NativeCrypto.java revision de30700ecd96af43e2f3ee2e03f398896f5bb1e9
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package org.apache.harmony.xnet.provider.jsse; 18 19import java.io.FileDescriptor; 20import java.io.IOException; 21import java.net.SocketTimeoutException; 22import java.nio.ByteOrder; 23import java.security.MessageDigest; 24import java.security.NoSuchAlgorithmException; 25import java.security.SignatureException; 26import java.security.cert.Certificate; 27import java.security.cert.CertificateEncodingException; 28import java.security.cert.CertificateException; 29import java.security.cert.X509Certificate; 30import java.security.interfaces.ECPrivateKey; 31import java.util.ArrayList; 32import java.util.HashMap; 33import java.util.LinkedHashMap; 34import java.util.List; 35import java.util.Map; 36import javax.crypto.BadPaddingException; 37import javax.crypto.IllegalBlockSizeException; 38import javax.net.ssl.SSLException; 39import javax.security.auth.x500.X500Principal; 40import libcore.io.Memory; 41 42/** 43 * Provides the Java side of our JNI glue for OpenSSL. 44 */ 45public final class NativeCrypto { 46 47 // --- OpenSSL library initialization -------------------------------------- 48 static { 49 clinit(); 50 } 51 52 private native static void clinit(); 53 54 // --- ENGINE functions ---------------------------------------------------- 55 public static native void ENGINE_load_dynamic(); 56 57 public static native int ENGINE_by_id(String id); 58 59 public static native int ENGINE_add(int e); 60 61 public static native int ENGINE_init(int e); 62 63 public static native int ENGINE_finish(int e); 64 65 public static native int ENGINE_free(int e); 66 67 public static native int ENGINE_load_private_key(int e, String key_id); 68 69 // --- DSA/RSA public/private key handling functions ----------------------- 70 71 public static native int EVP_PKEY_new_DSA(byte[] p, byte[] q, byte[] g, 72 byte[] pub_key, byte[] priv_key); 73 74 public static native int EVP_PKEY_new_RSA(byte[] n, byte[] e, byte[] d, byte[] p, byte[] q, 75 byte[] dmp1, byte[] dmq1, byte[] iqmp); 76 77 public static native int EVP_PKEY_new_mac_key(int type, byte[] key); 78 79 public static native int EVP_PKEY_size(int pkey); 80 81 public static native int EVP_PKEY_type(int pkey); 82 83 public static native String EVP_PKEY_print_public(int pkeyRef); 84 85 public static native String EVP_PKEY_print_private(int pkeyRef); 86 87 public static native void EVP_PKEY_free(int pkey); 88 89 public static native int EVP_PKEY_cmp(int pkey1, int pkey2); 90 91 public static native byte[] i2d_PKCS8_PRIV_KEY_INFO(int pkey); 92 93 public static native int d2i_PKCS8_PRIV_KEY_INFO(byte[] data); 94 95 public static native byte[] i2d_PUBKEY(int pkey); 96 97 public static native int d2i_PUBKEY(byte[] data); 98 99 public static native int RSA_generate_key_ex(int modulusBits, byte[] publicExponent); 100 101 public static native int RSA_size(int pkey); 102 103 public static native int RSA_private_encrypt(int flen, byte[] from, byte[] to, int pkey, 104 int padding); 105 106 public static native int RSA_public_decrypt(int flen, byte[] from, byte[] to, int pkey, 107 int padding) throws BadPaddingException, SignatureException; 108 109 public static native int RSA_public_encrypt(int flen, byte[] from, byte[] to, int pkey, 110 int padding); 111 112 public static native int RSA_private_decrypt(int flen, byte[] from, byte[] to, int pkey, 113 int padding) throws BadPaddingException, SignatureException; 114 115 /** 116 * @return array of {n, e} 117 */ 118 public static native byte[][] get_RSA_public_params(int rsa); 119 120 /** 121 * @return array of {n, e, d, p, q, dmp1, dmq1, iqmp} 122 */ 123 public static native byte[][] get_RSA_private_params(int rsa); 124 125 public static native int DSA_generate_key(int primeBits, byte[] seed, byte[] g, byte[] p, 126 byte[] q); 127 128 /** 129 * @return array of {g, p, q, y(pub), x(priv)} 130 */ 131 public static native byte[][] get_DSA_params(int dsa); 132 133 public static native byte[] i2d_RSAPublicKey(int rsa); 134 135 public static native byte[] i2d_RSAPrivateKey(int rsa); 136 137 public static native byte[] i2d_DSAPublicKey(int dsa); 138 139 public static native byte[] i2d_DSAPrivateKey(int dsa); 140 141 // --- EC functions -------------------------- 142 143 /** 144 * Used to request EC_GROUP_new_curve_GFp to EC_GROUP_new_curve 145 */ 146 public static final int EC_CURVE_GFP = 1; 147 148 /** 149 * Used to request EC_GROUP_new_curve_GF2m to EC_GROUP_new_curve 150 */ 151 public static final int EC_CURVE_GF2M = 2; 152 153 /** 154 * EC_GROUP_set_asn1_flag: indicates an EC_GROUP is a NamedCurve. 