1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package libcore.java.security; 18 19 import java.security.Security; 20 import java.security.spec.DSAPrivateKeySpec; 21 import java.security.spec.DSAPublicKeySpec; 22 import java.security.spec.ECPrivateKeySpec; 23 import java.security.spec.ECPublicKeySpec; 24 import java.security.spec.KeySpec; 25 import java.security.spec.RSAPrivateCrtKeySpec; 26 import java.security.spec.RSAPublicKeySpec; 27 import java.util.ArrayList; 28 import java.util.Arrays; 29 import java.util.Collections; 30 import java.util.HashMap; 31 import java.util.HashSet; 32 import java.util.LinkedHashSet; 33 import java.util.List; 34 import java.util.Locale; 35 import java.util.Map; 36 import java.util.Set; 37 import javax.crypto.spec.DHPrivateKeySpec; 38 import javax.crypto.spec.DHPublicKeySpec; 39 import junit.framework.Assert; 40 41 /** 42 * This class defines expected string names for protocols, key types, 43 * client and server auth types, cipher suites. 44 * 45 * Initially based on "Appendix A: Standard Names" of 46 * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA"> 47 * Java ™ Secure Socket Extension (JSSE) Reference Guide 48 * for the Java ™ 2 Platform Standard Edition 5 49 * </a>. 50 * 51 * Updated based on the 52 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html"> 53 * Java ™ Cryptography Architecture Oracle Providers Documentation 54 * for Java ™ Platform Standard Edition 7 55 * </a>. 56 * See also the 57 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html"> 58 * Java ™ Cryptography Architecture Standard Algorithm Name Documentation 59 * </a>. 60 * 61 * Further updates based on the 62 * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html"> 63 * Java ™ PKCS#11 Reference Guide 64 * </a>. 65 */ 66 public final class StandardNames extends Assert { 67 68 public static final boolean IS_RI 69 = !"Dalvik Core Library".equals(System.getProperty("java.specification.name")); 70 public static final String JSSE_PROVIDER_NAME = (IS_RI) ? "SunJSSE" : "AndroidOpenSSL"; 71 public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC"; 72 73 public static final String KEY_MANAGER_FACTORY_DEFAULT = (IS_RI) ? "SunX509" : "PKIX"; 74 public static final String TRUST_MANAGER_FACTORY_DEFAULT = "PKIX"; 75 76 public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS"; 77 78 /** 79 * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 80 */ 81 public static final String CIPHER_SUITE_SECURE_RENEGOTIATION 82 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 83 84 /** 85 * From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it is a 86 * signaling cipher suite value (SCSV) to indicate that this request is a 87 * protocol fallback (e.g., TLS 1.0 -> SSL 3.0) because the server didn't respond 88 * to the first request. 89 */ 90 public static final String CIPHER_SUITE_FALLBACK = "TLS_FALLBACK_SCSV"; 91 92 /** 93 * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...) 94 */ 95 public static final Map<String,Set<String>> PROVIDER_ALGORITHMS 96 = new HashMap<String,Set<String>>(); 97 98 public static final Map<String,Set<String>> CIPHER_MODES 99 = new HashMap<String,Set<String>>(); 100 101 public static final Map<String,Set<String>> CIPHER_PADDINGS 102 = new HashMap<String,Set<String>>(); 103 104 private static final Map<String, String[]> SSL_CONTEXT_PROTOCOLS_ENABLED 105 = new HashMap<String,String[]>(); 106 107 private static void provide(String type, String algorithm) { 108 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 109 if (algorithms == null) { 110 algorithms = new HashSet(); 111 PROVIDER_ALGORITHMS.put(type, algorithms); 112 } 113 assertTrue("Duplicate " + type + " " + algorithm, 114 algorithms.add(algorithm.toUpperCase(Locale.ROOT))); 115 } 116 private static void unprovide(String type, String algorithm) { 117 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 118 assertNotNull(algorithms); 119 assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT))); 120 if (algorithms.isEmpty()) { 121 assertNotNull(PROVIDER_ALGORITHMS.remove(type)); 122 } 123 } 124 private static void provideCipherModes(String algorithm, String newModes[]) { 125 Set<String> modes = CIPHER_MODES.get(algorithm); 126 if (modes == null) { 127 modes = new HashSet<String>(); 128 CIPHER_MODES.put(algorithm, modes); 129 } 130 modes.addAll(Arrays.asList(newModes)); 131 } 132 private static void provideCipherPaddings(String algorithm, String newPaddings[]) { 133 Set<String> paddings = CIPHER_PADDINGS.get(algorithm); 134 if (paddings == null) { 135 paddings = new HashSet<String>(); 136 CIPHER_PADDINGS.put(algorithm, paddings); 137 } 138 paddings.addAll(Arrays.asList(newPaddings)); 139 } 140 private static void provideSslContextEnabledProtocols(String algorithm, TLSVersion minimum, 141 TLSVersion maximum) { 142 if (minimum.ordinal() > maximum.ordinal()) { 143 throw new RuntimeException("TLS version: minimum > maximum"); 144 } 145 int versionsLength = maximum.ordinal() - minimum.ordinal() + 1; 146 String[] versionNames = new String[versionsLength]; 147 for (int i = 0; i < versionsLength; i++) { 148 versionNames[i] = TLSVersion.values()[i + minimum.ordinal()].name; 149 } 150 SSL_CONTEXT_PROTOCOLS_ENABLED.put(algorithm, versionNames); 151 } 152 static { 153 provide("AlgorithmParameterGenerator", "DSA"); 154 provide("AlgorithmParameterGenerator", "DiffieHellman"); 155 provide("AlgorithmParameters", "AES"); 156 provide("AlgorithmParameters", "Blowfish"); 157 provide("AlgorithmParameters", "DES"); 158 provide("AlgorithmParameters", "DESede"); 159 provide("AlgorithmParameters", "DSA"); 160 provide("AlgorithmParameters", "DiffieHellman"); 161 provide("AlgorithmParameters", "GCM"); 162 provide("AlgorithmParameters", "OAEP"); 163 provide("AlgorithmParameters", "PBEWithMD5AndDES"); 164 provide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 165 provide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 166 provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 167 provide("AlgorithmParameters", "PSS"); 168 provide("AlgorithmParameters", "RC2"); 169 provide("CertPathBuilder", "PKIX"); 170 provide("CertPathValidator", "PKIX"); 171 provide("CertStore", "Collection"); 172 provide("CertStore", "LDAP"); 173 provide("CertificateFactory", "X.509"); 174 // TODO: provideCipherModes and provideCipherPaddings for other Ciphers 175 provide("Cipher", "AES"); 176 provideCipherModes("AES", new String[] { "CBC", "CFB", "CTR", "CTS", "ECB", "OFB" }); 177 provideCipherPaddings("AES", new String[] { "NoPadding", "PKCS5Padding" }); 178 provide("Cipher", "AESWrap"); 179 provide("Cipher", "ARCFOUR"); 180 provide("Cipher", "Blowfish"); 181 provide("Cipher", "DES"); 182 provide("Cipher", "DESede"); 183 provide("Cipher", "DESedeWrap"); 184 provide("Cipher", "PBEWithMD5AndDES"); 185 provide("Cipher", "PBEWithMD5AndTripleDES"); 186 provide("Cipher", "PBEWithSHA1AndDESede"); 187 provide("Cipher", "PBEWithSHA1AndRC2_40"); 188 provide("Cipher", "RC2"); 189 provide("Cipher", "RSA"); 190 // TODO: None? 191 provideCipherModes("RSA", new String[] { "ECB" }); 192 // TODO: OAEPPadding 193 provideCipherPaddings("RSA", new String[] { "NoPadding", "PKCS1Padding" }); 194 provide("Configuration", "JavaLoginConfig"); 195 provide("KeyAgreement", "DiffieHellman"); 196 provide("KeyFactory", "DSA"); 197 provide("KeyFactory", "DiffieHellman"); 198 provide("KeyFactory", "RSA"); 199 provide("KeyGenerator", "AES"); 200 provide("KeyGenerator", "ARCFOUR"); 201 provide("KeyGenerator", "Blowfish"); 202 provide("KeyGenerator", "DES"); 203 provide("KeyGenerator", "DESede"); 204 provide("KeyGenerator", "HmacMD5"); 205 provide("KeyGenerator", "HmacSHA1"); 206 provide("KeyGenerator", "HmacSHA224"); 207 provide("KeyGenerator", "HmacSHA256"); 208 provide("KeyGenerator", "HmacSHA384"); 209 provide("KeyGenerator", "HmacSHA512"); 210 provide("KeyGenerator", "RC2"); 211 provide("KeyInfoFactory", "DOM"); 212 provide("KeyManagerFactory", "PKIX"); 213 provide("KeyPairGenerator", "DSA"); 214 provide("KeyPairGenerator", "DiffieHellman"); 215 provide("KeyPairGenerator", "RSA"); 216 provide("KeyStore", "JCEKS"); 217 provide("KeyStore", "JKS"); 218 provide("KeyStore", "PKCS12"); 219 provide("Mac", "HmacMD5"); 220 provide("Mac", "HmacSHA1"); 221 provide("Mac", "HmacSHA224"); 222 provide("Mac", "HmacSHA256"); 223 provide("Mac", "HmacSHA384"); 224 provide("Mac", "HmacSHA512"); 225 // If adding a new MessageDigest, consider adding it to JarVerifier 226 provide("MessageDigest", "MD2"); 227 provide("MessageDigest", "MD5"); 228 provide("MessageDigest", "SHA-224"); 229 provide("MessageDigest", "SHA-256"); 230 provide("MessageDigest", "SHA-384"); 231 provide("MessageDigest", "SHA-512"); 232 provide("Policy", "JavaPolicy"); 233 provide("SSLContext", "SSLv3"); 234 provide("SSLContext", "TLSv1"); 235 provide("SSLContext", "TLSv1.1"); 236 provide("SSLContext", "TLSv1.2"); 237 provide("SecretKeyFactory", "DES"); 238 provide("SecretKeyFactory", "DESede"); 239 provide("SecretKeyFactory", "PBEWithMD5AndDES"); 240 provide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 241 provide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 242 provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 243 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1"); 244 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit"); 245 provide("SecureRandom", "SHA1PRNG"); 246 provide("Signature", "MD2withRSA"); 247 provide("Signature", "MD5withRSA"); 248 provide("Signature", "NONEwithDSA"); 249 provide("Signature", "SHA1withDSA"); 250 provide("Signature", "SHA224withDSA"); 251 provide("Signature", "SHA256withDSA"); 252 provide("Signature", "SHA1withRSA"); 253 provide("Signature", "SHA224withRSA"); 254 provide("Signature", "SHA256withRSA"); 255 provide("Signature", "SHA384withRSA"); 256 provide("Signature", "SHA512withRSA"); 257 provide("TerminalFactory", "PC/SC"); 258 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64"); 259 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); 260 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#"); 261 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"); 262 provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2"); 263 provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116"); 264 provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116"); 265 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); 266 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); 267 provide("TrustManagerFactory", "PKIX"); 268 provide("XMLSignatureFactory", "DOM"); 269 270 // Not clearly documented by RI 271 provide("GssApiMechanism", "1.2.840.113554.1.2.2"); 272 provide("GssApiMechanism", "1.3.6.1.5.5.2"); 273 274 // Not correctly documented by RI which left off the Factory suffix 275 provide("SaslClientFactory", "CRAM-MD5"); 276 provide("SaslClientFactory", "DIGEST-MD5"); 277 provide("SaslClientFactory", "EXTERNAL"); 278 provide("SaslClientFactory", "GSSAPI"); 279 provide("SaslClientFactory", "PLAIN"); 280 provide("SaslServerFactory", "CRAM-MD5"); 281 provide("SaslServerFactory", "DIGEST-MD5"); 282 provide("SaslServerFactory", "GSSAPI"); 283 284 // Documentation seems to list alias instead of actual name 285 // provide("MessageDigest", "SHA-1"); 286 provide("MessageDigest", "SHA"); 287 288 // Mentioned in javadoc, not documentation 289 provide("SSLContext", "Default"); 290 291 // Not documented as in RI 6 but mentioned in Standard Names 292 provide("AlgorithmParameters", "PBE"); 293 provide("SSLContext", "SSL"); 294 provide("SSLContext", "TLS"); 295 296 // Not documented as in RI 6 but that exist in RI 6 297 if (IS_RI) { 298 provide("CertStore", "com.sun.security.IndexedCollection"); 299 provide("KeyGenerator", "SunTlsKeyMaterial"); 300 provide("KeyGenerator", "SunTlsMasterSecret"); 301 provide("KeyGenerator", "SunTlsPrf"); 302 provide("KeyGenerator", "SunTlsRsaPremasterSecret"); 303 provide("KeyStore", "CaseExactJKS"); 304 provide("Mac", "HmacPBESHA1"); 305 provide("Mac", "SslMacMD5"); 306 provide("Mac", "SslMacSHA1"); 307 provide("SecureRandom", "NativePRNG"); 308 provide("Signature", "MD5andSHA1withRSA"); 309 provide("TrustManagerFactory", "SunX509"); 310 } 311 312 // Only available with the SunPKCS11-NSS provider, 313 // which seems to be enabled in OpenJDK 6 but not Oracle Java 6 314 if (Security.getProvider("SunPKCS11-NSS") != null) { 315 provide("Cipher", "AES/CBC/NOPADDING"); 316 provide("Cipher", "DES/CBC/NOPADDING"); 317 provide("Cipher", "DESEDE/CBC/NOPADDING"); 318 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 319 provide("KeyAgreement", "DH"); 