1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.conscrypt; 18 19 import java.io.FileDescriptor; 20 import java.io.IOException; 21 import java.io.OutputStream; 22 import java.net.SocketTimeoutException; 23 import java.security.InvalidKeyException; 24 import java.security.MessageDigest; 25 import java.security.NoSuchAlgorithmException; 26 import java.security.PrivateKey; 27 import java.security.SignatureException; 28 import java.security.cert.CertificateEncodingException; 29 import java.security.cert.CertificateException; 30 import java.security.cert.CertificateParsingException; 31 import java.util.ArrayList; 32 import java.util.Calendar; 33 import java.util.HashMap; 34 import java.util.HashSet; 35 import java.util.LinkedHashMap; 36 import java.util.List; 37 import java.util.Map; 38 import java.util.Set; 39 import javax.crypto.BadPaddingException; 40 import javax.crypto.IllegalBlockSizeException; 41 import javax.net.ssl.SSLException; 42 import javax.security.auth.x500.X500Principal; 43 44 /** 45 * Provides the Java side of our JNI glue for OpenSSL. 46 */ 47 public final class NativeCrypto { 48 49 public static final boolean isBoringSSL; 50 51 // --- OpenSSL library initialization -------------------------------------- 52 static { 53 NativeCryptoJni.init(); 54 isBoringSSL = clinit(); 55 } 56 57 private native static boolean clinit(); 58 59 // --- ENGINE functions ---------------------------------------------------- 60 public static native void ENGINE_load_dynamic(); 61 62 public static native long ENGINE_by_id(String id); 63 64 public static native int ENGINE_add(long e); 65 66 public static native int ENGINE_init(long e); 67 68 public static native int ENGINE_finish(long e); 69 70 public static native int ENGINE_free(long e); 71 72 public static native long ENGINE_load_private_key(long e, String key_id) throws InvalidKeyException; 73 74 public static native String ENGINE_get_id(long engineRef); 75 76 public static native int ENGINE_ctrl_cmd_string(long engineRef, String cmd, String arg, 77 int cmd_optional); 78 79 // --- DSA/RSA public/private key handling functions ----------------------- 80 81 public static native long EVP_PKEY_new_DSA(byte[] p, byte[] q, byte[] g, 82 byte[] pub_key, byte[] priv_key); 83 84 public static native long EVP_PKEY_new_RSA(byte[] n, byte[] e, byte[] d, byte[] p, byte[] q, 85 byte[] dmp1, byte[] dmq1, byte[] iqmp); 86 87 public static native long EVP_PKEY_new_mac_key(int type, byte[] key); 88 89 public static native int EVP_PKEY_size(NativeRef.EVP_PKEY pkey); 90 91 public static native int EVP_PKEY_type(NativeRef.EVP_PKEY pkey); 92 93 public static native String EVP_PKEY_print_public(NativeRef.EVP_PKEY pkeyRef); 94 95 public static native String EVP_PKEY_print_private(NativeRef.EVP_PKEY pkeyRef); 96 97 public static native void EVP_PKEY_free(long pkey); 98 99 public static native int EVP_PKEY_cmp(NativeRef.EVP_PKEY pkey1, NativeRef.EVP_PKEY pkey2); 100 101 public static native byte[] i2d_PKCS8_PRIV_KEY_INFO(NativeRef.EVP_PKEY pkey); 102 103 public static native long d2i_PKCS8_PRIV_KEY_INFO(byte[] data); 104 105 public static native byte[] i2d_PUBKEY(NativeRef.EVP_PKEY pkey); 106 107 public static native long d2i_PUBKEY(byte[] data); 108 109 public static native long getRSAPrivateKeyWrapper(PrivateKey key, byte[] modulus); 110 111 public static native long getECPrivateKeyWrapper(PrivateKey key, 112 NativeRef.EC_GROUP ecGroupRef); 113 114 public static native long RSA_generate_key_ex(int modulusBits, byte[] publicExponent); 115 116 public static native int RSA_size(NativeRef.EVP_PKEY pkey); 117 118 public static native int RSA_private_encrypt(int flen, byte[] from, byte[] to, 119 NativeRef.EVP_PKEY pkey, int padding); 120 121 public static native int RSA_public_decrypt(int flen, byte[] from, byte[] to, 122 NativeRef.EVP_PKEY pkey, int padding) throws BadPaddingException, SignatureException; 123 124 public static native int RSA_public_encrypt(int flen, byte[] from, byte[] to, 125 NativeRef.EVP_PKEY pkey, int padding); 126 127 public static native int RSA_private_decrypt(int flen, byte[] from, byte[] to, 128 NativeRef.EVP_PKEY pkey, int padding) throws BadPaddingException, SignatureException; 129 130 /** 131 * @return array of {n, e} 132 */ 133 public static native byte[][] get_RSA_public_params(NativeRef.EVP_PKEY rsa); 134 135 /** 136 * @return array of {n, e, d, p, q, dmp1, dmq1, iqmp} 137 */ 138 public static native byte[][] get_RSA_private_params(NativeRef.EVP_PKEY rsa); 139 140 public static native byte[] i2d_RSAPublicKey(NativeRef.EVP_PKEY rsa); 141 142 public static native byte[] i2d_RSAPrivateKey(NativeRef.EVP_PKEY rsa); 143 144 // --- DH public/private key handling functions ---------------------------- 145 146 public static native long EVP_PKEY_new_DH(byte[] p, byte[] g, byte[] pub_key, byte[] priv_key); 147 148 public static native long DH_generate_parameters_ex(int primeBits, long generator); 149 150 public static native void DH_generate_key(NativeRef.EVP_PKEY pkeyRef); 151 152 /** 153 * @return array of {p, g, y(pub), x(priv)} 154 */ 155 public static native byte[][] get_DH_params(NativeRef.EVP_PKEY dh); 156 157 // --- EC functions -------------------------- 158 159 /** 160 * Used to request EC_GROUP_new_curve_GFp to EC_GROUP_new_curve 161 */ 162 public static final int EC_CURVE_GFP = 1; 163 164 /** 165 * Used to request EC_GROUP_new_curve_GF2m to EC_GROUP_new_curve 166 */ 167 public static final int EC_CURVE_GF2M = 2; 168 169 public static native long EVP_PKEY_new_EC_KEY(NativeRef.EC_GROUP groupRef, 170 NativeRef.EC_POINT pubkeyRef, byte[] privkey); 171 172 public static native long EC_GROUP_new_by_curve_name(String curveName); 173 174 public static native long EC_GROUP_new_arbitrary(byte[] p, byte[] a, byte[] b, byte[] x, 175 byte[] y, byte[] order, int cofactor); 176 177 public static native void EC_GROUP_set_asn1_flag(NativeRef.EC_GROUP groupRef, int flag); 178 179 public static native void EC_GROUP_set_point_conversion_form(NativeRef.EC_GROUP groupRef, 180 int form); 181 182 public static native String EC_GROUP_get_curve_name(NativeRef.EC_GROUP groupRef); 183 184 public static native byte[][] EC_GROUP_get_curve(NativeRef.EC_GROUP groupRef); 185 186 public static native void EC_GROUP_clear_free(long groupRef); 187 188 public static native boolean EC_GROUP_cmp(NativeRef.EC_GROUP ctx1, NativeRef.EC_GROUP ctx2); 189 190 public static native long EC_GROUP_get_generator(NativeRef.EC_GROUP groupRef); 191 192 public static native int get_EC_GROUP_type(NativeRef.EC_GROUP