155 */ 156 public static final int OPENSSL_EC_NAMED_CURVE = 0x001; 157 158 /** 159 * EC_GROUP_set_point_conversion_form: indicates compressed ASN.1 format 160 */ 161 public static final int POINT_CONVERSION_COMPRESSED = 2; 162 163 /** 164 * EC_GROUP_set_point_conversion_form: indicates uncompressed ASN.1 format 165 */ 166 public static final int POINT_CONVERSION_UNCOMPRESSED = 4; 167 168 /** 169 * EC_GROUP_set_point_conversion_form: indicates hybrid ASN.1 format 170 */ 171 public static final int POINT_CONVERSION_HYBRID = 4; 172 173 public static native int EVP_PKEY_new_EC_KEY(int groupRef, int pubkeyRef, byte[] privkey); 174 175 public static native int EC_GROUP_new_by_curve_name(String curveName); 176 177 public static native int EC_GROUP_new_curve(int type, byte[] p, byte[] a, byte[] b); 178 179 public static native void EC_GROUP_set_asn1_flag(int groupRef, int flag); 180 181 public static native void EC_GROUP_set_point_conversion_form(int groupRef, int form); 182 183 public static native int EC_GROUP_get_curve_name(int groupRef); 184 185 public static native byte[][] EC_GROUP_get_curve(int groupRef); 186 187 public static native void EC_GROUP_clear_free(int ctx); 188 189 public static native boolean EC_GROUP_cmp(int ctx1, int ctx2); 190 191 public static native void EC_GROUP_set_generator(int groupCtx, int pointCtx, byte[] n, byte[] h); 192 193 public static native int EC_GROUP_get_generator(int groupCtx); 194 195 public static native int get_EC_GROUP_type(int groupCtx); 196 197 public static native byte[] EC_GROUP_get_order(int groupCtx); 198 199 public static native byte[] EC_GROUP_get_cofactor(int groupCtx); 200 201 public static native int EC_POINT_new(int groupRef); 202 203 public static native void EC_POINT_clear_free(int pointRef); 204 205 public static native boolean EC_POINT_cmp(int groupRef, int pointRef1, int pointRef2); 206 207 public static native byte[][] EC_POINT_get_affine_coordinates(int groupCtx, int pointCtx); 208 209 public static native void EC_POINT_set_affine_coordinates(int groupCtx, int pointCtx, byte[] x, 210 byte[] y); 211 212 public static native int EC_KEY_generate_key(int groupRef); 213 214 public static native int EC_KEY_get0_group(int pkeyRef); 215 216 public static native byte[] EC_KEY_get_private_key(int keyRef); 217 218 public static native int EC_KEY_get_public_key(int keyRef); 219 220 // --- Message digest functions -------------- 221 222 public static native int EVP_get_digestbyname(String name); 223 224 public static native int EVP_MD_size(int evp_md); 225 226 public static native int EVP_MD_block_size(int evp_md); 227 228 // --- Message digest context functions -------------- 229 230 public static native int EVP_MD_CTX_create(); 231 232 public static native void EVP_MD_CTX_destroy(int ctx); 233 234 public static native int EVP_MD_CTX_copy(int ctx); 235 236 // --- Digest handling functions ------------------------------------------- 237 238 public static native int EVP_DigestInit(int evp_md); 239 240 public static native void EVP_DigestUpdate(int ctx, byte[] buffer, int offset, int length); 241 242 public static native int EVP_DigestFinal(int ctx, byte[] hash, int offset); 243 244 // --- MAC handling functions ---------------------------------------------- 245 246 public static native void EVP_DigestSignInit(int evp_md_ctx, int evp_md, int evp_pkey); 247 248 public static native void EVP_DigestSignUpdate(int evp_md_ctx, byte[] in); 249 250 public static native byte[] EVP_DigestSignFinal(int evp_md_ctx); 251 252 // --- Signature handling functions ---------------------------------------- 253 254 public static native int EVP_SignInit(String algorithm); 255 256 public static native void EVP_SignUpdate(int ctx, byte[] buffer, 257 int offset, int length); 258 259 public static native int EVP_SignFinal(int ctx, byte[] signature, int offset, int key); 260 261 public static native int EVP_VerifyInit(String algorithm); 262 263 public static native void EVP_VerifyUpdate(int ctx, byte[] buffer, 264 int offset, int length); 265 266 public static native int EVP_VerifyFinal(int ctx, byte[] signature, 267 int offset, int length, int key); 268 269 270 // --- Block