320 provide("KeyFactory", "DH"); 321 provide("KeyPairGenerator", "DH"); 322 provide("KeyStore", "PKCS11"); 323 provide("MessageDigest", "SHA1"); 324 provide("SecretKeyFactory", "AES"); 325 provide("SecretKeyFactory", "ARCFOUR"); 326 provide("SecureRandom", "PKCS11"); 327 provide("Signature", "DSA"); 328 provide("Signature", "RAWDSA"); 329 } 330 331 if (Security.getProvider("SunPKCS11-NSS") != null || 332 Security.getProvider("SunEC") != null) { 333 provide("AlgorithmParameters", "EC"); 334 provide("KeyAgreement", "ECDH"); 335 provide("KeyFactory", "EC"); 336 provide("KeyPairGenerator", "EC"); 337 provide("Signature", "NONEWITHECDSA"); 338 provide("Signature", "SHA1WITHECDSA"); 339 provide("Signature", "SHA224WITHECDSA"); 340 provide("Signature", "SHA256WITHECDSA"); 341 provide("Signature", "SHA384WITHECDSA"); 342 provide("Signature", "SHA512WITHECDSA"); 343 } 344 345 // Documented as Standard Names, but do not exit in RI 6 346 if (IS_RI) { 347 unprovide("SSLContext", "TLSv1.1"); 348 unprovide("SSLContext", "TLSv1.2"); 349 } 350 351 // Fixups for the RI 352 if (IS_RI) { 353 // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or NewSunX509 354 unprovide("KeyManagerFactory", "PKIX"); 355 provide("KeyManagerFactory", "SunX509"); 356 provide("KeyManagerFactory", "NewSunX509"); 357 } 358 359 // Fixups for dalvik 360 if (!IS_RI) { 361 362 // whole types that we do not provide 363 PROVIDER_ALGORITHMS.remove("Configuration"); 364 PROVIDER_ALGORITHMS.remove("GssApiMechanism"); 365 PROVIDER_ALGORITHMS.remove("KeyInfoFactory"); 366 PROVIDER_ALGORITHMS.remove("Policy"); 367 PROVIDER_ALGORITHMS.remove("SaslClientFactory"); 368 PROVIDER_ALGORITHMS.remove("SaslServerFactory"); 369 PROVIDER_ALGORITHMS.remove("TerminalFactory"); 370 PROVIDER_ALGORITHMS.remove("TransformService"); 371 PROVIDER_ALGORITHMS.remove("XMLSignatureFactory"); 372 373 // different names Diffie-Hellman vs DH 374 unprovide("AlgorithmParameterGenerator", "DiffieHellman"); 375 provide("AlgorithmParameterGenerator", "DH"); 376 unprovide("AlgorithmParameters", "DiffieHellman"); 377 provide("AlgorithmParameters", "DH"); 378 unprovide("KeyAgreement", "DiffieHellman"); 379 provide("KeyAgreement", "DH"); 380 unprovide("KeyFactory", "DiffieHellman"); 381 provide("KeyFactory", "DH"); 382 unprovide("KeyPairGenerator", "DiffieHellman"); 383 provide("KeyPairGenerator", "DH"); 384 385 // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC 386 unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 387 unprovide("Cipher", "PBEWithSHA1AndDESede"); 388 unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 389 provide("AlgorithmParameters", "PKCS12PBE"); 390 provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 391 provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 392 393 // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA 394 unprovide("MessageDigest", "SHA"); 395 provide("MessageDigest", "SHA-1"); 396 397 // Added to support Android KeyStore operations 398 provide("Signature", "NONEwithRSA"); 399 provide("Cipher", "RSA/ECB/NOPADDING"); 400 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 401 provide("Cipher", "RSA/ECB/OAEPPadding"); 402 provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 403 provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding"); 404 provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 405 provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding"); 406 provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 407 provide("SecretKeyFactory", "AES"); 408 provide("SecretKeyFactory", "HmacSHA1"); 409 provide("SecretKeyFactory", "HmacSHA224"); 410 provide("SecretKeyFactory", "HmacSHA256"); 411 provide("SecretKeyFactory", "HmacSHA384"); 412 provide("SecretKeyFactory", "HmacSHA512"); 413 provide("Signature", "SHA1withRSA/PSS"); 414 provide("Signature", "SHA224withRSA/PSS"); 415 provide("Signature", "SHA256withRSA/PSS"); 416 provide("Signature", "SHA384withRSA/PSS"); 417 provide("Signature", "SHA512withRSA/PSS"); 418 419 // different names: ARCFOUR vs ARC4 420 unprovide("Cipher", "ARCFOUR"); 421 provide("Cipher", "ARC4"); 422 unprovide("KeyGenerator", "ARCFOUR"); 423 provide("KeyGenerator", "ARC4"); 424 425 // different case names: Blowfish vs BLOWFISH 426 unprovide("AlgorithmParameters", "Blowfish"); 427 provide("AlgorithmParameters", "BLOWFISH"); 428 unprovide("Cipher", "Blowfish"); 429 provide("Cipher", "BLOWFISH"); 430 unprovide("KeyGenerator", "Blowfish"); 431 provide("KeyGenerator", "BLOWFISH"); 432 433 // Harmony has X.509, BouncyCastle X509 434 // TODO remove one, probably Harmony's 435 provide("CertificateFactory", "X509"); 436 437 // not just different names, but different binary formats 438 unprovide("KeyStore", "JKS"); 439 provide("KeyStore", "BKS"); 440 unprovide("KeyStore", "JCEKS"); 441 provide("KeyStore", "BouncyCastle"); 442 443 // Noise to support KeyStore.PKCS12 444 provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 445 provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 446 provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 447 provide("Cipher", "PBEWITHMD5ANDRC2"); 448 provide("Cipher", "PBEWITHSHA1ANDDES"); 449 provide("Cipher", "PBEWITHSHA1ANDRC2"); 450 provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC"); 451 provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC"); 452 provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC"); 453 provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC"); 454 provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC"); 455 provide("Cipher", "PBEWITHSHAAND128BITRC4"); 456 provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC"); 457 provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 458 provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC"); 459 provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC"); 460 provide("Cipher", "PBEWITHSHAAND40BITRC4"); 461 provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC"); 462 provide("Mac", "PBEWITHHMACSHA"); 463 provide("Mac", "PBEWITHHMACSHA1"); 464 provide("SecretKeyFactory", "PBEWITHHMACSHA1"); 465 provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 466 provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 467 provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 468 