groupRef); 193 194 public static native byte[] EC_GROUP_get_order(NativeRef.EC_GROUP groupRef); 195 196 public static native int EC_GROUP_get_degree(NativeRef.EC_GROUP groupRef); 197 198 public static native byte[] EC_GROUP_get_cofactor(NativeRef.EC_GROUP groupRef); 199 200 public static native long EC_POINT_new(NativeRef.EC_GROUP groupRef); 201 202 public static native void EC_POINT_clear_free(long pointRef); 203 204 public static native boolean EC_POINT_cmp(NativeRef.EC_GROUP groupRef, 205 NativeRef.EC_POINT pointRef1, NativeRef.EC_POINT pointRef2); 206 207 public static native byte[][] EC_POINT_get_affine_coordinates(NativeRef.EC_GROUP groupRef, 208 NativeRef.EC_POINT pointRef); 209 210 public static native void EC_POINT_set_affine_coordinates(NativeRef.EC_GROUP groupRef, 211 NativeRef.EC_POINT pointRef, byte[] x, byte[] y); 212 213 public static native long EC_KEY_generate_key(NativeRef.EC_GROUP groupRef); 214 215 public static native long EC_KEY_get1_group(NativeRef.EVP_PKEY pkeyRef); 216 217 public static native byte[] EC_KEY_get_private_key(NativeRef.EVP_PKEY keyRef); 218 219 public static native long EC_KEY_get_public_key(NativeRef.EVP_PKEY keyRef); 220 221 public static native void EC_KEY_set_nonce_from_hash(NativeRef.EVP_PKEY keyRef, 222 boolean enabled); 223 224 public static native int ECDH_compute_key(byte[] out, int outOffset, 225 NativeRef.EVP_PKEY publicKeyRef, NativeRef.EVP_PKEY privateKeyRef); 226 227 // --- Message digest functions -------------- 228 229 // These return const references 230 public static native long EVP_get_digestbyname(String name); 231 232 public static native int EVP_MD_size(long evp_md_const); 233 234 public static native int EVP_MD_block_size(long evp_md_const); 235 236 // --- Message digest context functions -------------- 237 238 public static native long EVP_MD_CTX_create(); 239 240 public static native void EVP_MD_CTX_init(NativeRef.EVP_MD_CTX ctx); 241 242 public static native void EVP_MD_CTX_destroy(long ctx); 243 244 public static native int EVP_MD_CTX_copy(NativeRef.EVP_MD_CTX dst_ctx, 245 NativeRef.EVP_MD_CTX src_ctx); 246 247 // --- Digest handling functions ------------------------------------------- 248 249 public static native int EVP_DigestInit(NativeRef.EVP_MD_CTX ctx, long evp_md); 250 251 public static native void EVP_DigestUpdate(NativeRef.EVP_MD_CTX ctx, 252 byte[] buffer, int offset, int length); 253 254 public static native int EVP_DigestFinal(NativeRef.EVP_MD_CTX ctx, byte[] hash, 255 int offset); 256 257 // --- MAC handling functions ---------------------------------------------- 258 259 public static native void EVP_DigestSignInit(NativeRef.EVP_MD_CTX evp_md_ctx, 260 long evp_md, NativeRef.EVP_PKEY evp_pkey); 261 262 public static native void EVP_DigestSignUpdate(NativeRef.EVP_MD_CTX evp_md_ctx, 263 byte[] in); 264 265 public static native byte[] EVP_DigestSignFinal(NativeRef.EVP_MD_CTX evp_md_ctx); 266 267 // --- Signature handling functions ---------------------------------------- 268 269 public static native int EVP_SignInit(NativeRef.EVP_MD_CTX ctx, long evpRef); 270 271 public static native void EVP_SignUpdate(NativeRef.EVP_MD_CTX ctx, byte[] buffer, 272 int offset, int length); 273 274 public static native int EVP_SignFinal(NativeRef.EVP_MD_CTX ctx, byte[] signature, 275 int offset, NativeRef.EVP_PKEY key); 276 277 public static native int EVP_VerifyInit(NativeRef.EVP_MD_CTX ctx, long evpRef); 278 279 public static native void EVP_VerifyUpdate(NativeRef.EVP_MD_CTX ctx, 280 byte[] buffer, int offset, int length); 281 282 public static native int EVP_VerifyFinal(NativeRef.EVP_MD_CTX ctx, 283 byte[] signature, int offset, int length, NativeRef.EVP_PKEY key); 284 285 // --- Block ciphers ------------------------------------------------------- 286 287 // These return const references 288 public static native long EVP_get_cipherbyname(String string); 289 290 public static native void EVP_CipherInit_ex(NativeRef.EVP_CIPHER_CTX ctx, long evpCipher, 291 byte[] key, byte[] iv, boolean encrypting); 292 293 public static native int EVP_CipherUpdate(NativeRef.EVP_CIPHER_CTX ctx, byte[] out, 294 int outOffset, byte[] in, int inOffset, int inLength); 295 296 public static native int EVP_CipherFinal_ex(NativeRef.EVP_CIPHER_CTX ctx, byte[] out, 297 int outOffset) throws BadPaddingException, IllegalBlockSizeException; 298 299 public static native int EVP_CIPHER_iv_length(long evpCipher); 300 301 public static native long EVP_CIPHER_CTX_new(); 302 303 public static native int EVP_CIPHER_CTX_block_size(NativeRef.EVP_CIPHER_CTX ctx); 304 305 public static native int get_EVP_CIPHER_CTX_buf_len(NativeRef.EVP_CIPHER_CTX ctx); 306 307 public static native boolean get_EVP_CIPHER_CTX_final_used(NativeRef.EVP_CIPHER_CTX ctx); 308 309 public static native void EVP_CIPHER_CTX_set_padding(NativeRef.EVP_CIPHER_CTX ctx, 310 boolean enablePadding); 311 312 public static native void EVP_CIPHER_CTX_set_key_length(NativeRef.EVP_CIPHER_CTX ctx, 313 int keyBitSize); 314 315 public static native void EVP_CIPHER_CTX_free(long ctx); 316 317 // --- AEAD ---------------------------------------------------------------- 318 public static native long EVP_aead_aes_128_gcm(); 319 320 public static native long EVP_aead_aes_256_gcm(); 321 322 public static native long EVP_AEAD_CTX_init(long evpAead, byte[] key, int tagLen); 323 324 public static native void EVP_AEAD_CTX_cleanup(long ctx); 325 326 public static native int EVP_AEAD_max_overhead(long evpAead); 327 328 public static native int EVP_AEAD_nonce_length(long evpAead); 329 330 public static native int EVP_AEAD_max_tag_len(long evpAead); 331 332 public static native int EVP_AEAD_CTX_seal(NativeRef.EVP_AEAD_CTX ctx, byte[] out, 333 int outOffset, byte[] nonce, byte[] in, int inOffset, int inLength, byte[] ad) 334 throws BadPaddingException; 335 336 public static native int EVP_AEAD_CTX_open(NativeRef.EVP_AEAD_CTX ctx, byte[] out, 337 int outOffset, byte[] nonce, byte[] in, int inOffset, int inLength, byte[] ad) 338 throws BadPaddingException; 339 340 // --- RAND seeding -------------------------------------------------------- 341 342 public static final int RAND_SEED_LENGTH_IN_BYTES = 1024; 343 344 public static native void RAND_seed(byte[] seed); 345 346 public static native int RAND_load_file(String filename, long max_bytes); 347 348 public static native void RAND_bytes(byte[] output); 349 350 // --- ASN.1 objects ------------------------------------------------------- 351 352 public static native int OBJ_txt2nid(String oid); 353 354 public