1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.conscrypt; 18 19 import java.io.FileDescriptor; 20 import java.io.IOException; 21 import java.io.OutputStream; 22 import java.net.SocketTimeoutException; 23 import java.nio.Buffer; 24 import java.security.InvalidAlgorithmParameterException; 25 import java.security.InvalidKeyException; 26 import java.security.MessageDigest; 27 import java.security.NoSuchAlgorithmException; 28 import java.security.PrivateKey; 29 import java.security.SignatureException; 30 import java.security.cert.CertificateEncodingException; 31 import java.security.cert.CertificateException; 32 import java.security.cert.CertificateParsingException; 33 import java.util.ArrayList; 34 import java.util.Calendar; 35 import java.util.HashMap; 36 import java.util.HashSet; 37 import java.util.LinkedHashMap; 38 import java.util.List; 39 import java.util.Map; 40 import java.util.Set; 41 import javax.crypto.BadPaddingException; 42 import javax.crypto.IllegalBlockSizeException; 43 import javax.net.ssl.SSLException; 44 import javax.security.auth.x500.X500Principal; 45 import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException; 46 47 /** 48 * Provides the Java side of our JNI glue for OpenSSL. 49 * 50 * @hide 51 */ 52 @Internal 53 public final class NativeCrypto { 54 55 // --- OpenSSL library initialization -------------------------------------- 56 static { 57 NativeCryptoJni.init(); 58 clinit(); 59 } 60 61 private native static void clinit(); 62 63 // --- DSA/RSA public/private key handling functions ----------------------- 64 65 public static native long EVP_PKEY_new_RSA(byte[] n, byte[] e, byte[] d, byte[] p, byte[] q, 66 byte[] dmp1, byte[] dmq1, byte[] iqmp); 67 68 public static native int EVP_PKEY_size(NativeRef.EVP_PKEY pkey); 69 70 public static native int EVP_PKEY_type(NativeRef.EVP_PKEY pkey); 71 72 public static native String EVP_PKEY_print_public(NativeRef.EVP_PKEY pkeyRef); 73 74 public static native String EVP_PKEY_print_params(NativeRef.EVP_PKEY pkeyRef); 75 76 public static native void EVP_PKEY_free(long pkey); 77 78 public static native int EVP_PKEY_cmp(NativeRef.EVP_PKEY pkey1, NativeRef.EVP_PKEY pkey2); 79 80 public static native byte[] i2d_PKCS8_PRIV_KEY_INFO(NativeRef.EVP_PKEY pkey); 81 82 public static native long d2i_PKCS8_PRIV_KEY_INFO(byte[] data); 83 84 public static native byte[] i2d_PUBKEY(NativeRef.EVP_PKEY pkey); 85 86 public static native long d2i_PUBKEY(byte[] data); 87 88 public static native long PEM_read_bio_PUBKEY(long bioCtx); 89 90 public static native long PEM_read_bio_PrivateKey(long bioCtx); 91 92 public static native long getRSAPrivateKeyWrapper(PrivateKey key, byte[] modulus); 93 94 public static native long getECPrivateKeyWrapper(PrivateKey key, 95 NativeRef.EC_GROUP ecGroupRef); 96 97 public static native long RSA_generate_key_ex(int modulusBits, byte[] publicExponent); 98 99 public static native int RSA_size(NativeRef.EVP_PKEY pkey); 100 101 public static native int RSA_private_encrypt(int flen, byte[] from, byte[] to, 102 NativeRef.EVP_PKEY pkey, int padding); 103 104 public static native int RSA_public_decrypt(int flen, byte[] from, byte[] to, 105 NativeRef.EVP_PKEY pkey, int padding) throws BadPaddingException, SignatureException; 106 107 public static native int RSA_public_encrypt(int flen, byte[] from, byte[] to, 108 NativeRef.EVP_PKEY pkey, int padding); 109 110 public static native int RSA_private_decrypt(int flen, byte[] from, byte[] to, 111 NativeRef.EVP_PKEY pkey, int padding) throws BadPaddingException, SignatureException; 112 113 /** 114 * @return array of {n, e} 115 */ 116 public static native byte[][] get_RSA_public_params(NativeRef.EVP_PKEY rsa); 117 118 /** 119 * @return array of {n, e, d, p, q, dmp1, dmq1, iqmp} 120 */ 121 public static native byte[][] get_RSA_private_params(NativeRef.EVP_PKEY rsa); 122 123 public static native byte[] i2d_RSAPublicKey(NativeRef.EVP_PKEY rsa); 124 125 public static native byte[] i2d_RSAPrivateKey(NativeRef.EVP_PKEY rsa); 126 127 // --- EC functions -------------------------- 128 129 public static native long EVP_PKEY_new_EC_KEY(NativeRef.EC_GROUP groupRef, 130 NativeRef.EC_POINT pubkeyRef, byte[] privkey); 131 132 public static native long EC_GROUP_new_by_curve_name(String curveName); 133 134 public static native long EC_GROUP_new_arbitrary(byte[] p, byte[] a, byte[] b, byte[] x, 135 byte[] y, byte[] order, int cofactor); 136 137 public static native String EC_GROUP_get_curve_name(NativeRef.EC_GROUP groupRef); 138 139 public static native byte[][] EC_GROUP_get_curve(NativeRef.EC_GROUP groupRef); 140 141 public static native void EC_GROUP_clear_free(long groupRef); 142 143 public static native long EC_GROUP_get_generator(NativeRef.EC_GROUP groupRef); 144 145 public static native byte[] EC_GROUP_get_order(NativeRef.EC_GROUP groupRef); 146 147 public static native int EC_GROUP_get_degree(NativeRef.EC_GROUP groupRef); 148 149 public static native byte[] EC_GROUP_get_cofactor(NativeRef.EC_GROUP groupRef); 150 151 public static native long EC_POINT_new(NativeRef.EC_GROUP groupRef); 152 153 public static native void EC_POINT_clear_free(long pointRef); 154 155 public static native byte[][] EC_POINT_get_affine_coordinates(NativeRef.EC_GROUP groupRef, 156 NativeRef.EC_POINT pointRef); 157 158 public static native void EC_POINT_set_affine_coordinates(NativeRef.EC_GROUP groupRef, 159 NativeRef.EC_POINT pointRef, byte[] x, byte[] y); 160 161 public static native long EC_KEY_generate_key(NativeRef.EC_GROUP groupRef); 162 163 public static native long EC_KEY_get1_group(NativeRef.EVP_PKEY pkeyRef); 164 165 public static native byte[] EC_KEY_get_private_key(NativeRef.EVP_PKEY keyRef); 166 167 public static native long EC_KEY_get_public_key(NativeRef.EVP_PKEY keyRef); 168 169 public static native int ECDH_compute_key(byte[] out, int outOffset, 170 NativeRef.EVP_PKEY publicKeyRef, NativeRef.EVP_PKEY privateKeyRef) throws 171 InvalidKeyException; 172 173 // --- Message digest functions -------------- 174 175 // These return const references 176 public static native long EVP_get_digestbyname(String name); 177 178 public static native int EVP_MD_size(long evp_md_const); 179 180 public static native int EVP_MD_block_size(long evp_md_const); 181 182 // --- Message digest context functions -------------- 183 184 public static native long EVP_MD_CTX_create(); 185 186 public static native void EVP_MD_CTX_cleanup(NativeRef.EVP_MD_CTX ctx); 187 188 public static native void EVP_MD_CTX_destroy(long ctx); 189 190 public static native int EVP_MD_CTX_copy_ex(NativeRef.EVP_MD_CTX dst_ctx, 191 NativeRef.EVP_MD_CTX src_ctx); 192 193 // --- Digest handling functions ------------------------------------------- 194 195 public static native int EVP_DigestInit_ex(NativeRef.EVP_MD_CTX ctx, long evp_md); 196 197 public static native void EVP_DigestUpdate(NativeRef.EVP_MD_CTX ctx, 198 byte[] buffer, int offset, int length); 199 200 public static native void EVP_DigestUpdateDirect(NativeRef.EVP_MD_CTX ctx, 201 long ptr, int length); 202 203 public static native int EVP_DigestFinal_ex(NativeRef.EVP_MD_CTX ctx, byte[] hash, 204 int offset); 205 206 // --- Signature handling functions ---------------------------------------- 207 208 public static native long EVP_DigestSignInit(NativeRef.EVP_MD_CTX ctx, 209 long evpMdRef, NativeRef.EVP_PKEY key); 210 211 public static native long EVP_DigestVerifyInit(NativeRef.EVP_MD_CTX ctx, 212 long evpMdRef, NativeRef.EVP_PKEY key); 213 214 public static native void EVP_DigestSignUpdate(NativeRef.EVP_MD_CTX ctx, 215 byte[] buffer, int offset, int length); 216 217 public static native void EVP_DigestSignUpdateDirect(NativeRef.EVP_MD_CTX ctx, 218 long ptr, int length); 219 220 public static native void EVP_DigestVerifyUpdate(NativeRef.EVP_MD_CTX ctx, 221 byte[] buffer, int offset, int length); 222 223 public static native void EVP_DigestVerifyUpdateDirect(NativeRef.EVP_MD_CTX ctx, 224 long ptr, int length); 225 226 public static native byte[] EVP_DigestSignFinal(NativeRef.EVP_MD_CTX ctx); 227 228 public static native boolean EVP_DigestVerifyFinal(NativeRef.EVP_MD_CTX ctx, 229 byte[] signature, int offset, int length); 230 231 public static native long EVP_PKEY_encrypt_init(NativeRef.EVP_PKEY pkey); 232 233 public static native int EVP_PKEY_encrypt(NativeRef.EVP_PKEY_CTX ctx, byte[] out, int outOffset, 234 byte[] input, int inOffset, int inLength); 235 236 public static native long EVP_PKEY_decrypt_init(NativeRef.EVP_PKEY pkey); 237 238 public static native int EVP_PKEY_decrypt(NativeRef.EVP_PKEY_CTX ctx, byte[] out, int outOffset, 239 byte[] input, int inOffset, int inLength); 240 241 public static native void EVP_PKEY_CTX_free(long pkeyCtx); 242 243 public static native void EVP_PKEY_CTX_set_rsa_padding(long ctx, int pad) 244 throws InvalidAlgorithmParameterException; 245 246 public static native void EVP_PKEY_CTX_set_rsa_pss_saltlen(long ctx, int len) 247 throws InvalidAlgorithmParameterException; 248 249 public static native void EVP_PKEY_CTX_set_rsa_mgf1_md(long ctx, long evpMdRef) 250 throws InvalidAlgorithmParameterException; 251 252 public static native void EVP_PKEY_CTX_set_rsa_oaep_md(long ctx, long evpMdRef) 253 throws InvalidAlgorithmParameterException; 254 255 public static native void EVP_PKEY_CTX_set_rsa_oaep_label(long ctx, byte[] label) 256 throws InvalidAlgorithmParameterException; 257 258 // --- Block ciphers ------------------------------------------------------- 259 260 // These return const references 261 public static native long EVP_get_cipherbyname(String string); 262 263 public static native void EVP_CipherInit_ex(NativeRef.EVP_CIPHER_CTX ctx, long evpCipher, 264 byte[] key, byte[] iv, boolean encrypting); 265 266 public static native int EVP_CipherUpdate(NativeRef.EVP_CIPHER_CTX ctx, byte[] out, 267 int outOffset, byte[] in, int inOffset, int inLength); 268 269 public static native int EVP_CipherFinal_ex(NativeRef.EVP_CIPHER_CTX ctx, byte[] out, 270 int outOffset) throws BadPaddingException, IllegalBlockSizeException; 271 272 public static native int EVP_CIPHER_iv_length(long evpCipher); 273 274 public static native long EVP_CIPHER_CTX_new(); 275 276 public static native int EVP_CIPHER_CTX_block_size(NativeRef.EVP_CIPHER_CTX ctx); 277 278 public static native int get_EVP_CIPHER_CTX_buf_len(NativeRef.EVP_CIPHER_CTX ctx); 279 280 public static native boolean get_EVP_CIPHER_CTX_final_used(NativeRef.EVP_CIPHER_CTX ctx); 281 282 public static native void EVP_CIPHER_CTX_set_padding(NativeRef.EVP_CIPHER_CTX ctx, 283 boolean enablePadding); 284 285 public static native void EVP_CIPHER_CTX_set_key_length(NativeRef.EVP_CIPHER_CTX ctx, 286 int keyBitSize); 287 288 public static native void EVP_CIPHER_CTX_free(long ctx); 289 290 // --- AEAD ---------------------------------------------------------------- 291 public static native long EVP_aead_aes_128_gcm(); 292 293 public static native long EVP_aead_aes_256_gcm(); 294 295 public static native int EVP_AEAD_max_overhead(long evpAead); 296 297 public static native int EVP_AEAD_nonce_length(long evpAead); 298 299 public static native int EVP_AEAD_max_tag_len(long evpAead); 300 301 public static native int EVP_AEAD_CTX_seal(long evpAead, byte[] key, int tagLengthInBytes, 302 byte[] out, int outOffset, byte[] nonce, byte[] in, int inOffset, int inLength, 303 byte[] ad) throws BadPaddingException; 304 305 public static native int EVP_AEAD_CTX_open(long evpAead, byte[] key, int tagLengthInBytes, 306 byte[] out, int outOffset, byte[] nonce, byte[] in, int inOffset, int inLength, 307 byte[] ad) throws BadPaddingException; 308 309 // --- HMAC functions ------------------------------------------------------ 310 311 public static native long HMAC_CTX_new(); 312 313 public static native void HMAC_CTX_free(long ctx); 314 315 public static native void HMAC_Init_ex(NativeRef.HMAC_CTX ctx, byte[] key, long evp_md); 316 317 public static native void HMAC_Update(NativeRef.HMAC_CTX ctx, byte[] in, int inOffset, int inLength); 318 319 public static native void HMAC_UpdateDirect(NativeRef.HMAC_CTX ctx, long inPtr, int inLength); 320 321 public static native byte[] HMAC_Final(NativeRef.HMAC_CTX ctx); 322 323 // --- RAND ---------------------------------------------------------------- 324 325 public static native void RAND_bytes(byte[] output); 326 327 // --- ASN.1 objects ------------------------------------------------------- 328 329 public static native int OBJ_txt2nid(String oid); 330 331 public static native String OBJ_txt2nid_longName(String oid); 332 333 public static native String OBJ_txt2nid_oid(String oid); 334 335 // --- X509_NAME ----------------------------------------------------------- 336 337 public static int X509_NAME_hash(X500Principal principal) { 338 return X509_NAME_hash(principal, "SHA1"); 339 } 340 public static int X509_NAME_hash_old(X500Principal principal) { 341 return X509_NAME_hash(principal, "MD5"); 342 } 343 private static int X509_NAME_hash(X500Principal principal, String algorithm) { 344 try { 345 byte[] digest = MessageDigest.getInstance(algorithm).digest(principal.getEncoded()); 346 int offset = 0; 347 return (((digest[offset++] & 0xff) << 0) | 348 ((digest[offset++] & 0xff) << 8) | 349 ((digest[offset++] & 0xff) << 16) | 350 ((digest[offset ] & 0xff) << 24)); 351 } catch (NoSuchAlgorithmException e) { 352 throw new AssertionError(e); 353 } 354 } 355 356 public static native String X509_NAME_print_ex(long x509nameCtx, long flags); 357 358 // --- X509 ---------------------------------------------------------------- 359 360 /** Used to request get_X509_GENERAL_NAME_stack get the "altname" field. */ 361 public static final int GN_STACK_SUBJECT_ALT_NAME = 1; 362 363 /** 364 * Used to request get_X509_GENERAL_NAME_stack get the issuerAlternativeName 365 * extension. 