV 370 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 371 372 static { 373 // Note these are added in priority order 374 add("SSL_RSA_WITH_RC4_128_MD5", "RC4-MD5"); 375 add("SSL_RSA_WITH_RC4_128_SHA", "RC4-SHA"); 376 add("TLS_RSA_WITH_AES_128_CBC_SHA", "AES128-SHA"); 377 add("TLS_RSA_WITH_AES_256_CBC_SHA", "AES256-SHA"); 378 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "ECDH-ECDSA-RC4-SHA"); 379 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "ECDH-ECDSA-AES128-SHA"); 380 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "ECDH-ECDSA-AES256-SHA"); 381 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", "ECDH-RSA-RC4-SHA"); 382 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "ECDH-RSA-AES128-SHA"); 383 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "ECDH-RSA-AES256-SHA"); 384 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "ECDHE-ECDSA-RC4-SHA"); 385 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "ECDHE-ECDSA-AES128-SHA"); 386 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "ECDHE-ECDSA-AES256-SHA"); 387 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", "ECDHE-RSA-RC4-SHA"); 388 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "ECDHE-RSA-AES128-SHA"); 389 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "ECDHE-RSA-AES256-SHA"); 390 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "DHE-RSA-AES128-SHA"); 391 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "DHE-RSA-AES256-SHA"); 392 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "DHE-DSS-AES128-SHA"); 393 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "DHE-DSS-AES256-SHA"); 394 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", "DES-CBC3-SHA"); 395 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDH-ECDSA-DES-CBC3-SHA"); 396 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "ECDH-RSA-DES-CBC3-SHA"); 397 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-ECDSA-DES-CBC3-SHA"); 398 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-RSA-DES-CBC3-SHA"); 399 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "EDH-RSA-DES-CBC3-SHA"); 400 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "EDH-DSS-DES-CBC3-SHA"); 401 add("SSL_RSA_WITH_DES_CBC_SHA", "DES-CBC-SHA"); 402 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", "EDH-RSA-DES-CBC-SHA"); 403 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", "EDH-DSS-DES-CBC-SHA"); 404 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", "EXP-RC4-MD5"); 405 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-DES-CBC-SHA"); 406 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-RSA-DES-CBC-SHA"); 407 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-DSS-DES-CBC-SHA"); 408 add("SSL_RSA_WITH_NULL_MD5", "NULL-MD5"); 409 add("SSL_RSA_WITH_NULL_SHA", "NULL-SHA"); 410 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", "ECDH-ECDSA-NULL-SHA"); 411 add("TLS_ECDH_RSA_WITH_NULL_SHA", "ECDH-RSA-NULL-SHA"); 412 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", "ECDHE-ECDSA-NULL-SHA"); 413 add("TLS_ECDHE_RSA_WITH_NULL_SHA", "ECDHE-RSA-NULL-SHA"); 414 add("SSL_DH_anon_WITH_RC4_128_MD5", "ADH-RC4-MD5"); 415 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", "ADH-AES128-SHA"); 416 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", "ADH-AES256-SHA"); 417 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "ADH-DES-CBC3-SHA"); 418 add("SSL_DH_anon_WITH_DES_CBC_SHA", "ADH-DES-CBC-SHA"); 419 add("TLS_ECDH_anon_WITH_RC4_128_SHA", "AECDH-RC4-SHA"); 420 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "AECDH-AES128-SHA"); 421 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "AECDH-AES256-SHA"); 422 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "AECDH-DES-CBC3-SHA"); 423 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "EXP-ADH-RC4-MD5"); 424 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "EXP-ADH-DES-CBC-SHA"); 425 add("TLS_ECDH_anon_WITH_NULL_SHA", "AECDH-NULL-SHA"); 426 427 // No Kerberos in Android 428 // add("TLS_KRB5_WITH_RC4_128_SHA", "KRB5-RC4-SHA"); 429 // add("TLS_KRB5_WITH_RC4_128_MD5", "KRB5-RC4-MD5"); 430 // add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "KRB5-DES-CBC3-SHA"); 431 // add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "KRB5-DES-CBC3-MD5"); 432 // add("TLS_KRB5_WITH_DES_CBC_SHA", "KRB5-DES-CBC-SHA"); 433 // add("TLS_KRB5_WITH_DES_CBC_MD5", "KRB5-DES-CBC-MD5"); 434 // add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "EXP-KRB5-RC4-SHA"); 435 // add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "EXP-KRB5-RC4-MD5"); 436 // add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "EXP-KRB5-DES-CBC-SHA"); 437 // add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "EXP-KRB5-DES-CBC-MD5"); 438 439 // not implemented by either RI or OpenSSL 440 // add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", null); 441 // add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", null); 442 443 // EXPORT1024 suites were never standardized but were widely implemented. 444 // OpenSSL 0.9.8c and later have disabled TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 445 // add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", "EXP1024-DES-CBC-SHA"); 446 // add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", "EXP1024-RC4-SHA"); 447 448 // No RC2 449 // add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", "EXP-RC2-CBC-MD5"); 450 // add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", "EXP-KRB5-RC2-CBC-SHA"); 451 // add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", "EXP-KRB5-RC2-CBC-MD5"); 452 453 // PSK is Private Shared Key - didn't exist in Froyo's openssl - no JSSE equivalent 454 // add(null, "PSK-3DES-EDE-CBC-SHA"); 455 // add(null, "PSK-AES128-CBC-SHA"); 456 // add(null, "PSK-AES256-CBC-SHA"); 457 // add(null, "PSK-RC4-SHA"); 458 459 // Signaling Cipher Suite Value for secure renegotiation handled as special case. 460 // add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", null); 461 } 462 463 private static final String[] SUPPORTED_CIPHER_SUITES; 464 static { 465 int size = STANDARD_TO_OPENSSL_CIPHER_SUITES.size(); 466 SUPPORTED_CIPHER_SUITES = new String[size + 1]; 467 STANDARD_TO_OPENSSL_CIPHER_SUITES.keySet().toArray(SUPPORTED_CIPHER_SUITES); 468 SUPPORTED_CIPHER_SUITES[size] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; 469 } 470 471 // EVP_PKEY types from evp.h and objects.h 472 public static final int EVP_PKEY_RSA = 6; // NID_rsaEcnryption 473 public static final int EVP_PKEY_DSA = 116; // NID_dsa 474 public static final int EVP_PKEY_DH = 28; // NID_dhKeyAgreement 475 public static final int EVP_PKEY_EC = 408; // NID_X9_62_id_ecPublicKey 476 public static final int EVP_PKEY_HMAC = 855; // NID_hmac 477 public static final int EVP_PKEY_CMAC = 894; // NID_cmac 478 479 // RSA padding modes from rsa.h 480 public static final int RSA_PKCS1_PADDING = 1; 481 public static final int RSA_NO_PADDING = 3; 482 483 // SSL mode from ssl.h 484 public static final long SSL_MODE_HANDSHAKE_CUTTHROUGH = 0x00000040L; 485 486 // SSL options from ssl.h 487 public static final long SSL_OP_NO_TICKET = 0x00004000L; 488 public static final long SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000L; 489 public static final long SSL_OP_NO_SSLv3 = 0x02000000L; 490 public static final long SSL_OP_NO_TLSv1 = 0x04000000L; 491 public static final long SSL_OP_NO_TLSv1_1 = 0x10000000L; 492 public static final long SSL_OP_NO_TLSv1_2 = 0x08000000L; 493 494 public static native int SSL_CTX_new(); 495 496 public static String[] getDefaultCipherSuites() { 497 return new String[] { 498 "SSL_RSA_WITH_RC4_128_MD5", 499 "SSL_RSA_WITH_RC4_128_SHA", 500 "TLS_RSA_WITH_AES_128_CBC_SHA", 501 "TLS_RSA_WITH_AES_256_CBC_SHA", 502 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 503 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 504 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 505 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 506 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 507 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 508 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 509 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 510 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 511 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 512 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 513 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 