static native String OBJ_txt2nid_longName(String oid); 355 356 public static native String OBJ_txt2nid_oid(String oid); 357 358 // --- X509_NAME ----------------------------------------------------------- 359 360 public static int X509_NAME_hash(X500Principal principal) { 361 return X509_NAME_hash(principal, "SHA1"); 362 } 363 public static int X509_NAME_hash_old(X500Principal principal) { 364 return X509_NAME_hash(principal, "MD5"); 365 } 366 private static int X509_NAME_hash(X500Principal principal, String algorithm) { 367 try { 368 byte[] digest = MessageDigest.getInstance(algorithm).digest(principal.getEncoded()); 369 int offset = 0; 370 return (((digest[offset++] & 0xff) << 0) | 371 ((digest[offset++] & 0xff) << 8) | 372 ((digest[offset++] & 0xff) << 16) | 373 ((digest[offset ] & 0xff) << 24)); 374 } catch (NoSuchAlgorithmException e) { 375 throw new AssertionError(e); 376 } 377 } 378 379 public static native String X509_NAME_print_ex(long x509nameCtx, long flags); 380 381 // --- X509 ---------------------------------------------------------------- 382 383 /** Used to request get_X509_GENERAL_NAME_stack get the "altname" field. */ 384 public static final int GN_STACK_SUBJECT_ALT_NAME = 1; 385 386 /** 387 * Used to request get_X509_GENERAL_NAME_stack get the issuerAlternativeName 388 * extension. 389 */ 390 public static final int GN_STACK_ISSUER_ALT_NAME = 2; 391 392 /** 393 * Used to request only non-critical types in get_X509*_ext_oids. 394 */ 395 public static final int EXTENSION_TYPE_NON_CRITICAL = 0; 396 397 /** 398 * Used to request only critical types in get_X509*_ext_oids. 399 */ 400 public static final int EXTENSION_TYPE_CRITICAL = 1; 401 402 public static native long d2i_X509_bio(long bioCtx); 403 404 public static native long d2i_X509(byte[] encoded); 405 406 public static native long PEM_read_bio_X509(long bioCtx); 407 408 public static native byte[] i2d_X509(long x509ctx); 409 410 /** Takes an X509 context not an X509_PUBKEY context. */ 411 public static native byte[] i2d_X509_PUBKEY(long x509ctx); 412 413 public static native byte[] ASN1_seq_pack_X509(long[] x509CertRefs); 414 415 public static native long[] ASN1_seq_unpack_X509_bio(long bioRef); 416 417 public static native void X509_free(long x509ctx); 418 419 public static native int X509_cmp(long x509ctx1, long x509ctx2); 420 421 public static native int get_X509_hashCode(long x509ctx); 422 423 public static native void X509_print_ex(long bioCtx, long x509ctx, long nmflag, long certflag); 424 425 public static native byte[] X509_get_issuer_name(long x509ctx); 426 427 public static native byte[] X509_get_subject_name(long x509ctx); 428 429 public static native String get_X509_sig_alg_oid(long x509ctx); 430 431 public static native byte[] get_X509_sig_alg_parameter(long x509ctx); 432 433 public static native boolean[] get_X509_issuerUID(long x509ctx); 434 435 public static native boolean[] get_X509_subjectUID(long x509ctx); 436 437 public static native long X509_get_pubkey(long x509ctx) throws NoSuchAlgorithmException; 438 439 public static native String get_X509_pubkey_oid(long x509ctx); 440 441 public static native byte[] X509_get_ext_oid(long x509ctx, String oid); 442 443 public static native String[] get_X509_ext_oids(long x509ctx, int critical); 444 445 public static native Object[][] get_X509_GENERAL_NAME_stack(long x509ctx, int type) 446 throws CertificateParsingException; 447 448 public static native boolean[] get_X509_ex_kusage(long x509ctx); 449 450 public static native String[] get_X509_ex_xkusage(long x509ctx); 451 452 public static native int get_X509_ex_pathlen(long x509ctx); 453 454 public static native long X509_get_notBefore(long x509ctx); 455 456 public static native long X509_get_notAfter(long x509ctx); 457 458 public static native long X509_get_version(long x509ctx); 459 460 public static native byte[] X509_get_serialNumber(long x509ctx); 461 462 public static native void X509_verify(long x509ctx, NativeRef.EVP_PKEY pkeyCtx) 463 throws BadPaddingException; 464 465 public static native byte[] get_X509_cert_info_enc(long x509ctx); 466 467 public static native byte[] get_X509_signature(long x509ctx); 468 469 public static native int get_X509_ex_flags(long x509ctx); 470 471 public static native int X509_check_issued(long ctx, long ctx2); 472 473 // --- PKCS7 --------------------------------------------------------------- 474 475 /** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */ 476 public static final int PKCS7_CERTS = 1; 477 478 /** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */ 479 public static final int PKCS7_CRLS = 2; 480 481 /** Returns an array of X509 or X509_CRL pointers. */ 482 public static native long[] d2i_PKCS7_bio(long bioCtx, int which); 483 484 /** Returns an array of X509 or X509_CRL pointers. */ 485 public static native byte[] i2d_PKCS7(long[] certs); 486 487 /** Returns an array of X509 or X509_CRL pointers. */ 488 public static native long[] PEM_read_bio_PKCS7(long bioCtx, int which); 489 490 // --- X509_CRL ------------------------------------------------------------ 491 492 public static native long d2i_X509_CRL_bio(long bioCtx); 493 494 public static native long PEM_read_bio_X509_CRL(long bioCtx); 495 496 public static native byte[] i2d_X509_CRL(long x509CrlCtx); 497 498 public static native void X509_CRL_free(long x509CrlCtx); 499 500 public static native void X509_CRL_print(long bioCtx, long x509CrlCtx); 501 502 public static native String get_X509_CRL_sig_alg_oid(long x509CrlCtx); 503 504 public static native byte[] get_X509_CRL_sig_alg_parameter(long x509CrlCtx); 505 506 public static native byte[] X509_CRL_get_issuer_name(long x509CrlCtx); 507 508 /** Returns X509_REVOKED reference that is not duplicated! */ 509 public static native long X509_CRL_get0_by_cert(long x509CrlCtx, long x509Ctx); 510 511 /** Returns X509_REVOKED reference that is not duplicated! */ 512 public static native long X509_CRL_get0_by_serial(long x509CrlCtx, byte[] serial); 513 514 /** Returns an array of X509_REVOKED that are owned by the caller. */ 515 public static native long[] X509_CRL_get_REVOKED(long x509CrlCtx); 516 517 public static native String[] get_X509_CRL_ext_oids(long x509ctx, int critical); 518 519 public static native byte[] X509_CRL_get_ext_oid(long x509CrlCtx, String oid); 520 521 public static native long X509_CRL_get_version(long x509CrlCtx); 522 523 public static native long X509_CRL_get_ext(long x509CrlCtx, String oid); 524 525 public static native byte[] get_X509_CRL_signature(long