366 */ 367 public static final int GN_STACK_ISSUER_ALT_NAME = 2; 368 369 /** 370 * Used to request only non-critical types in get_X509*_ext_oids. 371 */ 372 public static final int EXTENSION_TYPE_NON_CRITICAL = 0; 373 374 /** 375 * Used to request only critical types in get_X509*_ext_oids. 376 */ 377 public static final int EXTENSION_TYPE_CRITICAL = 1; 378 379 public static native long d2i_X509_bio(long bioCtx); 380 381 public static native long d2i_X509(byte[] encoded) throws ParsingException; 382 383 public static native long PEM_read_bio_X509(long bioCtx); 384 385 public static native byte[] i2d_X509(long x509ctx); 386 387 /** Takes an X509 context not an X509_PUBKEY context. */ 388 public static native byte[] i2d_X509_PUBKEY(long x509ctx); 389 390 public static native byte[] ASN1_seq_pack_X509(long[] x509CertRefs); 391 392 public static native long[] ASN1_seq_unpack_X509_bio(long bioRef); 393 394 public static native void X509_free(long x509ctx); 395 396 public static native long X509_dup(long x509ctx); 397 398 public static native int X509_cmp(long x509ctx1, long x509ctx2); 399 400 public static native void X509_print_ex(long bioCtx, long x509ctx, long nmflag, long certflag); 401 402 public static native byte[] X509_get_issuer_name(long x509ctx); 403 404 public static native byte[] X509_get_subject_name(long x509ctx); 405 406 public static native String get_X509_sig_alg_oid(long x509ctx); 407 408 public static native byte[] get_X509_sig_alg_parameter(long x509ctx); 409 410 public static native boolean[] get_X509_issuerUID(long x509ctx); 411 412 public static native boolean[] get_X509_subjectUID(long x509ctx); 413 414 public static native long X509_get_pubkey(long x509ctx) throws NoSuchAlgorithmException, 415 InvalidKeyException; 416 417 public static native String get_X509_pubkey_oid(long x509ctx); 418 419 public static native byte[] X509_get_ext_oid(long x509ctx, String oid); 420 421 public static native String[] get_X509_ext_oids(long x509ctx, int critical); 422 423 public static native Object[][] get_X509_GENERAL_NAME_stack(long x509ctx, int type) 424 throws CertificateParsingException; 425 426 public static native boolean[] get_X509_ex_kusage(long x509ctx); 427 428 public static native String[] get_X509_ex_xkusage(long x509ctx); 429 430 public static native int get_X509_ex_pathlen(long x509ctx); 431 432 public static native long X509_get_notBefore(long x509ctx); 433 434 public static native long X509_get_notAfter(long x509ctx); 435 436 public static native long X509_get_version(long x509ctx); 437 438 public static native byte[] X509_get_serialNumber(long x509ctx); 439 440 public static native void X509_verify(long x509ctx, NativeRef.EVP_PKEY pkeyCtx) 441 throws BadPaddingException; 442 443 public static native byte[] get_X509_cert_info_enc(long x509ctx); 444 445 public static native byte[] get_X509_signature(long x509ctx); 446 447 public static native int get_X509_ex_flags(long x509ctx); 448 449 public static native int X509_check_issued(long ctx, long ctx2); 450 451 // --- PKCS7 --------------------------------------------------------------- 452 453 /** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */ 454 public static final int PKCS7_CERTS = 1; 455 456 /** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */ 457 public static final int PKCS7_CRLS = 2; 458 459 /** Returns an array of X509 or X509_CRL pointers. */ 460 public static native long[] d2i_PKCS7_bio(long bioCtx, int which); 461 462 /** Returns an array of X509 or X509_CRL pointers. */ 463 public static native byte[] i2d_PKCS7(long[] certs); 464 465 /** Returns an array of X509 or X509_CRL pointers. */ 466 public static native long[] PEM_read_bio_PKCS7(long bioCtx, int which); 467 468 // --- X509_CRL ------------------------------------------------------------ 469 470 public static native long d2i_X509_CRL_bio(long bioCtx); 471 472 public static native long PEM_read_bio_X509_CRL(long bioCtx); 473 474 public static native byte[] i2d_X509_CRL(long x509CrlCtx); 475 476 public static native void X509_CRL_free(long x509CrlCtx); 477 478 public static native void X509_CRL_print(long bioCtx, long x509CrlCtx); 479 480 public static native String get_X509_CRL_sig_alg_oid(long x509CrlCtx); 481 482 public static native byte[] get_X509_CRL_sig_alg_parameter(long x509CrlCtx); 483 484 public static native byte[] X509_CRL_get_issuer_name(long x509CrlCtx); 485 486 /** Returns X509_REVOKED reference that is not duplicated! */ 487 public static native long X509_CRL_get0_by_cert(long x509CrlCtx, long x509Ctx); 488 489 /** Returns X509_REVOKED reference that is not duplicated! */ 490 public static native long X509_CRL_get0_by_serial(long x509CrlCtx, byte[] serial); 491 492 /** Returns an array of X509_REVOKED that are owned by the caller. */ 493 public static native long[] X509_CRL_get_REVOKED(long x509CrlCtx); 494 495 public static native String[] get_X509_CRL_ext_oids(long x509ctx, int critical); 496 497 public static native byte[] X509_CRL_get_ext_oid(long x509CrlCtx, String oid); 498 499 public static native void X509_delete_ext(long x509, String oid); 500 501 public static native long X509_CRL_get_version(long x509CrlCtx); 502 503 public static native long X509_CRL_get_ext(long x509CrlCtx, String oid); 504 505 public static native byte[] get_X509_CRL_signature(long x509ctx); 506 507 public static native void X509_CRL_verify(long x509CrlCtx, NativeRef.EVP_PKEY pkeyCtx); 508 509 public static native byte[] get_X509_CRL_crl_enc(long x509CrlCtx); 510 511 public static native long X509_CRL_get_lastUpdate(long x509CrlCtx); 512 513 public static native long X509_CRL_get_nextUpdate(long x509CrlCtx); 514 515 // --- X509_REVOKED -------------------------------------------------------- 516 517 public static native long X509_REVOKED_dup(long x509RevokedCtx); 518 519 public static native byte[] i2d_X509_REVOKED(long x509RevokedCtx); 520 521 public static native String[] get_X509_REVOKED_ext_oids(long x509ctx, int critical); 522 523 public static native byte[] X509_REVOKED_get_ext_oid(long x509RevokedCtx, String oid); 524 525 public static native byte[] X509_REVOKED_get_serialNumber(long x509RevokedCtx); 526 527 public static native long X509_REVOKED_get_ext(long x509RevokedCtx, String