514 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 515 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 516 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 517 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 518 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 519 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 520 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 521 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 522 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 523 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 524 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 525 "SSL_RSA_WITH_DES_CBC_SHA", 526 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 527 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 528 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 529 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 530 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 531 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 532 TLS_EMPTY_RENEGOTIATION_INFO_SCSV 533 }; 534 } 535 536 public static String[] getSupportedCipherSuites() { 537 return SUPPORTED_CIPHER_SUITES.clone(); 538 } 539 540 public static native void SSL_CTX_free(int ssl_ctx); 541 542 public static native void SSL_CTX_set_session_id_context(int ssl_ctx, byte[] sid_ctx); 543 544 public static native int SSL_new(int ssl_ctx) throws SSLException; 545 546 public static byte[][] encodeCertificates(Certificate[] certificates) 547 throws CertificateEncodingException { 548 byte[][] certificateBytes = new byte[certificates.length][]; 549 for (int i = 0; i < certificates.length; i++) { 550 certificateBytes[i] = certificates[i].getEncoded(); 551 } 552 return certificateBytes; 553 } 554 555 public static native void SSL_use_certificate(int ssl, byte[][] asn1DerEncodedCertificateChain); 556 557 public static native void SSL_use_OpenSSL_PrivateKey(int ssl, int pkey); 558 559 public static native void SSL_use_PrivateKey(int ssl, byte[] pkcs8EncodedPrivateKey); 560 561 public static native void SSL_check_private_key(int ssl) throws SSLException; 562 563 public static byte[][] encodeIssuerX509Principals(X509Certificate[] certificates) 564 throws CertificateEncodingException { 565 byte[][] principalBytes = new byte[certificates.length][]; 566 for (int i = 0; i < certificates.length; i++) { 567 principalBytes[i] = certificates[i].getIssuerX500Principal().getEncoded(); 568 } 569 return principalBytes; 570 } 571 572 public static native void SSL_set_client_CA_list(int ssl, byte[][] asn1DerEncodedX500Principals); 573 574 public static native long SSL_get_mode(int ssl); 575 576 public static native long SSL_set_mode(int ssl, long mode); 577 578 public static native long SSL_clear_mode(int ssl, long mode); 579 580 public static native long SSL_get_options(int ssl); 581 582 public static native long SSL_set_options(int ssl, long options); 583 584 public static native long SSL_clear_options(int ssl, long options); 585 586 public static String[] getDefaultProtocols() { 587 return new String[] { SUPPORTED_PROTOCOL_SSLV3, 588 SUPPORTED_PROTOCOL_TLSV1, 589 }; 590 } 591 592 public static String[] getSupportedProtocols() { 593 return new String[] { SUPPORTED_PROTOCOL_SSLV3, 594 SUPPORTED_PROTOCOL_TLSV1, 595 SUPPORTED_PROTOCOL_TLSV1_1, 596 SUPPORTED_PROTOCOL_TLSV1_2, 597 }; 598 } 599 600 public static void setEnabledProtocols(int ssl, String[] protocols) { 601 checkEnabledProtocols(protocols); 602 // openssl uses negative logic letting you disable protocols. 603 // so first, assume we need to set all (disable all) and clear none (enable none). 