x509ctx); 526 527 public static native void X509_CRL_verify(long x509CrlCtx, NativeRef.EVP_PKEY pkeyCtx); 528 529 public static native byte[] get_X509_CRL_crl_enc(long x509CrlCtx); 530 531 public static native long X509_CRL_get_lastUpdate(long x509CrlCtx); 532 533 public static native long X509_CRL_get_nextUpdate(long x509CrlCtx); 534 535 // --- X509_REVOKED -------------------------------------------------------- 536 537 public static native long X509_REVOKED_dup(long x509RevokedCtx); 538 539 public static native byte[] i2d_X509_REVOKED(long x509RevokedCtx); 540 541 public static native String[] get_X509_REVOKED_ext_oids(long x509ctx, int critical); 542 543 public static native byte[] X509_REVOKED_get_ext_oid(long x509RevokedCtx, String oid); 544 545 public static native byte[] X509_REVOKED_get_serialNumber(long x509RevokedCtx); 546 547 public static native long X509_REVOKED_get_ext(long x509RevokedCtx, String oid); 548 549 /** Returns ASN1_TIME reference. */ 550 public static native long get_X509_REVOKED_revocationDate(long x509RevokedCtx); 551 552 public static native void X509_REVOKED_print(long bioRef, long x509RevokedCtx); 553 554 // --- X509_EXTENSION ------------------------------------------------------ 555 556 public static native int X509_supported_extension(long x509ExtensionRef); 557 558 // --- ASN1_TIME ----------------------------------------------------------- 559 560 public static native void ASN1_TIME_to_Calendar(long asn1TimeCtx, Calendar cal); 561 562 // --- BIO stream creation ------------------------------------------------- 563 564 public static native long create_BIO_InputStream(OpenSSLBIOInputStream is, boolean isFinite); 565 566 public static native long create_BIO_OutputStream(OutputStream os); 567 568 public static native int BIO_read(long bioRef, byte[] buffer); 569 570 public static native void BIO_write(long bioRef, byte[] buffer, int offset, int length) 571 throws IOException; 572 573 public static native void BIO_free_all(long bioRef); 574 575 // --- SSL handling -------------------------------------------------------- 576 577 private static final String SUPPORTED_PROTOCOL_SSLV3 = "SSLv3"; 578 private static final String SUPPORTED_PROTOCOL_TLSV1 = "TLSv1"; 579 private static final String SUPPORTED_PROTOCOL_TLSV1_1 = "TLSv1.1"; 580 private static final String SUPPORTED_PROTOCOL_TLSV1_2 = "TLSv1.2"; 581 582 // STANDARD_TO_OPENSSL_CIPHER_SUITES is a map from OpenSSL-style 583 // cipher-suite names to the standard name for the same (i.e. the name that 584 // is registered with IANA). 585 public static final Map<String, String> OPENSSL_TO_STANDARD_CIPHER_SUITES 586 = new HashMap<String, String>(); 587 588 // STANDARD_TO_OPENSSL_CIPHER_SUITES is a map from "standard" cipher suite 589 // names (i.e. the names that are registered with IANA) to the 590 // OpenSSL-style name for the same. 591 public static final Map<String, String> STANDARD_TO_OPENSSL_CIPHER_SUITES 592 = new LinkedHashMap<String, String>(); 593 594 // SUPPORTED_CIPHER_SUITES_SET contains all the cipher suites supported by 595 // OpenSSL, named using "standard" (as opposed to OpenSSL-style) names. 596 public static final Set<String> SUPPORTED_CIPHER_SUITES_SET = new HashSet<String>(); 597 598 private static void add(String openssl, String standard) { 599 OPENSSL_TO_STANDARD_CIPHER_SUITES.put(openssl, standard); 600 STANDARD_TO_OPENSSL_CIPHER_SUITES.put(standard, openssl); 601 } 602 603 /** 604 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is RFC 5746's renegotiation 605 * indication signaling cipher suite value. It is not a real 606 * cipher suite. It is just an indication in the default and 607 * supported cipher suite lists indicates that the implementation 608 * supports secure renegotiation. 609 * 610 * In the RI, its presence means that the SCSV is sent in the 611 * cipher suite list to indicate secure renegotiation support and 612 * its absense means to send an empty TLS renegotiation info 613 * extension instead. 614 * 615 * However, OpenSSL doesn't provide an API to give this level of 616 * control, instead always sending the SCSV and always including 617 * the empty renegotiation info if TLS is used (as opposed to 618 * SSL). So we simply allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to 619 * be passed for compatibility as to provide the hint that we 620 * support secure renegotiation. 621 */ 622 public static final String TLS_EMPTY_RENEGOTIATION_INFO_SCSV 623 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 624 625 /** 626 * TLS_FALLBACK_SCSV is from 627 * https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 628 * to indicate to the server that this is a fallback protocol 629 * request. 630 */ 631 public static final String TLS_FALLBACK_SCSV = "TLS_FALLBACK_SCSV"; 632 633 static { 634 add("ADH-AES128-GCM-SHA256", "TLS_DH_anon_WITH_AES_128_GCM_SHA256"); 635 add("ADH-AES128-SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA"); 636 add("ADH-AES128-SHA256", "TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 637 add("ADH-AES256-GCM-SHA384", "TLS_DH_anon_WITH_AES_256_GCM_SHA384"); 638 add("ADH-AES256-SHA", "TLS_DH_anon_WITH_AES_256_CBC_SHA"); 639 add("ADH-AES256-SHA256", "TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 640 add("ADH-DES-CBC-SHA", "SSL_DH_anon_WITH_DES_CBC_SHA"); 641 add("ADH-DES-CBC3-SHA", "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 642 add("ADH-RC4-MD5", "SSL_DH_anon_WITH_RC4_128_MD5"); 643 add("AECDH-AES128-SHA", "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 644 add("AECDH-AES256-SHA", "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 645 add("AECDH-DES-CBC3-SHA", "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 646 add("AECDH-NULL-SHA", "TLS_ECDH_anon_WITH_NULL_SHA"); 647 add("AECDH-RC4-SHA", "TLS_ECDH_anon_WITH_RC4_128_SHA"); 648 add("AES128-GCM-SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256"); 649 add("AES128-SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"); 650 add("AES128-SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256"); 651 add("AES256-GCM-SHA384", "TLS_RSA_WITH_AES_256_GCM_SHA384"); 652 add("AES256-SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"); 653 add("AES256-SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256"); 654 add("DES-CBC-SHA", "SSL_RSA_WITH_DES_CBC_SHA"); 655 add("DES-CBC3-SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 656 add("DHE-RSA-AES128-GCM-SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"); 657 add("DHE-RSA-AES128-SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"); 