ciphers ------------------------------------------------------- 271 272 public static native int EVP_get_cipherbyname(String string); 273 274 public static native void EVP_CipherInit_ex(int ctx, int evpCipher, byte[] key, byte[] iv, 275 boolean encrypting); 276 277 public static native int EVP_CipherUpdate(int ctx, byte[] out, int outOffset, byte[] in, 278 int inOffset, int inLength); 279 280 public static native int EVP_CipherFinal_ex(int ctx, byte[] out, int outOffset) 281 throws BadPaddingException, IllegalBlockSizeException; 282 283 public static native int EVP_CIPHER_iv_length(int evpCipher); 284 285 public static native int EVP_CIPHER_CTX_new(); 286 287 public static native int EVP_CIPHER_CTX_block_size(int ctx); 288 289 public static native int get_EVP_CIPHER_CTX_buf_len(int ctx); 290 291 public static native void EVP_CIPHER_CTX_set_padding(int ctx, boolean enablePadding); 292 293 public static native void EVP_CIPHER_CTX_set_key_length(int ctx, int keyBitSize); 294 295 public static native void EVP_CIPHER_CTX_cleanup(int ctx); 296 297 // --- RAND seeding -------------------------------------------------------- 298 299 public static final int RAND_SEED_LENGTH_IN_BYTES = 1024; 300 301 public static native void RAND_seed(byte[] seed); 302 303 public static native int RAND_load_file(String filename, long max_bytes); 304 305 public static native void RAND_bytes(byte[] output); 306 307 // --- ASN.1 objects ------------------------------------------------------- 308 309 public static native int OBJ_txt2nid(String oid); 310 311 public static native String OBJ_txt2nid_longName(String oid); 312 313 public static native String OBJ_txt2nid_oid(String oid); 314 315 // --- X509_NAME ----------------------------------------------------------- 316 317 public static int X509_NAME_hash(X500Principal principal) { 318 return X509_NAME_hash(principal, "SHA1"); 319 } 320 public static int X509_NAME_hash_old(X500Principal principal) { 321 return X509_NAME_hash(principal, "MD5"); 322 } 323 private static int X509_NAME_hash(X500Principal principal, String algorithm) { 324 try { 325 byte[] digest = MessageDigest.getInstance(algorithm).digest(principal.getEncoded()); 326 return Memory.peekInt(digest, 0, ByteOrder.LITTLE_ENDIAN); 327 } catch (NoSuchAlgorithmException e) { 328 throw new AssertionError(e); 329 } 330 } 331 332 // --- SSL handling -------------------------------------------------------- 333 334 private static final String SUPPORTED_PROTOCOL_SSLV3 = "SSLv3"; 335 private static final String SUPPORTED_PROTOCOL_TLSV1 = "TLSv1"; 336 private static final String SUPPORTED_PROTOCOL_TLSV1_1 = "TLSv1.1"; 337 private static final String SUPPORTED_PROTOCOL_TLSV1_2 = "TLSv1.2"; 338 339 public static final Map<String, String> OPENSSL_TO_STANDARD_CIPHER_SUITES 340 = new HashMap<String, String>(); 341 public static final Map<String, String> STANDARD_TO_OPENSSL_CIPHER_SUITES 342 = new LinkedHashMap<String, String>(); 343 344 private static void add(String standard, String openssl) { 345 OPENSSL_TO_STANDARD_CIPHER_SUITES.put(openssl, standard); 346 STANDARD_TO_OPENSSL_CIPHER_SUITES.put(standard, openssl); 347 } 348 349 /** 350 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is RFC 5746's renegotiation 351 * indication signaling cipher suite value. It is not a real 352 * cipher suite. It is just an indication in the default and 353 * supported cipher suite lists indicates that the implementation 354 * supports secure renegotiation. 355 * 356 * In the RI, its presence means that the SCSV is sent in the 357 * cipher suite list to indicate secure renegotiation support and 358 * its absense means to send an empty TLS renegotiation info 359 * extension instead. 360 * 361 * However, OpenSSL doesn't provide an API to give this level of 362 * control, instead always sending the SCSV and always including 363 * the empty renegotiation info if TLS is used (as opposed to 364 * SSL). So we simply allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to 365 * be passed for compatibility as to provide the hint that we 366 * support secure renegotiation. 