1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package org.conscrypt; 18 19import java.security.Provider; 20 21/** 22 * Provider that goes through OpenSSL for operations. 23 * <p> 24 * Every algorithm should have its IANA assigned OID as an alias. See the following URLs for each type: 25 * <ul> 26 * <li><a href="http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml">Hash functions</a></li> 27 * <li><a href="http://www.iana.org/assignments/dssc/dssc.xml">Signature algorithms</a></li> 28 * <li><a href="http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html">NIST cryptographic algorithms</a></li> 29 * </ul> 30 */ 31public final class OpenSSLProvider extends Provider { 32 private static final long serialVersionUID = 2996752495318905136L; 33 34 public static final String PROVIDER_NAME = "AndroidOpenSSL"; 35 36 private static final String PREFIX = OpenSSLProvider.class.getPackage().getName() + "."; 37 38 private static final String STANDARD_EC_PRIVATE_KEY_INTERFACE_CLASS_NAME = 39 "java.security.interfaces.ECPrivateKey"; 40 private static final String STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME = 41 "java.security.interfaces.RSAPrivateKey"; 42 private static final String STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME = 43 "java.security.interfaces.RSAPublicKey"; 44 45 public OpenSSLProvider() { 46 this(PROVIDER_NAME); 47 } 48 49 public OpenSSLProvider(String providerName) { 50 super(providerName, 1.0, "Android's OpenSSL-backed security provider"); 51 52 // Make sure the platform is initialized. 53 Platform.setup(); 54 55 /* === SSL Contexts === */ 56 final String classOpenSSLContextImpl = PREFIX + "OpenSSLContextImpl"; 57 final String tls12SSLContext = classOpenSSLContextImpl + "$TLSv12"; 58 final String ssl3SSLContext = classOpenSSLContextImpl + "$SSLv3"; 59 put("SSLContext.SSL", ssl3SSLContext); 60 put("SSLContext.SSLv3", ssl3SSLContext); 61 put("SSLContext.TLS", tls12SSLContext); 62 put("SSLContext.TLSv1", classOpenSSLContextImpl + "$TLSv1"); 63 put("SSLContext.TLSv1.1", classOpenSSLContextImpl + "$TLSv11"); 64 put("SSLContext.TLSv1.2", tls12SSLContext); 65 put("SSLContext.Default", PREFIX + "DefaultSSLContextImpl"); 66 67 /* === Message Digests === */ 68 put("MessageDigest.SHA-1", PREFIX + "OpenSSLMessageDigestJDK$SHA1"); 69 put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); 70 put("Alg.Alias.MessageDigest.SHA", "SHA-1"); 71 put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA-1"); 72 73 put("MessageDigest.SHA-224", PREFIX + "OpenSSLMessageDigestJDK$SHA224"); 74 put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); 75 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); 76 77 put("MessageDigest.SHA-256", PREFIX + "OpenSSLMessageDigestJDK$SHA256"); 78 put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); 79 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); 80 81 put("MessageDigest.SHA-384", PREFIX + "OpenSSLMessageDigestJDK$SHA384"); 82 put("Alg.Alias.MessageDigest.SHA384", "SHA-384"); 83 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); 84 85 put("MessageDigest.SHA-512", PREFIX + "OpenSSLMessageDigestJDK$SHA512"); 86 put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); 87 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); 88 89 // iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) md5(5) 90 put("MessageDigest.MD5", PREFIX + "OpenSSLMessageDigestJDK$MD5"); 91 put("Alg.Alias.MessageDigest.1.2.840.113549.2.5", "MD5"); 92 93 /* == KeyPairGenerators == */ 94 put("KeyPairGenerator.RSA", PREFIX + "OpenSSLRSAKeyPairGenerator"); 95 put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); 96 97 put("KeyPairGenerator.EC", PREFIX + "OpenSSLECKeyPairGenerator"); 98 99 /* == KeyFactory == */ 100 put("KeyFactory.RSA", PREFIX + "OpenSSLRSAKeyFactory"); 101 put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); 102 103 put("KeyFactory.EC", PREFIX + "OpenSSLECKeyFactory"); 104 105 /* == KeyAgreement == */ 106 putECDHKeyAgreementImplClass("OpenSSLECDHKeyAgreement"); 107 108 /* == Signatures == */ 109 putSignatureImplClass("MD5WithRSA", "OpenSSLSignature$MD5RSA"); 110 put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5WithRSA"); 111 put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSA"); 