provide("SecretKeyFactory", "PBEWITHMD5ANDRC2"); 469 provide("SecretKeyFactory", "PBEWITHSHA1ANDDES"); 470 provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2"); 471 provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC"); 472 provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC"); 473 provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC"); 474 provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC"); 475 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC"); 476 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4"); 477 provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC"); 478 provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 479 provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC"); 480 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC"); 481 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4"); 482 provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC"); 483 484 // Needed by our OpenSSL provider 485 provide("Cipher", "AES/CBC/NOPADDING"); 486 provide("Cipher", "AES/CBC/PKCS5PADDING"); 487 provide("Cipher", "AES/CBC/PKCS7PADDING"); 488 provide("Cipher", "AES/CFB/NOPADDING"); 489 provide("Cipher", "AES/CFB/PKCS5PADDING"); 490 provide("Cipher", "AES/CFB/PKCS7PADDING"); 491 provide("Cipher", "AES/CTR/NOPADDING"); 492 provide("Cipher", "AES/CTR/PKCS5PADDING"); 493 provide("Cipher", "AES/CTR/PKCS7PADDING"); 494 provide("Cipher", "AES/ECB/NOPADDING"); 495 provide("Cipher", "AES/ECB/PKCS5PADDING"); 496 provide("Cipher", "AES/ECB/PKCS7PADDING"); 497 provide("Cipher", "AES/GCM/NOPADDING"); 498 provide("Cipher", "AES/OFB/NOPADDING"); 499 provide("Cipher", "AES/OFB/PKCS5PADDING"); 500 provide("Cipher", "AES/OFB/PKCS7PADDING"); 501 provide("Cipher", "DESEDE/CBC/NOPADDING"); 502 provide("Cipher", "DESEDE/CBC/PKCS5PADDING"); 503 provide("Cipher", "DESEDE/CBC/PKCS7PADDING"); 504 provide("Cipher", "DESEDE/CFB/NOPADDING"); 505 provide("Cipher", "DESEDE/CFB/PKCS5PADDING"); 506 provide("Cipher", "DESEDE/CFB/PKCS7PADDING"); 507 provide("Cipher", "DESEDE/ECB/NOPADDING"); 508 provide("Cipher", "DESEDE/ECB/PKCS5PADDING"); 509 provide("Cipher", "DESEDE/ECB/PKCS7PADDING"); 510 provide("Cipher", "DESEDE/OFB/NOPADDING"); 511 provide("Cipher", "DESEDE/OFB/PKCS5PADDING"); 512 provide("Cipher", "DESEDE/OFB/PKCS7PADDING"); 513 514 // Provided by our OpenSSL provider 515 provideCipherPaddings("AES", new String[] { "PKCS7Padding" }); 516 517 // removed LDAP 518 unprovide("CertStore", "LDAP"); 519 520 // removed MD2 521 unprovide("MessageDigest", "MD2"); 522 unprovide("Signature", "MD2withRSA"); 523 524 // removed RC2 525 // NOTE the implementation remains to support PKCS12 keystores 526 unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 527 unprovide("AlgorithmParameters", "RC2"); 528 unprovide("Cipher", "PBEWithSHA1AndRC2_40"); 529 unprovide("Cipher", "RC2"); 530 unprovide("KeyGenerator", "RC2"); 531 unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 532 533 // PBEWithMD5AndTripleDES is Sun proprietary 534 unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 535 unprovide("Cipher", "PBEWithMD5AndTripleDES"); 536 unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 537 538 // missing from Bouncy Castle 539 // Standard Names document says to use specific PBEWith*And* 540 unprovide("AlgorithmParameters", "PBE"); 541 542 // missing from Bouncy Castle 543 // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters 544 // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead 545 unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3 546 547 // EC support 548 // provide("AlgorithmParameters", "EC"); 549 provide("KeyAgreement", "ECDH"); 550 provide("KeyFactory", "EC"); 551 provide("KeyPairGenerator", "EC"); 552 provide("Signature", "NONEWITHECDSA"); 553 provide("Signature", "SHA1WITHECDSA"); 554 provide("Signature", "SHA224WITHECDSA"); 555 provide("Signature", "SHA256WITHECDSA"); 556 provide("Signature", "SHA384WITHECDSA"); 557 provide("Signature", "SHA512WITHECDSA"); 558 559 // Android's CA store 560 provide("KeyStore", "AndroidCAStore"); 561 562 // Android's KeyStore provider 563 if (Security.getProvider("AndroidKeyStore") != null) { 564 provide("KeyStore", "AndroidKeyStore"); 565 } 566 567 // TimaKeyStore provider 568 if (Security.getProvider("TimaKeyStore") != null) { 569 provide("KeyStore", "TimaKeyStore"); 570 } 571 572 } 573 574 if (IS_RI) { 575 provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv1); 576 provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv1); 577 provideSslContextEnabledProtocols("TLS", TLSVersion.SSLv3, TLSVersion.TLSv1); 578 provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv1); 579 provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv11); 580 provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12); 581 provideSslContextEnabledProtocols("Default", TLSVersion.SSLv3, TLSVersion.TLSv1); 582 } else { 583 provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv12); 584 provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv12); 585 provideSslContextEnabledProtocols("TLS", TLSVersion.TLSv1, TLSVersion.TLSv12); 586 provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12); 587 provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12); 588 provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12); 589 provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12); 590 } 591 } 592 593 public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default"; 594 public static final Set<String> SSL_CONTEXT_PROTOCOLS = new HashSet<String>(Arrays.asList( 595 SSL_CONTEXT_PROTOCOLS_DEFAULT, 596 "SSL", 597 // "SSLv2", 598 "SSLv3", 599 "TLS", 600 "TLSv1", 601 "TLSv1.1", 602 "TLSv1.2")); 603 public static final String SSL_CONTEXT_PROTOCOL_DEFAULT = "TLS"; 604 605 public static final Set<String> KEY_TYPES = new HashSet<String>(Arrays.asList( 606 "RSA", 607 "DSA", 608 "DH_RSA", 609 "DH_DSA", 610 "EC", 611 "EC_EC", 612 "EC_RSA")); 613 static { 614 if (IS_RI) { 615 // DH_* are specified by standard names, but do not seem to be supported by RI 616 KEY_TYPES.remove("DH_RSA"); 617 KEY_TYPES.remove("DH_DSA"); 618 } 619 } 620 621 public static final Set<String> SSL_SOCKET_PROTOCOLS = new HashSet<String>(Arrays.asList( 622 // "SSLv2", 623 "SSLv3", 624 "TLSv1", 625 "TLSv1.1", 626 "TLSv1.2")); 627 public static final Set<String> SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT = 628 new HashSet<String>(Arrays.asList( 629 "TLSv1", 630 "TLSv1.1", 631 "TLSv1.2")); 632 public static final Set<String> SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT = 633 new HashSet<String>(Arrays.asList( 634 "TLSv1", 635 "TLSv1.1", 636 "TLSv1.2")); 637 static { 638 if (IS_RI) { 639 /* Even though we use OpenSSL's SSLv23_method which 640 * supports sending SSLv2 client hello messages, the 641 * OpenSSL implementation in s23_client_hello disables 642 * this if SSL_OP_NO_SSLv2 is specified, which we always 643 * do to disable general use of SSLv2. 