367 */ 368 public static final String TLS_EMPTY_RENEGOTIATION_INFO_SCSV 369 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 370 371 static { 372 // Note these are added in priority order 373 add("SSL_RSA_WITH_RC4_128_MD5", "RC4-MD5"); 374 add("SSL_RSA_WITH_RC4_128_SHA", "RC4-SHA"); 375 add("TLS_RSA_WITH_AES_128_CBC_SHA", "AES128-SHA"); 376 add("TLS_RSA_WITH_AES_256_CBC_SHA", "AES256-SHA"); 377 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "ECDH-ECDSA-RC4-SHA"); 378 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "ECDH-ECDSA-AES128-SHA"); 379 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "ECDH-ECDSA-AES256-SHA"); 380 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", "ECDH-RSA-RC4-SHA"); 381 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "ECDH-RSA-AES128-SHA"); 382 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "ECDH-RSA-AES256-SHA"); 383 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "ECDHE-ECDSA-RC4-SHA"); 384 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "ECDHE-ECDSA-AES128-SHA"); 385 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "ECDHE-ECDSA-AES256-SHA"); 386 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", "ECDHE-RSA-RC4-SHA"); 387 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "ECDHE-RSA-AES128-SHA"); 388 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "ECDHE-RSA-AES256-SHA"); 389 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "DHE-RSA-AES128-SHA"); 390 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "DHE-RSA-AES256-SHA"); 391 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "DHE-DSS-AES128-SHA"); 392 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "DHE-DSS-AES256-SHA"); 393 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", "DES-CBC3-SHA"); 394 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDH-ECDSA-DES-CBC3-SHA"); 395 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "ECDH-RSA-DES-CBC3-SHA"); 396 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-ECDSA-DES-CBC3-SHA"); 397 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-RSA-DES-CBC3-SHA"); 398 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "EDH-RSA-DES-CBC3-SHA"); 399 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "EDH-DSS-DES-CBC3-SHA"); 400 add("SSL_RSA_WITH_DES_CBC_SHA", "DES-CBC-SHA"); 401 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", "EDH-RSA-DES-CBC-SHA"); 402 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", "EDH-DSS-DES-CBC-SHA"); 403 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", "EXP-RC4-MD5"); 404 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-DES-CBC-SHA"); 405 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-RSA-DES-CBC-SHA"); 406 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-DSS-DES-CBC-SHA"); 407 add("SSL_RSA_WITH_NULL_MD5", "NULL-MD5"); 408 add("SSL_RSA_WITH_NULL_SHA", "NULL-SHA"); 409 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", "ECDH-ECDSA-NULL-SHA"); 410 add("TLS_ECDH_RSA_WITH_NULL_SHA", "ECDH-RSA-NULL-SHA"); 411 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", "ECDHE-ECDSA-NULL-SHA"); 412 add("TLS_ECDHE_RSA_WITH_NULL_SHA", "ECDHE-RSA-NULL-SHA"); 413 add("SSL_DH_anon_WITH_RC4_128_MD5", "ADH-RC4-MD5"); 414 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", "ADH-AES128-SHA"); 415 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", "ADH-AES256-SHA"); 416 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "ADH-DES-CBC3-SHA"); 417 add("SSL_DH_anon_WITH_DES_CBC_SHA", "ADH-DES-CBC-SHA"); 418 add("TLS_ECDH_anon_WITH_RC4_128_SHA", "AECDH-RC4-SHA"); 419 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "AECDH-AES128-SHA"); 420 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "AECDH-AES256-SHA"); 421 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "AECDH-DES-CBC3-SHA"); 422 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "EXP-ADH-RC4-MD5"); 423 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "EXP-ADH-DES-CBC-SHA"); 424 add("TLS_ECDH_anon_WITH_NULL_SHA", "AECDH-NULL-SHA"); 425 426 // No Kerberos in Android 427 // add("TLS_KRB5_WITH_RC4_128_SHA", "KRB5-RC4-SHA"); 428 // add("TLS_KRB5_WITH_RC4_128_MD5", "KRB5-RC4-MD5"); 429 // add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "KRB5-DES-CBC3-SHA"); 430 // add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "KRB5-DES-CBC3-MD5"); 431 // add("TLS_KRB5_WITH_DES_CBC_SHA", "KRB5-DES-CBC-SHA"); 432 // add("TLS_KRB5_WITH_DES_CBC_MD5", "KRB5-DES-CBC-MD5"); 433 // add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "EXP-KRB5-RC4-SHA"); 434 // add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "EXP-KRB5-RC4-MD5"); 435 // add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "EXP-KRB5-DES-CBC-SHA"); 436 // add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "EXP-KRB5-DES-CBC-MD5"); 437 438 // not implemented by either RI or OpenSSL 439 // add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", null); 440 // add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", null); 441 442 // EXPORT1024 suites were never standardized but were widely implemented. 