NativeCrypto.java revision 652ff53bd48ed61389337a42d8e50cdb7ace0fec
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package org.conscrypt; 18 19import java.io.FileDescriptor; 20import java.io.IOException; 21import java.io.OutputStream; 22import java.net.SocketTimeoutException; 23import java.security.MessageDigest; 24import java.security.NoSuchAlgorithmException; 25import java.security.SignatureException; 26import java.security.cert.CertificateEncodingException; 27import java.security.cert.CertificateException; 28import java.security.cert.CertificateParsingException; 29import java.util.ArrayList; 30import java.util.Calendar; 31import java.util.HashMap; 32import java.util.LinkedHashMap; 33import java.util.List; 34import java.util.Map; 35import javax.crypto.BadPaddingException; 36import javax.crypto.IllegalBlockSizeException; 37import javax.net.ssl.SSLException; 38import javax.security.auth.x500.X500Principal; 39 40/** 41 * Provides the Java side of our JNI glue for OpenSSL. 42 */ 43public final class NativeCrypto { 44 45 // --- OpenSSL library initialization -------------------------------------- 46 static { 47 /* 48 * If we're compiled as part of Android, should use a different JNI 49 * library name. Detect this by looking for the jarjar'd package name. 50 */ 51 if ("com.android.org.conscrypt".equals(NativeCrypto.class.getPackage().getName())) { 52 System.loadLibrary("javacrypto"); 53 } else { 54 System.loadLibrary("conscrypt_jni"); 55 } 56 57 clinit(); 58 } 59 60 private native static void clinit(); 61 62 // --- ENGINE functions ---------------------------------------------------- 63 public static native void ENGINE_load_dynamic(); 64 65 public static native long ENGINE_by_id(String id); 66 67 public static native int ENGINE_add(long e); 68 69 public static native int ENGINE_init(long e); 70 71 public static native int ENGINE_finish(long e); 72 73 public static native int ENGINE_free(long e); 74 75 public static native long ENGINE_load_private_key(long e, String key_id); 76 77 public static native String ENGINE_get_id(long engineRef); 78 79 public static native int ENGINE_ctrl_cmd_string(long engineRef, String cmd, String arg, 80 int cmd_optional); 81 82 // --- DSA/RSA public/private key handling functions ----------------------- 83 84 public static native long EVP_PKEY_new_DSA(byte[] p, byte[] q, byte[] g, 85 byte[] pub_key, byte[] priv_key); 86 87 public static native long EVP_PKEY_new_RSA(byte[] n, byte[] e, byte[] d, byte[] p, byte[] q, 88 byte[] dmp1, byte[] dmq1, byte[] iqmp); 89 90 public static native long EVP_PKEY_new_mac_key(int type, byte[] key); 91 92 public static native int EVP_PKEY_size(long pkey); 93 94 public static native int EVP_PKEY_type(long pkey); 95 96 public static native String EVP_PKEY_print_public(long pkeyRef); 97 98 public static native String EVP_PKEY_print_private(long pkeyRef); 99 100 public static native void EVP_PKEY_free(long pkey); 101 102 public static native int EVP_PKEY_cmp(long pkey1, long pkey2); 103 104 public static native byte[] i2d_PKCS8_PRIV_KEY_INFO(long pkey); 105 106 public static native long d2i_PKCS8_PRIV_KEY_INFO(byte[] data); 107 108 public static native byte[] i2d_PUBKEY(long pkey); 109 110 public static native long d2i_PUBKEY(byte[] data); 111 112 public static native long RSA_generate_key_ex(int modulusBits, byte[] publicExponent); 113 114 public static native int RSA_size(long pkey); 115 116 public static native int RSA_private_encrypt(int flen, byte[] from, byte[] to, long pkey, 117 int padding); 118 119 public static native int RSA_public_decrypt(int flen, byte[] from, byte[] to, long pkey, 120 int padding) throws BadPaddingException, SignatureException; 121 122 public static native int RSA_public_encrypt(int flen, byte[] from, byte[] to, long pkey, 123 int padding); 124 125 public static native int RSA_private_decrypt(int flen, byte[] from, byte[] to, long pkey, 126 int padding) throws BadPaddingException, SignatureException; 127 128 /** 129 * @return array of {n, e} 130 */ 131 public static native byte[][] get_RSA_public_params(long rsa); 132 133 /** 134 * @return array of {n, e, d, p, q, dmp1, dmq1, iqmp} 135 */ 136 public static native byte[][] get_RSA_private_params(long rsa); 137 138 public static native long DSA_generate_key(int primeBits, byte[] seed, byte[] g, byte[] p, 139 byte[] q); 140 141 /** 142 * @return array of {g, p, q, y(pub), x(priv)} 143 */ 144 public static native byte[][] get_DSA_params(long dsa); 145 146 public static native void set_DSA_flag_nonce_from_hash(long dsa); 147 148 public static native byte[] i2d_RSAPublicKey(long rsa); 149 150 public static native byte[] i2d_RSAPrivateKey(long rsa); 151 152 public static native byte[] i2d_DSAPublicKey(long dsa); 153 154 public static native byte[] i2d_DSAPrivateKey(long dsa); 155 156 // --- EC functions -------------------------- 157 158 /** 159 * Used to request EC_GROUP_new_curve_GFp to EC_GROUP_new_curve 160 */ 161 public static final int EC_CURVE_GFP = 1; 162 163 /** 164 * Used to request EC_GROUP_new_curve_GF2m to EC_GROUP_new_curve 165 */ 166 public static final int EC_CURVE_GF2M = 2; 167 168 /** 169 * EC_GROUP_set_asn1_flag: indicates an EC_GROUP is a NamedCurve. 170 */ 171 public static final int OPENSSL_EC_NAMED_CURVE = 0x001; 172 173 /** 174 * EC_GROUP_set_point_conversion_form: indicates compressed ASN.1 format 175 */ 176 public static final int POINT_CONVERSION_COMPRESSED = 2; 177 178 /** 179 * EC_GROUP_set_point_conversion_form: indicates uncompressed ASN.1 format 180 */ 181 public static final int POINT_CONVERSION_UNCOMPRESSED = 4; 182 183 /** 184 * EC_GROUP_set_point_conversion_form: indicates hybrid ASN.1 format 185 */ 186 public static final int POINT_CONVERSION_HYBRID = 4; 187 188 public static native long EVP_PKEY_new_EC_KEY(long groupRef, long pubkeyRef, byte[] privkey); 189 190 public static native long EC_GROUP_new_by_curve_name(String curveName); 191 192 public static native long EC_GROUP_new_curve(int type, byte[] p, byte[] a, byte[] b); 193 194 public static native long EC_GROUP_dup(long groupRef); 195 196 public static native void EC_GROUP_set_asn1_flag(long groupRef, int flag); 197 198 public static native void EC_GROUP_set_point_conversion_form(long groupRef, int form); 