658 add("DHE-RSA-AES128-SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"); 659 add("DHE-RSA-AES256-GCM-SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"); 660 add("DHE-RSA-AES256-SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"); 661 add("DHE-RSA-AES256-SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"); 662 add("DHE-RSA-CHACHA20-POLY1305", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305"); 663 add("ECDH-ECDSA-AES128-GCM-SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); 664 add("ECDH-ECDSA-AES128-SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 665 add("ECDH-ECDSA-AES128-SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 666 add("ECDH-ECDSA-AES256-GCM-SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); 667 add("ECDH-ECDSA-AES256-SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 668 add("ECDH-ECDSA-AES256-SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 669 add("ECDH-ECDSA-DES-CBC3-SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 670 add("ECDH-ECDSA-NULL-SHA", "TLS_ECDH_ECDSA_WITH_NULL_SHA"); 671 add("ECDH-ECDSA-RC4-SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); 672 add("ECDH-RSA-AES128-GCM-SHA256", "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); 673 add("ECDH-RSA-AES128-SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 674 add("ECDH-RSA-AES128-SHA256", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 675 add("ECDH-RSA-AES256-GCM-SHA384", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); 676 add("ECDH-RSA-AES256-SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 677 add("ECDH-RSA-AES256-SHA384", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 678 add("ECDH-RSA-DES-CBC3-SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 679 add("ECDH-RSA-NULL-SHA", "TLS_ECDH_RSA_WITH_NULL_SHA"); 680 add("ECDH-RSA-RC4-SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA"); 681 add("ECDHE-ECDSA-AES128-GCM-SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); 682 add("ECDHE-ECDSA-AES128-SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 683 add("ECDHE-ECDSA-AES128-SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 684 add("ECDHE-ECDSA-AES256-GCM-SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); 685 add("ECDHE-ECDSA-AES256-SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 686 add("ECDHE-ECDSA-AES256-SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 687 add("ECDHE-ECDSA-CHACHA20-POLY1305", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"); 688 add("ECDHE-ECDSA-DES-CBC3-SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 689 add("ECDHE-ECDSA-NULL-SHA", "TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 690 add("ECDHE-ECDSA-RC4-SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); 691 add("ECDHE-PSK-AES128-CBC-SHA", "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); 692 add("ECDHE-PSK-AES128-GCM-SHA256", "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256"); 693 add("ECDHE-PSK-AES256-CBC-SHA", "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); 694 add("ECDHE-PSK-AES256-GCM-SHA384", "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384"); 695 add("ECDHE-RSA-AES128-GCM-SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); 696 add("ECDHE-RSA-AES128-SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 697 add("ECDHE-RSA-AES128-SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 698 add("ECDHE-RSA-AES256-GCM-SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); 699 add("ECDHE-RSA-AES256-SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 700 add("ECDHE-RSA-AES256-SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 701 add("ECDHE-RSA-CHACHA20-POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"); 702 add("ECDHE-RSA-DES-CBC3-SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 703 add("ECDHE-RSA-NULL-SHA", "TLS_ECDHE_RSA_WITH_NULL_SHA"); 704 add("ECDHE-RSA-RC4-SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA"); 705 add("EDH-RSA-DES-CBC-SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA"); 706 add("EDH-RSA-DES-CBC3-SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); 707 add("EXP-ADH-DES-CBC-SHA", "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 708 add("EXP-ADH-RC4-MD5", "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); 709 add("EXP-DES-CBC-SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 710 add("EXP-EDH-RSA-DES-CBC-SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"); 711 add("EXP-RC4-MD5", "SSL_RSA_EXPORT_WITH_RC4_40_MD5"); 712 add("NULL-MD5", "SSL_RSA_WITH_NULL_MD5"); 713 add("NULL-SHA", "SSL_RSA_WITH_NULL_SHA"); 714 add("NULL-SHA256", "TLS_RSA_WITH_NULL_SHA256"); 715 add("PSK-3DES-EDE-CBC-SHA", "TLS_PSK_WITH_3DES_EDE_CBC_SHA"); 716 add("PSK-AES128-CBC-SHA", "TLS_PSK_WITH_AES_128_CBC_SHA"); 717 add("PSK-AES256-CBC-SHA", "TLS_PSK_WITH_AES_256_CBC_SHA"); 718 add("PSK-RC4-SHA", "TLS_PSK_WITH_RC4_128_SHA"); 719 add("RC4-MD5", "SSL_RSA_WITH_RC4_128_MD5"); 720 add("RC4-SHA", "SSL_RSA_WITH_RC4_128_SHA"); 721 722 // Signaling Cipher Suite Value for secure renegotiation handled as special case. 723 // add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", null); 724 725 // Similarly, the fallback SCSV is handled as a special case. 726 // add("TLS_FALLBACK_SCSV", null); 727 } 728 729 private static final String[] SUPPORTED_CIPHER_SUITES; 730 static { 731 // Cipher selection string must work with OpenSSL and BoringSSL. 732 String[] allOpenSSLCipherSuites = get_cipher_names("ALL:-EXP:-SRP:-SEED:-CAMELLIA:-DSS:-RC2:-DES-CBC-MD5:-DES-CBC3-MD5"); 733 734 int size = allOpenSSLCipherSuites.length; 735 SUPPORTED_CIPHER_SUITES = new String[size + 2]; 736 for (int i = 0; i < size; i++) { 737 String standardName = OPENSSL_TO_STANDARD_CIPHER_SUITES.get(allOpenSSLCipherSuites[i]); 738 if (standardName == null) { 739 throw new IllegalArgumentException("Unknown cipher suite supported by native code: " + 740 allOpenSSLCipherSuites[i]); 741 } 742 SUPPORTED_CIPHER_SUITES[i] = standardName; 743 SUPPORTED_CIPHER_SUITES_SET.add(standardName); 744 } 745 SUPPORTED_CIPHER_SUITES[size] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; 746 SUPPORTED_CIPHER_SUITES[size + 1] = TLS_FALLBACK_SCSV; 747 } 748 749 public static native long SSL_CTX_new(); 750 751 // IMPLEMENTATION NOTE: The default list of cipher suites is a trade-off between what we'd like 752 // to use and what servers currently support. We strive to be secure enough by default. We thus 753 // avoid unacceptably weak suites (e.g., those with bulk cipher secret key shorter than 128 754 // bits), while maintaining the capability to connect to the majority of servers. 