443 // OpenSSL 0.9.8c and later have disabled TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 444 // add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", "EXP1024-DES-CBC-SHA"); 445 // add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", "EXP1024-RC4-SHA"); 446 447 // No RC2 448 // add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", "EXP-RC2-CBC-MD5"); 449 // add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", "EXP-KRB5-RC2-CBC-SHA"); 450 // add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", "EXP-KRB5-RC2-CBC-MD5"); 451 452 // PSK is Private Shared Key - didn't exist in Froyo's openssl - no JSSE equivalent 453 // add(null, "PSK-3DES-EDE-CBC-SHA"); 454 // add(null, "PSK-AES128-CBC-SHA"); 455 // add(null, "PSK-AES256-CBC-SHA"); 456 // add(null, "PSK-RC4-SHA"); 457 458 // Signaling Cipher Suite Value for secure renegotiation handled as special case. 459 // add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", null); 460 } 461 462 private static final String[] SUPPORTED_CIPHER_SUITES; 463 static { 464 int size = STANDARD_TO_OPENSSL_CIPHER_SUITES.size(); 465 SUPPORTED_CIPHER_SUITES = new String[size + 1]; 466 STANDARD_TO_OPENSSL_CIPHER_SUITES.keySet().toArray(SUPPORTED_CIPHER_SUITES); 467 SUPPORTED_CIPHER_SUITES[size] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; 468 } 469 470 // EVP_PKEY types from evp.h and objects.h 471 public static final int EVP_PKEY_RSA = 6; // NID_rsaEcnryption 472 public static final int EVP_PKEY_DSA = 116; // NID_dsa 473 public static final int EVP_PKEY_DH = 28; // NID_dhKeyAgreement 474 public static final int EVP_PKEY_EC = 408; // NID_X9_62_id_ecPublicKey 475 public static final int EVP_PKEY_HMAC = 855; // NID_hmac 476 public static final int EVP_PKEY_CMAC = 894; // NID_cmac 477 478 // RSA padding modes from rsa.h 479 public static final int RSA_PKCS1_PADDING = 1; 480 public static final int RSA_NO_PADDING = 3; 481 482 // SSL mode from ssl.h 483 public static final long SSL_MODE_HANDSHAKE_CUTTHROUGH = 0x00000020L; 484 485 // SSL options from ssl.h 486 public static final long SSL_OP_NO_TICKET = 0x00004000L; 487 public static final long SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000L; 488 public static final long SSL_OP_NO_SSLv3 = 0x02000000L; 489 public static final long SSL_OP_NO_TLSv1 = 0x04000000L; 490 public static final long SSL_OP_NO_TLSv1_1 = 0x10000000L; 491 public static final long SSL_OP_NO_TLSv1_2 = 0x08000000L; 492 493 public static native int SSL_CTX_new(); 494 495 public static String[] getDefaultCipherSuites() { 496 return new String[] { 497 "SSL_RSA_WITH_RC4_128_MD5", 498 "SSL_RSA_WITH_RC4_128_SHA", 499 "TLS_RSA_WITH_AES_128_CBC_SHA", 500 "TLS_RSA_WITH_AES_256_CBC_SHA", 501 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 502 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 503 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 504 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 505 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 506 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 507 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 508 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 509 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 510 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 511 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 512 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 513 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 514 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 515 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 516 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 517 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 518 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 519 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 520 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 521 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 522 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 523 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 