oid); 528 529 /** Returns ASN1_TIME reference. */ 530 public static native long get_X509_REVOKED_revocationDate(long x509RevokedCtx); 531 532 public static native void X509_REVOKED_print(long bioRef, long x509RevokedCtx); 533 534 // --- X509_EXTENSION ------------------------------------------------------ 535 536 public static native int X509_supported_extension(long x509ExtensionRef); 537 538 // --- ASN1_TIME ----------------------------------------------------------- 539 540 public static native void ASN1_TIME_to_Calendar(long asn1TimeCtx, Calendar cal); 541 542 // --- BIO stream creation ------------------------------------------------- 543 544 public static native long create_BIO_InputStream(OpenSSLBIOInputStream is, boolean isFinite); 545 546 public static native long create_BIO_OutputStream(OutputStream os); 547 548 public static native int BIO_read(long bioRef, byte[] buffer); 549 550 public static native void BIO_write(long bioRef, byte[] buffer, int offset, int length) 551 throws IOException; 552 553 public static native void BIO_free_all(long bioRef); 554 555 // --- SSL handling -------------------------------------------------------- 556 557 static final String OBSOLETE_PROTOCOL_SSLV3 = "SSLv3"; 558 private static final String SUPPORTED_PROTOCOL_TLSV1 = "TLSv1"; 559 private static final String SUPPORTED_PROTOCOL_TLSV1_1 = "TLSv1.1"; 560 private static final String SUPPORTED_PROTOCOL_TLSV1_2 = "TLSv1.2"; 561 562 // STANDARD_TO_OPENSSL_CIPHER_SUITES is a map from OpenSSL-style 563 // cipher-suite names to the standard name for the same (i.e. the name that 564 // is registered with IANA). 565 public static final Map<String, String> OPENSSL_TO_STANDARD_CIPHER_SUITES 566 = new HashMap<String, String>(); 567 568 // STANDARD_TO_OPENSSL_CIPHER_SUITES is a map from "standard" cipher suite 569 // names (i.e. the names that are registered with IANA) to the 570 // OpenSSL-style name for the same. 571 public static final Map<String, String> STANDARD_TO_OPENSSL_CIPHER_SUITES 572 = new LinkedHashMap<String, String>(); 573 574 // SUPPORTED_CIPHER_SUITES_SET contains all the cipher suites supported by 575 // OpenSSL, named using "standard" (as opposed to OpenSSL-style) names. 576 public static final Set<String> SUPPORTED_CIPHER_SUITES_SET = new HashSet<String>(); 577 578 private static void add(String openssl, String standard) { 579 OPENSSL_TO_STANDARD_CIPHER_SUITES.put(openssl, standard); 580 STANDARD_TO_OPENSSL_CIPHER_SUITES.put(standard, openssl); 581 } 582 583 /** 584 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is RFC 5746's renegotiation 585 * indication signaling cipher suite value. It is not a real 586 * cipher suite. It is just an indication in the default and 587 * supported cipher suite lists indicates that the implementation 588 * supports secure renegotiation. 589 * <p> 590 * In the RI, its presence means that the SCSV is sent in the 591 * cipher suite list to indicate secure renegotiation support and 592 * its absense means to send an empty TLS renegotiation info 593 * extension instead. 594 * <p> 595 * However, OpenSSL doesn't provide an API to give this level of 596 * control, instead always sending the SCSV and always including 597 * the empty renegotiation info if TLS is used (as opposed to 598 * SSL). So we simply allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to 599 * be passed for compatibility as to provide the hint that we 600 * support secure renegotiation. 601 */ 602 public static final String TLS_EMPTY_RENEGOTIATION_INFO_SCSV 603 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 604 605 /** 606 * TLS_FALLBACK_SCSV is from 607 * https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 608 * to indicate to the server that this is a fallback protocol 609 * request. 610 */ 611 public static final String TLS_FALLBACK_SCSV = "TLS_FALLBACK_SCSV"; 612 613 static { 614 add("ADH-AES128-GCM-SHA256", "TLS_DH_anon_WITH_AES_128_GCM_SHA256"); 615 add("ADH-AES128-SHA256", "TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 616 add("ADH-AES128-SHA", "TLS_DH_anon_WITH_AES_128_CBC_SHA"); 617 add("ADH-AES256-GCM-SHA384", "TLS_DH_anon_WITH_AES_256_GCM_SHA384"); 618 add("ADH-AES256-SHA256", "TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 619 add("ADH-AES256-SHA", "TLS_DH_anon_WITH_AES_256_CBC_SHA"); 620 add("ADH-DES-CBC3-SHA", "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 621 add("ADH-DES-CBC-SHA", "SSL_DH_anon_WITH_DES_CBC_SHA"); 622 add("AECDH-AES128-SHA", "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 623 add("AECDH-AES256-SHA", "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 624 add("AECDH-DES-CBC3-SHA", "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 625 add("AECDH-NULL-SHA", "TLS_ECDH_anon_WITH_NULL_SHA"); 626 add("AES128-GCM-SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256"); 627 add("AES128-SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256"); 628 add("AES128-SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"); 629 add("AES256-GCM-SHA384", "TLS_RSA_WITH_AES_256_GCM_SHA384"); 630 add("AES256-SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256"); 631 add("AES256-SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"); 632 add("DES-CBC3-SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 633 add("DES-CBC-SHA", "SSL_RSA_WITH_DES_CBC_SHA"); 634 add("ECDH-ECDSA-AES128-GCM-SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); 635 add("ECDH-ECDSA-AES128-SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 636 add("ECDH-ECDSA-AES128-SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 637 add("ECDH-ECDSA-AES256-GCM-SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); 638 add("ECDH-ECDSA-AES256-SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 639 add("ECDH-ECDSA-AES256-SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 640 add("ECDH-ECDSA-DES-CBC3-SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 641 add("ECDH-ECDSA-NULL-SHA", "TLS_ECDH_ECDSA_WITH_NULL_SHA"); 642 add("ECDHE-ECDSA-AES128-GCM-SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); 643 add("ECDHE-ECDSA-AES128-SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 644 add("ECDHE-ECDSA-AES128-SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 645 add("ECDHE-ECDSA-AES256-GCM-SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); 646 add("ECDHE-ECDSA-AES256-SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 647 add("ECDHE-ECDSA-AES256-SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 648 add("ECDHE-ECDSA-CHACHA20-POLY1305", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"); 649 add("ECDHE-ECDSA-CHACHA20-POLY1305", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); 