1 /*
2  * Copyright (C) 2010 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package libcore.java.security;
18 
19 import static org.junit.Assert.assertNotNull;
20 import static org.junit.Assert.assertTrue;
21 
22 import java.security.Security;
23 import java.security.spec.DSAPrivateKeySpec;
24 import java.security.spec.DSAPublicKeySpec;
25 import java.security.spec.ECPrivateKeySpec;
26 import java.security.spec.ECPublicKeySpec;
27 import java.security.spec.KeySpec;
28 import java.security.spec.RSAPrivateCrtKeySpec;
29 import java.security.spec.RSAPublicKeySpec;
30 import java.util.Arrays;
31 import java.util.HashMap;
32 import java.util.HashSet;
33 import java.util.List;
34 import java.util.Locale;
35 import java.util.Map;
36 import java.util.Set;
37 import javax.crypto.spec.DHPrivateKeySpec;
38 import javax.crypto.spec.DHPublicKeySpec;
39 
40 /**
41  * This class defines expected string names for protocols, key types,
42  * client and server auth types, cipher suites.
43  *
44  * Initially based on "Appendix A: Standard Names" of
45  * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA">
46  * Java &trade; Secure Socket Extension (JSSE) Reference Guide
47  * for the Java &trade; 2 Platform Standard Edition 5
48  * </a>.
49  *
50  * Updated based on the
51  * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html">
52  * Java &trade; Cryptography Architecture Oracle Providers Documentation
53  * for Java &trade; Platform Standard Edition 7
54  * </a>.
55  * See also the
56  * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html">
57  * Java &trade; Cryptography Architecture Standard Algorithm Name Documentation
58  * </a>.
59  *
60  * Further updates based on the
61  * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html">
62  * Java &trade; PKCS#11 Reference Guide
63  * </a>.
64  */
65 public final class StandardNames {
66 
67     public static final boolean IS_RI
68             = !"Dalvik Core Library".equals(System.getProperty("java.specification.name"));
69 
70     public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC";
71 
72     public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS";
73 
74     /**
75      * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation
76      */
77     private static final String CIPHER_SUITE_SECURE_RENEGOTIATION
78             = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
79 
80     /**
81      * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...)
82      */
83     static final Map<String,Set<String>> PROVIDER_ALGORITHMS
84             = new HashMap<>();
85 
86     private static final Map<String,Set<String>> CIPHER_MODES
87             = new HashMap<>();
88 
89     private static final Map<String,Set<String>> CIPHER_PADDINGS
90             = new HashMap<>();
91 
provide(String type, String algorithm)92     private static void provide(String type, String algorithm) {
93         Set<String> algorithms = PROVIDER_ALGORITHMS.get(type);
94         if (algorithms == null) {
95             algorithms = new HashSet<>();
96             PROVIDER_ALGORITHMS.put(type, algorithms);
97         }
98         assertTrue("Duplicate " + type + " " + algorithm,
99                    algorithms.add(algorithm.toUpperCase(Locale.ROOT)));
100     }
unprovide(String type, String algorithm)101     private static void unprovide(String type, String algorithm) {
102         Set<String> algorithms = PROVIDER_ALGORITHMS.get(type);
103         assertNotNull(algorithms);
104         assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT)));
105         if (algorithms.isEmpty()) {
106             assertNotNull(PROVIDER_ALGORITHMS.remove(type));
107         }
108     }
provideCipherModes(String algorithm, String newModes[])109     private static void provideCipherModes(String algorithm, String newModes[]) {
110         Set<String> modes = CIPHER_MODES.get(algorithm);
111         if (modes == null) {
112             modes = new HashSet<>();
113             CIPHER_MODES.put(algorithm, modes);
114         }