604 // in the loop, selectively move bits from set to clear (from disable to enable) 605 long optionsToSet = (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2); 606 long optionsToClear = 0; 607 for (int i = 0; i < protocols.length; i++) { 608 String protocol = protocols[i]; 609 if (protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) { 610 optionsToSet &= ~SSL_OP_NO_SSLv3; 611 optionsToClear |= SSL_OP_NO_SSLv3; 612 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) { 613 optionsToSet &= ~SSL_OP_NO_TLSv1; 614 optionsToClear |= SSL_OP_NO_TLSv1; 615 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) { 616 optionsToSet &= ~SSL_OP_NO_TLSv1_1; 617 optionsToClear |= SSL_OP_NO_TLSv1_1; 618 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2)) { 619 optionsToSet &= ~SSL_OP_NO_TLSv1_2; 620 optionsToClear |= SSL_OP_NO_TLSv1_2; 621 } else { 622 // error checked by checkEnabledProtocols 623 throw new IllegalStateException(); 624 } 625 } 626 627 SSL_set_options(ssl, optionsToSet); 628 SSL_clear_options(ssl, optionsToClear); 629 } 630 631 public static String[] checkEnabledProtocols(String[] protocols) { 632 if (protocols == null) { 633 throw new IllegalArgumentException("protocols == null"); 634 } 635 for (int i = 0; i < protocols.length; i++) { 636 String protocol = protocols[i]; 637 if (protocol == null) { 638 throw new IllegalArgumentException("protocols[" + i + "] == null"); 639 } 640 if ((!protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) 641 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) 642 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) 643 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2))) { 644 throw new IllegalArgumentException("protocol " + protocol 645 + " is not supported"); 646 } 647 } 648 return protocols; 649 } 650 651 public static native void SSL_set_cipher_lists(int ssl, String[] ciphers); 652 653 public static void setEnabledCipherSuites(int ssl, String[] cipherSuites) { 654 checkEnabledCipherSuites(cipherSuites); 655 List<String> opensslSuites = new ArrayList<String>(); 656 for (int i = 0; i < cipherSuites.length; i++) { 657 String cipherSuite = cipherSuites[i]; 658 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 659 continue; 660 } 661 String openssl = STANDARD_TO_OPENSSL_CIPHER_SUITES.get(cipherSuite); 662 String cs = (openssl == null) ? cipherSuite : openssl; 663 opensslSuites.add(cs); 664 } 665 SSL_set_cipher_lists(ssl, opensslSuites.toArray(new String[opensslSuites.size()])); 666 } 667 668 public static String[] checkEnabledCipherSuites(String[] cipherSuites) { 669 if (cipherSuites == null) { 670 throw new IllegalArgumentException("cipherSuites == null"); 671 } 672 // makes sure all suites are valid, throwing on error 673 for (int i = 0; i < cipherSuites.length; i++) { 674 String cipherSuite = cipherSuites[i]; 675 if (cipherSuite == null) { 676 throw new IllegalArgumentException("cipherSuites[" + i + "] == null"); 677 } 678 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 679 continue; 680 } 681 if (STANDARD_TO_OPENSSL_CIPHER_SUITES.containsKey(cipherSuite)) { 682 continue; 683 } 684 if (OPENSSL_TO_STANDARD_CIPHER_SUITES.containsKey(cipherSuite)) { 685 // TODO log warning about using backward compatability 686 continue; 687 } 688 throw new IllegalArgumentException("cipherSuite " + cipherSuite + " is not supported."); 689 } 690 return cipherSuites; 691 } 692 693 /* 694 * See the OpenSSL ssl.h header file for more information. 695 */ 696 public static final int SSL_VERIFY_NONE = 0x00; 697 public static final int SSL_VERIFY_PEER = 0x01; 698 public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02; 699 700 public static native void SSL_set_verify(int sslNativePointer, int mode); 701 702 public static native void SSL_set_session(int sslNativePointer, int sslSessionNativePointer) 703 throws SSLException; 704 705 public static native void SSL_set_session_creation_enabled( 706 int sslNativePointer, boolean creationEnabled) throws SSLException; 707 708 public static native void SSL_set_tlsext_host_name(int sslNativePointer, String hostname) 709 throws SSLException; 710 public static native String SSL_get_servername(int sslNativePointer); 711 712 /** 713 * Enables NPN for all SSL connections in the context. 714 * 715 * <p>For clients this causes the NPN extension to be included in the 716 * ClientHello message. 717 * 718 * <p>For servers this causes the NPN extension to be included in the 719 * ServerHello message. The NPN extension will not be included in the 720 * ServerHello response if the client didn't include it in the ClientHello 721 * request. 722 * 723 * <p>In either case the caller should pass a non-null byte array of NPN 724 * protocols to {@link #SSL_do_handshake}. 