199 200 public static native String EC_GROUP_get_curve_name(long groupRef); 201 202 public static native byte[][] EC_GROUP_get_curve(long groupRef); 203 204 public static native void EC_GROUP_clear_free(long ctx); 205 206 public static native boolean EC_GROUP_cmp(long ctx1, long ctx2); 207 208 public static native void EC_GROUP_set_generator(long groupCtx, long pointCtx, byte[] n, byte[] h); 209 210 public static native long EC_GROUP_get_generator(long groupCtx); 211 212 public static native int get_EC_GROUP_type(long groupCtx); 213 214 public static native byte[] EC_GROUP_get_order(long groupCtx); 215 216 public static native int EC_GROUP_get_degree(long groupCtx); 217 218 public static native byte[] EC_GROUP_get_cofactor(long groupCtx); 219 220 public static native long EC_POINT_new(long groupRef); 221 222 public static native void EC_POINT_clear_free(long pointRef); 223 224 public static native boolean EC_POINT_cmp(long groupRef, long pointRef1, long pointRef2); 225 226 public static native byte[][] EC_POINT_get_affine_coordinates(long groupCtx, long pointCtx); 227 228 public static native void EC_POINT_set_affine_coordinates(long groupCtx, long pointCtx, byte[] x, 229 byte[] y); 230 231 public static native long EC_KEY_generate_key(long groupRef); 232 233 public static native long EC_KEY_get0_group(long pkeyRef); 234 235 public static native byte[] EC_KEY_get_private_key(long keyRef); 236 237 public static native long EC_KEY_get_public_key(long keyRef); 238 239 public static native void EC_KEY_set_nonce_from_hash(long keyRef, boolean enabled); 240 241 public static native int ECDH_compute_key( 242 byte[] out, int outOffset, long publicKeyRef, long privateKeyRef); 243 244 // --- Message digest functions -------------- 245 246 public static native long EVP_get_digestbyname(String name); 247 248 public static native int EVP_MD_size(long evp_md); 249 250 public static native int EVP_MD_block_size(long evp_md); 251 252 // --- Message digest context functions -------------- 253 254 public static native long EVP_MD_CTX_create(); 255 256 public static native void EVP_MD_CTX_init(OpenSSLDigestContext ctx); 257 258 public static native void EVP_MD_CTX_destroy(long ctx); 259 260 public static native int EVP_MD_CTX_copy(OpenSSLDigestContext dst_ctx, 261 OpenSSLDigestContext src_ctx); 262 263 // --- Digest handling functions ------------------------------------------- 264 265 public static native int EVP_DigestInit(OpenSSLDigestContext ctx, long evp_md); 266 267 public static native void EVP_DigestUpdate(OpenSSLDigestContext ctx, byte[] buffer, 268 int offset, int length); 269 270 public static native int EVP_DigestFinal(OpenSSLDigestContext ctx, byte[] hash, int offset); 271 272 // --- MAC handling functions ---------------------------------------------- 273 274 public static native void EVP_DigestSignInit(OpenSSLDigestContext evp_md_ctx, long evp_md, 275 long evp_pkey); 276 277 public static native void EVP_DigestSignUpdate(OpenSSLDigestContext evp_md_ctx, byte[] in); 278 279 public static native byte[] EVP_DigestSignFinal(OpenSSLDigestContext evp_md_ctx); 280 281 // --- Signature handling functions ---------------------------------------- 282 283 public static native int EVP_SignInit(OpenSSLDigestContext ctx, long evpRef); 284 285 public static native void EVP_SignUpdate(OpenSSLDigestContext ctx, byte[] buffer, 286 int offset, int length); 287 288 public static native int EVP_SignFinal(OpenSSLDigestContext ctx, byte[] signature, int offset, 289 long key); 290 291 public static native int EVP_VerifyInit(OpenSSLDigestContext ctx, long evpRef); 292 293 public static native void EVP_VerifyUpdate(OpenSSLDigestContext ctx, byte[] buffer, 294 int offset, int length); 295 296 public static native int EVP_VerifyFinal(OpenSSLDigestContext ctx, byte[] signature, 297 int offset, int length, long key); 298 299 300 // --- Block ciphers ------------------------------------------------------- 301 302 public static native long EVP_get_cipherbyname(String string); 303 304 public static native void EVP_CipherInit_ex(long ctx, long evpCipher, byte[] key, byte[] iv, 305 boolean encrypting); 306 307 public static native int EVP_CipherUpdate(long ctx, byte[] out, int outOffset, byte[] in, 308 int inOffset, int inLength); 309 310 public static native int EVP_CipherFinal_ex(long ctx, byte[] out, int outOffset) 311 throws BadPaddingException, IllegalBlockSizeException; 312 313 public static native int EVP_CIPHER_iv_length(long evpCipher); 314 315 public static native long EVP_CIPHER_CTX_new(); 316 317 public static native int EVP_CIPHER_CTX_block_size(long ctx); 318 319 public static native int get_EVP_CIPHER_CTX_buf_len(long ctx); 320 321 public static native void EVP_CIPHER_CTX_set_padding(long ctx, boolean enablePadding); 322 323 public static native void EVP_CIPHER_CTX_set_key_length(long ctx, int keyBitSize); 324 325 public static native void EVP_CIPHER_CTX_cleanup(long ctx); 326 327 // --- RAND seeding -------------------------------------------------------- 328 329 public static final int RAND_SEED_LENGTH_IN_BYTES = 1024; 330 331 public static native void RAND_seed(byte[] seed); 332 333 public static native int RAND_load_file(String filename, long max_bytes); 334 335 public static native void RAND_bytes(byte[] output); 336 337 // --- ASN.1 objects ------------------------------------------------------- 338 339 public static native int OBJ_txt2nid(String oid); 340 341 public static native String OBJ_txt2nid_longName(String oid); 342 343 public static native String OBJ_txt2nid_oid(String oid); 344 345 // --- X509_NAME ----------------------------------------------------------- 346 347 public static int X509_NAME_hash(X500Principal principal) { 348 return X509_NAME_hash(principal, "SHA1"); 349 } 350 public static int X509_NAME_hash_old(X500Principal principal) { 351 return X509_NAME_hash(principal, "MD5"); 352 } 353 private static int X509_NAME_hash(X500Principal principal, String algorithm) { 354 try { 355 byte[] digest = MessageDigest.getInstance(algorithm).digest(principal.getEncoded()); 356 int offset = 0; 357 return (((digest[offset++] & 0xff) << 0) | 358 ((digest[offset++] & 0xff) << 8) | 359 ((digest[offset++] & 0xff) << 16) | 360 ((digest[offset ] & 0xff) << 24)); 361 } catch (NoSuchAlgorithmException e) { 362 throw new AssertionError(e); 363 } 364 } 365 366 public static native String X509_NAME_print_ex(long x509nameCtx, long flags); 367 368 // --- X509 ---------------------------------------------------------------- 369 370 /** Used to request get_X509_GENERAL_NAME_stack get the "altname" field. */ 371 public static final int GN_STACK_SUBJECT_ALT_NAME = 1; 372 373 /** 374 * Used to request get_X509_GENERAL_NAME_stack get the issuerAlternativeName 375 * extension. 