644 */ 645 SSL_SOCKET_PROTOCOLS.add("SSLv2Hello"); 646 647 /* The RI still has SSLv3 as a default protocol. */ 648 SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT.add("SSLv3"); 649 SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT.add("SSLv3"); 650 } 651 } 652 653 private static enum TLSVersion { 654 SSLv3("SSLv3"), 655 TLSv1("TLSv1"), 656 TLSv11("TLSv1.1"), 657 TLSv12("TLSv1.2"); 658 659 private final String name; 660 661 TLSVersion(String name) { 662 this.name = name; 663 } 664 }; 665 666 /** 667 * Valid values for X509TrustManager.checkClientTrusted authType, 668 * either the algorithm of the public key or UNKNOWN. 669 */ 670 public static final Set<String> CLIENT_AUTH_TYPES = new HashSet<String>(Arrays.asList( 671 "RSA", 672 "DSA", 673 "EC", 674 "UNKNOWN")); 675 676 /** 677 * Valid values for X509TrustManager.checkServerTrusted authType, 678 * either key exchange algorithm part of the cipher suite 679 * or UNKNOWN. 680 */ 681 public static final Set<String> SERVER_AUTH_TYPES = new HashSet<String>(Arrays.asList( 682 "DHE_DSS", 683 "DHE_DSS_EXPORT", 684 "DHE_RSA", 685 "DHE_RSA_EXPORT", 686 "DH_DSS_EXPORT", 687 "DH_RSA_EXPORT", 688 "DH_anon", 689 "DH_anon_EXPORT", 690 "KRB5", 691 "KRB5_EXPORT", 692 "RSA", 693 "RSA_EXPORT", 694 "RSA_EXPORT1024", 695 "ECDH_ECDSA", 696 "ECDH_RSA", 697 "ECDHE_ECDSA", 698 "ECDHE_RSA", 699 "UNKNOWN")); 700 701 public static final String CIPHER_SUITE_INVALID = "SSL_NULL_WITH_NULL_NULL"; 702 703 public static final Set<String> CIPHER_SUITES_NEITHER = new HashSet<String>(); 704 705 public static final Set<String> CIPHER_SUITES_RI = new LinkedHashSet<String>(); 706 public static final Set<String> CIPHER_SUITES_OPENSSL = new LinkedHashSet<String>(); 707 708 public static final Set<String> CIPHER_SUITES; 709 710 private static final void addRi(String cipherSuite) { 711 CIPHER_SUITES_RI.add(cipherSuite); 712 } 713 714 private static final void addOpenSsl(String cipherSuite) { 715 CIPHER_SUITES_OPENSSL.add(cipherSuite); 716 } 717 718 private static final void addBoth(String cipherSuite) { 719 addRi(cipherSuite); 720 addOpenSsl(cipherSuite); 721 } 722 723 private static final void addNeither(String cipherSuite) { 724 CIPHER_SUITES_NEITHER.add(cipherSuite); 725 } 726 727 static { 728 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 729 // javax.net.ssl.SSLEngine. 730 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 731 addBoth( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 732 addBoth( "TLS_RSA_WITH_AES_256_CBC_SHA"); 733 addBoth( "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"); 734 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 735 addBoth( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 736 addBoth( "TLS_RSA_WITH_AES_128_CBC_SHA"); 737 addBoth( "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"); 738 addBoth( "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); 739 addBoth( "TLS_ECDHE_RSA_WITH_RC4_128_SHA"); 740 addBoth( "SSL_RSA_WITH_RC4_128_SHA"); 741 addBoth( "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 742 addBoth( "SSL_RSA_WITH_RC4_128_MD5"); 743 744 // TLSv1.2 cipher suites 745 addBoth( "TLS_RSA_WITH_AES_128_CBC_SHA256"); 746 addBoth( "TLS_RSA_WITH_AES_256_CBC_SHA256"); 747 addOpenSsl("TLS_RSA_WITH_AES_128_GCM_SHA256"); 748 addOpenSsl("TLS_RSA_WITH_AES_256_GCM_SHA384"); 749 addBoth( "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"); 750 addBoth( "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"); 751 addOpenSsl("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"); 752 addOpenSsl("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"); 753 addBoth( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 754 addBoth( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 755 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); 756 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); 757 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 758 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 759 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); 760 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); 761 addOpenSsl("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); 762 addOpenSsl("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); 763 764 // Pre-Shared Key (PSK) cipher suites 765 addOpenSsl("TLS_PSK_WITH_RC4_128_SHA"); 766 addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA"); 767 addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA"); 768 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); 769 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); 770 addOpenSsl("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"); 771 772 // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 773 addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION); 774 775 // From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 to indicate 776 // TLS fallback request 777 addOpenSsl(CIPHER_SUITE_FALLBACK); 778 779 // non-defaultCipherSuites 780 781 // Android does not have Kerberos support 782 addRi( "TLS_KRB5_WITH_RC4_128_SHA"); 783 addRi( "TLS_KRB5_WITH_RC4_128_MD5"); 784 addRi( "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); 785 addRi( "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); 786 addRi( "TLS_KRB5_WITH_DES_CBC_SHA"); 787 addRi( "TLS_KRB5_WITH_DES_CBC_MD5"); 788 addRi( "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); 789 addRi( "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); 790 addRi( "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); 791 addRi( "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); 792 793 // Android does not have