755 // 756 // Cipher suites are listed in preference order (favorite choice first) of the client. However, 757 // servers are not required to honor the order. The key rules governing the preference order 758 // are: 759 // * Prefer Forward Secrecy (i.e., cipher suites that use ECDHE and DHE for key agreement). 760 // * Prefer AES-GCM to AES-CBC whose MAC-pad-then-encrypt approach leads to weaknesses (e.g., 761 // Lucky 13). 762 // * Prefer AES to RC4 whose foundations are a bit shaky. See http://www.isg.rhul.ac.uk/tls/. 763 // BEAST and Lucky13 mitigations are enabled. 764 // * Prefer 128-bit bulk encryption to 256-bit one, because 128-bit is safe enough while 765 // consuming less CPU/time/energy. 766 // 767 // NOTE: Removing cipher suites from this list needs to be done with caution, because this may 768 // prevent apps from connecting to servers they were previously able to connect to. 769 770 /** X.509 based cipher suites enabled by default (if requested), in preference order. */ 771 static final String[] DEFAULT_X509_CIPHER_SUITES = new String[] { 772 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 773 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 774 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 775 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 776 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 777 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 778 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 779 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 780 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 781 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 782 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 783 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 784 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 785 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 786 "TLS_RSA_WITH_AES_128_GCM_SHA256", 787 "TLS_RSA_WITH_AES_256_GCM_SHA384", 788 "TLS_RSA_WITH_AES_128_CBC_SHA", 789 "TLS_RSA_WITH_AES_256_CBC_SHA", 790 "SSL_RSA_WITH_RC4_128_SHA", 791 }; 792 793 /** TLS-PSK cipher suites enabled by default (if requested), in preference order. */ 794 static final String[] DEFAULT_PSK_CIPHER_SUITES = new String[] { 795 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 796 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 797 "TLS_PSK_WITH_AES_128_CBC_SHA", 798 "TLS_PSK_WITH_AES_256_CBC_SHA", 799 }; 800 801 public static String[] getSupportedCipherSuites() { 802 return SUPPORTED_CIPHER_SUITES.clone(); 803 } 804 805 public static native void SSL_CTX_free(long ssl_ctx); 806 807 public static native void SSL_CTX_set_session_id_context(long ssl_ctx, byte[] sid_ctx); 808 809 public static native long SSL_new(long ssl_ctx) throws SSLException; 810 811 public static native void SSL_enable_tls_channel_id(long ssl) throws SSLException; 812 813 public static native byte[] SSL_get_tls_channel_id(long ssl) throws SSLException; 814 815 public static native void SSL_set1_tls_channel_id(long ssl, NativeRef.EVP_PKEY pkey); 816 817 public static native void SSL_use_certificate(long ssl, long[] x509refs); 818 819 public static native void SSL_use_PrivateKey(long ssl, NativeRef.EVP_PKEY pkey); 820 821 public static native void SSL_check_private_key(long ssl) throws SSLException; 822 823 public static native void SSL_set_client_CA_list(long ssl, byte[][] asn1DerEncodedX500Principals); 824 825 public static native long SSL_get_mode(long ssl); 826 827 public static native long SSL_set_mode(long ssl, long mode); 828 829 public static native long SSL_clear_mode(long ssl, long mode); 830 831 public static native long SSL_get_options(long ssl); 832 833 public static native long SSL_set_options(long ssl, long options); 834 835 public static native long SSL_clear_options(long ssl, long options); 836 837 public static native void SSL_use_psk_identity_hint(long ssl, String identityHint) 838 throws SSLException; 839 840 public static native void set_SSL_psk_client_callback_enabled(long ssl, boolean enabled); 841 842 public static native void set_SSL_psk_server_callback_enabled(long ssl, boolean enabled); 843 844 /** Protocols to enable by default when "TLSv1.2" is requested. */ 845 public static final String[] TLSV12_PROTOCOLS = new String[] { 846 SUPPORTED_PROTOCOL_TLSV1, 847 SUPPORTED_PROTOCOL_TLSV1_1, 848 SUPPORTED_PROTOCOL_TLSV1_2, 849 }; 850 851 /** Protocols to enable by default when "TLSv1.1" is requested. */ 852 public static final String[] TLSV11_PROTOCOLS = new String[] { 853 SUPPORTED_PROTOCOL_TLSV1, 854 SUPPORTED_PROTOCOL_TLSV1_1, 855 SUPPORTED_PROTOCOL_TLSV1_2, 856 }; 857 858 /** Protocols to enable by default when "TLSv1" is requested. */ 859 public static final String[] TLSV1_PROTOCOLS = new String[] { 860 SUPPORTED_PROTOCOL_TLSV1, 861 SUPPORTED_PROTOCOL_TLSV1_1, 862 SUPPORTED_PROTOCOL_TLSV1_2, 863 }; 864 865 /** Protocols to enable by default when "SSLv3" is requested. */ 866 public static final String[] SSLV3_PROTOCOLS = new String[] { 867 SUPPORTED_PROTOCOL_SSLV3, 868 SUPPORTED_PROTOCOL_TLSV1, 869 SUPPORTED_PROTOCOL_TLSV1_1, 870 SUPPORTED_PROTOCOL_TLSV1_2, 871 }; 872 873 public static final String[] DEFAULT_PROTOCOLS = TLSV12_PROTOCOLS; 874 875 public static String[] getSupportedProtocols() { 876 return new String[] { SUPPORTED_PROTOCOL_SSLV3, 877 SUPPORTED_PROTOCOL_TLSV1, 878 SUPPORTED_PROTOCOL_TLSV1_1, 879 SUPPORTED_PROTOCOL_TLSV1_2, 880 }; 881 } 882 883 public static void setEnabledProtocols(long ssl, String[] protocols) { 884 checkEnabledProtocols(protocols); 885 // openssl uses negative logic letting you disable protocols. 886 // so first, assume we need to set all (disable all) and clear none (enable none). 