650 add("ECDHE-ECDSA-DES-CBC3-SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 651 add("ECDHE-ECDSA-NULL-SHA", "TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 652 add("ECDHE-PSK-AES128-CBC-SHA", "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); 653 add("ECDHE-PSK-AES128-GCM-SHA256", "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256"); 654 add("ECDHE-PSK-AES256-CBC-SHA", "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); 655 add("ECDHE-PSK-AES256-GCM-SHA384", "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384"); 656 add("ECDHE-PSK-CHACHA20-POLY1305", "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"); 657 add("ECDHE-RSA-AES128-GCM-SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); 658 add("ECDHE-RSA-AES128-SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 659 add("ECDHE-RSA-AES128-SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 660 add("ECDHE-RSA-AES256-GCM-SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); 661 add("ECDHE-RSA-AES256-SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 662 add("ECDHE-RSA-AES256-SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 663 add("ECDHE-RSA-CHACHA20-POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"); 664 add("ECDHE-RSA-CHACHA20-POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); 665 add("ECDHE-RSA-DES-CBC3-SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 666 add("ECDHE-RSA-NULL-SHA", "TLS_ECDHE_RSA_WITH_NULL_SHA"); 667 add("ECDH-RSA-AES128-GCM-SHA256", "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); 668 add("ECDH-RSA-AES128-SHA256", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 669 add("ECDH-RSA-AES128-SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 670 add("ECDH-RSA-AES256-GCM-SHA384", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); 671 add("ECDH-RSA-AES256-SHA384", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 672 add("ECDH-RSA-AES256-SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 673 add("ECDH-RSA-DES-CBC3-SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 674 add("ECDH-RSA-NULL-SHA", "TLS_ECDH_RSA_WITH_NULL_SHA"); 675 add("EXP-ADH-DES-CBC-SHA", "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 676 add("EXP-DES-CBC-SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 677 add("NULL-MD5", "SSL_RSA_WITH_NULL_MD5"); 678 add("NULL-SHA256", "TLS_RSA_WITH_NULL_SHA256"); 679 add("NULL-SHA", "SSL_RSA_WITH_NULL_SHA"); 680 add("PSK-3DES-EDE-CBC-SHA", "TLS_PSK_WITH_3DES_EDE_CBC_SHA"); 681 add("PSK-AES128-CBC-SHA", "TLS_PSK_WITH_AES_128_CBC_SHA"); 682 add("PSK-AES256-CBC-SHA", "TLS_PSK_WITH_AES_256_CBC_SHA"); 683 684 // Signaling Cipher Suite Value for secure renegotiation handled as special case. 685 // add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", null); 686 687 // Similarly, the fallback SCSV is handled as a special case. 688 // add("TLS_FALLBACK_SCSV", null); 689 } 690 691 private static final String[] SUPPORTED_CIPHER_SUITES; 692 static { 693 String[] allOpenSSLCipherSuites = get_cipher_names("ALL:!DHE"); 694 695 int size = allOpenSSLCipherSuites.length; 696 SUPPORTED_CIPHER_SUITES = new String[size + 2]; 697 for (int i = 0; i < size; i++) { 698 String standardName = OPENSSL_TO_STANDARD_CIPHER_SUITES.get(allOpenSSLCipherSuites[i]); 699 if (standardName == null) { 700 throw new IllegalArgumentException("Unknown cipher suite supported by native code: " + 701 allOpenSSLCipherSuites[i]); 702 } 703 SUPPORTED_CIPHER_SUITES[i] = standardName; 704 SUPPORTED_CIPHER_SUITES_SET.add(standardName); 705 } 706 SUPPORTED_CIPHER_SUITES[size] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; 707 SUPPORTED_CIPHER_SUITES[size + 1] = TLS_FALLBACK_SCSV; 708 } 709 710 /** 711 * Returns 1 if the BoringSSL believes the CPU has AES accelerated hardware 712 * instructions. Used to determine cipher suite ordering. 713 */ 714 public static native int EVP_has_aes_hardware(); 715 716 public static native long SSL_CTX_new(); 717 718 // IMPLEMENTATION NOTE: The default list of cipher suites is a trade-off between what we'd like 719 // to use and what servers currently support. We strive to be secure enough by default. We thus 720 // avoid unacceptably weak suites (e.g., those with bulk cipher secret key shorter than 128 721 // bits), while maintaining the capability to connect to the majority of servers. 722 // 723 // Cipher suites are listed in preference order (favorite choice first) of the client. However, 724 // servers are not required to honor the order. The key rules governing the preference order 725 // are: 726 // * Prefer Forward Secrecy (i.e., cipher suites that use ECDHE and DHE for key agreement). 727 // * Prefer ChaCha20-Poly1305 to AES-GCM unless hardware support for AES is available. 728 // * Prefer AES-GCM to AES-CBC whose MAC-pad-then-encrypt approach leads to weaknesses (e.g., 729 // Lucky 13). 730 // * Prefer 128-bit bulk encryption to 256-bit one, because 128-bit is safe enough while 731 // consuming less CPU/time/energy. 732 // 733 // NOTE: Removing cipher suites from this list needs to be done with caution, because this may 734 // prevent apps from connecting to servers they were previously able to connect to. 735 736 /** X.509 based cipher suites enabled by default (if requested), in preference order. */ 737 static final String[] DEFAULT_X509_CIPHER_SUITES = EVP_has_aes_hardware() == 1 ? 738 new String[] { 739 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 740 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 741 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 742 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 743 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 744 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 745 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 746 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 747 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 748 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 749 "TLS_RSA_WITH_AES_128_GCM_SHA256", 750 "TLS_RSA_WITH_AES_256_GCM_SHA384", 751 "TLS_RSA_WITH_AES_128_CBC_SHA", 752 "TLS_RSA_WITH_AES_256_CBC_SHA", 753 } : 754 new String[] { 755 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 756 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 757 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 758 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 759 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 760 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 761 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 762 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 763 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 