DSS support 794 addRi( "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); 795 addRi( "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); 796 addRi( "SSL_DHE_DSS_WITH_DES_CBC_SHA"); 797 addRi( "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); 798 addRi( "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); 799 addNeither("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"); 800 addRi( "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); 801 addRi( "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"); 802 addNeither("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"); 803 804 // Dropped 805 addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"); 806 addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"); 807 addRi( "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"); 808 addRi( "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); 809 addRi( "SSL_DHE_RSA_WITH_DES_CBC_SHA"); 810 addRi( "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 811 addRi( "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); 812 addRi( "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 813 addRi( "SSL_DH_anon_WITH_DES_CBC_SHA"); 814 addRi( "SSL_DH_anon_WITH_RC4_128_MD5"); 815 addRi( "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 816 addRi( "SSL_RSA_EXPORT_WITH_RC4_40_MD5"); 817 addRi( "SSL_RSA_WITH_DES_CBC_SHA"); 818 addRi( "SSL_RSA_WITH_NULL_MD5"); 819 addRi( "SSL_RSA_WITH_NULL_SHA"); 820 addRi( "TLS_DH_anon_WITH_AES_128_CBC_SHA"); 821 addRi( "TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 822 addNeither("TLS_DH_anon_WITH_AES_128_GCM_SHA256"); 823 addRi( "TLS_DH_anon_WITH_AES_256_CBC_SHA"); 824 addRi( "TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 825 addNeither("TLS_DH_anon_WITH_AES_256_GCM_SHA384"); 826 addRi( "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 827 addRi( "TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 828 addRi( "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 829 addRi( "TLS_ECDHE_RSA_WITH_NULL_SHA"); 830 addRi( "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 831 addRi( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 832 addRi( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 833 addNeither("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); 834 addRi( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 835 addRi( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 836 addNeither("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); 837 addRi( "TLS_ECDH_ECDSA_WITH_NULL_SHA"); 838 addRi( "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); 839 addRi( "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 840 addRi( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 841 addRi( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 842 addNeither("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); 843 addRi( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 844 addRi( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 845 addNeither("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); 846 addRi( "TLS_ECDH_RSA_WITH_NULL_SHA"); 847 addRi( "TLS_ECDH_RSA_WITH_RC4_128_SHA"); 848 addRi( "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 849 addRi( "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 850 addRi( "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 851 addRi( "TLS_ECDH_anon_WITH_NULL_SHA"); 852 addRi( "TLS_ECDH_anon_WITH_RC4_128_SHA"); 853 addNeither("TLS_PSK_WITH_3DES_EDE_CBC_SHA"); 854 addRi( "TLS_RSA_WITH_NULL_SHA256"); 855 856 // Old non standard exportable encryption 857 addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"); 858 addNeither("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"); 859 860 // No RC2 861 addNeither("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); 862 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); 863 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); 864 865 CIPHER_SUITES = (IS_RI) ? CIPHER_SUITES_RI : CIPHER_SUITES_OPENSSL; 866 } 867 868 /** 869 * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI. 870 */ 871 public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 = 872 Arrays.asList( 873 "SSL_RSA_WITH_DES_CBC_SHA", 874 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 875 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 876 "SSL_DH_anon_WITH_DES_CBC_SHA", 877 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 878 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 879 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 880 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 881 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 882 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA" 883 ); 884 885 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 886 // javax.net.ssl.SSLEngine. 887 private static final List<String> CIPHER_SUITES_ANDROID_AES_HARDWARE = Arrays.asList( 888 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 889 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 890 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 891 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 892 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 893 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 894 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 895 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 896 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 897 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 898 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 899 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 900 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 901 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 902 "TLS_RSA_WITH_AES_128_GCM_SHA256", 903 "TLS_RSA_WITH_AES_256_GCM_SHA384", 904 "TLS_RSA_WITH_AES_128_CBC_SHA", 905 "TLS_RSA_WITH_AES_256_CBC_SHA", 906 CIPHER_SUITE_SECURE_RENEGOTIATION 907 ); 908 909 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 910 // javax.net.ssl.SSLEngine. 