376 */ 377 public static final int GN_STACK_ISSUER_ALT_NAME = 2; 378 379 /** 380 * Used to request only non-critical types in get_X509*_ext_oids. 381 */ 382 public static final int EXTENSION_TYPE_NON_CRITICAL = 0; 383 384 /** 385 * Used to request only critical types in get_X509*_ext_oids. 386 */ 387 public static final int EXTENSION_TYPE_CRITICAL = 1; 388 389 public static native long d2i_X509_bio(long bioCtx); 390 391 public static native long d2i_X509(byte[] encoded); 392 393 public static native long PEM_read_bio_X509(long bioCtx); 394 395 public static native byte[] i2d_X509(long x509ctx); 396 397 /** Takes an X509 context not an X509_PUBKEY context. */ 398 public static native byte[] i2d_X509_PUBKEY(long x509ctx); 399 400 public static native byte[] ASN1_seq_pack_X509(long[] x509CertRefs); 401 402 public static native long[] ASN1_seq_unpack_X509_bio(long bioRef); 403 404 public static native void X509_free(long x509ctx); 405 406 public static native int X509_cmp(long x509ctx1, long x509ctx2); 407 408 public static native int get_X509_hashCode(long x509ctx); 409 410 public static native void X509_print_ex(long bioCtx, long x509ctx, long nmflag, long certflag); 411 412 public static native byte[] X509_get_issuer_name(long x509ctx); 413 414 public static native byte[] X509_get_subject_name(long x509ctx); 415 416 public static native String get_X509_sig_alg_oid(long x509ctx); 417 418 public static native byte[] get_X509_sig_alg_parameter(long x509ctx); 419 420 public static native boolean[] get_X509_issuerUID(long x509ctx); 421 422 public static native boolean[] get_X509_subjectUID(long x509ctx); 423 424 public static native long X509_get_pubkey(long x509ctx) throws NoSuchAlgorithmException; 425 426 public static native String get_X509_pubkey_oid(long x509ctx); 427 428 public static native byte[] X509_get_ext_oid(long x509ctx, String oid); 429 430 public static native String[] get_X509_ext_oids(long x509ctx, int critical); 431 432 public static native Object[][] get_X509_GENERAL_NAME_stack(long x509ctx, int type) 433 throws CertificateParsingException; 434 435 public static native boolean[] get_X509_ex_kusage(long x509ctx); 436 437 public static native String[] get_X509_ex_xkusage(long x509ctx); 438 439 public static native int get_X509_ex_pathlen(long x509ctx); 440 441 public static native long X509_get_notBefore(long x509ctx); 442 443 public static native long X509_get_notAfter(long x509ctx); 444 445 public static native long X509_get_version(long x509ctx); 446 447 public static native byte[] X509_get_serialNumber(long x509ctx); 448 449 public static native void X509_verify(long x509ctx, long pkeyCtx) throws BadPaddingException; 450 451 public static native byte[] get_X509_cert_info_enc(long x509ctx); 452 453 public static native byte[] get_X509_signature(long x509ctx); 454 455 public static native int get_X509_ex_flags(long x509ctx); 456 457 public static native int X509_check_issued(long ctx, long ctx2); 458 459 // --- X509 EXFLAG --------------------------------------------------------- 460 461 public static final int EXFLAG_CA = 0x10; 462 463 public static final int EXFLAG_CRITICAL = 0x200; 464 465 // --- PKCS7 --------------------------------------------------------------- 466 467 /** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */ 468 public static final int PKCS7_CERTS = 1; 469 470 /** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */ 471 public static final int PKCS7_CRLS = 2; 472 473 /** Returns an array of X509 or X509_CRL pointers. */ 474 public static native long[] d2i_PKCS7_bio(long bioCtx, int which); 475 476 /** Returns an array of X509 or X509_CRL pointers. */ 477 public static native byte[] i2d_PKCS7(long[] certs); 478 479 /** Returns an array of X509 or X509_CRL pointers. */ 480 public static native long[] PEM_read_bio_PKCS7(long bioCtx, int which); 481 482 // --- X509_CRL ------------------------------------------------------------ 483 484 public static native long d2i_X509_CRL_bio(long bioCtx); 485 486 public static native long PEM_read_bio_X509_CRL(long bioCtx); 487 488 public static native byte[] i2d_X509_CRL(long x509CrlCtx); 489 490 public static native void X509_CRL_free(long x509CrlCtx); 491 492 public static native void X509_CRL_print(long bioCtx, long x509CrlCtx); 493 494 public static native String get_X509_CRL_sig_alg_oid(long x509CrlCtx); 495 496 public static native byte[] get_X509_CRL_sig_alg_parameter(long x509CrlCtx); 497 498 public static native byte[] X509_CRL_get_issuer_name(long x509CrlCtx); 499 500 /** Returns X509_REVOKED reference that is not duplicated! */ 501 public static native long X509_CRL_get0_by_cert(long x509CrlCtx, long x509Ctx); 502 503 /** Returns X509_REVOKED reference that is not duplicated! */ 504 public static native long X509_CRL_get0_by_serial(long x509CrlCtx, byte[] serial); 505 506 /** Returns an array of X509_REVOKED that are owned by the caller. */ 507 public static native long[] X509_CRL_get_REVOKED(long x509CrlCtx); 508 509 public static native String[] get_X509_CRL_ext_oids(long x509ctx, int critical); 510 511 public static native byte[] X509_CRL_get_ext_oid(long x509CrlCtx, String oid); 512 513 public static native long X509_CRL_get_version(long x509CrlCtx); 514 515 public static native long X509_CRL_get_ext(long x509CrlCtx, String oid); 516 517 public static native byte[] get_X509_CRL_signature(long x509ctx); 518 519 public static native void X509_CRL_verify(long x509CrlCtx, long pkeyCtx); 520 521 public static native byte[] get_X509_CRL_crl_enc(long x509CrlCtx); 522 523 public static native long X509_CRL_get_lastUpdate(long x509CrlCtx); 524 525 public static native long X509_CRL_get_nextUpdate(long x509CrlCtx); 526 527 // --- X509_REVOKED -------------------------------------------------------- 528 529 public static native long X509_REVOKED_dup(long x509RevokedCtx); 530 531 public static native byte[] i2d_X509_REVOKED(long x509RevokedCtx); 532 533 public static native String[] get_X509_REVOKED_ext_oids(long x509ctx, int critical); 534 535 public static native byte[] X509_REVOKED_get_ext_oid(long x509RevokedCtx, String oid); 536 537 public static native byte[] X509_REVOKED_get_serialNumber(long x509RevokedCtx); 538 539 public static native long X509_REVOKED_get_ext(long x509RevokedCtx, String oid); 540 541 /** Returns ASN1_TIME reference. */ 542 public static native long get_X509_REVOKED_revocationDate(long x509RevokedCtx); 543 544 public static native void X509_REVOKED_print(long bioRef, long x509RevokedCtx); 545 546 // --- X509_EXTENSION ------------------------------------------------------ 547 548 public static native int X509_supported_extension(long x509ExtensionRef); 549 550 // --- ASN1_TIME ----------------------------------------------------------- 551 552 public static native void ASN1_TIME_to_Calendar(long asn1TimeCtx, Calendar cal); 553 554 // --- BIO stream creation ------------------------------------------------- 555 556 public static native long create_BIO_InputStream(OpenSSLBIOInputStream is); 557 558 public static native long create_BIO_OutputStream(OutputStream os); 559 560 public static native int BIO_read(long bioRef, byte[] buffer); 561 562 public static native void BIO_write(long bioRef, byte[] buffer, int offset, int length) 563 throws IOException; 564 565 public static native void BIO_free(long bioRef); 566 567 // --- SSL handling -------------------------------------------------------- 568 569 private static final String SUPPORTED_PROTOCOL_SSLV3 = "SSLv3"; 570 private static final String SUPPORTED_PROTOCOL_TLSV1 = "TLSv1"; 571 private static final String SUPPORTED_PROTOCOL_TLSV1_1 = "TLSv1.1"; 572 private static final String SUPPORTED_PROTOCOL_TLSV1_2 = "TLSv1.2"; 573 574 public static final Map<String, String> OPENSSL_TO_STANDARD_CIPHER_SUITES 575 = new HashMap<String, String>(); 576 public static final Map<String, String> STANDARD_TO_OPENSSL_CIPHER_SUITES 577 = new LinkedHashMap<String, String>(); 578 579 private static void add(String standard, String openssl) { 580 OPENSSL_TO_STANDARD_CIPHER_SUITES.put(openssl, standard); 581 STANDARD_TO_OPENSSL_CIPHER_SUITES.put(standard, openssl); 582 } 583 584 /** 585 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is RFC 5746's renegotiation 586 * indication signaling cipher suite value. It is not a real 587 * cipher suite. It is just an indication in the default and 588 * supported cipher suite lists indicates that the implementation 589 * supports secure renegotiation. 590 * 591 * In the RI, its presence means that the SCSV is sent in the 592 * cipher suite list to indicate secure renegotiation support and 593 * its absense means to send an empty TLS renegotiation info 594 * extension instead. 595 * 596 * However, OpenSSL doesn't provide an API to give this level of 597 * control, instead always sending the SCSV and always including 598 * the empty renegotiation info if TLS is used (as opposed to 599 * SSL). So we simply allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to 600 * be passed for compatibility as to provide the hint that we 601 * support secure renegotiation. 602 */ 603 public static final String TLS_EMPTY_RENEGOTIATION_INFO_SCSV 604 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 605 606 static { 607 add("SSL_RSA_WITH_RC4_128_MD5", "RC4-MD5"); 608 add("SSL_RSA_WITH_RC4_128_SHA", "RC4-SHA"); 609 add("TLS_RSA_WITH_AES_128_CBC_SHA", "AES128-SHA"); 610 add("TLS_RSA_WITH_AES_256_CBC_SHA", "AES256-SHA"); 611 add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "ECDH-ECDSA-RC4-SHA"); 612 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "ECDH-ECDSA-AES128-SHA"); 613 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "ECDH-ECDSA-AES256-SHA"); 614 add("TLS_ECDH_RSA_WITH_RC4_128_SHA", "ECDH-RSA-RC4-SHA"); 615 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "ECDH-RSA-AES128-SHA"); 616 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "ECDH-RSA-AES256-SHA"); 617 add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "ECDHE-ECDSA-RC4-SHA"); 618 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "ECDHE-ECDSA-AES128-SHA"); 619 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "ECDHE-ECDSA-AES256-SHA"); 620 add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", "ECDHE-RSA-RC4-SHA"); 621 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "ECDHE-RSA-AES128-SHA"); 622 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "ECDHE-RSA-AES256-SHA"); 623 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "DHE-RSA-AES128-SHA"); 624 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "DHE-RSA-AES256-SHA"); 625 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "DHE-DSS-AES128-SHA"); 626 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "DHE-DSS-AES256-SHA"); 627 add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", "DES-CBC3-SHA"); 628 add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDH-ECDSA-DES-CBC3-SHA"); 629 add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "ECDH-RSA-DES-CBC3-SHA"); 630 add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-ECDSA-DES-CBC3-SHA"); 631 add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "ECDHE-RSA-DES-CBC3-SHA"); 632 add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "EDH-RSA-DES-CBC3-SHA"); 633 add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "EDH-DSS-DES-CBC3-SHA"); 634 add("SSL_RSA_WITH_DES_CBC_SHA", "DES-CBC-SHA"); 635 add("SSL_DHE_RSA_WITH_DES_CBC_SHA", "EDH-RSA-DES-CBC-SHA"); 636 add("SSL_DHE_DSS_WITH_DES_CBC_SHA", "EDH-DSS-DES-CBC-SHA"); 637 add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", "EXP-RC4-MD5"); 638 add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-DES-CBC-SHA"); 639 add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-RSA-DES-CBC-SHA"); 640 add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "EXP-EDH-DSS-DES-CBC-SHA"); 641 add("SSL_RSA_WITH_NULL_MD5", "NULL-MD5"); 642 add("SSL_RSA_WITH_NULL_SHA", "NULL-SHA"); 643 