1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package libcore.java.security; 18 19import static org.junit.Assert.assertEquals; 20import static org.junit.Assert.assertNotNull; 21import static org.junit.Assert.assertTrue; 22 23import java.security.Security; 24import java.security.spec.DSAPrivateKeySpec; 25import java.security.spec.DSAPublicKeySpec; 26import java.security.spec.ECPrivateKeySpec; 27import java.security.spec.ECPublicKeySpec; 28import java.security.spec.KeySpec; 29import java.security.spec.RSAPrivateCrtKeySpec; 30import java.security.spec.RSAPublicKeySpec; 31import java.util.Arrays; 32import java.util.Collections; 33import java.util.HashMap; 34import java.util.HashSet; 35import java.util.LinkedHashSet; 36import java.util.List; 37import java.util.Locale; 38import java.util.Map; 39import java.util.Set; 40import java.util.TreeSet; 41import javax.crypto.spec.DHPrivateKeySpec; 42import javax.crypto.spec.DHPublicKeySpec; 43 44/** 45 * This class defines expected string names for protocols, key types, 46 * client and server auth types, cipher suites. 47 * 48 * Initially based on "Appendix A: Standard Names" of 49 * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA"> 50 * Java ™ Secure Socket Extension (JSSE) Reference Guide 51 * for the Java ™ 2 Platform Standard Edition 5 52 * </a>. 53 * 54 * Updated based on the 55 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html"> 56 * Java ™ Cryptography Architecture Oracle Providers Documentation 57 * for Java ™ Platform Standard Edition 7 58 * </a>. 59 * See also the 60 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html"> 61 * Java ™ Cryptography Architecture Standard Algorithm Name Documentation 62 * </a>. 63 * 64 * Further updates based on the 65 * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html"> 66 * Java ™ PKCS#11 Reference Guide 67 * </a>. 68 */ 69public final class StandardNames { 70 public static final boolean IS_RI = 71 !"Dalvik Core Library".equals(System.getProperty("java.specification.name")); 72 public static final String JSSE_PROVIDER_NAME = (IS_RI) ? "Conscrypt" : "AndroidOpenSSL"; 73 public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC"; 74 75 public static final String KEY_MANAGER_FACTORY_DEFAULT = (IS_RI) ? "SunX509" : "PKIX"; 76 public static final String TRUST_MANAGER_FACTORY_DEFAULT = "PKIX"; 77 78 public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS"; 79 80 /** 81 * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 82 */ 83 public static final String CIPHER_SUITE_SECURE_RENEGOTIATION = 84 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 85 86 /** 87 * From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it is a 88 * signaling cipher suite value (SCSV) to indicate that this request is a 89 * protocol fallback (e.g., TLS 1.0 -> SSL 3.0) because the server didn't respond 90 * to the first request. 91 */ 92 public static final String CIPHER_SUITE_FALLBACK = "TLS_FALLBACK_SCSV"; 93 94 /** 95 * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...) 96 */ 97 public static final HashMap<String, HashSet<String>> PROVIDER_ALGORITHMS = 98 new HashMap<String, HashSet<String>>(); 99 100 public static final HashMap<String, HashSet<String>> CIPHER_MODES = 101 new HashMap<String, HashSet<String>>(); 102 103 public static final HashMap<String, HashSet<String>> CIPHER_PADDINGS = 104 new HashMap<String, HashSet<String>>(); 105 106 private static final HashMap<String, String[]> SSL_CONTEXT_PROTOCOLS_ENABLED = 107 new HashMap<String, String[]>(); 108 109 private static void provide(String type, String algorithm) { 110 HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type); 111 if (algorithms == null) { 112 algorithms = new HashSet<String>(); 113 PROVIDER_ALGORITHMS.put(type, algorithms); 114 } 115 assertTrue("Duplicate " + type + " " + algorithm, 116 algorithms.add(algorithm.toUpperCase(Locale.ROOT))); 117 } 118 private static void unprovide(String type, String algorithm) { 119 HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type); 120 assertNotNull(algorithms); 121 assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT))); 122 if (algorithms.isEmpty()) { 123 assertNotNull(PROVIDER_ALGORITHMS.remove(type)); 124 } 125 } 126 private static void provideCipherModes(String algorithm, String newModes[]) { 127 HashSet<String> modes = CIPHER_MODES.get(algorithm); 128 if (modes == null) { 129 modes = new HashSet<String>(); 130 CIPHER_MODES.put(algorithm, modes); 131 } 132 modes.addAll(Arrays.asList(newModes)); 133 } 134 private static void provideCipherPaddings(String algorithm, String newPaddings[]) { 135 HashSet<String> paddings = CIPHER_PADDINGS.get(algorithm); 136 if (paddings == null) { 137 paddings = new HashSet<String>(); 138 CIPHER_PADDINGS.put(algorithm, paddings); 139 } 140 paddings.addAll(Arrays.asList(newPaddings)); 141 } 142 private static void provideSslContextEnabledProtocols( 143 String algorithm, TLSVersion minimum, TLSVersion maximum) { 144 if (minimum.ordinal() > maximum.ordinal()) { 145 throw new RuntimeException("TLS version: minimum > maximum"); 146 } 147 int versionsLength = maximum.ordinal() - minimum.ordinal() + 1; 148 String[] versionNames = new String[versionsLength]; 149 for (int i = 0; i < versionsLength; i++) { 150 versionNames[i] = TLSVersion.values()[i + minimum.ordinal()].name; 151 } 152 SSL_CONTEXT_PROTOCOLS_ENABLED.put(algorithm, versionNames); 153 } 154 static { 155 provide("AlgorithmParameterGenerator", "DSA"); 156 provide("AlgorithmParameterGenerator", "DiffieHellman"); 157 provide("AlgorithmParameters", "AES"); 158 provide("AlgorithmParameters", "Blowfish"); 159 provide("AlgorithmParameters", "DES"); 160 provide("AlgorithmParameters", "DESede"); 161 provide("AlgorithmParameters", "DSA"); 