911 private static final List<String> CIPHER_SUITES_ANDROID_SOFTWARE = Arrays.asList( 912 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 913 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 914 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 915 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 916 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 917 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 918 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 919 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 920 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 921 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 922 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 923 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 924 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 925 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 926 "TLS_RSA_WITH_AES_128_GCM_SHA256", 927 "TLS_RSA_WITH_AES_256_GCM_SHA384", 928 "TLS_RSA_WITH_AES_128_CBC_SHA", 929 "TLS_RSA_WITH_AES_256_CBC_SHA", 930 CIPHER_SUITE_SECURE_RENEGOTIATION 931 ); 932 933 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 934 // javax.net.ssl.SSLEngine. 935 public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI) 936 ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 937 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 938 "TLS_RSA_WITH_AES_256_CBC_SHA256", 939 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 940 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 941 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 942 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 943 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 944 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 945 "TLS_RSA_WITH_AES_256_CBC_SHA", 946 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 947 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 948 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 949 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 950 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 951 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 952 "TLS_RSA_WITH_AES_128_CBC_SHA256", 953 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 954 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 955 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 956 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 957 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 958 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 959 "TLS_RSA_WITH_AES_128_CBC_SHA", 960 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 961 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 962 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 963 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 964 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 965 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 966 "SSL_RSA_WITH_RC4_128_SHA", 967 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 968 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 969 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 970 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 971 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 972 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 973 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 974 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 975 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 976 "SSL_RSA_WITH_RC4_128_MD5", 977 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV") 978 : CpuFeatures.isAESHardwareAccelerated() ? CIPHER_SUITES_ANDROID_AES_HARDWARE 979 : CIPHER_SUITES_ANDROID_SOFTWARE; 980 981 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 982 // javax.net.ssl.SSLEngine. 983 public static final List<String> CIPHER_SUITES_DEFAULT_PSK = Arrays.asList( 984 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 985 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 986 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 987 "TLS_PSK_WITH_AES_128_CBC_SHA", 988 "TLS_PSK_WITH_AES_256_CBC_SHA" 989 ); 990 991 private static final Set<String> PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = 992 new HashSet<String>(Arrays.asList("RSA", 993 "DHE_RSA", 994 "DHE_DSS", 995 "ECDHE_RSA", 996 "ECDHE_ECDSA")); 997 998 private static final Set<String> PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS = 999 new HashSet<String>(Arrays.asList("AES_128_CBC", 1000 "AES_256_CBC", 1001 "AES_128_GCM", 1002 "AES_256_GCM", 1003 "CHACHA20_POLY1305")); 1004 1005 private static final Set<String> PERMITTED_DEFAULT_MACS = 1006 new HashSet<String>(Arrays.asList("SHA", 1007 "SHA256", 1008 "SHA384")); 1009 1010 public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES; 1011 public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES; 1012 public static final Map<String, Integer> MINIMUM_KEY_SIZE; 1013 static { 1014 PRIVATE_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 1015 PUBLIC_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 1016 MINIMUM_KEY_SIZE = new HashMap<String, Integer>(); 1017 PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class); 1018 PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class); 1019 MINIMUM_KEY_SIZE.put("RSA", 512); 1020 PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class); 1021 PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class); 1022 MINIMUM_KEY_SIZE.put("DSA", 512); 1023 PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class); 1024 PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class); 1025 MINIMUM_KEY_SIZE.put("DH", 256); 1026 PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class); 1027 PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class); 1028 MINIMUM_KEY_SIZE.put("EC", 256); 1029 } 1030 1031 public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) { 1032 return PRIVATE_KEY_SPEC_CLASSES.get(algName); 1033 } 1034 1035 public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) { 1036 return PUBLIC_KEY_SPEC_CLASSES.get(algName); 1037 } 1038 1039 public static int getMinimumKeySize(String algName) { 1040 return MINIMUM_KEY_SIZE.get(algName); 1041 } 1042 1043 /** 1044 * Asserts that the cipher suites array is non-null and that it 1045 * all of its contents are cipher suites known to this 1046 * implementation. As a convenience, returns any unenabled cipher 1047 * suites in a test for those that want to verify separately that 1048 * all cipher suites were included. 