1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package org.conscrypt; 18 19import java.security.Provider; 20 21/** 22 * Provider that goes through OpenSSL for operations. 23 * <p> 24 * Every algorithm should have its IANA assigned OID as an alias. See the following URLs for each type: 25 * <ul> 26 * <li><a href="http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml">Hash functions</a></li> 27 * <li><a href="http://www.iana.org/assignments/dssc/dssc.xml">Signature algorithms</a></li> 28 * <li><a href="http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html">NIST cryptographic algorithms</a></li> 29 * </ul> 30 */ 31public final class OpenSSLProvider extends Provider { 32 private static final long serialVersionUID = 2996752495318905136L; 33 34 public static final String PROVIDER_NAME = "AndroidOpenSSL"; 35 36 public OpenSSLProvider() { 37 super(PROVIDER_NAME, 1.0, "Android's OpenSSL-backed security provider"); 38 39 // Make sure the platform is initialized. 40 Platform.setup(); 41 42 final String prefix = getClass().getPackage().getName() + "."; 43 44 /* === SSL Contexts === */ 45 final String classOpenSSLContextImpl = prefix + "OpenSSLContextImpl"; 46 put("SSLContext.SSL", classOpenSSLContextImpl); 47 put("SSLContext.SSLv3", classOpenSSLContextImpl); 48 put("SSLContext.TLS", classOpenSSLContextImpl); 49 put("SSLContext.TLSv1", classOpenSSLContextImpl); 50 put("SSLContext.TLSv1.1", classOpenSSLContextImpl); 51 put("SSLContext.TLSv1.2", classOpenSSLContextImpl); 52 put("SSLContext.Default", prefix + "DefaultSSLContextImpl"); 53 54 /* === Message Digests === */ 55 put("MessageDigest.SHA-1", prefix + "OpenSSLMessageDigestJDK$SHA1"); 56 put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); 57 put("Alg.Alias.MessageDigest.SHA", "SHA-1"); 58 put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA-1"); 59 60 put("MessageDigest.SHA-256", prefix + "OpenSSLMessageDigestJDK$SHA256"); 61 put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); 62 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); 63 64 put("MessageDigest.SHA-384", prefix + "OpenSSLMessageDigestJDK$SHA384"); 65 put("Alg.Alias.MessageDigest.SHA384", "SHA-384"); 66 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); 67 68 put("MessageDigest.SHA-512", prefix + "OpenSSLMessageDigestJDK$SHA512"); 69 put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); 70 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); 71 72 // iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) md5(5) 73 put("MessageDigest.MD5", prefix + "OpenSSLMessageDigestJDK$MD5"); 74 put("Alg.Alias.MessageDigest.1.2.840.113549.2.5", "MD5"); 75 76 /* == KeyPairGenerators == */ 77 put("KeyPairGenerator.RSA", prefix + "OpenSSLRSAKeyPairGenerator"); 78 put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); 79 80 put("KeyPairGenerator.DSA", prefix + "OpenSSLDSAKeyPairGenerator"); 81 82 put("KeyPairGenerator.EC", prefix + "OpenSSLECKeyPairGenerator"); 83 84 /* == KeyFactory == */ 85 put("KeyFactory.RSA", prefix + "OpenSSLRSAKeyFactory"); 86 put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); 87 88 put("KeyFactory.DSA", prefix + "OpenSSLDSAKeyFactory"); 89 90 put("KeyFactory.EC", prefix + "OpenSSLECKeyFactory"); 91 92 /* == KeyAgreement == */ 93 put("KeyAgreement.ECDH", prefix + "OpenSSLECDHKeyAgreement"); 94 95 /* == Signatures == */ 96 put("Signature.MD5WithRSA", prefix + "OpenSSLSignature$MD5RSA"); 97 put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5WithRSA"); 98 put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSA"); 99 put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5WithRSA"); 100 put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSA"); 101 102 put("Signature.SHA1WithRSA", prefix + "OpenSSLSignature$SHA1RSA"); 103 put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1WithRSA"); 104 put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSA"); 105 put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSA"); 106 put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1WithRSA"); 107 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSA"); 108 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSA"); 109 put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1WithRSA"); 110 111 put("Signature.SHA256WithRSA", prefix + "OpenSSLSignature$SHA256RSA"); 112 put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSA"); 113 put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256WithRSA"); 114 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1", 115 "SHA256WithRSA"); 116 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11", 117 "SHA256WithRSA"); 118 119 put("Signature.SHA384WithRSA", prefix + "OpenSSLSignature$SHA384RSA"); 120 put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSA"); 121 put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384WithRSA"); 122 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1", 123 "SHA384WithRSA"); 124 125 put("Signature.SHA512WithRSA", prefix + "OpenSSLSignature$SHA512RSA"); 126 put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSA"); 127 put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512WithRSA"); 128 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1", 129 "SHA512WithRSA"); 130 131 put("Signature.SHA1withDSA", prefix + "OpenSSLSignature$SHA1DSA"); 132 put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); 133 put("Alg.Alias.Signature.DSA", "SHA1withDSA"); 