524 "SSL_RSA_WITH_DES_CBC_SHA", 525 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 526 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 527 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 528 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 529 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 530 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 531 TLS_EMPTY_RENEGOTIATION_INFO_SCSV 532 }; 533 } 534 535 public static String[] getSupportedCipherSuites() { 536 return SUPPORTED_CIPHER_SUITES.clone(); 537 } 538 539 public static native void SSL_CTX_free(int ssl_ctx); 540 541 public static native void SSL_CTX_set_session_id_context(int ssl_ctx, byte[] sid_ctx); 542 543 public static native int SSL_new(int ssl_ctx) throws SSLException; 544 545 public static native void SSL_enable_tls_channel_id(int ssl) throws SSLException; 546 547 public static native byte[] SSL_get_tls_channel_id(int ssl) throws SSLException; 548 549 public static native void SSL_use_OpenSSL_PrivateKey_for_tls_channel_id(int ssl, int pkey) 550 throws SSLException; 551 552 public static native void SSL_use_PKCS8_PrivateKey_for_tls_channel_id( 553 int ssl, byte[] pkcs8EncodedPrivateKey) throws SSLException; 554 555 public static void SSL_set1_tls_channel_id(int ssl, ECPrivateKey privateKey) 556 throws SSLException { 557 if (privateKey == null) { 558 throw new NullPointerException("privateKey == null"); 559 } else if (privateKey instanceof OpenSSLECPrivateKey) { 560 OpenSSLKey openSslPrivateKey = ((OpenSSLECPrivateKey) privateKey).getOpenSSLKey(); 561 SSL_use_OpenSSL_PrivateKey_for_tls_channel_id(ssl, openSslPrivateKey.getPkeyContext()); 562 } else if ("PKCS#8".equals(privateKey.getFormat())) { 563 byte[] pkcs8EncodedKey = privateKey.getEncoded(); 564 SSL_use_PKCS8_PrivateKey_for_tls_channel_id(ssl, pkcs8EncodedKey); 565 } else { 566 throw new SSLException("Unsupported Channel ID private key type:" + 567 " class: " + privateKey.getClass() + ", format: " + privateKey.getFormat()); 568 } 569 } 570 571 public static byte[][] encodeCertificates(Certificate[] certificates) 572 throws CertificateEncodingException { 573 byte[][] certificateBytes = new byte[certificates.length][]; 574 for (int i = 0; i < certificates.length; i++) { 575 certificateBytes[i] = certificates[i].getEncoded(); 576 } 577 return certificateBytes; 578 } 579 580 public static native void SSL_use_certificate(int ssl, byte[][] asn1DerEncodedCertificateChain); 581 582 public static native void SSL_use_OpenSSL_PrivateKey(int ssl, int pkey); 583 584 public static native void SSL_use_PrivateKey(int ssl, byte[] pkcs8EncodedPrivateKey); 585 586 public static native void SSL_check_private_key(int ssl) throws SSLException; 587 588 public static byte[][] encodeIssuerX509Principals(X509Certificate[] certificates) 589 throws CertificateEncodingException { 590 byte[][] principalBytes = new byte[certificates.length][]; 591 for (int i = 0; i < certificates.length; i++) { 592 principalBytes[i] = certificates[i].getIssuerX500Principal().getEncoded(); 593 } 594 return principalBytes; 595 } 596 597 public static native void SSL_set_client_CA_list(int ssl, byte[][] asn1DerEncodedX500Principals); 598 599 public static native long SSL_get_mode(int ssl); 600 601 public static native long SSL_set_mode(int ssl, long mode); 602 603 public static native long SSL_clear_mode(int ssl, long mode); 604 605 public static native long SSL_get_options(int ssl); 606 607 public static native long SSL_set_options(int ssl, long options); 608 609 public static native long SSL_clear_options(int ssl, long options); 610 611 public static String[] getDefaultProtocols() { 612 return new String[] { SUPPORTED_PROTOCOL_SSLV3, 613 SUPPORTED_PROTOCOL_TLSV1, 614 }; 615 } 616 617 public static String[] getSupportedProtocols() { 618 return new String[] { SUPPORTED_PROTOCOL_SSLV3, 619 SUPPORTED_PROTOCOL_TLSV1, 620 SUPPORTED_PROTOCOL_TLSV1_1, 621 SUPPORTED_PROTOCOL_TLSV1_2, 622 }; 623 } 624 625 public static void setEnabledProtocols(int ssl, String[] protocols) { 626 checkEnabledProtocols(protocols); 627 // openssl uses negative logic letting you disable protocols. 628 // so first, assume we need to set all (disable all) and clear none (enable none). 