162 provide("AlgorithmParameters", "DiffieHellman"); 163 provide("AlgorithmParameters", "GCM"); 164 provide("AlgorithmParameters", "OAEP"); 165 provide("AlgorithmParameters", "PBEWithMD5AndDES"); 166 provide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 167 provide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 168 provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 169 provide("AlgorithmParameters", "PSS"); 170 provide("AlgorithmParameters", "RC2"); 171 provide("CertPathBuilder", "PKIX"); 172 provide("CertPathValidator", "PKIX"); 173 provide("CertStore", "Collection"); 174 provide("CertStore", "LDAP"); 175 provide("CertificateFactory", "X.509"); 176 // TODO: provideCipherModes and provideCipherPaddings for other Ciphers 177 provide("Cipher", "AES"); 178 provideCipherModes("AES", new String[] {"CBC", "CFB", "CTR", "CTS", "ECB", "OFB"}); 179 provideCipherPaddings("AES", new String[] {"NoPadding", "PKCS5Padding"}); 180 provide("Cipher", "AESWrap"); 181 provide("Cipher", "ARCFOUR"); 182 provide("Cipher", "Blowfish"); 183 provide("Cipher", "DES"); 184 provide("Cipher", "DESede"); 185 provide("Cipher", "DESedeWrap"); 186 provide("Cipher", "PBEWithMD5AndDES"); 187 provide("Cipher", "PBEWithMD5AndTripleDES"); 188 provide("Cipher", "PBEWithSHA1AndDESede"); 189 provide("Cipher", "PBEWithSHA1AndRC2_40"); 190 provide("Cipher", "RC2"); 191 provide("Cipher", "RSA"); 192 // TODO: None? 193 provideCipherModes("RSA", new String[] {"ECB"}); 194 // TODO: OAEPPadding 195 provideCipherPaddings("RSA", new String[] {"NoPadding", "PKCS1Padding"}); 196 provide("Configuration", "JavaLoginConfig"); 197 provide("KeyAgreement", "DiffieHellman"); 198 provide("KeyFactory", "DSA"); 199 provide("KeyFactory", "DiffieHellman"); 200 provide("KeyFactory", "RSA"); 201 provide("KeyGenerator", "AES"); 202 provide("KeyGenerator", "ARCFOUR"); 203 provide("KeyGenerator", "Blowfish"); 204 provide("KeyGenerator", "DES"); 205 provide("KeyGenerator", "DESede"); 206 provide("KeyGenerator", "HmacMD5"); 207 provide("KeyGenerator", "HmacSHA1"); 208 provide("KeyGenerator", "HmacSHA224"); 209 provide("KeyGenerator", "HmacSHA256"); 210 provide("KeyGenerator", "HmacSHA384"); 211 provide("KeyGenerator", "HmacSHA512"); 212 provide("KeyGenerator", "RC2"); 213 provide("KeyInfoFactory", "DOM"); 214 provide("KeyManagerFactory", "PKIX"); 215 provide("KeyPairGenerator", "DSA"); 216 provide("KeyPairGenerator", "DiffieHellman"); 217 provide("KeyPairGenerator", "RSA"); 218 provide("KeyStore", "JCEKS"); 219 provide("KeyStore", "JKS"); 220 provide("KeyStore", "PKCS12"); 221 provide("Mac", "HmacMD5"); 222 provide("Mac", "HmacSHA1"); 223 provide("Mac", "HmacSHA224"); 224 provide("Mac", "HmacSHA256"); 225 provide("Mac", "HmacSHA384"); 226 provide("Mac", "HmacSHA512"); 227 provide("Mac", "PBEWITHHMACSHA224"); 228 provide("Mac", "PBEWITHHMACSHA256"); 229 provide("Mac", "PBEWITHHMACSHA384"); 230 provide("Mac", "PBEWITHHMACSHA512"); 231 // If adding a new MessageDigest, consider adding it to JarVerifier 232 provide("MessageDigest", "MD2"); 233 provide("MessageDigest", "MD5"); 234 provide("MessageDigest", "SHA-224"); 235 provide("MessageDigest", "SHA-256"); 236 provide("MessageDigest", "SHA-384"); 237 provide("MessageDigest", "SHA-512"); 238 provide("Policy", "JavaPolicy"); 239 provide("SSLContext", "TLSv1"); 240 provide("SSLContext", "TLSv1.1"); 241 provide("SSLContext", "TLSv1.2"); 242 provide("SecretKeyFactory", "DES"); 243 provide("SecretKeyFactory", "DESede"); 244 provide("SecretKeyFactory", "PBEWithMD5AndDES"); 245 provide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 246 provide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 247 provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 248 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1"); 249 provide("SecretKeyFactory", "PBKDF2WithHmacSHA224"); 250 provide("SecretKeyFactory", "PBKDF2WithHmacSHA256"); 251 provide("SecretKeyFactory", "PBKDF2WithHmacSHA384"); 252 provide("SecretKeyFactory", "PBKDF2WithHmacSHA512"); 253 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit"); 254 provide("SecureRandom", "SHA1PRNG"); 255 provide("Signature", "MD2withRSA"); 256 provide("Signature", "MD5withRSA"); 257 provide("Signature", "NONEwithDSA"); 258 provide("Signature", "SHA1withDSA"); 259 provide("Signature", "SHA224withDSA"); 260 provide("Signature", "SHA256withDSA"); 261 provide("Signature", "SHA1withRSA"); 262 provide("Signature", "SHA224withRSA"); 263 provide("Signature", "SHA256withRSA"); 264 provide("Signature", "SHA384withRSA"); 265 provide("Signature", "SHA512withRSA"); 266 provide("TerminalFactory", "PC/SC"); 267 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64"); 268 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); 269 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#"); 270 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"); 271 provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2"); 272 provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116"); 273 provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116"); 274 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); 275 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); 276 provide("TrustManagerFactory", "PKIX"); 277 provide("XMLSignatureFactory", "DOM"); 278 279 // Not clearly documented by RI 280 provide("GssApiMechanism", "1.2.840.113554.1.2.2"); 281 provide("GssApiMechanism", "1.3.6.1.5.5.2"); 282 283 // Not correctly documented by RI which left off the Factory suffix 284 provide("SaslClientFactory", "CRAM-MD5"); 285 provide("SaslClientFactory", "DIGEST-MD5"); 286 provide("SaslClientFactory", "EXTERNAL"); 287 provide("SaslClientFactory", "GSSAPI"); 288 provide("SaslClientFactory", "PLAIN"); 