764 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 765 "TLS_RSA_WITH_AES_128_GCM_SHA256", 766 "TLS_RSA_WITH_AES_256_GCM_SHA384", 767 "TLS_RSA_WITH_AES_128_CBC_SHA", 768 "TLS_RSA_WITH_AES_256_CBC_SHA", 769 }; 770 771 /** TLS-PSK cipher suites enabled by default (if requested), in preference order. */ 772 static final String[] DEFAULT_PSK_CIPHER_SUITES = new String[] { 773 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 774 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 775 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 776 "TLS_PSK_WITH_AES_128_CBC_SHA", 777 "TLS_PSK_WITH_AES_256_CBC_SHA", 778 }; 779 780 public static String[] getSupportedCipherSuites() { 781 return SUPPORTED_CIPHER_SUITES.clone(); 782 } 783 784 public static native void SSL_CTX_free(long ssl_ctx); 785 786 public static native void SSL_CTX_set_session_id_context(long ssl_ctx, byte[] sid_ctx); 787 788 public static native long SSL_new(long ssl_ctx) throws SSLException; 789 790 public static native void SSL_enable_tls_channel_id(long ssl) throws SSLException; 791 792 public static native byte[] SSL_get_tls_channel_id(long ssl) throws SSLException; 793 794 public static native void SSL_set1_tls_channel_id(long ssl, NativeRef.EVP_PKEY pkey); 795 796 public static native void SSL_use_certificate(long ssl, long[] x509refs); 797 798 public static native void SSL_use_PrivateKey(long ssl, NativeRef.EVP_PKEY pkey); 799 800 public static native void SSL_check_private_key(long ssl) throws SSLException; 801 802 public static native void SSL_set_client_CA_list(long ssl, byte[][] asn1DerEncodedX500Principals); 803 804 public static native long SSL_get_mode(long ssl); 805 806 public static native long SSL_set_mode(long ssl, long mode); 807 808 public static native long SSL_clear_mode(long ssl, long mode); 809 810 public static native long SSL_get_options(long ssl); 811 812 public static native long SSL_set_options(long ssl, long options); 813 814 public static native long SSL_clear_options(long ssl, long options); 815 816 public static native void SSL_enable_signed_cert_timestamps(long ssl); 817 818 public static native byte[] SSL_get_signed_cert_timestamp_list(long ssl); 819 820 public static native void SSL_set_signed_cert_timestamp_list(long ssl, byte[] list); 821 822 public static native void SSL_enable_ocsp_stapling(long ssl); 823 824 public static native byte[] SSL_get_ocsp_response(long ssl); 825 826 public static native void SSL_set_ocsp_response(long ssl, byte[] response); 827 828 public static native void SSL_use_psk_identity_hint(long ssl, String identityHint) 829 throws SSLException; 830 831 public static native void set_SSL_psk_client_callback_enabled(long ssl, boolean enabled); 832 833 public static native void set_SSL_psk_server_callback_enabled(long ssl, boolean enabled); 834 835 /** Protocols to enable by default when "TLSv1.2" is requested. */ 836 public static final String[] TLSV12_PROTOCOLS = new String[] { 837 SUPPORTED_PROTOCOL_TLSV1, 838 SUPPORTED_PROTOCOL_TLSV1_1, 839 SUPPORTED_PROTOCOL_TLSV1_2, 840 }; 841 842 /** Protocols to enable by default when "TLSv1.1" is requested. */ 843 public static final String[] TLSV11_PROTOCOLS = new String[] { 844 SUPPORTED_PROTOCOL_TLSV1, 845 SUPPORTED_PROTOCOL_TLSV1_1, 846 SUPPORTED_PROTOCOL_TLSV1_2, 847 }; 848 849 /** Protocols to enable by default when "TLSv1" is requested. */ 850 public static final String[] TLSV1_PROTOCOLS = new String[] { 851 SUPPORTED_PROTOCOL_TLSV1, 852 SUPPORTED_PROTOCOL_TLSV1_1, 853 SUPPORTED_PROTOCOL_TLSV1_2, 854 }; 855 856 public static final String[] DEFAULT_PROTOCOLS = TLSV12_PROTOCOLS; 857 858 public static String[] getSupportedProtocols() { 859 return new String[] { SUPPORTED_PROTOCOL_TLSV1, 860 SUPPORTED_PROTOCOL_TLSV1_1, 861 SUPPORTED_PROTOCOL_TLSV1_2, 862 }; 863 } 864 865 public static void setEnabledProtocols(long ssl, String[] protocols) { 866 checkEnabledProtocols(protocols); 867 // openssl uses negative logic letting you disable protocols. 868 // so first, assume we need to set all (disable all) and clear none (enable none). 869 // in the loop, selectively move bits from set to clear (from disable to enable) 870 long optionsToSet = (NativeConstants.SSL_OP_NO_SSLv3 | NativeConstants.SSL_OP_NO_TLSv1 871 | NativeConstants.SSL_OP_NO_TLSv1_1 | NativeConstants.SSL_OP_NO_TLSv1_2); 872 long optionsToClear = 0; 873 for (String protocol : protocols) { 874 if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) { 875 optionsToSet &= ~NativeConstants.SSL_OP_NO_TLSv1; 876 optionsToClear |= NativeConstants.SSL_OP_NO_TLSv1; 877 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) { 878 optionsToSet &= ~NativeConstants.SSL_OP_NO_TLSv1_1; 879 optionsToClear |= NativeConstants.SSL_OP_NO_TLSv1_1; 880 } else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2)) { 881 optionsToSet &= ~NativeConstants.SSL_OP_NO_TLSv1_2; 882 optionsToClear |= NativeConstants.SSL_OP_NO_TLSv1_2; 883 } else if (protocol.equals(OBSOLETE_PROTOCOL_SSLV3)) { 884 // Do nothing since we no longer support this protocol, but 885 // allow it in the list of protocols so we can give an error 886 // message about it if the handshake fails. 887 } else { 888 // error checked by checkEnabledProtocols 889 throw new IllegalStateException(); 890 } 891 } 892 893 SSL_set_options(ssl, optionsToSet); 894 SSL_clear_options(ssl, optionsToClear); 895 } 896 897 public static String[] checkEnabledProtocols(String[] protocols) { 898 if (protocols == null) { 899 throw new IllegalArgumentException("protocols == null"); 900 } 901 for (String protocol : protocols) { 902 if (protocol == null) { 903 throw new IllegalArgumentException("protocols contains null"); 904 } 905 if (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1) 906 && !protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1) 907 && !protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2) 908 && !protocol.equals(OBSOLETE_PROTOCOL_SSLV3)) { 909 throw new IllegalArgumentException("protocol " + protocol + " is not supported"); 910 } 911 } 912 return protocols; 913 } 914 915 public static native void SSL_set_cipher_lists(long ssl, String[] ciphers); 916 917 /** 918 * Gets the list of cipher suites enabled for the provided {@code SSL} instance. 919 * 920 * @return array of {@code SSL_CIPHER} references. 