115         modes.addAll(Arrays.asList(newModes));
116     }
provideCipherPaddings(String algorithm, String newPaddings[])117     private static void provideCipherPaddings(String algorithm, String newPaddings[]) {
118         Set<String> paddings = CIPHER_PADDINGS.get(algorithm);
119         if (paddings == null) {
120             paddings = new HashSet<>();
121             CIPHER_PADDINGS.put(algorithm, paddings);
122         }
123         paddings.addAll(Arrays.asList(newPaddings));
124     }
125     static {
126         provide("AlgorithmParameterGenerator", "DSA");
127         provide("AlgorithmParameterGenerator", "DiffieHellman");
128         provide("AlgorithmParameters", "AES");
129         provide("AlgorithmParameters", "Blowfish");
130         provide("AlgorithmParameters", "DES");
131         provide("AlgorithmParameters", "DESede");
132         provide("AlgorithmParameters", "DSA");
133         provide("AlgorithmParameters", "DiffieHellman");
134         provide("AlgorithmParameters", "GCM");
135         provide("AlgorithmParameters", "OAEP");
136         provide("AlgorithmParameters", "PBEWithMD5AndDES");
137         provide("AlgorithmParameters", "PBEWithMD5AndTripleDES");
138         provide("AlgorithmParameters", "PBEWithSHA1AndDESede");
139         provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40");
140         provide("AlgorithmParameters", "PSS");
141         provide("AlgorithmParameters", "RC2");
142         provide("AlgorithmParameters", "PBEWITHHMACSHA1ANDAES_128");
143         provide("AlgorithmParameters", "PBEWITHHMACSHA1ANDAES_256");
144         provide("AlgorithmParameters", "PBEWITHHMACSHA224ANDAES_128");
145         provide("AlgorithmParameters", "PBEWITHHMACSHA224ANDAES_256");
146         provide("AlgorithmParameters", "PBEWITHHMACSHA256ANDAES_128");
147         provide("AlgorithmParameters", "PBEWITHHMACSHA256ANDAES_256");
148         provide("AlgorithmParameters", "PBEWITHHMACSHA384ANDAES_128");
149         provide("AlgorithmParameters", "PBEWITHHMACSHA384ANDAES_256");
150         provide("AlgorithmParameters", "PBEWITHHMACSHA512ANDAES_128");
151         provide("AlgorithmParameters", "PBEWITHHMACSHA512ANDAES_256");
152         provide("SecretKeyFactory", "PBEWITHHMACSHA1ANDAES_128");
153         provide("SecretKeyFactory", "PBEWITHHMACSHA1ANDAES_256");
154         provide("SecretKeyFactory", "PBEWITHHMACSHA224ANDAES_128");
155         provide("SecretKeyFactory", "PBEWITHHMACSHA224ANDAES_256");
156         provide("SecretKeyFactory", "PBEWITHHMACSHA256ANDAES_128");
157         provide("SecretKeyFactory", "PBEWITHHMACSHA256ANDAES_256");
158         provide("SecretKeyFactory", "PBEWITHHMACSHA384ANDAES_128");
159         provide("SecretKeyFactory", "PBEWITHHMACSHA384ANDAES_256");
160         provide("SecretKeyFactory", "PBEWITHHMACSHA512ANDAES_128");
161         provide("SecretKeyFactory", "PBEWITHHMACSHA512ANDAES_256");
162         provide("CertPathBuilder", "PKIX");
163         provide("CertPathValidator", "PKIX");
164         provide("CertStore", "Collection");
165         provide("CertStore", "LDAP");
166         provide("CertificateFactory", "X.509");
167         // TODO: provideCipherModes and provideCipherPaddings for other Ciphers
168         provide("Cipher", "AES");
169         provideCipherModes("AES", new String[] { "CBC", "CFB", "CTR", "CTS", "ECB", "OFB" });
170         provideCipherPaddings("AES", new String[] { "NoPadding", "PKCS5Padding" });
171         provide("Cipher", "AESWrap");
172         provide("Cipher", "ARCFOUR");
173         provide("Cipher", "Blowfish");
174         provide("Cipher", "DES");
175         provide("Cipher", "DESede");
176         provide("Cipher", "DESedeWrap");
177         provide("Cipher", "PBEWithMD5AndDES");
178         provide("Cipher", "PBEWithMD5AndTripleDES");
179         provide("Cipher", "PBEWithSHA1AndDESede");
180         provide("Cipher", "PBEWithSHA1AndRC2_40");
181         provide("Cipher", "RC2");
182         provide("Cipher", "RSA");
183         // TODO: None?