289 provide("SaslServerFactory", "CRAM-MD5"); 290 provide("SaslServerFactory", "DIGEST-MD5"); 291 provide("SaslServerFactory", "GSSAPI"); 292 293 // Documentation seems to list alias instead of actual name 294 // provide("MessageDigest", "SHA-1"); 295 provide("MessageDigest", "SHA"); 296 297 // Mentioned in javadoc, not documentation 298 provide("SSLContext", "Default"); 299 300 // Not documented as in RI 6 but mentioned in Standard Names 301 provide("AlgorithmParameters", "PBE"); 302 provide("SSLContext", "TLS"); 303 304 // Not documented as in RI 6 but that exist in RI 6 305 if (IS_RI) { 306 provide("CertStore", "com.sun.security.IndexedCollection"); 307 provide("KeyGenerator", "SunTlsKeyMaterial"); 308 provide("KeyGenerator", "SunTlsMasterSecret"); 309 provide("KeyGenerator", "SunTlsPrf"); 310 provide("KeyGenerator", "SunTlsRsaPremasterSecret"); 311 provide("KeyStore", "CaseExactJKS"); 312 provide("Mac", "HmacPBESHA1"); 313 provide("Mac", "SslMacMD5"); 314 provide("Mac", "SslMacSHA1"); 315 provide("SecureRandom", "NativePRNG"); 316 provide("Signature", "MD5andSHA1withRSA"); 317 provide("TrustManagerFactory", "SunX509"); 318 } 319 320 // Only available with the SunPKCS11-NSS provider, 321 // which seems to be enabled in OpenJDK 6 but not Oracle Java 6 322 if (Security.getProvider("SunPKCS11-NSS") != null) { 323 provide("Cipher", "AES/CBC/NOPADDING"); 324 provide("Cipher", "DES/CBC/NOPADDING"); 325 provide("Cipher", "DESEDE/CBC/NOPADDING"); 326 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 327 provide("KeyAgreement", "DH"); 328 provide("KeyFactory", "DH"); 329 provide("KeyPairGenerator", "DH"); 330 provide("KeyStore", "PKCS11"); 331 provide("MessageDigest", "SHA1"); 332 provide("SecretKeyFactory", "AES"); 333 provide("SecretKeyFactory", "ARCFOUR"); 334 provide("SecureRandom", "PKCS11"); 335 provide("Signature", "DSA"); 336 provide("Signature", "RAWDSA"); 337 } 338 339 if (Security.getProvider("SunPKCS11-NSS") != null 340 || Security.getProvider("SunEC") != null) { 341 provide("AlgorithmParameters", "EC"); 342 provide("KeyAgreement", "ECDH"); 343 provide("KeyFactory", "EC"); 344 provide("KeyPairGenerator", "EC"); 345 provide("Signature", "NONEWITHECDSA"); 346 provide("Signature", "SHA1WITHECDSA"); 347 provide("Signature", "SHA224WITHECDSA"); 348 provide("Signature", "SHA256WITHECDSA"); 349 provide("Signature", "SHA384WITHECDSA"); 350 provide("Signature", "SHA512WITHECDSA"); 351 } 352 353 // Documented as Standard Names, but do not exit in RI 6 354 if (IS_RI) { 355 unprovide("SSLContext", "TLSv1.1"); 356 unprovide("SSLContext", "TLSv1.2"); 357 } 358 359 // Fixups for the RI 360 if (IS_RI) { 361 // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or 362 // NewSunX509 363 unprovide("KeyManagerFactory", "PKIX"); 364 provide("KeyManagerFactory", "SunX509"); 365 provide("KeyManagerFactory", "NewSunX509"); 366 } 367 368 // Fixups for dalvik 369 if (!IS_RI) { 370 // whole types that we do not provide 371 PROVIDER_ALGORITHMS.remove("Configuration"); 372 PROVIDER_ALGORITHMS.remove("GssApiMechanism"); 373 PROVIDER_ALGORITHMS.remove("KeyInfoFactory"); 374 PROVIDER_ALGORITHMS.remove("Policy"); 375 PROVIDER_ALGORITHMS.remove("SaslClientFactory"); 376 PROVIDER_ALGORITHMS.remove("SaslServerFactory"); 377 PROVIDER_ALGORITHMS.remove("TerminalFactory"); 378 PROVIDER_ALGORITHMS.remove("TransformService"); 379 PROVIDER_ALGORITHMS.remove("XMLSignatureFactory"); 380 381 // different names Diffie-Hellman vs DH 382 unprovide("AlgorithmParameterGenerator", "DiffieHellman"); 383 provide("AlgorithmParameterGenerator", "DH"); 384 unprovide("AlgorithmParameters", "DiffieHellman"); 385 provide("AlgorithmParameters", "DH"); 386 unprovide("KeyAgreement", "DiffieHellman"); 387 provide("KeyAgreement", "DH"); 388 unprovide("KeyFactory", "DiffieHellman"); 389 provide("KeyFactory", "DH"); 390 unprovide("KeyPairGenerator", "DiffieHellman"); 391 provide("KeyPairGenerator", "DH"); 392 393 // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC 394 unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 395 unprovide("Cipher", "PBEWithSHA1AndDESede"); 396 unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 397 provide("AlgorithmParameters", "PKCS12PBE"); 398 provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 399 provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 400 401 // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA 402 unprovide("MessageDigest", "SHA"); 403 provide("MessageDigest", "SHA-1"); 404 405 // Added to support Android KeyStore operations 406 provide("Signature", "NONEwithRSA"); 407 provide("Cipher", "RSA/ECB/NOPADDING"); 408 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 409 provide("Cipher", "RSA/ECB/OAEPPadding"); 410 provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 411 provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding"); 412 provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 413 provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding"); 414 provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 415 provide("SecretKeyFactory", "AES"); 416 provide("SecretKeyFactory", "HmacSHA1"); 417 provide("SecretKeyFactory", "HmacSHA224"); 418 provide("SecretKeyFactory", "HmacSHA256"); 419 provide("SecretKeyFactory", "HmacSHA384"); 420 provide("SecretKeyFactory", "HmacSHA512"); 421 provide("Signature", "SHA1withRSA/PSS"); 422 provide("Signature", "SHA224withRSA/PSS"); 423 provide("Signature", "SHA256withRSA/PSS"); 424 provide("Signature", "SHA384withRSA/PSS"); 425 provide("Signature", "SHA512withRSA/PSS"); 426 427 // different names: ARCFOUR vs ARC4 428 unprovide("Cipher", "ARCFOUR"); 429 provide("Cipher", "ARC4"); 430 unprovide("KeyGenerator", "ARCFOUR"); 431 provide("KeyGenerator", "ARC4"); 