add("TLS_ECDH_ECDSA_WITH_NULL_SHA", "ECDH-ECDSA-NULL-SHA"); 644 add("TLS_ECDH_RSA_WITH_NULL_SHA", "ECDH-RSA-NULL-SHA"); 645 add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", "ECDHE-ECDSA-NULL-SHA"); 646 add("TLS_ECDHE_RSA_WITH_NULL_SHA", "ECDHE-RSA-NULL-SHA"); 647 add("SSL_DH_anon_WITH_RC4_128_MD5", "ADH-RC4-MD5"); 648 add("TLS_DH_anon_WITH_AES_128_CBC_SHA", "ADH-AES128-SHA"); 649 add("TLS_DH_anon_WITH_AES_256_CBC_SHA", "ADH-AES256-SHA"); 650 add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "ADH-DES-CBC3-SHA"); 651 add("SSL_DH_anon_WITH_DES_CBC_SHA", "ADH-DES-CBC-SHA"); 652 add("TLS_ECDH_anon_WITH_RC4_128_SHA", "AECDH-RC4-SHA"); 653 add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "AECDH-AES128-SHA"); 654 add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "AECDH-AES256-SHA"); 655 add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "AECDH-DES-CBC3-SHA"); 656 add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "EXP-ADH-RC4-MD5"); 657 add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "EXP-ADH-DES-CBC-SHA"); 658 add("TLS_ECDH_anon_WITH_NULL_SHA", "AECDH-NULL-SHA"); 659 660 // TLSv1.2 cipher suites 661 add("TLS_RSA_WITH_NULL_SHA256", "NULL-SHA256"); 662 add("TLS_RSA_WITH_AES_128_CBC_SHA256", "AES128-SHA256"); 663 add("TLS_RSA_WITH_AES_256_CBC_SHA256", "AES256-SHA256"); 664 add("TLS_RSA_WITH_AES_128_GCM_SHA256", "AES128-GCM-SHA256"); 665 add("TLS_RSA_WITH_AES_256_GCM_SHA384", "AES256-GCM-SHA384"); 666 add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "DHE-RSA-AES128-SHA256"); 667 add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "DHE-RSA-AES256-SHA256"); 668 add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "DHE-RSA-AES128-GCM-SHA256"); 669 add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "DHE-RSA-AES256-GCM-SHA384"); 670 add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "DHE-DSS-AES128-SHA256"); 671 add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "DHE-DSS-AES256-SHA256"); 672 add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "DHE-DSS-AES128-GCM-SHA256"); 673 add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "DHE-DSS-AES256-GCM-SHA384"); 674 add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "ECDH-RSA-AES128-SHA256"); 675 add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "ECDH-RSA-AES256-SHA384"); 676 add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "ECDH-RSA-AES128-GCM-SHA256"); 677 add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "ECDH-RSA-AES256-GCM-SHA384"); 678 add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "ECDH-ECDSA-AES128-SHA256"); 679 add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "ECDH-ECDSA-AES256-SHA384"); 680 add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "ECDH-ECDSA-AES128-GCM-SHA256"); 681 add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "ECDH-ECDSA-AES256-GCM-SHA384"); 682 add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "ECDHE-RSA-AES128-SHA256"); 683 add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "ECDHE-RSA-AES256-SHA384"); 684 add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "ECDHE-RSA-AES128-GCM-SHA256"); 685 add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "ECDHE-RSA-AES256-GCM-SHA384"); 686 add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDHE-ECDSA-AES128-SHA256"); 687 add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "ECDHE-ECDSA-AES256-SHA384"); 688 add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256"); 689 add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "ECDHE-ECDSA-AES256-GCM-SHA384"); 690 add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", "ADH-AES128-SHA256"); 691 add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", "ADH-AES256-SHA256"); 692 add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", "ADH-AES128-GCM-SHA256"); 693 add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", "ADH-AES256-GCM-SHA384"); 694 695 // No Kerberos in Android 696 // add("TLS_KRB5_WITH_RC4_128_SHA", "KRB5-RC4-SHA"); 697 // add("TLS_KRB5_WITH_RC4_128_MD5", "KRB5-RC4-MD5"); 698 // add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "KRB5-DES-CBC3-SHA"); 699 // add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "KRB5-DES-CBC3-MD5"); 700 // add("TLS_KRB5_WITH_DES_CBC_SHA", "KRB5-DES-CBC-SHA"); 701 // add("TLS_KRB5_WITH_DES_CBC_MD5", "KRB5-DES-CBC-MD5"); 702 // add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "EXP-KRB5-RC4-SHA"); 703 // add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "EXP-KRB5-RC4-MD5"); 704 // add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "EXP-KRB5-DES-CBC-SHA"); 705 // add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "EXP-KRB5-DES-CBC-MD5"); 706 707 // not implemented by either RI or OpenSSL 708 // add("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", null); 709 // add("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", null); 710 711 // EXPORT1024 suites were never standardized but were widely implemented. 712 // OpenSSL 0.9.8c and later have disabled TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 713 // add("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", "EXP1024-DES-CBC-SHA"); 714 // add("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", "EXP1024-RC4-SHA"); 715 716 // No RC2 717 // add("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", "EXP-RC2-CBC-MD5"); 718 // add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", "EXP-KRB5-RC2-CBC-SHA"); 719 // add("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", "EXP-KRB5-RC2-CBC-MD5"); 720 721 // PSK is Private Shared Key - didn't exist in Froyo's openssl - no JSSE equivalent 722 // add(null, "PSK-3DES-EDE-CBC-SHA"); 723 // add(null, "PSK-AES128-CBC-SHA"); 724 // add(null, "PSK-AES256-CBC-SHA"); 725 // add(null, "PSK-RC4-SHA"); 726 727 // Signaling Cipher Suite Value for secure renegotiation handled as special case. 728 // add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", null); 729 } 730 731 private static final String[] SUPPORTED_CIPHER_SUITES; 732 static { 733 int size = STANDARD_TO_OPENSSL_CIPHER_SUITES.size(); 734 SUPPORTED_CIPHER_SUITES = new String[size + 1]; 735 STANDARD_TO_OPENSSL_CIPHER_SUITES.keySet().toArray(SUPPORTED_CIPHER_SUITES); 736 