112 put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5WithRSA"); 113 put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSA"); 114 115 putSignatureImplClass("SHA1WithRSA", "OpenSSLSignature$SHA1RSA"); 116 put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1WithRSA"); 117 put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSA"); 118 put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSA"); 119 put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1WithRSA"); 120 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSA"); 121 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSA"); 122 put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1WithRSA"); 123 124 putSignatureImplClass("SHA224WithRSA", "OpenSSLSignature$SHA224RSA"); 125 put("Alg.Alias.Signature.SHA224WithRSAEncryption", "SHA224WithRSA"); 126 put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA224WithRSA"); 127 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1", 128 "SHA224WithRSA"); 129 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.11", 130 "SHA224WithRSA"); 131 132 putSignatureImplClass("SHA256WithRSA", "OpenSSLSignature$SHA256RSA"); 133 put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSA"); 134 put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256WithRSA"); 135 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1", 136 "SHA256WithRSA"); 137 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11", 138 "SHA256WithRSA"); 139 140 putSignatureImplClass("SHA384WithRSA", "OpenSSLSignature$SHA384RSA"); 141 put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSA"); 142 put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384WithRSA"); 143 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1", 144 "SHA384WithRSA"); 145 146 putSignatureImplClass("SHA512WithRSA", "OpenSSLSignature$SHA512RSA"); 147 put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSA"); 148 put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512WithRSA"); 149 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1", 150 "SHA512WithRSA"); 151 152 putRAWRSASignatureImplClass("OpenSSLSignatureRawRSA"); 153 154 putSignatureImplClass("ECDSA", "OpenSSLSignature$SHA1ECDSA"); 155 put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); 156 put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); 157 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1) 158 put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); 159 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "ECDSA"); 160 161 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 162 putSignatureImplClass("SHA224withECDSA", "OpenSSLSignature$SHA224ECDSA"); 163 // ecdsa-with-SHA224(1) 164 put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA"); 165 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1", "SHA224withECDSA"); 166 167 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 168 putSignatureImplClass("SHA256withECDSA", "OpenSSLSignature$SHA256ECDSA"); 169 // ecdsa-with-SHA256(2) 170 put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA"); 171 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA"); 172 173 putSignatureImplClass("SHA384withECDSA", "OpenSSLSignature$SHA384ECDSA"); 174 // ecdsa-with-SHA384(3) 175 put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA"); 176 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA"); 177 178 putSignatureImplClass("SHA512withECDSA", "OpenSSLSignature$SHA512ECDSA"); 179 // ecdsa-with-SHA512(4) 180 put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA"); 181 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA"); 182 183 /* === SecureRandom === */ 184 /* 185 * We have to specify SHA1PRNG because various documentation mentions 186 * that algorithm by name instead of just recommending calling 187 * "new SecureRandom()" 188 */ 189 put("SecureRandom.SHA1PRNG", PREFIX + "OpenSSLRandom"); 190 put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); 191 192 /* === Cipher === */ 193 putRSACipherImplClass("RSA/ECB/NoPadding", "OpenSSLCipherRSA$Raw"); 194 put("Alg.Alias.Cipher.RSA/None/NoPadding", "RSA/ECB/NoPadding"); 195 putRSACipherImplClass("RSA/ECB/PKCS1Padding", "OpenSSLCipherRSA$PKCS1"); 196 put("Alg.Alias.Cipher.RSA/None/PKCS1Padding", "RSA/ECB/PKCS1Padding"); 