432 433 // different case names: Blowfish vs BLOWFISH 434 unprovide("AlgorithmParameters", "Blowfish"); 435 provide("AlgorithmParameters", "BLOWFISH"); 436 unprovide("Cipher", "Blowfish"); 437 provide("Cipher", "BLOWFISH"); 438 unprovide("KeyGenerator", "Blowfish"); 439 provide("KeyGenerator", "BLOWFISH"); 440 441 // Harmony has X.509, BouncyCastle X509 442 // TODO remove one, probably Harmony's 443 provide("CertificateFactory", "X509"); 444 445 // not just different names, but different binary formats 446 unprovide("KeyStore", "JKS"); 447 provide("KeyStore", "BKS"); 448 unprovide("KeyStore", "JCEKS"); 449 provide("KeyStore", "BouncyCastle"); 450 451 // Noise to support KeyStore.PKCS12 452 provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 453 provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 454 provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 455 provide("Cipher", "PBEWITHMD5ANDRC2"); 456 provide("Cipher", "PBEWITHSHA1ANDDES"); 457 provide("Cipher", "PBEWITHSHA1ANDRC2"); 458 provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC"); 459 provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC"); 460 provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC"); 461 provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC"); 462 provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC"); 463 provide("Cipher", "PBEWITHSHAAND128BITRC4"); 464 provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC"); 465 provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 466 provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC"); 467 provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC"); 468 provide("Cipher", "PBEWITHSHAAND40BITRC4"); 469 provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC"); 470 provide("Mac", "PBEWITHHMACSHA"); 471 provide("Mac", "PBEWITHHMACSHA1"); 472 provide("SecretKeyFactory", "PBEWITHHMACSHA1"); 473 provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 474 provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 475 provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 476 provide("SecretKeyFactory", "PBEWITHMD5ANDRC2"); 477 provide("SecretKeyFactory", "PBEWITHSHA1ANDDES"); 478 provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2"); 479 provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC"); 480 provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC"); 481 provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC"); 482 provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC"); 483 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC"); 484 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4"); 485 provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC"); 486 provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 487 provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC"); 488 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC"); 489 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4"); 490 provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC"); 491 492 // Needed by our OpenSSL provider 493 provide("Cipher", "AES/CBC/NOPADDING"); 494 provide("Cipher", "AES/CBC/PKCS5PADDING"); 495 provide("Cipher", "AES/CBC/PKCS7PADDING"); 496 provide("Cipher", "AES/CFB/NOPADDING"); 497 provide("Cipher", "AES/CFB/PKCS5PADDING"); 498 provide("Cipher", "AES/CFB/PKCS7PADDING"); 499 provide("Cipher", "AES/CTR/NOPADDING"); 500 provide("Cipher", "AES/CTR/PKCS5PADDING"); 501 provide("Cipher", "AES/CTR/PKCS7PADDING"); 502 provide("Cipher", "AES/ECB/NOPADDING"); 503 provide("Cipher", "AES/ECB/PKCS5PADDING"); 504 provide("Cipher", "AES/ECB/PKCS7PADDING"); 505 provide("Cipher", "AES/GCM/NOPADDING"); 506 provide("Cipher", "AES/OFB/NOPADDING"); 507 provide("Cipher", "AES/OFB/PKCS5PADDING"); 508 provide("Cipher", "AES/OFB/PKCS7PADDING"); 509 provide("Cipher", "DESEDE/CBC/NOPADDING"); 510 provide("Cipher", "DESEDE/CBC/PKCS5PADDING"); 511 provide("Cipher", "DESEDE/CBC/PKCS7PADDING"); 512 provide("Cipher", "DESEDE/CFB/NOPADDING"); 513 provide("Cipher", "DESEDE/CFB/PKCS5PADDING"); 514 provide("Cipher", "DESEDE/CFB/PKCS7PADDING"); 515 provide("Cipher", "DESEDE/ECB/NOPADDING"); 516 provide("Cipher", "DESEDE/ECB/PKCS5PADDING"); 517 provide("Cipher", "DESEDE/ECB/PKCS7PADDING"); 518 provide("Cipher", "DESEDE/OFB/NOPADDING"); 519 provide("Cipher", "DESEDE/OFB/PKCS5PADDING"); 520 provide("Cipher", "DESEDE/OFB/PKCS7PADDING"); 521 522 // Provided by our OpenSSL provider 523 provide("AlgorithmParameters", "ChaCha20"); 524 provide("Cipher", "ChaCha20"); 525 provide("Cipher", "ChaCha20/Poly1305/NoPadding"); 526 provide("KeyGenerator", "ChaCha20"); 527 provideCipherPaddings("AES", new String[] {"PKCS7Padding"}); 528 529 // removed LDAP 530 unprovide("CertStore", "LDAP"); 531 532 // removed MD2 533 unprovide("MessageDigest", "MD2"); 534 unprovide("Signature", "MD2withRSA"); 535 536 // removed RC2 537 // NOTE the implementation remains to support PKCS12 keystores 538 unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 539 unprovide("AlgorithmParameters", "RC2"); 540 unprovide("Cipher", "PBEWithSHA1AndRC2_40"); 541 unprovide("Cipher", "RC2"); 542 unprovide("KeyGenerator", "RC2"); 543 unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 544 545 // PBEWithMD5AndTripleDES is Sun proprietary 546 unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 547 unprovide("Cipher", "PBEWithMD5AndTripleDES"); 548 unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 549 550 // missing from Bouncy Castle 551 // Standard Names document says to use specific PBEWith*And* 552 unprovide("AlgorithmParameters", "PBE"); 553 554 // missing from Bouncy Castle 555 // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters 556 // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead 557 unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3 558 559 // EC support 560 provide("AlgorithmParameters", "EC"); 561 provide("KeyAgreement", "ECDH"); 562 provide("KeyFactory", "EC"); 563 provide("KeyPairGenerator", "EC"); 564 provide("Signature", "NONEWITHECDSA"); 565 provide("Signature", "SHA1WITHECDSA"); 566 provide("Signature", "SHA224WITHECDSA"); 567 provide("Signature", "SHA256WITHECDSA"); 568 provide("Signature", "SHA384WITHECDSA"); 569 provide("Signature", "SHA512WITHECDSA"); 570 571 // Android's CA store 572 provide("KeyStore", "AndroidCAStore"); 573 574 // Android's KeyStore provider 575 if (Security.getProvider("AndroidKeyStore") != null) { 576 provide("KeyStore", "AndroidKeyStore"); 577 } 578 579 // TimaKeyStore provider 580 if (Security.getProvider("TimaKeyStore") != null) { 581 provide("KeyStore", "TimaKeyStore"); 582 } 583 // KnoxAndroidKeyStore provider 584 if (Security.getProvider("KnoxAndroidKeyStore") != null) { 585 provide("KeyStore", "KnoxAndroidKeyStore"); 586 } 587 } 588 589 provideSslContextEnabledProtocols("TLS", TLSVersion.TLSv1, TLSVersion.TLSv12); 590 provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12); 591 provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12); 592 provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12); 593 provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12); 594 } 595 596 public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default"; 597 public static final Set<String> SSL_CONTEXT_PROTOCOLS = new HashSet<String>( 598 Arrays.asList(SSL_CONTEXT_PROTOCOLS_DEFAULT, "TLS", "TLSv1", "TLSv1.1", "TLSv1.2")); 599 public static final String SSL_CONTEXT_PROTOCOL_DEFAULT = "TLS"; 600 601 public static final Set<String> KEY_TYPES = new HashSet<String>( 602 Arrays.asList("RSA", "DSA", "DH_RSA", "DH_DSA", "EC", "EC_EC", "EC_RSA")); 603 static { 604 if (IS_RI) { 605 // DH_* are specified by standard names, but do not seem to be supported by RI 606 KEY_TYPES.remove("DH_RSA"); 607 KEY_TYPES.remove("DH_DSA"); 608 } 609 } 610 611 public static final Set<String> SSL_SOCKET_PROTOCOLS = 612 new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 613 public static final Set<String> SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT = 614 new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 615 public static final Set<String> SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT = 616 new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 617 618 private enum TLSVersion { 619 SSLv3("SSLv3"), 620 TLSv1("TLSv1"), 621 TLSv11("TLSv1.1"), 622 TLSv12("TLSv1.2"); 623 624 private final String name; 625 626 TLSVersion(String name) { 627 this.name = name; 628 } 629 } 630 631 /** 632 * Valid values for X509TrustManager.checkClientTrusted authType, 633 * either the algorithm of the public key or UNKNOWN. 634 */ 635 public static final Set<String> CLIENT_AUTH_TYPES = 636 new HashSet<String>(Arrays.asList("RSA", "DSA", "EC", "UNKNOWN")); 637 638 /** 639 * Valid values for X509TrustManager.checkServerTrusted authType, 640 * either key exchange algorithm part of the cipher suite 641 * or UNKNOWN. 642 */ 643 public static final Set<String> SERVER_AUTH_TYPES = new HashSet<String>(Arrays.asList("DHE_DSS", 644 "DHE_DSS_EXPORT", "DHE_RSA", "DHE_RSA_EXPORT", "DH_DSS_EXPORT", "DH_RSA_EXPORT", 645 "DH_anon", "DH_anon_EXPORT", "KRB5", "KRB5_EXPORT", "RSA", "RSA_EXPORT", 646 "RSA_EXPORT1024", "ECDH_ECDSA", "ECDH_RSA", "ECDHE_ECDSA", "ECDHE_RSA", "UNKNOWN")); 647 648 public static final String CIPHER_SUITE_INVALID = "SSL_NULL_WITH_NULL_NULL"; 649 650 public static final Set<String> CIPHER_SUITES_NEITHER = new HashSet<String>(); 651 652 public static final Set<String> CIPHER_SUITES_RI = new LinkedHashSet<String>(); 653 public static final Set<String> CIPHER_SUITES_OPENSSL = new LinkedHashSet<String>(); 654 655 public static final Set<String> CIPHER_SUITES; 656 657 private static final void addRi(String cipherSuite) { 658 CIPHER_SUITES_RI.add(cipherSuite); 659 } 660 661 private static final void addOpenSsl(String cipherSuite) { 662 CIPHER_SUITES_OPENSSL.add(cipherSuite); 663 } 664 665 private static final void addBoth(String cipherSuite) { 666 addRi(cipherSuite); 667 addOpenSsl(cipherSuite); 668 } 669 670 private static final void addNeither(String cipherSuite) { 671 CIPHER_SUITES_NEITHER.add(cipherSuite); 672 } 673 674 static { 675 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 676 // javax.net.ssl.SSLEngine. 677 addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 678 addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 679 addBoth("TLS_RSA_WITH_AES_256_CBC_SHA"); 680 addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 681 addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 682 addBoth("TLS_RSA_WITH_AES_128_CBC_SHA"); 683 addBoth("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 684 685 // TLSv1.2 cipher suites 686 addBoth("TLS_RSA_WITH_AES_128_CBC_SHA256"); 687 addBoth("TLS_RSA_WITH_AES_256_CBC_SHA256"); 688 addOpenSsl("TLS_RSA_WITH_AES_128_GCM_SHA256"); 689 addOpenSsl("TLS_RSA_WITH_AES_256_GCM_SHA384"); 690 addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 691 addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 692 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); 693 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); 694 addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 695 addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 696 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); 697 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); 698 addOpenSsl("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); 699 addOpenSsl("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); 