725 */ 726 public static native void SSL_CTX_enable_npn(int sslCtxNativePointer); 727 728 /** 729 * Disables NPN for all SSL connections in the context. 730 */ 731 public static native void SSL_CTX_disable_npn(int sslCtxNativePointer); 732 733 /** 734 * Returns the sslSessionNativePointer of the negotiated session 735 */ 736 public static native int SSL_do_handshake(int sslNativePointer, 737 FileDescriptor fd, 738 SSLHandshakeCallbacks shc, 739 int timeoutMillis, 740 boolean client_mode, 741 byte[] npnProtocols) 742 throws SSLException, SocketTimeoutException, CertificateException; 743 744 public static native byte[] SSL_get_npn_negotiated_protocol(int sslNativePointer); 745 746 /** 747 * Currently only intended for forcing renegotiation for testing. 748 * Not used within OpenSSLSocketImpl. 749 */ 750 public static native void SSL_renegotiate(int sslNativePointer) throws SSLException; 751 752 /** 753 * Returns the local ASN.1 DER encoded X509 certificates. 754 */ 755 public static native byte[][] SSL_get_certificate(int sslNativePointer); 756 757 /** 758 * Returns the peer ASN.1 DER encoded X509 certificates. 759 */ 760 public static native byte[][] SSL_get_peer_cert_chain(int sslNativePointer); 761 762 /** 763 * Reads with the native SSL_read function from the encrypted data stream 764 * @return -1 if error or the end of the stream is reached. 765 */ 766 public static native int SSL_read(int sslNativePointer, 767 FileDescriptor fd, 768 SSLHandshakeCallbacks shc, 769 byte[] b, int off, int len, int readTimeoutMillis) 770 throws IOException; 771 772 /** 773 * Writes with the native SSL_write function to the encrypted data stream. 774 */ 775 public static native void SSL_write(int sslNativePointer, 776 FileDescriptor fd, 777 SSLHandshakeCallbacks shc, 778 byte[] b, int off, int len, int writeTimeoutMillis) 779 throws IOException; 780 781 public static native void SSL_interrupt(int sslNativePointer); 782 public static native void SSL_shutdown(int sslNativePointer, 783 FileDescriptor fd, 784 SSLHandshakeCallbacks shc) throws IOException; 785 786 public static native void SSL_free(int sslNativePointer); 787 788 public static native byte[] SSL_SESSION_session_id(int sslSessionNativePointer); 789 790 public static native long SSL_SESSION_get_time(int sslSessionNativePointer); 791 792 public static native String SSL_SESSION_get_version(int sslSessionNativePointer); 793 794 public static native String SSL_SESSION_cipher(int sslSessionNativePointer); 795 796 public static native void SSL_SESSION_free(int sslSessionNativePointer); 797 798 public static native byte[] i2d_SSL_SESSION(int sslSessionNativePointer); 799 800 public static native int d2i_SSL_SESSION(byte[] data); 801 802 /** 803 * A collection of callbacks from the native OpenSSL code that are 804 * related to the SSL handshake initiated by SSL_do_handshake. 805 */ 806 public interface SSLHandshakeCallbacks { 807 /** 808 * Verify that we trust the certificate chain is trusted. 809 * 810 * @param asn1DerEncodedCertificateChain A chain of ASN.1 DER encoded certificates 811 * @param authMethod auth algorithm name 812 * 813 * @throws CertificateException if the certificate is untrusted 814 */ 815 public void verifyCertificateChain(byte[][] asn1DerEncodedCertificateChain, String authMethod) 816 throws CertificateException; 817 818 /** 819 * Called on an SSL client when the server requests (or 820 * requires a certificate). The client can respond by using 821 * SSL_use_certificate and SSL_use_PrivateKey to set a 822 * certificate if has an appropriate one available, similar to 823 * how the server provides its certificate. 824 * 825 * @param keyTypes key types supported by the server, 826 * convertible to strings with #keyType 827 * @param asn1DerEncodedX500Principals CAs known to the server 828 */ 829 public void clientCertificateRequested(byte[] keyTypes, 830 byte[][] asn1DerEncodedX500Principals) 831 throws CertificateEncodingException, SSLException; 832 833 /** 834 * Called when SSL handshake is completed. Note that this can 835 * be after SSL_do_handshake returns when handshake cutthrough 836 * is enabled. 837 */ 838 public void handshakeCompleted(); 839 } 840 841 public static native long ERR_peek_last_error(); 842} 843