SUPPORTED_CIPHER_SUITES[size] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; 737 } 738 739 // EVP_PKEY types from evp.h and objects.h 740 public static final int EVP_PKEY_RSA = 6; // NID_rsaEcnryption 741 public static final int EVP_PKEY_DSA = 116; // NID_dsa 742 public static final int EVP_PKEY_DH = 28; // NID_dhKeyAgreement 743 public static final int EVP_PKEY_EC = 408; // NID_X9_62_id_ecPublicKey 744 public static final int EVP_PKEY_HMAC = 855; // NID_hmac 745 public static final int EVP_PKEY_CMAC = 894; // NID_cmac 746 747 // RSA padding modes from rsa.h 748 public static final int RSA_PKCS1_PADDING = 1; 749 public static final int RSA_NO_PADDING = 3; 750 751 // SSL mode from ssl.h 752 public static final long SSL_MODE_HANDSHAKE_CUTTHROUGH = 0x00000080L; 753 public static final long SSL_MODE_CBC_RECORD_SPLITTING = 0x00000100L; 754 755 // SSL options from ssl.h 756 public static final long SSL_OP_NO_TICKET = 0x00004000L; 757 public static final long SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000L; 758 public static final long SSL_OP_NO_SSLv3 = 0x02000000L; 759 public static final long SSL_OP_NO_TLSv1 = 0x04000000L; 760 public static final long SSL_OP_NO_TLSv1_1 = 0x10000000L; 761 public static final long SSL_OP_NO_TLSv1_2 = 0x08000000L; 762 763 /* 764 * Client certificate types as defined in 765 * TLS 1.0 spec., 7.4.4. Certificate request. 766 * EC constants from RFC 4492. 767 * OpenSSL constants from ssl/tls1.h. 768 */ 769 public static final byte TLS_CT_RSA_SIGN = 1; 770 public static final byte TLS_CT_DSS_SIGN = 2; 771 public static final byte TLS_CT_RSA_FIXED_DH = 3; 772 public static final byte TLS_CT_DSS_FIXED_DH = 4; 773 public static final byte TLS_CT_ECDSA_SIGN = 64; 774 public static final byte TLS_CT_RSA_FIXED_ECDH = 65; 775 public static final byte TLS_CT_ECDSA_FIXED_ECDH = 66; 776 777 public static native long SSL_CTX_new(); 778 779 public static String[] getDefaultCipherSuites() { 780 // The default list of cipher suites is a trade-off between what we'd like to use and what 781 // servers currently support. We strive to be secure enough by default. We thus avoid 782 // unacceptably weak suites (e.g., those with bulk cipher secret key shorter than 128 bits), 783 // while maintaining the capability to connect to the majority of servers. 784 // 785 // Cipher suites are listed in preference order (favorite choice first) of the client. 786 // However, servers are not required to honor the order. The key rules governing the 787 // preference order are: 788 // * Prefer Forward Secrecy (i.e., cipher suites that use ECDHE and DHE for key agreement). 789 // * Prefer AES-GCM to AES-CBC whose MAC-pad-then-encrypt approach leads to weaknesses 790 // (e.g., Lucky 13). 791 // * Prefer AES to RC4 whose foundations are a bit shaky. See 792 // http://www.isg.rhul.ac.uk/tls/. BEAST and Lucky13 mitigations are enabled. 793 // * Prefer 128-bit bulk encryption to 256-bit one, because 128-bit is safe enough while 794 // consuming less CPU/time/energy. 795 // 796 // NOTE: Removing cipher suites from this list needs to be done with caution, because this 797 // may prevent apps from connecting to servers they were previously able to connect to. 798 return new String[] { 799 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 800 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 801 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 802 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 803 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 804 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 805 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 806 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 807 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 808 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 809 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 810 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 811 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 812 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 813 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 814 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 815 "TLS_RSA_WITH_AES_128_GCM_SHA256", 816 "TLS_RSA_WITH_AES_256_GCM_SHA384", 817 "TLS_RSA_WITH_AES_128_CBC_SHA", 818 "TLS_RSA_WITH_AES_256_CBC_SHA", 819 "SSL_RSA_WITH_RC4_128_SHA", 820 TLS_EMPTY_RENEGOTIATION_INFO_SCSV 821 }; 822 } 823 824 public static String[] getSupportedCipherSuites() { 825 return SUPPORTED_CIPHER_SUITES.clone(); 826 } 827 828 public static native void SSL_CTX_free(long ssl_ctx); 829 830 public static native void SSL_CTX_set_session_id_context(long ssl_ctx, byte[] sid_ctx); 831 832 public static native long SSL_new(long ssl_ctx) throws SSLException; 833 834 public static native void SSL_enable_tls_channel_id(long ssl) throws SSLException; 835 836 public static native byte[] SSL_get_tls_channel_id(long ssl) throws SSLException; 837 838 public static native void SSL_set1_tls_channel_id(long ssl, long pkey); 839 840 public static native void SSL_use_certificate(long ssl, long[] x509refs); 841 842 public static native void SSL_use_PrivateKey(long ssl, long pkey); 843 844 public static native void SSL_check_private_key(long ssl) throws SSLException; 845 846 public static native void SSL_set_client_CA_list(long ssl, byte[][] asn1DerEncodedX500Principals); 847 848 public static native long SSL_get_mode(long ssl); 849 850 public static native long SSL_set_mode(long ssl, long mode); 851 852 public static native long SSL_clear_mode(long ssl, long mode); 853 854 public static native long SSL_get_options(long ssl); 855 856 public static native long SSL_set_options(long ssl, long options); 857 858 public static native long SSL_clear_options(long ssl, long options); 859 860 public static String[] getDefaultProtocols() { 861 return new String[] { SUPPORTED_PROTOCOL_SSLV3, 862 SUPPORTED_PROTOCOL_TLSV1, 863 SUPPORTED_PROTOCOL_TLSV1_1, 864 SUPPORTED_PROTOCOL_TLSV1_2, 865 }; 866 } 867 868 public static String[] getSupportedProtocols() { 869 return new String[] { SUPPORTED_PROTOCOL_SSLV3, 870 SUPPORTED_PROTOCOL_TLSV1, 871 SUPPORTED_PROTOCOL_TLSV1_1, 872 SUPPORTED_PROTOCOL_TLSV1_2, 873 }; 874 } 875 876 public static void setEnabledProtocols(long ssl, String[] protocols) { 877 checkEnabledProtocols(protocols); 878 // openssl uses negative logic letting you disable protocols. 