887 // in the loop, selectively move bits from set to clear (from disable to enable) 888 long optionsToSet = (NativeConstants.SSL_OP_NO_SSLv3 | NativeConstants.SSL_OP_NO_TLSv1 | NativeConstants.SSL_OP_NO_TLSv1_1 | NativeConstants.SSL_OP_NO_TLSv1_2); 889 long optionsToClear = 0; 890 for (int i = 0; i < protocols.length; i++) { 891 String protocol = protocols[i]; 892 if (protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) { 893 optionsToSet &= ~NativeConstants.SSL_OP_NO_SSLv3; 894 optionsToClear |= NativeConstants.SSL_OP_NO_SSLv3; 895 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) { 896 optionsToSet &= ~NativeConstants.SSL_OP_NO_TLSv1; 897 optionsToClear |= NativeConstants.SSL_OP_NO_TLSv1; 898 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) { 899 optionsToSet &= ~NativeConstants.SSL_OP_NO_TLSv1_1; 900 optionsToClear |= NativeConstants.SSL_OP_NO_TLSv1_1; 901 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2)) { 902 optionsToSet &= ~NativeConstants.SSL_OP_NO_TLSv1_2; 903 optionsToClear |= NativeConstants.SSL_OP_NO_TLSv1_2; 904 } else { 905 // error checked by checkEnabledProtocols 906 throw new IllegalStateException(); 907 } 908 } 909 910 SSL_set_options(ssl, optionsToSet); 911 SSL_clear_options(ssl, optionsToClear); 912 } 913 914 public static String[] checkEnabledProtocols(String[] protocols) { 915 if (protocols == null) { 916 throw new IllegalArgumentException("protocols == null"); 917 } 918 for (int i = 0; i < protocols.length; i++) { 919 String protocol = protocols[i]; 920 if (protocol == null) { 921 throw new IllegalArgumentException("protocols[" + i + "] == null"); 922 } 923 if ((!protocol.equals(SUPPORTED_PROTOCOL_SSLV3)) 924 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) 925 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) 926 && (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2))) { 927 throw new IllegalArgumentException("protocol " + protocol 928 + " is not supported"); 929 } 930 } 931 return protocols; 932 } 933 934 public static native void SSL_set_cipher_lists(long ssl, String[] ciphers); 935 936 /** 937 * Gets the list of cipher suites enabled for the provided {@code SSL} instance. 938 * 939 * @return array of {@code SSL_CIPHER} references. 940 */ 941 public static native long[] SSL_get_ciphers(long ssl); 942 943 public static native int get_SSL_CIPHER_algorithm_mkey(long sslCipher); 944 public static native int get_SSL_CIPHER_algorithm_auth(long sslCipher); 945 946 public static void setEnabledCipherSuites(long ssl, String[] cipherSuites) { 947 checkEnabledCipherSuites(cipherSuites); 948 List<String> opensslSuites = new ArrayList<String>(); 949 for (int i = 0; i < cipherSuites.length; i++) { 950 String cipherSuite = cipherSuites[i]; 951 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 952 continue; 953 } 954 if (cipherSuite.equals(TLS_FALLBACK_SCSV)) { 955 SSL_set_mode(ssl, NativeConstants.SSL_MODE_SEND_FALLBACK_SCSV); 956 continue; 957 } 958 String openssl = STANDARD_TO_OPENSSL_CIPHER_SUITES.get(cipherSuite); 959 String cs = (openssl == null) ? cipherSuite : openssl; 960 opensslSuites.add(cs); 961 } 962 SSL_set_cipher_lists(ssl, opensslSuites.toArray(new String[opensslSuites.size()])); 963 } 964 965 public static String[] checkEnabledCipherSuites(String[] cipherSuites) { 966 if (cipherSuites == null) { 967 throw new IllegalArgumentException("cipherSuites == null"); 968 } 969 // makes sure all suites are valid, throwing on error 970 for (int i = 0; i < cipherSuites.length; i++) { 971 String cipherSuite = cipherSuites[i]; 972 if (cipherSuite == null) { 973 throw new IllegalArgumentException("cipherSuites[" + i + "] == null"); 974 } 975 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV) || 976 cipherSuite.equals(TLS_FALLBACK_SCSV)) { 977 continue; 978 } 979 if (SUPPORTED_CIPHER_SUITES_SET.contains(cipherSuite)) { 980 continue; 981 } 982 983 // For backwards compatibility, it's allowed for |cipherSuite| to 984 // be an OpenSSL-style cipher-suite name. 985 String standardName = OPENSSL_TO_STANDARD_CIPHER_SUITES.get(cipherSuite); 986 if (standardName != null && SUPPORTED_CIPHER_SUITES_SET.contains(standardName)) { 987 // TODO log warning about using backward compatability 988 continue; 989 } 990 throw new IllegalArgumentException("cipherSuite " + cipherSuite + " is not supported."); 991 } 992 return cipherSuites; 993 } 994 995 /* 996 * See the OpenSSL ssl.h header file for more information. 997 */ 998 public static final int SSL_VERIFY_NONE = 0x00; 999 public static final int SSL_VERIFY_PEER = 0x01; 1000 public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02; 1001 1002 public static native void SSL_set_accept_state(long sslNativePointer); 1003 1004 public static native void SSL_set_connect_state(long sslNativePointer); 1005 1006 public static native void SSL_set_verify(long sslNativePointer, int mode); 1007 1008 public static native void SSL_set_session(long sslNativePointer, long sslSessionNativePointer) 1009 throws SSLException; 1010 1011 public static native void SSL_set_session_creation_enabled( 1012 long sslNativePointer, boolean creationEnabled) throws SSLException; 1013 1014 public static native void SSL_set_reject_peer_renegotiations( 1015 long sslNativePointer, boolean renegotiationRejected) throws SSLException; 1016 1017 public static native void SSL_set_tlsext_host_name(long sslNativePointer, String hostname) 1018 throws SSLException; 1019 public static native String SSL_get_servername(long sslNativePointer); 1020 1021 /** 1022 * Enables NPN for all SSL connections in the context. 1023 * 1024 * <p>For clients this causes the NPN extension to be included in the 1025 * ClientHello message. 1026 * 1027 * <p>For servers this causes the NPN extension to be included in the 1028 * ServerHello message. The NPN extension will not be included in the 1029 * ServerHello response if the client didn't include it in the ClientHello 1030 * request. 1031 * 1032 * <p>In either case the caller should pass a non-null byte array of NPN 1033 * protocols to {@link #SSL_do_handshake}. 1034 */ 1035 public static native void SSL_CTX_enable_npn(long sslCtxNativePointer); 1036 1037 /** 1038 * Disables NPN for all SSL connections in the context. 1039 */ 1040 public static native void SSL_CTX_disable_npn(long sslCtxNativePointer); 1041 1042 /** 1043 * For clients, sets the list of supported ALPN protocols in wire-format 1044 * (length-prefixed 8-bit strings). 1045 */ 1046 public static native int SSL_set_alpn_protos(long sslPointer, byte[] protos); 1047 1048 /** 1049 * Returns the selected ALPN protocol. If the server did not select a 1050 * protocol, {@code null} will be returned. 1051 */ 1052 public static native byte[] SSL_get0_alpn_selected(long sslPointer); 1053 1054 /** 1055 * Returns the sslSessionNativePointer of the negotiated session. If this is 1056 * a server negotiation, supplying the {@code alpnProtocols} will enable 1057 * ALPN negotiation. 1058 */ 1059 public static native long SSL_do_handshake(long sslNativePointer, 1060 FileDescriptor fd, 1061 SSLHandshakeCallbacks shc, 1062 int timeoutMillis, 1063 boolean client_mode, 1064 byte[] npnProtocols, 1065 byte[] alpnProtocols) 1066 throws SSLException, SocketTimeoutException, CertificateException; 1067 1068 /** 1069 * Returns the sslSessionNativePointer of the negotiated session. If this is 1070 * a server negotiation, supplying the {@code alpnProtocols} will enable 1071 * ALPN negotiation. 