700 701 // Pre-Shared Key (PSK) cipher suites 702 addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA"); 703 addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA"); 704 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); 705 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); 706 addOpenSsl("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"); 707 708 // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 709 addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION); 710 711 // From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 to indicate 712 // TLS fallback request 713 addOpenSsl(CIPHER_SUITE_FALLBACK); 714 715 // non-defaultCipherSuites 716 717 // Android does not have Kerberos support 718 addRi("TLS_KRB5_WITH_RC4_128_SHA"); 719 addRi("TLS_KRB5_WITH_RC4_128_MD5"); 720 addRi("TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); 721 addRi("TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); 722 addRi("TLS_KRB5_WITH_DES_CBC_SHA"); 723 addRi("TLS_KRB5_WITH_DES_CBC_MD5"); 724 addRi("TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); 725 addRi("TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); 726 addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); 727 addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); 728 729 // Android does not have DSS support 730 addRi("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); 731 addRi("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); 732 addRi("SSL_DHE_DSS_WITH_DES_CBC_SHA"); 733 addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); 734 addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); 735 addNeither("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"); 736 addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); 737 addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"); 738 addNeither("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"); 739 740 // Android does not have RC4 support 741 addRi("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); 742 addRi("TLS_ECDHE_RSA_WITH_RC4_128_SHA"); 743 addRi("SSL_RSA_WITH_RC4_128_SHA"); 744 addRi("SSL_RSA_WITH_RC4_128_MD5"); 745 746 // Dropped 747 addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"); 748 addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"); 749 addRi("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 750 addRi("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); 751 addRi("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 752 addRi("SSL_DH_anon_WITH_DES_CBC_SHA"); 753 addRi("SSL_DH_anon_WITH_RC4_128_MD5"); 754 addRi("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 755 addRi("SSL_RSA_EXPORT_WITH_RC4_40_MD5"); 756 addRi("SSL_RSA_WITH_DES_CBC_SHA"); 757 addRi("SSL_RSA_WITH_NULL_MD5"); 758 addRi("SSL_RSA_WITH_NULL_SHA"); 759 addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA"); 760 addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 761 addNeither("TLS_DH_anon_WITH_AES_128_GCM_SHA256"); 762 addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA"); 763 addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 764 addNeither("TLS_DH_anon_WITH_AES_256_GCM_SHA384"); 765 addRi("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 766 addRi("TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 767 addRi("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 768 addRi("TLS_ECDHE_RSA_WITH_NULL_SHA"); 769 addRi("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 770 addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 771 addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 772 addNeither("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); 773 addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 774 addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 775 addNeither("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); 776 addRi("TLS_ECDH_ECDSA_WITH_NULL_SHA"); 777 addRi("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); 778 addRi("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 779 addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 780 addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 781 addNeither("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); 782 addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 783 addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 784 addNeither("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); 785 addRi("TLS_ECDH_RSA_WITH_NULL_SHA"); 786 addRi("TLS_ECDH_RSA_WITH_RC4_128_SHA"); 787 addRi("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 788 addRi("TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 789 addRi("TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 790 addRi("TLS_ECDH_anon_WITH_NULL_SHA"); 791 addRi("TLS_ECDH_anon_WITH_RC4_128_SHA"); 792 addNeither("TLS_PSK_WITH_3DES_EDE_CBC_SHA"); 793 addRi("TLS_RSA_WITH_NULL_SHA256"); 794 795 // Old non standard exportable encryption 796 addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"); 797 addNeither("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"); 798 799 // No RC2 800 addNeither("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); 801 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); 802 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); 803 804 CIPHER_SUITES = CIPHER_SUITES_OPENSSL; 805 } 806 807 /** 808 * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI. 809 */ 810 public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 = Arrays.asList( 811 "SSL_RSA_WITH_DES_CBC_SHA", 812 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 813 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 814 "SSL_DH_anon_WITH_DES_CBC_SHA", 815 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 816 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 817 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 818 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 819 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 820 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 821 822 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 823 // javax.net.ssl.SSLEngine. 