879 // so first, assume we need to set all (disable all) and clear none (enable none). 880 // in the loop, selectively move bits from set to clear (from disable to enable) 881 long optionsToSet = (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2); 882 long optionsToClear = 0; 883 for (int i = 0; i < protocols.length; i++) { 884 String protocol = protocols[i]; 885 if (protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) { 886 optionsToSet &= ~SSL_OP_NO_SSLv3; 887 optionsToClear |= SSL_OP_NO_SSLv3; 888 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) { 889 optionsToSet &= ~SSL_OP_NO_TLSv1; 890 optionsToClear |= SSL_OP_NO_TLSv1; 891 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) { 892 optionsToSet &= ~SSL_OP_NO_TLSv1_1; 893 optionsToClear |= SSL_OP_NO_TLSv1_1; 894 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2)) { 895 optionsToSet &= ~SSL_OP_NO_TLSv1_2; 896 optionsToClear |= SSL_OP_NO_TLSv1_2; 897 } else { 898 // error checked by checkEnabledProtocols 899 throw new IllegalStateException(); 900 } 901 } 902 903 SSL_set_options(ssl, optionsToSet); 904 SSL_clear_options(ssl, optionsToClear); 905 } 906 907 public static String[] checkEnabledProtocols(String[] protocols) { 908 if (protocols == null) { 909 throw new IllegalArgumentException("protocols == null"); 910 } 911 for (int i = 0; i < protocols.length; i++) { 912 String protocol = protocols[i]; 913 if (protocol == null) { 914 throw new IllegalArgumentException("protocols[" + i + "] == null"); 915 } 916 if ((!protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) 917 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) 918 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) 919 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2))) { 920 throw new IllegalArgumentException("protocol " + protocol 921 + " is not supported"); 922 } 923 } 924 return protocols; 925 } 926 927 public static native void SSL_set_cipher_lists(long ssl, String[] ciphers); 928 929 /** 930 * Gets the list of cipher suites enabled for the provided {@code SSL} instance. 931 * 932 * @return array of {@code SSL_CIPHER} references. 933 */ 934 public static native long[] SSL_get_ciphers(long ssl); 935 936 /* 937 * Constants for SSL_CIPHER algorithm_mkey (key exchange algorithm). 938 * OpenSSL constants from ssl/ssl_locl.h. 939 */ 940 /** RSA key exchange */ 941 public static final int SSL_kRSA = 0x00000001; 942 /** DH cert, RSA CA cert -- no such ciphersuite supported! */ 943 public static final int SSL_kDHr = 0x00000002; 944 /** DH cert, DSA CA cert -- no such ciphersuite supported! */ 945 public static final int SSL_kDHd = 0x00000004; 946 /** tmp DH key no DH cert */ 947 public static final int SSL_kEDH = 0x00000008; 948 /** Kerberos5 key exchange */ 949 public static final int SSL_kKRB5 = 0x00000010; 950 /** ECDH cert, RSA CA cert */ 951 public static final int SSL_kECDHr = 0x00000020; 952 /** ECDH cert, ECDSA CA cert */ 953 public static final int SSL_kECDHe = 0x00000040; 954 /** ephemeral ECDH */ 955 public static final int SSL_kEECDH = 0x00000080; 956 /** PSK */ 957 public static final int SSL_kPSK = 0x00000100; 958 /** GOST key exchange */ 959 public static final int SSL_kGOST = 0x00000200; 960 /** SRP */ 961 public static final int SSL_kSRP = 0x00000400; 962 963 /* 964 * Constants for SSL_CIPHER algorithm_auth (server authentication). 965 * OpenSSL constants from ssl/ssl_locl.h. 966 */ 967 /** RSA auth */ 968 public static final int SSL_aRSA = 0x00000001; 969 /** DSS auth */ 970 public static final int SSL_aDSS = 0x00000002; 971 /** no auth (i.e. use ADH or AECDH) */ 972 public static final int SSL_aNULL = 0x00000004; 973 /** Fixed DH auth (kDHd or kDHr) -- no such ciphersuites supported! */ 974 public static final int SSL_aDH = 0x00000008; 975 /** Fixed ECDH auth (kECDHe or kECDHr) */ 976 public static final int SSL_aECDH = 0x00000010; 977 /** KRB5 auth */ 978 public static final int SSL_aKRB5 = 0x00000020; 979 /** ECDSA auth*/ 980 public static final int SSL_aECDSA = 0x00000040; 981 /** PSK auth */ 982 public static final int SSL_aPSK = 0x00000080; 983 /** GOST R 34.10-94 signature auth */ 984 public static final int SSL_aGOST94 = 0x00000100; 985 /** GOST R 34.10-2001 signature auth */ 986 public static final int SSL_aGOST01 = 0x00000200; 987 988 public static native int get_SSL_CIPHER_algorithm_mkey(long sslCipher); 989 public static native int get_SSL_CIPHER_algorithm_auth(long sslCipher); 990 991 public static void setEnabledCipherSuites(long ssl, String[] cipherSuites) { 992 checkEnabledCipherSuites(cipherSuites); 993 List<String> opensslSuites = new ArrayList<String>(); 994 for (int i = 0; i < cipherSuites.length; i++) { 995 String cipherSuite = cipherSuites[i]; 996 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 997 continue; 998 } 999 String openssl = STANDARD_TO_OPENSSL_CIPHER_SUITES.get(cipherSuite); 1000 String cs = (openssl == null) ? cipherSuite : openssl; 1001 opensslSuites.add(cs); 1002 } 1003 SSL_set_cipher_lists(ssl, opensslSuites.toArray(new String[opensslSuites.size()])); 1004 } 1005 1006 public static String[] checkEnabledCipherSuites(String[] cipherSuites) { 1007 if (cipherSuites == null) { 1008 throw new IllegalArgumentException("cipherSuites == null"); 1009 } 1010 // makes sure all suites are valid, throwing on error 1011 for (int i = 0; i < cipherSuites.length; i++) { 1012 String cipherSuite = cipherSuites[i]; 1013 if (cipherSuite == null) { 1014 throw new IllegalArgumentException("cipherSuites[" + i + "] == null"); 1015 } 1016 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 1017 continue; 1018 } 1019 if (STANDARD_TO_OPENSSL_CIPHER_SUITES.containsKey(cipherSuite)) { 1020 continue; 1021 } 1022 if (OPENSSL_TO_STANDARD_CIPHER_SUITES.containsKey(cipherSuite)) { 1023 // TODO log warning about using backward compatability 1024 continue; 1025 } 1026 throw new IllegalArgumentException("cipherSuite " + cipherSuite + " is not supported."); 1027 } 1028 return cipherSuites; 1029 } 1030 1031 /* 1032 * See the OpenSSL ssl.h header file for more information. 