1072 */ 1073 public static native long SSL_do_handshake_bio(long sslNativePointer, 1074 long sourceBioRef, 1075 long sinkBioRef, 1076 SSLHandshakeCallbacks shc, 1077 boolean client_mode, 1078 byte[] npnProtocols, 1079 byte[] alpnProtocols) 1080 throws SSLException, SocketTimeoutException, CertificateException; 1081 1082 public static native byte[] SSL_get_npn_negotiated_protocol(long sslNativePointer); 1083 1084 /** 1085 * Currently only intended for forcing renegotiation for testing. 1086 * Not used within OpenSSLSocketImpl. 1087 */ 1088 public static native void SSL_renegotiate(long sslNativePointer) throws SSLException; 1089 1090 /** 1091 * Returns the local X509 certificate references. Must X509_free when done. 1092 */ 1093 public static native long[] SSL_get_certificate(long sslNativePointer); 1094 1095 /** 1096 * Returns the peer X509 certificate references. Must X509_free when done. 1097 */ 1098 public static native long[] SSL_get_peer_cert_chain(long sslNativePointer); 1099 1100 /** 1101 * Reads with the native SSL_read function from the encrypted data stream 1102 * @return -1 if error or the end of the stream is reached. 1103 */ 1104 public static native int SSL_read(long sslNativePointer, 1105 FileDescriptor fd, 1106 SSLHandshakeCallbacks shc, 1107 byte[] b, int off, int len, int readTimeoutMillis) 1108 throws IOException; 1109 1110 public static native int SSL_read_BIO(long sslNativePointer, 1111 byte[] dest, 1112 int destOffset, 1113 int destLength, 1114 long sourceBioRef, 1115 long sinkBioRef, 1116 SSLHandshakeCallbacks shc) 1117 throws IOException; 1118 1119 /** 1120 * Writes with the native SSL_write function to the encrypted data stream. 1121 */ 1122 public static native void SSL_write(long sslNativePointer, 1123 FileDescriptor fd, 1124 SSLHandshakeCallbacks shc, 1125 byte[] b, int off, int len, int writeTimeoutMillis) 1126 throws IOException; 1127 1128 public static native int SSL_write_BIO(long sslNativePointer, 1129 byte[] source, 1130 int length, 1131 long sinkBioRef, 1132 SSLHandshakeCallbacks shc) 1133 throws IOException; 1134 1135 public static native void SSL_interrupt(long sslNativePointer); 1136 public static native void SSL_shutdown(long sslNativePointer, 1137 FileDescriptor fd, 1138 SSLHandshakeCallbacks shc) throws IOException; 1139 1140 public static native void SSL_shutdown_BIO(long sslNativePointer, 1141 long sourceBioRef, long sinkBioRef, 1142 SSLHandshakeCallbacks shc) throws IOException; 1143 1144 public static native int SSL_get_shutdown(long sslNativePointer); 1145 1146 public static native void SSL_free(long sslNativePointer); 1147 1148 public static native byte[] SSL_SESSION_session_id(long sslSessionNativePointer); 1149 1150 public static native long SSL_SESSION_get_time(long sslSessionNativePointer); 1151 1152 public static native String SSL_SESSION_get_version(long sslSessionNativePointer); 1153 1154 public static native String SSL_SESSION_cipher(long sslSessionNativePointer); 1155 1156 public static native void SSL_SESSION_free(long sslSessionNativePointer); 1157 1158 public static native byte[] i2d_SSL_SESSION(long sslSessionNativePointer); 1159 1160 public static native long d2i_SSL_SESSION(byte[] data); 1161 1162 /** 1163 * A collection of callbacks from the native OpenSSL code that are 1164 * related to the SSL handshake initiated by SSL_do_handshake. 1165 */ 1166 public interface SSLHandshakeCallbacks { 1167 /** 1168 * Verify that we trust the certificate chain is trusted. 1169 * 1170 * @param sslSessionNativePtr pointer to a reference of the SSL_SESSION 1171 * @param certificateChainRefs chain of X.509 certificate references 1172 * @param authMethod auth algorithm name 1173 * 1174 * @throws CertificateException if the certificate is untrusted 1175 */ 1176 public void verifyCertificateChain(long sslSessionNativePtr, long[] certificateChainRefs, 1177 String authMethod) throws CertificateException; 1178 1179 /** 1180 * Called on an SSL client when the server requests (or 1181 * requires a certificate). The client can respond by using 1182 * SSL_use_certificate and SSL_use_PrivateKey to set a 1183 * certificate if has an appropriate one available, similar to 1184 * how the server provides its certificate. 1185 * 1186 * @param keyTypes key types supported by the server, 1187 * convertible to strings with #keyType 1188 * @param asn1DerEncodedX500Principals CAs known to the server 1189 */ 1190 public void clientCertificateRequested(byte[] keyTypes, 1191 byte[][] asn1DerEncodedX500Principals) 1192 throws CertificateEncodingException, SSLException; 1193 1194 /** 1195 * Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key 1196 * exchange. 1197 * 1198 * @param identityHint PSK identity hint provided by the server or {@code null} if no hint 1199 * provided. 1200 * @param identity buffer to be populated with PSK identity (NULL-terminated modified UTF-8) 1201 * by this method. This identity will be provided to the server. 1202 * @param key buffer to be populated with key material by this method. 1203 * 1204 * @return number of bytes this method stored in the {@code key} buffer or {@code 0} if an 1205 * error occurred in which case the handshake will be aborted. 1206 */ 1207 public int clientPSKKeyRequested(String identityHint, byte[] identity, byte[] key); 1208 1209 /** 1210 * Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key 1211 * exchange. 1212 * 1213 * @param identityHint PSK identity hint provided by this server to the client or 1214 * {@code null} if no hint was provided. 1215 * @param identity PSK identity provided by the client. 1216 * @param key buffer to be populated with key material by this method. 1217 * 1218 * @return number of bytes this method stored in the {@code key} buffer or {@code 0} if an 1219 * error occurred in which case the handshake will be aborted. 1220 */ 1221 public int serverPSKKeyRequested(String identityHint, String identity, byte[] key); 1222 1223 /** 1224 * Called when SSL state changes. This could be handshake completion. 1225 */ 1226 public void onSSLStateChange(long sslSessionNativePtr, int type, int val); 1227 } 1228 1229 public static native long ERR_peek_last_error(); 1230 1231 public static native String SSL_CIPHER_get_kx_name(long cipherAddress); 1232 1233 public static native String[] get_cipher_names(String selection); 1234 } 1235