629 // in the loop, selectively move bits from set to clear (from disable to enable) 630 long optionsToSet = (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2); 631 long optionsToClear = 0; 632 for (int i = 0; i < protocols.length; i++) { 633 String protocol = protocols[i]; 634 if (protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) { 635 optionsToSet &= ~SSL_OP_NO_SSLv3; 636 optionsToClear |= SSL_OP_NO_SSLv3; 637 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) { 638 optionsToSet &= ~SSL_OP_NO_TLSv1; 639 optionsToClear |= SSL_OP_NO_TLSv1; 640 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) { 641 optionsToSet &= ~SSL_OP_NO_TLSv1_1; 642 optionsToClear |= SSL_OP_NO_TLSv1_1; 643 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2)) { 644 optionsToSet &= ~SSL_OP_NO_TLSv1_2; 645 optionsToClear |= SSL_OP_NO_TLSv1_2; 646 } else { 647 // error checked by checkEnabledProtocols 648 throw new IllegalStateException(); 649 } 650 } 651 652 SSL_set_options(ssl, optionsToSet); 653 SSL_clear_options(ssl, optionsToClear); 654 } 655 656 public static String[] checkEnabledProtocols(String[] protocols) { 657 if (protocols == null) { 658 throw new IllegalArgumentException("protocols == null"); 659 } 660 for (int i = 0; i < protocols.length; i++) { 661 String protocol = protocols[i]; 662 if (protocol == null) { 663 throw new IllegalArgumentException("protocols[" + i + "] == null"); 664 } 665 if ((!protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) 666 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) 667 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) 668 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2))) { 669 throw new IllegalArgumentException("protocol " + protocol 670 + " is not supported"); 671 } 672 } 673 return protocols; 674 } 675 676 public static native void SSL_set_cipher_lists(int ssl, String[] ciphers); 677 678 public static void setEnabledCipherSuites(int ssl, String[] cipherSuites) { 679 checkEnabledCipherSuites(cipherSuites); 680 List<String> opensslSuites = new ArrayList<String>(); 681 for (int i = 0; i < cipherSuites.length; i++) { 682 String cipherSuite = cipherSuites[i]; 683 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 684 continue; 685 } 686 String openssl = STANDARD_TO_OPENSSL_CIPHER_SUITES.get(cipherSuite); 687 String cs = (openssl == null) ? cipherSuite : openssl; 688 opensslSuites.add(cs); 689 } 690 SSL_set_cipher_lists(ssl, opensslSuites.toArray(new String[opensslSuites.size()])); 691 } 692 693 public static String[] checkEnabledCipherSuites(String[] cipherSuites) { 694 if (cipherSuites == null) { 695 throw new IllegalArgumentException("cipherSuites == null"); 696 } 697 // makes sure all suites are valid, throwing on error 698 for (int i = 0; i < cipherSuites.length; i++) { 699 String cipherSuite = cipherSuites[i]; 700 if (cipherSuite == null) { 701 throw new IllegalArgumentException("cipherSuites[" + i + "] == null"); 702 } 703 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 704 continue; 705 } 706 if (STANDARD_TO_OPENSSL_CIPHER_SUITES.containsKey(cipherSuite)) { 707 continue; 708 } 709 if (OPENSSL_TO_STANDARD_CIPHER_SUITES.containsKey(cipherSuite)) { 710 // TODO log warning about using backward compatability 711 continue; 712 } 713 throw new IllegalArgumentException("cipherSuite " + cipherSuite + " is not supported."); 714 } 715 return cipherSuites; 716 } 717 718 /* 719 * See the OpenSSL ssl.h header file for more information. 720 */ 721 public static final int SSL_VERIFY_NONE = 0x00; 722 public static final int SSL_VERIFY_PEER = 0x01; 723 public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02; 724 725 public static native void SSL_set_verify(int sslNativePointer, int mode); 726 727 public static native void SSL_set_session(int sslNativePointer, int sslSessionNativePointer) 728 throws SSLException; 729 730 public static native void SSL_set_session_creation_enabled( 731 int sslNativePointer, boolean creationEnabled) throws SSLException; 732 733 public static native void SSL_set_tlsext_host_name(int sslNativePointer, String hostname) 734 throws SSLException; 735 public static native String SSL_get_servername(int sslNativePointer); 736 737 /** 738 * Enables NPN for all SSL connections in the context. 739 * 740 * <p>For clients this causes the NPN extension to be included in the 741 * ClientHello message. 742 * 743 * <p>For servers this causes the NPN extension to be included in the 744 * ServerHello message. The NPN extension will not be included in the 745 * ServerHello response if the client didn't include it in the ClientHello 746 * request. 