184         provideCipherModes("RSA", new String[] { "ECB" });
185         // TODO: OAEPPadding
186         provideCipherPaddings("RSA", new String[] { "NoPadding", "PKCS1Padding" });
187         provide("Configuration", "JavaLoginConfig");
188         provide("KeyAgreement", "DiffieHellman");
189         provide("KeyFactory", "DSA");
190         provide("KeyFactory", "DiffieHellman");
191         provide("KeyFactory", "RSA");
192         provide("KeyGenerator", "AES");
193         provide("KeyGenerator", "ARCFOUR");
194         provide("KeyGenerator", "Blowfish");
195         provide("KeyGenerator", "DES");
196         provide("KeyGenerator", "DESede");
197         provide("KeyGenerator", "HmacMD5");
198         provide("KeyGenerator", "HmacSHA1");
199         provide("KeyGenerator", "HmacSHA224");
200         provide("KeyGenerator", "HmacSHA256");
201         provide("KeyGenerator", "HmacSHA384");
202         provide("KeyGenerator", "HmacSHA512");
203         provide("KeyGenerator", "RC2");
204         provide("KeyInfoFactory", "DOM");
205         provide("KeyManagerFactory", "PKIX");
206         provide("KeyPairGenerator", "DSA");
207         provide("KeyPairGenerator", "DiffieHellman");
208         provide("KeyPairGenerator", "RSA");
209         provide("KeyStore", "JCEKS");
210         provide("KeyStore", "JKS");
211         provide("KeyStore", "PKCS12");
212         provide("Mac", "HmacMD5");
213         provide("Mac", "HmacSHA1");
214         provide("Mac", "HmacSHA224");
215         provide("Mac", "HmacSHA256");
216         provide("Mac", "HmacSHA384");
217         provide("Mac", "HmacSHA512");
218         provide("Mac", "PBEWITHHMACSHA224");
219         provide("Mac", "PBEWITHHMACSHA256");
220         provide("Mac", "PBEWITHHMACSHA384");
221         provide("Mac", "PBEWITHHMACSHA512");
222         // If adding a new MessageDigest, consider adding it to JarVerifier
223         provide("MessageDigest", "MD2");
224         provide("MessageDigest", "MD5");
225         provide("MessageDigest", "SHA-224");
226         provide("MessageDigest", "SHA-256");
227         provide("MessageDigest", "SHA-384");
228         provide("MessageDigest", "SHA-512");
229         provide("Policy", "JavaPolicy");
230         // Android does not support SSLv3
231         if (IS_RI) {
232             provide("SSLContext", "SSLv3");
233         }
234         provide("SSLContext", "TLSv1");
235         provide("SSLContext", "TLSv1.1");
236         provide("SSLContext", "TLSv1.2");
237         provide("SSLContext", "TLSv1.3");
238         provide("SecretKeyFactory", "DES");
239         provide("SecretKeyFactory", "DESede");
240         provide("SecretKeyFactory", "PBEWithMD5AndDES");
241         provide("SecretKeyFactory", "PBEWithMD5AndTripleDES");
242         provide("SecretKeyFactory", "PBEWithSHA1AndDESede");
243         provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40");
244         provide("SecretKeyFactory", "PBKDF2WithHmacSHA1");
245         provide("SecretKeyFactory", "PBKDF2WithHmacSHA224");
246         provide("SecretKeyFactory", "PBKDF2WithHmacSHA256");
247         provide("SecretKeyFactory", "PBKDF2WithHmacSHA384");
248         provide("SecretKeyFactory", "PBKDF2WithHmacSHA512");
249         provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit");
250         provide("SecureRandom", "SHA1PRNG");
251         provide("Signature", "MD2withRSA");
252         provide("Signature", "MD5withRSA");
253         provide("Signature", "NONEwithDSA");
254         provide("Signature", "SHA1withDSA");
255         provide("Signature", "SHA224withDSA");
256         provide("Signature", "SHA256withDSA");
257         provide("Signature", "SHA1withRSA");
258         provide("Signature", "SHA224withRSA");
259         provide("Signature", "SHA256withRSA");
260         provide("Signature", "SHA384withRSA");
261         provide("Signature", "SHA512withRSA");
262         provide("TerminalFactory", "PC/SC");
263         provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64");
264         provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature");
265         provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#");
266         provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
267         provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2");
268         provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116");
269         provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116");
270         provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
271         provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
272         provide("TrustManagerFactory", "PKIX");
273         provide("XMLSignatureFactory", "DOM");
274 
275         // Not clearly documented by RI
276         provide("GssApiMechanism", "1.2.840.113554.1.2.2");
277         provide("GssApiMechanism", "1.3.6.1.5.5.2");
278 