921 */ 922 public static native long[] SSL_get_ciphers(long ssl); 923 924 public static void setEnabledCipherSuites(long ssl, String[] cipherSuites) { 925 checkEnabledCipherSuites(cipherSuites); 926 List<String> opensslSuites = new ArrayList<String>(); 927 for (int i = 0; i < cipherSuites.length; i++) { 928 String cipherSuite = cipherSuites[i]; 929 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { 930 continue; 931 } 932 if (cipherSuite.equals(TLS_FALLBACK_SCSV)) { 933 SSL_set_mode(ssl, NativeConstants.SSL_MODE_SEND_FALLBACK_SCSV); 934 continue; 935 } 936 String openssl = STANDARD_TO_OPENSSL_CIPHER_SUITES.get(cipherSuite); 937 String cs = (openssl == null) ? cipherSuite : openssl; 938 opensslSuites.add(cs); 939 } 940 SSL_set_cipher_lists(ssl, opensslSuites.toArray(new String[opensslSuites.size()])); 941 } 942 943 public static String[] checkEnabledCipherSuites(String[] cipherSuites) { 944 if (cipherSuites == null) { 945 throw new IllegalArgumentException("cipherSuites == null"); 946 } 947 // makes sure all suites are valid, throwing on error 948 for (int i = 0; i < cipherSuites.length; i++) { 949 String cipherSuite = cipherSuites[i]; 950 if (cipherSuite == null) { 951 throw new IllegalArgumentException("cipherSuites[" + i + "] == null"); 952 } 953 if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV) || 954 cipherSuite.equals(TLS_FALLBACK_SCSV)) { 955 continue; 956 } 957 if (SUPPORTED_CIPHER_SUITES_SET.contains(cipherSuite)) { 958 continue; 959 } 960 961 // For backwards compatibility, it's allowed for |cipherSuite| to 962 // be an OpenSSL-style cipher-suite name. 963 String standardName = OPENSSL_TO_STANDARD_CIPHER_SUITES.get(cipherSuite); 964 if (standardName != null && SUPPORTED_CIPHER_SUITES_SET.contains(standardName)) { 965 // TODO log warning about using backward compatability 966 continue; 967 } 968 throw new IllegalArgumentException("cipherSuite " + cipherSuite + " is not supported."); 969 } 970 return cipherSuites; 971 } 972 973 /* 974 * See the OpenSSL ssl.h header file for more information. 975 */ 976 // TODO(nathanmittler): Should these move to NativeConstants.java? 977 public static final int SSL_VERIFY_NONE = 0x00; 978 public static final int SSL_VERIFY_PEER = 0x01; 979 public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 0x02; 980 981 public static native void SSL_set_accept_state(long sslNativePointer); 982 983 public static native void SSL_set_connect_state(long sslNativePointer); 984 985 public static native void SSL_set_verify(long sslNativePointer, int mode); 986 987 public static native void SSL_set_session(long sslNativePointer, long sslSessionNativePointer) 988 throws SSLException; 989 990 public static native void SSL_set_session_creation_enabled( 991 long sslNativePointer, boolean creationEnabled) throws SSLException; 992 993 public static native boolean SSL_session_reused(long sslNativePointer); 994 995 public static native void SSL_accept_renegotiations(long sslNativePointer) throws SSLException; 996 997 public static native void SSL_set_tlsext_host_name(long sslNativePointer, String hostname) 998 throws SSLException; 999 public static native String SSL_get_servername(long sslNativePointer); 1000 1001 /** 1002 * Returns the selected ALPN protocol. If the server did not select a 1003 * protocol, {@code null} will be returned. 1004 */ 1005 public static native byte[] SSL_get0_alpn_selected(long sslPointer); 1006 public static native void SSL_do_handshake( 1007 long sslNativePointer, FileDescriptor fd, SSLHandshakeCallbacks shc, int timeoutMillis) 1008 throws SSLException, SocketTimeoutException, CertificateException; 1009 1010 /** 1011 * Currently only intended for forcing renegotiation for testing. 1012 * Not used within OpenSSLSocketImpl. 1013 */ 1014 public static native void SSL_renegotiate(long sslNativePointer) throws SSLException; 1015 1016 /** 1017 * Returns the local X509 certificate references. Must X509_free when done. 1018 */ 1019 public static native long[] SSL_get_certificate(long sslNativePointer); 1020 1021 /** 1022 * Returns the peer X509 certificate references. Must X509_free when done. 1023 */ 1024 public static native long[] SSL_get_peer_cert_chain(long sslNativePointer); 1025 1026 /** 1027 * Reads with the native SSL_read function from the encrypted data stream 1028 * @return -1 if error or the end of the stream is reached. 1029 */ 1030 public static native int SSL_read(long sslNativePointer, 1031 FileDescriptor fd, 1032 SSLHandshakeCallbacks shc, 1033 byte[] b, int off, int len, int readTimeoutMillis) 1034 throws IOException; 1035 1036 /** 1037 * Writes with the native SSL_write function to the encrypted data stream. 1038 */ 1039 public static native void SSL_write(long sslNativePointer, 1040 FileDescriptor fd, 1041 SSLHandshakeCallbacks shc, 1042 byte[] b, int off, int len, int writeTimeoutMillis) 1043 throws IOException; 1044 1045 public static native void SSL_interrupt(long sslNativePointer); 1046 public static native void SSL_shutdown(long sslNativePointer, 1047 FileDescriptor fd, 1048 SSLHandshakeCallbacks shc) throws IOException; 1049 1050 public static native void SSL_shutdown_BIO(long sslNativePointer, 1051 long sourceBioRef, long sinkBioRef, 1052 SSLHandshakeCallbacks shc) throws IOException; 1053 1054 public static native int SSL_get_shutdown(long sslNativePointer); 1055 1056 public static native void SSL_free(long sslNativePointer); 1057 1058 public static native byte[] SSL_SESSION_session_id(long sslSessionNativePointer); 1059 1060 public static native long SSL_SESSION_get_time(long sslSessionNativePointer); 1061 1062 public static native String SSL_SESSION_get_version(long sslSessionNativePointer); 1063 1064 public static native String SSL_SESSION_cipher(long sslSessionNativePointer); 1065 1066 public static native String get_SSL_SESSION_tlsext_hostname(long sslSessionNativePointer); 1067 1068 public static native void SSL_SESSION_free(long sslSessionNativePointer); 1069 1070 public static native byte[] i2d_SSL_SESSION(long sslSessionNativePointer); 1071 1072 public static native long d2i_SSL_SESSION(byte[] data) throws IOException; 1073 1074 /** 1075 * A collection of callbacks from the native OpenSSL code that are 1076 * related to the SSL handshake initiated by SSL_do_handshake. 1077 */ 1078 public interface SSLHandshakeCallbacks { 1079 /** 1080 * Verify that we trust the certificate chain is trusted. 1081 * 1082 * @param certificateChainRefs chain of X.509 certificate references 1083 * @param authMethod auth algorithm name 1084 * 1085 * @throws CertificateException if the certificate is untrusted 1086 */ 1087 void verifyCertificateChain(long[] certificateChainRefs, String authMethod) 1088 throws CertificateException; 1089 1090 /** 1091 * Called on an SSL client when the server requests (or 1092 * requires a certificate). The client can respond by using 1093 * SSL_use_certificate and SSL_use_PrivateKey to set a 1094 * certificate if has an appropriate one available, similar to 1095 * how the server provides its certificate. 