197 198 /* 199 * OpenSSL only supports a subset of modes, so we'll name them 200 * explicitly here. 201 * 202 * Moreover, OpenSSL only supports PKCS#7 padding. PKCS#5 padding 203 * is also supported because it's a special case of PKCS#7 for 64-bit 204 * blocks. PKCS#5 technically supports only 64-bit blocks and won't 205 * produce the same result as PKCS#7 for blocks that are not 64 bits 206 * long. However, everybody assumes PKCS#7 when they say PKCS#5. For 207 * example, lots of code uses PKCS#5 with AES whose blocks are longer 208 * than 64 bits. We solve this confusion by making PKCS7Padding an 209 * alias for PKCS5Padding. 210 */ 211 putSymmetricCipherImplClass("AES/ECB/NoPadding", 212 "OpenSSLCipher$EVP_CIPHER$AES$ECB$NoPadding"); 213 putSymmetricCipherImplClass("AES/ECB/PKCS5Padding", 214 "OpenSSLCipher$EVP_CIPHER$AES$ECB$PKCS5Padding"); 215 put("Alg.Alias.Cipher.AES/ECB/PKCS7Padding", "AES/ECB/PKCS5Padding"); 216 putSymmetricCipherImplClass("AES/CBC/NoPadding", 217 "OpenSSLCipher$EVP_CIPHER$AES$CBC$NoPadding"); 218 putSymmetricCipherImplClass("AES/CBC/PKCS5Padding", 219 "OpenSSLCipher$EVP_CIPHER$AES$CBC$PKCS5Padding"); 220 put("Alg.Alias.Cipher.AES/CBC/PKCS7Padding", "AES/CBC/PKCS5Padding"); 221 putSymmetricCipherImplClass("AES/CTR/NoPadding", "OpenSSLCipher$EVP_CIPHER$AES$CTR"); 222 223 putSymmetricCipherImplClass("DESEDE/CBC/NoPadding", 224 "OpenSSLCipher$EVP_CIPHER$DESEDE$CBC$NoPadding"); 225 putSymmetricCipherImplClass("DESEDE/CBC/PKCS5Padding", 226 "OpenSSLCipher$EVP_CIPHER$DESEDE$CBC$PKCS5Padding"); 227 put("Alg.Alias.Cipher.DESEDE/CBC/PKCS7Padding", "DESEDE/CBC/PKCS5Padding"); 228 229 putSymmetricCipherImplClass("ARC4", "OpenSSLCipher$EVP_CIPHER$ARC4"); 230 231 if (NativeConstants.IS_BORINGSSL) { 232 /* EVP_AEAD is only supported in BoringSSL right now. */ 233 putSymmetricCipherImplClass("AES/GCM/NoPadding", "OpenSSLCipher$EVP_AEAD$AES$GCM"); 234 put("Alg.Alias.Cipher.GCM", "AES/GCM/NoPadding"); 235 } 236 237 /* === Mac === */ 238 239 putMacImplClass("HmacMD5", "OpenSSLMac$HmacMD5"); 240 241 // PKCS#2 - iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 242 // http://www.oid-info.com/get/1.2.840.113549.2 243 244 // HMAC-SHA-1 PRF (7) 245 putMacImplClass("HmacSHA1", "OpenSSLMac$HmacSHA1"); 246 put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); 247 put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1"); 248 put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1"); 249 250 // id-hmacWithSHA224 (8) 251 putMacImplClass("HmacSHA224", "OpenSSLMac$HmacSHA224"); 252 put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA224"); 253 put("Alg.Alias.Mac.HMAC-SHA224", "HmacSHA224"); 254 put("Alg.Alias.Mac.HMAC/SHA224", "HmacSHA224"); 255 256 // id-hmacWithSHA256 (9) 257 putMacImplClass("HmacSHA256", "OpenSSLMac$HmacSHA256"); 258 put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); 259 put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256"); 260 put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256"); 261 262 // id-hmacWithSHA384 (10) 263 putMacImplClass("HmacSHA384", "OpenSSLMac$HmacSHA384"); 264 put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); 265 put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384"); 266 put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384"); 267 268 // id-hmacWithSHA384 (11) 269 putMacImplClass("HmacSHA512", "OpenSSLMac$HmacSHA512"); 270 put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); 271 put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512"); 272 put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512"); 273 274 /* === Certificate === */ 275 276 put("CertificateFactory.X509", PREFIX + "OpenSSLX509CertificateFactory"); 277 put("Alg.Alias.CertificateFactory.X.509", "X509"); 278 } 279 280 private void putMacImplClass(String algorithm, String className) { 281 // Accept only keys for which any of the following is true: 282 // * the key is from this provider (subclass of OpenSSLKeyHolder), 283 // * the key provides its key material in "RAW" encoding via Key.getEncoded. 