1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.apache.harmony.xnet.provider.jsse; 18 19 import java.security.Provider; 20 21 /** 22 * Provider that goes through OpenSSL for operations. 23 * <p> 24 * Every algorithm should have its IANA assigned OID as an alias. See the following URLs for each type: 25 * <ul> 26 * <li><a href="http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml">Hash functions</a></li> 27 * <li><a href="http://www.iana.org/assignments/dssc/dssc.xml">Signature algorithms</a></li> 28 * <li><a href="http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html">NIST cryptographic algorithms</a></li> 29 * </ul> 30 */ 31 public final class OpenSSLProvider extends Provider { 32 public static final String PROVIDER_NAME = "AndroidOpenSSL"; 33 34 public OpenSSLProvider() { 35 super(PROVIDER_NAME, 1.0, "Android's OpenSSL-backed security provider"); 36 37 /* === SSL Contexts === */ 38 put("SSLContext.SSL", OpenSSLContextImpl.class.getName()); 39 put("SSLContext.SSLv3", OpenSSLContextImpl.class.getName()); 40 put("SSLContext.TLS", OpenSSLContextImpl.class.getName()); 41 put("SSLContext.TLSv1", OpenSSLContextImpl.class.getName()); 42 put("SSLContext.TLSv1.1", OpenSSLContextImpl.class.getName()); 43 put("SSLContext.TLSv1.2", OpenSSLContextImpl.class.getName()); 44 put("SSLContext.Default", DefaultSSLContextImpl.class.getName()); 45 46 /* === Message Digests === */ 47 put("MessageDigest.SHA-1", 48 "org.apache.harmony.xnet.provider.jsse.OpenSSLMessageDigestJDK$SHA1"); 49 put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); 50 put("Alg.Alias.MessageDigest.SHA", "SHA-1"); 51 put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA-1"); 52 53 put("MessageDigest.SHA-256", 54 "org.apache.harmony.xnet.provider.jsse.OpenSSLMessageDigestJDK$SHA256"); 55 put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); 56 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); 57 58 put("MessageDigest.SHA-384", 59 "org.apache.harmony.xnet.provider.jsse.OpenSSLMessageDigestJDK$SHA384"); 60 put("Alg.Alias.MessageDigest.SHA384", "SHA-384"); 61 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); 62 63 put("MessageDigest.SHA-512", 64 "org.apache.harmony.xnet.provider.jsse.OpenSSLMessageDigestJDK$SHA512"); 65 put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); 66 put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); 67 68 // iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) md5(5) 69 put("MessageDigest.MD5", 70 "org.apache.harmony.xnet.provider.jsse.OpenSSLMessageDigestJDK$MD5"); 71 put("Alg.Alias.MessageDigest.1.2.840.113549.2.5", "MD5"); 72 73 /* == KeyPairGenerators == */ 74 put("KeyPairGenerator.RSA", OpenSSLRSAKeyPairGenerator.class.getName()); 75 put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); 76 77 put("KeyPairGenerator.DSA", OpenSSLDSAKeyPairGenerator.class.getName()); 78 79 put("KeyPairGenerator.EC", OpenSSLECKeyPairGenerator.class.getName()); 80 81 /* == KeyFactory == */ 82 put("KeyFactory.RSA", OpenSSLRSAKeyFactory.class.getName()); 83 put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); 84 85 put("KeyFactory.DSA", OpenSSLDSAKeyFactory.class.getName()); 86 87 put("KeyFactory.EC", OpenSSLECKeyFactory.class.getName()); 88 89 /* == KeyAgreement == */ 90 put("KeyAgreement.ECDH", OpenSSLECDHKeyAgreement.class.getName()); 91 92 /* == Signatures == */ 93 put("Signature.MD5WithRSA", OpenSSLSignature.MD5RSA.class.getName()); 94 put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5WithRSA"); 95 put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSA"); 96 put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5WithRSA"); 97 put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSA"); 98 99 put("Signature.SHA1WithRSA", OpenSSLSignature.SHA1RSA.class.getName()); 100 put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1WithRSA"); 101 put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSA"); 102 put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSA"); 103 put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1WithRSA"); 104 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSA"); 105 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSA"); 106 put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1WithRSA"); 107 108 put("Signature.SHA256WithRSA", OpenSSLSignature.SHA256RSA.class.getName()); 109 put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSA"); 110 put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256WithRSA"); 111 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1", 112 "SHA256WithRSA"); 113 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11", 114 "SHA256WithRSA"); 115 116 put("Signature.SHA384WithRSA", OpenSSLSignature.SHA384RSA.class.getName()); 117 put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSA"); 118 put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384WithRSA"); 119 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1", 120 "SHA384WithRSA"); 121 122 put("Signature.SHA512WithRSA", OpenSSLSignature.SHA512RSA.class.getName()); 123 put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSA"); 124 put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512WithRSA"); 125 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1", 126 "SHA512WithRSA"); 127 128 put("Signature.SHA1withDSA", OpenSSLSignature.SHA1DSA.class.getName()); 129 put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); 130 put("Alg.Alias.Signature.DSA", "SHA1withDSA"); 131 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); 132 