824 private static final List<String> CIPHER_SUITES_AES_HARDWARE = Arrays.asList( 825 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 826 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 827 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 828 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 829 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 830 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 831 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 832 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 833 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 834 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 835 "TLS_RSA_WITH_AES_128_GCM_SHA256", 836 "TLS_RSA_WITH_AES_256_GCM_SHA384", 837 "TLS_RSA_WITH_AES_128_CBC_SHA", 838 "TLS_RSA_WITH_AES_256_CBC_SHA", 839 CIPHER_SUITE_SECURE_RENEGOTIATION); 840 841 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 842 // javax.net.ssl.SSLEngine. 843 private static final List<String> CIPHER_SUITES_SOFTWARE = Arrays.asList( 844 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 845 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 846 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 847 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 848 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 849 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 850 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 851 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 852 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 853 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 854 "TLS_RSA_WITH_AES_128_GCM_SHA256", 855 "TLS_RSA_WITH_AES_256_GCM_SHA384", 856 "TLS_RSA_WITH_AES_128_CBC_SHA", 857 "TLS_RSA_WITH_AES_256_CBC_SHA", 858 CIPHER_SUITE_SECURE_RENEGOTIATION); 859 860 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 861 // javax.net.ssl.SSLEngine. 862 public static final List<String> CIPHER_SUITES_DEFAULT = CpuFeatures.isAESHardwareAccelerated() 863 ? CIPHER_SUITES_AES_HARDWARE 864 : CIPHER_SUITES_SOFTWARE; 865 866 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 867 // javax.net.ssl.SSLEngine. 868 public static final List<String> CIPHER_SUITES_DEFAULT_PSK = Arrays.asList( 869 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 870 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 871 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 872 "TLS_PSK_WITH_AES_128_CBC_SHA", 873 "TLS_PSK_WITH_AES_256_CBC_SHA"); 874 875 // Should be updated to match BoringSSL's defaults when they change. 876 // https://boringssl.googlesource.com/boringssl/+/master/ssl/t1_lib.c#306 877 public static final List<String> ELLIPTIC_CURVES_DEFAULT = 878 Arrays.asList("x25519 (29)", "secp256r1 (23)", "secp384r1 (24)"); 879 880 private static final Set<String> PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = new HashSet<String>( 881 Arrays.asList("RSA", "DHE_RSA", "DHE_DSS", "ECDHE_RSA", "ECDHE_ECDSA")); 882 883 private static final Set<String> PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS = 884 new HashSet<String>(Arrays.asList( 885 "AES_128_CBC", 886 "AES_256_CBC", 887 "AES_128_GCM", 888 "AES_256_GCM", 889 "CHACHA20_POLY1305")); 890 891 private static final Set<String> PERMITTED_DEFAULT_MACS = 892 new HashSet<String>(Arrays.asList("SHA", "SHA256", "SHA384")); 893 894 public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES; 895 public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES; 896 public static final Map<String, Integer> MINIMUM_KEY_SIZE; 897 static { 898 PRIVATE_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 899 PUBLIC_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 900 MINIMUM_KEY_SIZE = new HashMap<String, Integer>(); 901 PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class); 902 PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class); 903 MINIMUM_KEY_SIZE.put("RSA", 512); 904 PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class); 905 PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class); 906 MINIMUM_KEY_SIZE.put("DSA", 512); 907 PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class); 908 PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class); 909 MINIMUM_KEY_SIZE.put("DH", 256); 910 PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class); 911 PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class); 912 MINIMUM_KEY_SIZE.put("EC", 256); 913 } 914 915 public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) { 916 return PRIVATE_KEY_SPEC_CLASSES.get(algName); 917 } 918 919 public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) { 920 return PUBLIC_KEY_SPEC_CLASSES.get(algName); 921 } 922 923 public static int getMinimumKeySize(String algName) { 924 return MINIMUM_KEY_SIZE.get(algName); 925 } 926 927 /** 928 * Asserts that the cipher suites array is non-null and that it 929 * all of its contents are cipher suites known to this 930 * implementation. As a convenience, returns any unenabled cipher 931 * suites in a test for those that want to verify separately that 932 * all cipher suites were included. 