1096 * 1097 * @param keyTypes key types supported by the server, 1098 * convertible to strings with #keyType 1099 * @param asn1DerEncodedX500Principals CAs known to the server 1100 */ 1101 void clientCertificateRequested(byte[] keyTypes, byte[][] asn1DerEncodedX500Principals) 1102 throws CertificateEncodingException, SSLException; 1103 1104 /** 1105 * Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key 1106 * exchange. 1107 * 1108 * @param identityHint PSK identity hint provided by the server or {@code null} if no hint 1109 * provided. 1110 * @param identity buffer to be populated with PSK identity (NULL-terminated modified UTF-8) 1111 * by this method. This identity will be provided to the server. 1112 * @param key buffer to be populated with key material by this method. 1113 * 1114 * @return number of bytes this method stored in the {@code key} buffer or {@code 0} if an 1115 * error occurred in which case the handshake will be aborted. 1116 */ 1117 int clientPSKKeyRequested(String identityHint, byte[] identity, byte[] key); 1118 1119 /** 1120 * Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key 1121 * exchange. 1122 * 1123 * @param identityHint PSK identity hint provided by this server to the client or 1124 * {@code null} if no hint was provided. 1125 * @param identity PSK identity provided by the client. 1126 * @param key buffer to be populated with key material by this method. 1127 * 1128 * @return number of bytes this method stored in the {@code key} buffer or {@code 0} if an 1129 * error occurred in which case the handshake will be aborted. 1130 */ 1131 int serverPSKKeyRequested(String identityHint, String identity, byte[] key); 1132 1133 /** 1134 * Called when SSL state changes. This could be handshake completion. 1135 */ 1136 void onSSLStateChange(int type, int val); 1137 } 1138 1139 public static native long ERR_peek_last_error(); 1140 1141 public static native String SSL_CIPHER_get_kx_name(long cipherAddress); 1142 1143 public static native String[] get_cipher_names(String selection); 1144 1145 public static native byte[] get_ocsp_single_extension(byte[] ocspResponse, String oid, 1146 long x509Ref, long issuerX509Ref); 1147 1148 /** 1149 * Returns the starting address of the memory region referenced by the provided direct 1150 * {@link Buffer} or {@code 0} if the provided buffer is not direct or if such access to direct 1151 * buffers is not supported by the platform. 1152 * 1153 * <p>NOTE: This method ignores the buffer's current {@code position}. 1154 */ 1155 public static native long getDirectBufferAddress(Buffer buf); 1156 1157 public static native long SSL_BIO_new(long ssl) throws SSLException; 1158 1159 public static native int SSL_get_last_error_number(); 1160 1161 public static native int SSL_get_error(long ssl, int ret); 1162 1163 public static native String SSL_get_error_string(long errorNumber); 1164 1165 public static native void SSL_clear_error(); 1166 1167 public static native int SSL_pending_readable_bytes(long ssl); 1168 1169 public static native int SSL_pending_written_bytes_in_BIO(long bio); 1170 1171 public static native long SSL_get0_session(long ssl); 1172 1173 public static native long SSL_get1_session(long ssl); 1174 1175 /** 1176 * Returns the maximum overhead, in bytes, of sealing a record with SSL. 1177 */ 1178 public static native int SSL_max_seal_overhead(long ssl); 1179 1180 /** 1181 * Sets the list of supported ALPN protocols in wire-format (length-prefixed 8-bit strings). 1182 */ 1183 public static native void SSL_configure_alpn( 1184 long sslNativePointer, boolean clientMode, byte[] alpnProtocols) throws IOException; 1185 1186 /** 1187 * Variant of the {@link #SSL_do_handshake} used by {@link OpenSSLEngineImpl}. This version 1188 * does not lock and does no error preprocessing. 1189 */ 1190 public static native int ENGINE_SSL_do_handshake(long ssl, SSLHandshakeCallbacks shc); 1191 1192 /** 1193 * Variant of the {@link #SSL_read} for a direct {@link java.nio.ByteBuffer} used by {@link 1194 * OpenSSLEngineImpl}. This version does not lock or and does no error pre-processing. 1195 */ 1196 public static native int ENGINE_SSL_read_direct(long sslNativePointer, long address, int length, 1197 SSLHandshakeCallbacks shc) throws IOException; 1198 1199 /** 1200 * Variant of the {@link #SSL_read} for a heap {@link java.nio.ByteBuffer} used by {@link 1201 * OpenSSLEngineImpl}. This version does not lock or and does no error pre-processing. 1202 */ 1203 public static native int ENGINE_SSL_read_heap(long sslNativePointer, byte[] destJava, 1204 int destOffset, int destLength, SSLHandshakeCallbacks shc) throws IOException; 1205 1206 /** 1207 * Variant of the {@link #SSL_write} for a direct {@link java.nio.ByteBuffer} used by {@link 1208 * OpenSSLEngineImpl}. This version does not lock or and does no error pre-processing. 1209 */ 1210 public static native int ENGINE_SSL_write_direct(long sslNativePointer, long address, 1211 int length, SSLHandshakeCallbacks shc) throws IOException; 1212 1213 /** 1214 * Variant of the {@link #SSL_write} for a heap {@link java.nio.ByteBuffer} used by {@link 1215 * OpenSSLEngineImpl}. This version does not lock or and does no error pre-processing. 1216 */ 1217 public static native int ENGINE_SSL_write_heap(long sslNativePointer, byte[] sourceJava, 1218 int sourceOffset, int sourceLength, SSLHandshakeCallbacks shc) throws IOException; 1219 1220 /** 1221 * Writes data from the given direct {@link java.nio.ByteBuffer} to the BIO. 1222 */ 1223 public static native int ENGINE_SSL_write_BIO_direct(long sslRef, long bioRef, long pos, 1224 int length, SSLHandshakeCallbacks shc) throws IOException; 1225 1226 /** 1227 * Writes data from the given array to the BIO. 1228 */ 1229 public static native int ENGINE_SSL_write_BIO_heap(long sslRef, long bioRef, byte[] sourceJava, 1230 int sourceOffset, int sourceLength, SSLHandshakeCallbacks shc) throws IOException; 1231 1232 /** 1233 * Reads data from the given BIO into a direct {@link java.nio.ByteBuffer}. 1234 */ 1235 public static native int ENGINE_SSL_read_BIO_direct(long sslRef, long bioRef, long address, 1236 int len, SSLHandshakeCallbacks shc) throws IOException; 1237 1238 /** 1239 * Reads data from the given BIO into an array. 1240 */ 1241 public static native int ENGINE_SSL_read_BIO_heap(long sslRef, long bioRef, byte[] destJava, 1242 int destOffset, int destLength, SSLHandshakeCallbacks shc) throws IOException; 1243 1244 /** 1245 * Variant of the {@link #SSL_shutdown} used by {@link OpenSSLEngineImpl}. This version does not 1246 * lock. 1247 */ 1248 public static native void ENGINE_SSL_shutdown(long sslNativePointer, SSLHandshakeCallbacks shc) 1249 throws IOException; 1250 } 1251