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); 133 put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); 134 put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); 135 136 put("Signature.NONEwithRSA", OpenSSLSignatureRawRSA.class.getName()); 137 138 put("Signature.ECDSA", OpenSSLSignature.SHA1ECDSA.class.getName()); 139 put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); 140 put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); 141 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1) 142 put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); 143 put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "ECDSA"); 144 145 // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 146 put("Signature.SHA256withECDSA", OpenSSLSignature.SHA256ECDSA.class.getName()); 147 // ecdsa-with-SHA256(2) 148 put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA"); 149 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA"); 150 151 put("Signature.SHA384withECDSA", OpenSSLSignature.SHA384ECDSA.class.getName()); 152 // ecdsa-with-SHA384(3) 153 put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA"); 154 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA"); 155 156 put("Signature.SHA512withECDSA", OpenSSLSignature.SHA512ECDSA.class.getName()); 157 // ecdsa-with-SHA512(4) 158 put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA"); 159 put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA"); 160 161 /* === SecureRandom === */ 162 /* 163 * We have to specify SHA1PRNG because various documentation mentions 164 * that algorithm by name instead of just recommending calling 165 * "new SecureRandom()" 166 */ 167 put("SecureRandom.SHA1PRNG", OpenSSLRandom.class.getName()); 168 put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); 169 170 /* === Cipher === */ 171 put("Cipher.RSA/ECB/NoPadding", OpenSSLCipherRSA.Raw.class.getName()); 172 put("Alg.Alias.Cipher.RSA/None/NoPadding", "RSA/ECB/NoPadding"); 173 put("Cipher.RSA/ECB/PKCS1Padding", OpenSSLCipherRSA.PKCS1.class.getName()); 174 put("Alg.Alias.Cipher.RSA/None/PKCS1Padding", "RSA/ECB/PKCS1Padding"); 175 176 /* 177 * OpenSSL only supports a subset of modes, so we'll name them 178 * explicitly here. 179 */ 180 put("Cipher.AES/ECB/NoPadding", OpenSSLCipher.AES.ECB.NoPadding.class.getName()); 181 put("Cipher.AES/ECB/PKCS5Padding", OpenSSLCipher.AES.ECB.PKCS5Padding.class.getName()); 182 put("Cipher.AES/CBC/NoPadding", OpenSSLCipher.AES.CBC.NoPadding.class.getName()); 183 put("Cipher.AES/CBC/PKCS5Padding", OpenSSLCipher.AES.CBC.PKCS5Padding.class.getName()); 184 put("Cipher.AES/CFB/NoPadding", OpenSSLCipher.AES.CFB.NoPadding.class.getName()); 185 put("Cipher.AES/CFB/PKCS5Padding", OpenSSLCipher.AES.CFB.PKCS5Padding.class.getName()); 186 put("Cipher.AES/CTR/NoPadding", OpenSSLCipher.AES.CTR.NoPadding.class.getName()); 187 put("Cipher.AES/CTR/PKCS5Padding", OpenSSLCipher.AES.CTR.PKCS5Padding.class.getName()); 188 put("Cipher.AES/OFB/NoPadding", OpenSSLCipher.AES.OFB.NoPadding.class.getName()); 189 put("Cipher.AES/OFB/PKCS5Padding", OpenSSLCipher.AES.OFB.PKCS5Padding.class.getName()); 190 191 put("Cipher.DESEDE/CBC/NoPadding", OpenSSLCipher.DESEDE.CBC.NoPadding.class.getName()); 192 put("Cipher.DESEDE/CBC/PKCS5Padding", OpenSSLCipher.DESEDE.CBC.PKCS5Padding.class.getName()); 193 put("Cipher.DESEDE/CFB/NoPadding", OpenSSLCipher.DESEDE.CFB.NoPadding.class.getName()); 194 put("Cipher.DESEDE/CFB/PKCS5Padding", OpenSSLCipher.DESEDE.CFB.PKCS5Padding.class.getName()); 195 put("Cipher.DESEDE/ECB/NoPadding", OpenSSLCipher.DESEDE.ECB.NoPadding.class.getName()); 196 put("Cipher.DESEDE/ECB/PKCS5Padding", OpenSSLCipher.DESEDE.ECB.PKCS5Padding.class.getName()); 197 put("Cipher.DESEDE/OFB/NoPadding", OpenSSLCipher.DESEDE.OFB.NoPadding.class.getName()); 198 put("Cipher.DESEDE/OFB/PKCS5Padding", OpenSSLCipher.DESEDE.OFB.PKCS5Padding.class.getName()); 199 200 put("Cipher.ARC4", OpenSSLCipher.ARC4.class.getName()); 201 202 /* === Mac === */ 203 204 put("Mac.HmacMD5", OpenSSLMac.HmacMD5.class.getName()); 205 206 // PKCS#2 - iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 207 // http://www.oid-info.com/get/1.2.840.113549.2 208 209 // HMAC-SHA-1 PRF (7) 210 put("Mac.HmacSHA1", OpenSSLMac.HmacSHA1.class.getName()); 211 put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); 212 put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1"); 213 put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1"); 214 215 // id-hmacWithSHA256 (9) 216 put("Mac.HmacSHA256", OpenSSLMac.HmacSHA256.class.getName()); 217 put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); 218 put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256"); 219 put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256"); 220 221 // id-hmacWithSHA384 (10) 222 put("Mac.HmacSHA384", OpenSSLMac.HmacSHA384.class.getName()); 223 put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); 224 put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384"); 225 put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384"); 226 227 // id-hmacWithSHA384 (11) 228 put("Mac.HmacSHA512", OpenSSLMac.HmacSHA512.class.getName()); 229 put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); 230 put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512"); 231 put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512"); 232 233 /* === Certificate === */ 234 235 put("CertificateFactory.X509", OpenSSLX509CertificateFactory.class.getName()); 236 put("Alg.Alias.CertificateFactory.X.509", "X509"); 237 } 238 } 239