933 */ 934 private static Set<String> assertValidCipherSuites( 935 Set<String> expected, String[] cipherSuites) { 936 assertNotNull(cipherSuites); 937 assertTrue(cipherSuites.length != 0); 938 939 // Make sure all cipherSuites names are expected 940 HashSet<String> remainingCipherSuites = new HashSet<String>(expected); 941 HashSet<String> unknownCipherSuites = new HashSet<String>(); 942 for (String cipherSuite : cipherSuites) { 943 boolean removed = remainingCipherSuites.remove(cipherSuite); 944 if (!removed) { 945 unknownCipherSuites.add(cipherSuite); 946 } 947 } 948 assertEquals("Unknown cipher suites", Collections.EMPTY_SET, unknownCipherSuites); 949 return remainingCipherSuites; 950 } 951 952 /** 953 * After using assertValidCipherSuites on cipherSuites, 954 * assertSupportedCipherSuites additionally verifies that all 955 * supported cipher suites where in the input array. 956 */ 957 private static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { 958 Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); 959 assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); 960 assertEquals(expected.size(), cipherSuites.length); 961 } 962 963 /** 964 * Asserts that the protocols array is non-null and that it all of 965 * its contents are protocols known to this implementation. As a 966 * convenience, returns any unenabled protocols in a test for 967 * those that want to verify separately that all protocols were 968 * included. 969 */ 970 private static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { 971 assertNotNull(protocols); 972 assertTrue(protocols.length != 0); 973 974 // Make sure all protocols names are expected 975 HashSet<String> remainingProtocols = new HashSet<String>(expected); 976 HashSet<String> unknownProtocols = new HashSet<String>(); 977 for (String protocol : protocols) { 978 if (!remainingProtocols.remove(protocol)) { 979 unknownProtocols.add(protocol); 980 } 981 } 982 assertEquals("Unknown protocols", Collections.EMPTY_SET, unknownProtocols); 983 return remainingProtocols; 984 } 985 986 /** 987 * After using assertValidProtocols on protocols, 988 * assertSupportedProtocols additionally verifies that all 989 * supported protocols where in the input array. 990 */ 991 private static void assertSupportedProtocols(Set<String> expected, String[] protocols) { 992 Set<String> remainingProtocols = assertValidProtocols(expected, protocols); 993 assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); 994 assertEquals(expected.size(), protocols.length); 995 } 996 997 /** 998 * Asserts that the provided list of protocols matches the supported list of protocols. 999 */ 1000 public static void assertSupportedProtocols(String[] protocols) { 1001 assertSupportedProtocols(SSL_SOCKET_PROTOCOLS, protocols); 1002 } 1003 1004 /** 1005 * Assert that the provided list of cipher suites contains only the supported cipher suites. 1006 */ 1007 public static void assertValidCipherSuites(String[] cipherSuites) { 1008 assertValidCipherSuites(CIPHER_SUITES, cipherSuites); 1009 } 1010 1011 /** 1012 * Assert that the provided list of cipher suites matches the supported list. 1013 */ 1014 public static void assertSupportedCipherSuites(String[] cipherSuites) { 1015 assertSupportedCipherSuites(CIPHER_SUITES, cipherSuites); 1016 } 1017 1018 /** 1019 * Assert cipher suites match the default list in content and priority order and contain 1020 * only cipher suites permitted by default. 1021 */ 1022 public static void assertDefaultCipherSuites(String[] cipherSuites) { 1023 assertValidCipherSuites(cipherSuites); 1024 1025 Set<String> expected = new TreeSet<String>(CIPHER_SUITES_DEFAULT); 1026 Set<String> actual = new TreeSet<String>(Arrays.asList(cipherSuites)); 1027 assertEquals(expected, actual); 1028 } 1029 1030 public static void assertDefaultEllipticCurves(String[] curves) { 1031 assertEquals(ELLIPTIC_CURVES_DEFAULT, Arrays.asList(curves)); 1032 } 1033 1034 public static void assertSSLContextEnabledProtocols(String version, String[] protocols) { 1035 assertEquals("For protocol \"" + version + "\"", 1036 Arrays.toString(SSL_CONTEXT_PROTOCOLS_ENABLED.get(version)), 1037 Arrays.toString(protocols)); 1038 } 1039 1040 private static boolean isPermittedDefaultCipherSuite(String cipherSuite) { 1041 assertNotNull(cipherSuite); 1042 if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) { 1043 return true; 1044 } 1045 assertTrue(cipherSuite, cipherSuite.startsWith("TLS_") || cipherSuite.startsWith("SSL_")); 1046 1047 // Example: RSA_WITH_AES_128_CBC_SHA 1048 String remainder = cipherSuite.substring("TLS_".length()); 1049 int macDelimiterIndex = remainder.lastIndexOf('_'); 1050 assertTrue(cipherSuite, macDelimiterIndex != -1); 1051 // Example: SHA 1052 String mac = remainder.substring(macDelimiterIndex + 1); 1053 1054 // Example: RSA_WITH_AES_128_CBC 1055 remainder = remainder.substring(0, macDelimiterIndex); 1056 int withDelimiterIndex = remainder.indexOf("_WITH_"); 1057 assertTrue(cipherSuite, withDelimiterIndex != -1); 1058 1059 // Example: RSA 1060 String keyExchange = remainder.substring(0, withDelimiterIndex); 1061 // Example: AES_128_CBC 1062 String bulkEncryptionCipher = remainder.substring(withDelimiterIndex + "_WITH_".length()); 1063 1064 if (!PERMITTED_DEFAULT_MACS.contains(mac)) { 1065 return false; 1066 } 1067 if (!PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS.contains(keyExchange)) { 1068 return false; 1069 } 1070 if (!PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS.contains(bulkEncryptionCipher)) { 1071 return false; 1072 } 1073 1074 return true; 1075 } 1076 1077 /** 1078 * Get all supported mode names for the given cipher. 1079 */ 1080 public static Set<String> getModesForCipher(String cipher) { 1081 return CIPHER_MODES.get(cipher); 1082 } 1083 1084 /** 1085 * Get all supported padding names for the given cipher. 1086 */ 1087 public static Set<String> getPaddingsForCipher(String cipher) { 1088 return CIPHER_PADDINGS.get(cipher); 1089 } 1090} 1091