279         // Not correctly documented by RI which left off the Factory suffix
280         provide("SaslClientFactory", "CRAM-MD5");
281         provide("SaslClientFactory", "DIGEST-MD5");
282         provide("SaslClientFactory", "EXTERNAL");
283         provide("SaslClientFactory", "GSSAPI");
284         provide("SaslClientFactory", "PLAIN");
285         provide("SaslServerFactory", "CRAM-MD5");
286         provide("SaslServerFactory", "DIGEST-MD5");
287         provide("SaslServerFactory", "GSSAPI");
288 
289         // Documentation seems to list alias instead of actual name
290         // provide("MessageDigest", "SHA-1");
291         provide("MessageDigest", "SHA");
292 
293         // Mentioned in javadoc, not documentation
294         provide("SSLContext", "Default");
295 
296         // Not documented as in RI 6 but mentioned in Standard Names
297         provide("AlgorithmParameters", "PBE");
298         provide("SSLContext", "SSL");
299         provide("SSLContext", "TLS");
300 
301         // Not documented as in RI 6 but that exist in RI 6
302         if (IS_RI) {
303             provide("CertStore", "com.sun.security.IndexedCollection");
304             provide("KeyGenerator", "SunTlsKeyMaterial");
305             provide("KeyGenerator", "SunTlsMasterSecret");
306             provide("KeyGenerator", "SunTlsPrf");
307             provide("KeyGenerator", "SunTlsRsaPremasterSecret");
308             provide("KeyStore", "CaseExactJKS");
309             provide("Mac", "HmacPBESHA1");
310             provide("Mac", "SslMacMD5");
311             provide("Mac", "SslMacSHA1");
312             provide("SecureRandom", "NativePRNG");
313             provide("Signature", "MD5andSHA1withRSA");
314             provide("TrustManagerFactory", "SunX509");
315         }
316 
317         // Only available with the SunPKCS11-NSS provider,
318         // which seems to be enabled in OpenJDK 6 but not Oracle Java 6
319         if (Security.getProvider("SunPKCS11-NSS") != null) {
320             provide("Cipher", "AES/CBC/NOPADDING");
321             provide("Cipher", "DES/CBC/NOPADDING");
322             provide("Cipher", "DESEDE/CBC/NOPADDING");
323             provide("Cipher", "RSA/ECB/PKCS1PADDING");
324             provide("KeyAgreement", "DH");
325             provide("KeyFactory", "DH");
326             provide("KeyPairGenerator", "DH");
327             provide("KeyStore", "PKCS11");
328             provide("MessageDigest", "SHA1");
329             provide("SecretKeyFactory", "AES");
330             provide("SecretKeyFactory", "ARCFOUR");
331             provide("SecureRandom", "PKCS11");
332             provide("Signature", "DSA");
333             provide("Signature", "RAWDSA");
334         }
335 
336         if (Security.getProvider("SunPKCS11-NSS") != null ||
337                 Security.getProvider("SunEC") != null) {
338             provide("AlgorithmParameters", "EC");
339             provide("KeyAgreement", "ECDH");
340             provide("KeyFactory", "EC");
341             provide("KeyPairGenerator", "EC");
342             provide("Signature", "NONEWITHECDSA");
343             provide("Signature", "SHA1WITHECDSA");
344             provide("Signature", "SHA224WITHECDSA");
345             provide("Signature", "SHA256WITHECDSA");
346             provide("Signature", "SHA384WITHECDSA");
347             provide("Signature", "SHA512WITHECDSA");
348         }
349 
350         // Documented as Standard Names, but do not exit in RI 6
351         if (IS_RI) {
352             unprovide("SSLContext", "TLSv1.1");
353             unprovide("SSLContext", "TLSv1.2");
354         }
355 
356         // Fixups for the RI
357         if (IS_RI) {
358             // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or NewSunX509
359             unprovide("KeyManagerFactory", "PKIX");
360             provide("KeyManagerFactory", "SunX509");
361             provide("KeyManagerFactory", "NewSunX509");
362         }
363 
364         // Fixups for dalvik
365         if (!IS_RI) {
366 
367             // whole types that we do not provide
368             PROVIDER_ALGORITHMS.remove("Configuration");
369             PROVIDER_ALGORITHMS.remove("GssApiMechanism");
370             PROVIDER_ALGORITHMS.remove("KeyInfoFactory");
371             PROVIDER_ALGORITHMS.remove("Policy");
372             PROVIDER_ALGORITHMS.remove("SaslClientFactory");
373             PROVIDER_ALGORITHMS.remove("SaslServerFactory");
374             PROVIDER_ALGORITHMS.remove("TerminalFactory");
375             PROVIDER_ALGORITHMS.remove("TransformService");
376             PROVIDER_ALGORITHMS.remove("XMLSignatureFactory");
377 
378             // different names Diffie-Hellman vs DH
379             unprovide("AlgorithmParameterGenerator", "DiffieHellman");
380             provide("AlgorithmParameterGenerator", "DH");
381             unprovide("AlgorithmParameters", "DiffieHellman");