1033 */ 1034 public static final int SSL_VERIFY_NONE = 0x00; 1035 public static final int SSL_VERIFY_PEER = 0x01; 1036 public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02; 1037 1038 public static native void SSL_set_verify(long sslNativePointer, int mode); 1039 1040 public static native void SSL_set_session(long sslNativePointer, long sslSessionNativePointer) 1041 throws SSLException; 1042 1043 public static native void SSL_set_session_creation_enabled( 1044 long sslNativePointer, boolean creationEnabled) throws SSLException; 1045 1046 public static native void SSL_set_tlsext_host_name(long sslNativePointer, String hostname) 1047 throws SSLException; 1048 public static native String SSL_get_servername(long sslNativePointer); 1049 1050 /** 1051 * Enables NPN for all SSL connections in the context. 1052 * 1053 * <p>For clients this causes the NPN extension to be included in the 1054 * ClientHello message. 1055 * 1056 * <p>For servers this causes the NPN extension to be included in the 1057 * ServerHello message. The NPN extension will not be included in the 1058 * ServerHello response if the client didn't include it in the ClientHello 1059 * request. 1060 * 1061 * <p>In either case the caller should pass a non-null byte array of NPN 1062 * protocols to {@link #SSL_do_handshake}. 1063 */ 1064 public static native void SSL_CTX_enable_npn(long sslCtxNativePointer); 1065 1066 /** 1067 * Disables NPN for all SSL connections in the context. 1068 */ 1069 public static native void SSL_CTX_disable_npn(long sslCtxNativePointer); 1070 1071 /** 1072 * For clients, sets the list of supported ALPN protocols in wire-format 1073 * (length-prefixed 8-bit strings) on an SSL context. 1074 */ 1075 public static native int SSL_CTX_set_alpn_protos(long sslCtxPointer, byte[] protos); 1076 1077 /** 1078 * Returns the selected ALPN protocol. If the server did not select a 1079 * protocol, {@code null} will be returned. 1080 */ 1081 public static native byte[] SSL_get0_alpn_selected(long sslPointer); 1082 1083 /** 1084 * Returns the sslSessionNativePointer of the negotiated session. If this is 1085 * a server negotiation, supplying the {@code alpnProtocols} will enable 1086 * ALPN negotiation. 1087 */ 1088 public static native long SSL_do_handshake(long sslNativePointer, 1089 FileDescriptor fd, 1090 SSLHandshakeCallbacks shc, 1091 int timeoutMillis, 1092 boolean client_mode, 1093 byte[] npnProtocols, 1094 byte[] alpnProtocols) 1095 throws SSLException, SocketTimeoutException, CertificateException; 1096 1097 public static native byte[] SSL_get_npn_negotiated_protocol(long sslNativePointer); 1098 1099 /** 1100 * Currently only intended for forcing renegotiation for testing. 1101 * Not used within OpenSSLSocketImpl. 1102 */ 1103 public static native void SSL_renegotiate(long sslNativePointer) throws SSLException; 1104 1105 /** 1106 * Returns the local X509 certificate references. Must X509_free when done. 1107 */ 1108 public static native long[] SSL_get_certificate(long sslNativePointer); 1109 1110 /** 1111 * Returns the peer X509 certificate references. Must X509_free when done. 1112 */ 1113 public static native long[] SSL_get_peer_cert_chain(long sslNativePointer); 1114 1115 /** 1116 * Reads with the native SSL_read function from the encrypted data stream 1117 * @return -1 if error or the end of the stream is reached. 1118 */ 1119 public static native int SSL_read(long sslNativePointer, 1120 FileDescriptor fd, 1121 SSLHandshakeCallbacks shc, 1122 byte[] b, int off, int len, int readTimeoutMillis) 1123 throws IOException; 1124 1125 /** 1126 * Writes with the native SSL_write function to the encrypted data stream. 1127 */ 1128 public static native void SSL_write(long sslNativePointer, 1129 FileDescriptor fd, 1130 SSLHandshakeCallbacks shc, 1131 byte[] b, int off, int len, int writeTimeoutMillis) 1132 throws IOException; 1133 1134 public static native void SSL_interrupt(long sslNativePointer); 1135 public static native void SSL_shutdown(long sslNativePointer, 1136 FileDescriptor fd, 1137 SSLHandshakeCallbacks shc) throws IOException; 1138 1139 public static native void SSL_free(long sslNativePointer); 1140 1141 public static native byte[] SSL_SESSION_session_id(long sslSessionNativePointer); 1142 1143 public static native long SSL_SESSION_get_time(long sslSessionNativePointer); 1144 1145 public static native String SSL_SESSION_get_version(long sslSessionNativePointer); 1146 1147 public static native String SSL_SESSION_cipher(long sslSessionNativePointer); 1148 1149 public static native void SSL_SESSION_free(long sslSessionNativePointer); 1150 1151 public static native byte[] i2d_SSL_SESSION(long sslSessionNativePointer); 1152 1153 public static native long d2i_SSL_SESSION(byte[] data); 1154 1155 /** 1156 * A collection of callbacks from the native OpenSSL code that are 1157 * related to the SSL handshake initiated by SSL_do_handshake. 1158 */ 1159 public interface SSLHandshakeCallbacks { 1160 /** 1161 * Verify that we trust the certificate chain is trusted. 1162 * 1163 * @param certificateChainRefs chain of X.509 certificate references 1164 * @param authMethod auth algorithm name 1165 * 1166 * @throws CertificateException if the certificate is untrusted 1167 */ 1168 public void verifyCertificateChain(long[] certificateChainRefs, String authMethod) 1169 throws CertificateException; 1170 1171 /** 1172 * Called on an SSL client when the server requests (or 1173 * requires a certificate). The client can respond by using 1174 * SSL_use_certificate and SSL_use_PrivateKey to set a 1175 * certificate if has an appropriate one available, similar to 1176 * how the server provides its certificate. 1177 * 1178 * @param keyTypes key types supported by the server, 1179 * convertible to strings with #keyType 1180 * @param asn1DerEncodedX500Principals CAs known to the server 1181 */ 1182 public void clientCertificateRequested(byte[] keyTypes, 1183 byte[][] asn1DerEncodedX500Principals) 1184 throws CertificateEncodingException, SSLException; 1185 1186 /** 1187 * Called when SSL handshake is completed. Note that this can 1188 * be after SSL_do_handshake returns when handshake cutthrough 1189 * is enabled. 1190 */ 1191 public void handshakeCompleted(); 1192 } 1193 1194 public static native long ERR_peek_last_error(); 1195} 1196