1049 */ 1050 private static Set<String> assertValidCipherSuites( 1051 Set<String> expected, String[] cipherSuites) { 1052 assertNotNull(cipherSuites); 1053 assertTrue(cipherSuites.length != 0); 1054 1055 // Make sure all cipherSuites names are expected 1056 Set remainingCipherSuites = new HashSet<String>(expected); 1057 Set unknownCipherSuites = new HashSet<String>(); 1058 for (String cipherSuite : cipherSuites) { 1059 boolean removed = remainingCipherSuites.remove(cipherSuite); 1060 if (!removed) { 1061 unknownCipherSuites.add(cipherSuite); 1062 } 1063 } 1064 assertEquals("Unknown cipher suites", Collections.EMPTY_SET, unknownCipherSuites); 1065 return remainingCipherSuites; 1066 } 1067 1068 /** 1069 * After using assertValidCipherSuites on cipherSuites, 1070 * assertSupportedCipherSuites additionally verifies that all 1071 * supported cipher suites where in the input array. 1072 */ 1073 private static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { 1074 Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); 1075 assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); 1076 assertEquals(expected.size(), cipherSuites.length); 1077 } 1078 1079 /** 1080 * Asserts that the protocols array is non-null and that it all of 1081 * its contents are protocols known to this implementation. As a 1082 * convenience, returns any unenabled protocols in a test for 1083 * those that want to verify separately that all protocols were 1084 * included. 1085 */ 1086 private static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { 1087 assertNotNull(protocols); 1088 assertTrue(protocols.length != 0); 1089 1090 // Make sure all protocols names are expected 1091 Set remainingProtocols = new HashSet<String>(expected); 1092 Set unknownProtocols = new HashSet<String>(); 1093 for (String protocol : protocols) { 1094 if (!remainingProtocols.remove(protocol)) { 1095 unknownProtocols.add(protocol); 1096 } 1097 } 1098 assertEquals("Unknown protocols", Collections.EMPTY_SET, unknownProtocols); 1099 return remainingProtocols; 1100 } 1101 1102 /** 1103 * After using assertValidProtocols on protocols, 1104 * assertSupportedProtocols additionally verifies that all 1105 * supported protocols where in the input array. 1106 */ 1107 private static void assertSupportedProtocols(Set<String> expected, String[] protocols) { 1108 Set<String> remainingProtocols = assertValidProtocols(expected, protocols); 1109 assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); 1110 assertEquals(expected.size(), protocols.length); 1111 } 1112 1113 /** 1114 * Asserts that the provided list of protocols matches the supported list of protocols. 1115 */ 1116 public static void assertSupportedProtocols(String[] protocols) { 1117 assertSupportedProtocols(SSL_SOCKET_PROTOCOLS, protocols); 1118 } 1119 1120 /** 1121 * Assert that the provided list of cipher suites contains only the supported cipher suites. 1122 */ 1123 public static void assertValidCipherSuites(String[] cipherSuites) { 1124 assertValidCipherSuites(CIPHER_SUITES, cipherSuites); 1125 } 1126 1127 /** 1128 * Assert that the provided list of cipher suites matches the supported list. 1129 */ 1130 public static void assertSupportedCipherSuites(String[] cipherSuites) { 1131 assertSupportedCipherSuites(CIPHER_SUITES, cipherSuites); 1132 } 1133 1134 /** 1135 * Assert cipher suites match the default list in content and priority order and contain 1136 * only cipher suites permitted by default. 1137 */ 1138 public static void assertDefaultCipherSuites(String[] cipherSuites) { 1139 assertValidCipherSuites(cipherSuites); 1140 assertEquals(CIPHER_SUITES_DEFAULT, Arrays.asList(cipherSuites)); 1141 1142 // Assert that all the cipher suites are permitted to be in the default list. 1143 // This assertion is a backup for the stricter assertion above. 1144 // 1145 // There is no point in asserting this for the RI as it's outside of our control. 1146 if (!IS_RI) { 1147 List<String> disallowedDefaultCipherSuites = new ArrayList<String>(); 1148 for (String cipherSuite : cipherSuites) { 1149 if (!isPermittedDefaultCipherSuite(cipherSuite)) { 1150 disallowedDefaultCipherSuites.add(cipherSuite); 1151 } 1152 } 1153 assertEquals(Collections.EMPTY_LIST, disallowedDefaultCipherSuites); 1154 } 1155 } 1156 1157 public static void assertSSLContextEnabledProtocols(String version, String[] protocols) { 1158 assertEquals("For protocol \"" + version + "\"", 1159 Arrays.toString(SSL_CONTEXT_PROTOCOLS_ENABLED.get(version)), 1160 Arrays.toString(protocols)); 1161 } 1162 1163 private static boolean isPermittedDefaultCipherSuite(String cipherSuite) { 1164 assertNotNull(cipherSuite); 1165 if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) { 1166 return true; 1167 } 1168 assertTrue(cipherSuite, cipherSuite.startsWith("TLS_") || cipherSuite.startsWith("SSL_")); 1169 1170 // Example: RSA_WITH_AES_128_CBC_SHA 1171 String remainder = cipherSuite.substring("TLS_".length()); 1172 int macDelimiterIndex = remainder.lastIndexOf('_'); 1173 assertTrue(cipherSuite, macDelimiterIndex != -1); 1174 // Example: SHA 1175 String mac = remainder.substring(macDelimiterIndex + 1); 1176 1177 // Example: RSA_WITH_AES_128_CBC 1178 remainder = remainder.substring(0, macDelimiterIndex); 1179 int withDelimiterIndex = remainder.indexOf("_WITH_"); 1180 assertTrue(cipherSuite, withDelimiterIndex != -1); 1181 1182 // Example: RSA 1183 String keyExchange = remainder.substring(0, withDelimiterIndex); 1184 // Example: AES_128_CBC 1185 String bulkEncryptionCipher = remainder.substring(withDelimiterIndex + "_WITH_".length()); 1186 1187 if (!PERMITTED_DEFAULT_MACS.contains(mac)) { 1188 return false; 1189 } 1190 if (!PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS.contains(keyExchange)) { 1191 return false; 1192 } 1193 if (!PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS.contains(bulkEncryptionCipher)) { 1194 return false; 1195 } 1196 1197 return true; 1198 } 1199 1200 /** 1201 * Get all supported mode names for the given cipher. 1202 */ 1203 public static Set<String> getModesForCipher(String cipher) { 1204 return CIPHER_MODES.get(cipher); 1205 } 1206 1207 /** 1208 * Get all supported padding names for the given cipher. 1209 */ 1210 public static Set<String> getPaddingsForCipher(String cipher) { 1211 return CIPHER_PADDINGS.get(cipher); 1212 } 1213 } 1214