284 String supportedKeyClasses = PREFIX + "OpenSSLKeyHolder"; 285 String supportedKeyFormats = "RAW"; 286 putImplClassWithKeyConstraints( 287 "Mac." + algorithm, 288 PREFIX + className, 289 supportedKeyClasses, 290 supportedKeyFormats); 291 } 292 293 private void putSymmetricCipherImplClass(String transformation, String className) { 294 // Accept only keys for which any of the following is true: 295 // * the key provides its key material in "RAW" encoding via Key.getEncoded. 296 String supportedKeyClasses = null; // ignored -- filtered based on encoding format only 297 String supportedKeyFormats = "RAW"; 298 putImplClassWithKeyConstraints( 299 "Cipher." + transformation, 300 PREFIX + className, 301 supportedKeyClasses, 302 supportedKeyFormats); 303 } 304 305 private void putRSACipherImplClass(String transformation, String className) { 306 // Accept only keys for which any of the following is true: 307 // * the key is instance of OpenSSLRSAPrivateKey, RSAPrivateKey, OpenSSLRSAPublicKey, or 308 // RSAPublicKey. 309 String supportedKeyClasses = PREFIX + "OpenSSLRSAPrivateKey" 310 + "|" + STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME 311 + "|" + PREFIX + "OpenSSLRSAPublicKey" 312 + "|" + STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME; 313 String supportedKeyFormats = null; // ignored -- filtered based on class only 314 putImplClassWithKeyConstraints( 315 "Cipher." + transformation, 316 PREFIX + className, 317 supportedKeyClasses, 318 supportedKeyFormats); 319 } 320 321 private void putSignatureImplClass(String algorithm, String className) { 322 // Accept only keys for which any of the following is true: 323 // * the key is from this provider (subclass of OpenSSLKeyHolder), 324 // * the key provides its key material in "PKCS#8" or "X.509" encodings via Key.getEncoded. 325 // * the key is a transparent private key (subclass of RSAPrivateKey or ECPrivateKey). For 326 // some reason this provider's Signature implementation does not unconditionally accept 327 // transparent public keys -- it only accepts them if they provide their key material in 328 // encoded form (see above). 329 String supportedKeyClasses = PREFIX + "OpenSSLKeyHolder" 330 + "|" + STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME 331 + "|" + STANDARD_EC_PRIVATE_KEY_INTERFACE_CLASS_NAME 332 + "|" + STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME; 333 String supportedKeyFormats = "PKCS#8|X.509"; 334 putImplClassWithKeyConstraints( 335 "Signature." + algorithm, 336 PREFIX + className, 337 supportedKeyClasses, 338 supportedKeyFormats); 339 } 340 341 private void putRAWRSASignatureImplClass(String className) { 342 // Accept only keys for which any of the following is true: 343 // * the key is instance of OpenSSLRSAPrivateKey, RSAPrivateKey, OpenSSLRSAPublicKey, or 344 // RSAPublicKey. 345 String supportedKeyClasses = PREFIX + "OpenSSLRSAPrivateKey" 346 + "|" + STANDARD_RSA_PRIVATE_KEY_INTERFACE_CLASS_NAME 347 + "|" + PREFIX + "OpenSSLRSAPublicKey" 348 + "|" + STANDARD_RSA_PUBLIC_KEY_INTERFACE_CLASS_NAME; 349 String supportedKeyFormats = null; // ignored -- filtered based on class only 350 putImplClassWithKeyConstraints( 351 "Signature.NONEwithRSA", 352 PREFIX + className, 353 supportedKeyClasses, 354 supportedKeyFormats); 355 } 356 357 private void putECDHKeyAgreementImplClass(String className) { 358 // Accept only keys for which any of the following is true: 359 // * the key is from this provider (subclass of OpenSSLKeyHolder), 360 // * the key provides its key material in "PKCS#8" encoding via Key.getEncoded. 361 // * the key is a transparent EC private key (subclass of ECPrivateKey). 362 String supportedKeyClasses = PREFIX + "OpenSSLKeyHolder" 363 + "|" + STANDARD_EC_PRIVATE_KEY_INTERFACE_CLASS_NAME; 364 String supportedKeyFormats = "PKCS#8"; 365 putImplClassWithKeyConstraints( 366 "KeyAgreement.ECDH", 367 PREFIX + className, 368 supportedKeyClasses, 369 supportedKeyFormats); 370 } 371 372 private void putImplClassWithKeyConstraints(String typeAndAlgName, 373 String fullyQualifiedClassName, 374 String supportedKeyClasses, 375 String supportedKeyFormats) { 376 put(typeAndAlgName, fullyQualifiedClassName); 377 if (supportedKeyClasses != null) { 378 put(typeAndAlgName + " SupportedKeyClasses", supportedKeyClasses); 379 } 380 if (supportedKeyFormats != null) { 381 put(typeAndAlgName + " SupportedKeyFormats", supportedKeyFormats); 382 } 383 } 384} 385