134 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); 135 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); 136 put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); 137 put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); 138 139 put("Signature.NONEwithRSA", prefix + "OpenSSLSignatureRawRSA"); 140 141 put("Signature.ECDSA", prefix + "OpenSSLSignature$SHA1ECDSA"); 142 put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); 143 put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); 144 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1) 145 put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); 146 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "ECDSA"); 147 148 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 149 put("Signature.SHA256withECDSA", prefix + "OpenSSLSignature$SHA256ECDSA"); 150 // ecdsa-with-SHA256(2) 151 put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA"); 152 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA"); 153 154 put("Signature.SHA384withECDSA", prefix + "OpenSSLSignature$SHA384ECDSA"); 155 // ecdsa-with-SHA384(3) 156 put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA"); 157 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA"); 158 159 put("Signature.SHA512withECDSA", prefix + "OpenSSLSignature$SHA512ECDSA"); 160 // ecdsa-with-SHA512(4) 161 put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA"); 162 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA"); 163 164 /* === SecureRandom === */ 165 /* 166 * We have to specify SHA1PRNG because various documentation mentions 167 * that algorithm by name instead of just recommending calling 168 * "new SecureRandom()" 169 */ 170 put("SecureRandom.SHA1PRNG", prefix + "OpenSSLRandom"); 171 put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); 172 173 /* === Cipher === */ 174 put("Cipher.RSA/ECB/NoPadding", prefix + "OpenSSLCipherRSA$Raw"); 175 put("Alg.Alias.Cipher.RSA/None/NoPadding", "RSA/ECB/NoPadding"); 176 put("Cipher.RSA/ECB/PKCS1Padding", prefix + "OpenSSLCipherRSA$PKCS1"); 177 put("Alg.Alias.Cipher.RSA/None/PKCS1Padding", "RSA/ECB/PKCS1Padding"); 178 179 /* 180 * OpenSSL only supports a subset of modes, so we'll name them 181 * explicitly here. 182 */ 183 put("Cipher.AES/ECB/NoPadding", prefix + "OpenSSLCipher$AES$ECB$NoPadding"); 184 put("Cipher.AES/ECB/PKCS5Padding", prefix + "OpenSSLCipher$AES$ECB$PKCS5Padding"); 185 put("Cipher.AES/CBC/NoPadding", prefix + "OpenSSLCipher$AES$CBC$NoPadding"); 186 put("Cipher.AES/CBC/PKCS5Padding", prefix + "OpenSSLCipher$AES$CBC$PKCS5Padding"); 187 put("Cipher.AES/CFB/NoPadding", prefix + "OpenSSLCipher$AES$CFB$NoPadding"); 188 put("Cipher.AES/CFB/PKCS5Padding", prefix + "OpenSSLCipher$AES$CFB$PKCS5Padding"); 189 put("Cipher.AES/CTR/NoPadding", prefix + "OpenSSLCipher$AES$CTR$NoPadding"); 190 put("Cipher.AES/CTR/PKCS5Padding", prefix + "OpenSSLCipher$AES$CTR$PKCS5Padding"); 191 put("Cipher.AES/OFB/NoPadding", prefix + "OpenSSLCipher$AES$OFB$NoPadding"); 192 put("Cipher.AES/OFB/PKCS5Padding", prefix + "OpenSSLCipher$AES$OFB$PKCS5Padding"); 193 194 put("Cipher.DESEDE/CBC/NoPadding", prefix + "OpenSSLCipher$DESEDE$CBC$NoPadding"); 195 put("Cipher.DESEDE/CBC/PKCS5Padding", prefix + "OpenSSLCipher$DESEDE$CBC$PKCS5Padding"); 196 put("Cipher.DESEDE/CFB/NoPadding", prefix + "OpenSSLCipher$DESEDE$CFB$NoPadding"); 197 put("Cipher.DESEDE/CFB/PKCS5Padding", prefix + "OpenSSLCipher$DESEDE$CFB$PKCS5Padding"); 198 put("Cipher.DESEDE/ECB/NoPadding", prefix + "OpenSSLCipher$DESEDE$ECB$NoPadding"); 199 put("Cipher.DESEDE/ECB/PKCS5Padding", prefix + "OpenSSLCipher$DESEDE$ECB$PKCS5Padding"); 200 put("Cipher.DESEDE/OFB/NoPadding", prefix + "OpenSSLCipher$DESEDE$OFB$NoPadding"); 201 put("Cipher.DESEDE/OFB/PKCS5Padding", prefix + "OpenSSLCipher$DESEDE$OFB$PKCS5Padding"); 202 203 put("Cipher.ARC4", prefix + "OpenSSLCipher$ARC4"); 204 205 /* === Mac === */ 206 207 put("Mac.HmacMD5", prefix + "OpenSSLMac$HmacMD5"); 208 209 // PKCS#2 - iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 210 // http://www.oid-info.com/get/1.2.840.113549.2 211 212 // HMAC-SHA-1 PRF (7) 213 put("Mac.HmacSHA1", prefix + "OpenSSLMac$HmacSHA1"); 214 put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); 215 put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1"); 216 put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1"); 217 218 // id-hmacWithSHA256 (9) 219 put("Mac.HmacSHA256", prefix + "OpenSSLMac$HmacSHA256"); 220 put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); 221 put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256"); 222 put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256"); 223 224 // id-hmacWithSHA384 (10) 225 put("Mac.HmacSHA384", prefix + "OpenSSLMac$HmacSHA384"); 226 put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); 227 put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384"); 228 put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384"); 229 230 // id-hmacWithSHA384 (11) 231 put("Mac.HmacSHA512", prefix + "OpenSSLMac$HmacSHA512"); 232 put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); 233 put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512"); 234 put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512"); 235 236 /* === Certificate === */ 237 238 put("CertificateFactory.X509", prefix + "OpenSSLX509CertificateFactory"); 239 put("Alg.Alias.CertificateFactory.X.509", "X509"); 240 } 241} 242