747 * 748 * <p>In either case the caller should pass a non-null byte array of NPN 749 * protocols to {@link #SSL_do_handshake}. 750 */ 751 public static native void SSL_CTX_enable_npn(int sslCtxNativePointer); 752 753 /** 754 * Disables NPN for all SSL connections in the context. 755 */ 756 public static native void SSL_CTX_disable_npn(int sslCtxNativePointer); 757 758 /** 759 * Returns the sslSessionNativePointer of the negotiated session 760 */ 761 public static native int SSL_do_handshake(int sslNativePointer, 762 FileDescriptor fd, 763 SSLHandshakeCallbacks shc, 764 int timeoutMillis, 765 boolean client_mode, 766 byte[] npnProtocols) 767 throws SSLException, SocketTimeoutException, CertificateException; 768 769 public static native byte[] SSL_get_npn_negotiated_protocol(int sslNativePointer); 770 771 /** 772 * Currently only intended for forcing renegotiation for testing. 773 * Not used within OpenSSLSocketImpl. 774 */ 775 public static native void SSL_renegotiate(int sslNativePointer) throws SSLException; 776 777 /** 778 * Returns the local ASN.1 DER encoded X509 certificates. 779 */ 780 public static native byte[][] SSL_get_certificate(int sslNativePointer); 781 782 /** 783 * Returns the peer ASN.1 DER encoded X509 certificates. 784 */ 785 public static native byte[][] SSL_get_peer_cert_chain(int sslNativePointer); 786 787 /** 788 * Reads with the native SSL_read function from the encrypted data stream 789 * @return -1 if error or the end of the stream is reached. 790 */ 791 public static native int SSL_read(int sslNativePointer, 792 FileDescriptor fd, 793 SSLHandshakeCallbacks shc, 794 byte[] b, int off, int len, int readTimeoutMillis) 795 throws IOException; 796 797 /** 798 * Writes with the native SSL_write function to the encrypted data stream. 799 */ 800 public static native void SSL_write(int sslNativePointer, 801 FileDescriptor fd, 802 SSLHandshakeCallbacks shc, 803 byte[] b, int off, int len, int writeTimeoutMillis) 804 throws IOException; 805 806 public static native void SSL_interrupt(int sslNativePointer); 807 public static native void SSL_shutdown(int sslNativePointer, 808 FileDescriptor fd, 809 SSLHandshakeCallbacks shc) throws IOException; 810 811 public static native void SSL_free(int sslNativePointer); 812 813 public static native byte[] SSL_SESSION_session_id(int sslSessionNativePointer); 814 815 public static native long SSL_SESSION_get_time(int sslSessionNativePointer); 816 817 public static native String SSL_SESSION_get_version(int sslSessionNativePointer); 818 819 public static native String SSL_SESSION_cipher(int sslSessionNativePointer); 820 821 public static native void SSL_SESSION_free(int sslSessionNativePointer); 822 823 public static native byte[] i2d_SSL_SESSION(int sslSessionNativePointer); 824 825 public static native int d2i_SSL_SESSION(byte[] data); 826 827 /** 828 * A collection of callbacks from the native OpenSSL code that are 829 * related to the SSL handshake initiated by SSL_do_handshake. 830 */ 831 public interface SSLHandshakeCallbacks { 832 /** 833 * Verify that we trust the certificate chain is trusted. 834 * 835 * @param asn1DerEncodedCertificateChain A chain of ASN.1 DER encoded certificates 836 * @param authMethod auth algorithm name 837 * 838 * @throws CertificateException if the certificate is untrusted 839 */ 840 public void verifyCertificateChain(byte[][] asn1DerEncodedCertificateChain, String authMethod) 841 throws CertificateException; 842 843 /** 844 * Called on an SSL client when the server requests (or 845 * requires a certificate). The client can respond by using 846 * SSL_use_certificate and SSL_use_PrivateKey to set a 847 * certificate if has an appropriate one available, similar to 848 * how the server provides its certificate. 849 * 850 * @param keyTypes key types supported by the server, 851 * convertible to strings with #keyType 852 * @param asn1DerEncodedX500Principals CAs known to the server 853 */ 854 public void clientCertificateRequested(byte[] keyTypes, 855 byte[][] asn1DerEncodedX500Principals) 856 throws CertificateEncodingException, SSLException; 857 858 /** 859 * Called when SSL handshake is completed. Note that this can 860 * be after SSL_do_handshake returns when handshake cutthrough 861 * is enabled. 862 */ 863 public void handshakeCompleted(); 864 } 865 866 public static native long ERR_peek_last_error(); 867} 868