382             provide("AlgorithmParameters", "DH");
383             unprovide("KeyAgreement", "DiffieHellman");
384             provide("KeyAgreement", "DH");
385             unprovide("KeyFactory", "DiffieHellman");
386             provide("KeyFactory", "DH");
387             unprovide("KeyPairGenerator", "DiffieHellman");
388             provide("KeyPairGenerator", "DH");
389 
390             // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC
391             unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede");
392             unprovide("Cipher", "PBEWithSHA1AndDESede");
393             unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede");
394             provide("AlgorithmParameters", "PKCS12PBE");
395             provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC");
396             provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC");
397 
398             // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA
399             unprovide("MessageDigest", "SHA");
400             provide("MessageDigest", "SHA-1");
401 
402             // Added to support Android KeyStore operations
403             provide("Signature", "NONEwithRSA");
404             provide("Cipher", "RSA/ECB/NOPADDING");
405             provide("Cipher", "RSA/ECB/PKCS1PADDING");
406             provide("Cipher", "RSA/ECB/OAEPPadding");
407             provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
408             provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding");
409             provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
410             provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding");
411             provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
412             provide("SecretKeyFactory", "AES");
413             provide("SecretKeyFactory", "HmacSHA1");
414             provide("SecretKeyFactory", "HmacSHA224");
415             provide("SecretKeyFactory", "HmacSHA256");
416             provide("SecretKeyFactory", "HmacSHA384");
417             provide("SecretKeyFactory", "HmacSHA512");
418             provide("Signature", "SHA1withRSA/PSS");
419             provide("Signature", "SHA224withRSA/PSS");
420             provide("Signature", "SHA256withRSA/PSS");
421             provide("Signature", "SHA384withRSA/PSS");
422             provide("Signature", "SHA512withRSA/PSS");
423 
424             // different names: ARCFOUR vs ARC4
425             unprovide("Cipher", "ARCFOUR");
426             provide("Cipher", "ARC4");
427             unprovide("KeyGenerator", "ARCFOUR");
428             provide("KeyGenerator", "ARC4");
429 
430             // different case names: Blowfish vs BLOWFISH
431             unprovide("AlgorithmParameters", "Blowfish");
432             provide("AlgorithmParameters", "BLOWFISH");
433             unprovide("Cipher", "Blowfish");
434             provide("Cipher", "BLOWFISH");
435             unprovide("KeyGenerator", "Blowfish");
436             provide("KeyGenerator", "BLOWFISH");
437 
438             // Harmony has X.509, BouncyCastle X509
439             // TODO remove one, probably Harmony's
440             provide("CertificateFactory", "X509");
441 
442             // not just different names, but different binary formats
443             unprovide("KeyStore", "JKS");
444             provide("KeyStore", "BKS");
445             unprovide("KeyStore", "JCEKS");
446             provide("KeyStore", "BouncyCastle");
447 
448             // Noise to support KeyStore.PKCS12
449             provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL");
450             provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL");
451             provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL");
452             provide("Cipher", "PBEWITHMD5ANDRC2");
453             provide("Cipher", "PBEWITHSHA1ANDDES");
454             provide("Cipher", "PBEWITHSHA1ANDRC2");
455             provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC");
456             provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC");
457             provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC");
458             provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC");
459             provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC");
460             provide("Cipher", "PBEWITHSHAAND128BITRC4");
461             provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC");
462             provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
463             provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC");
464             provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC");
465             provide("Cipher", "PBEWITHSHAAND40BITRC4");
466             provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC");
467             provide("Cipher", "PBEWithHmacSHA1AndAES_128");
468             provide("Cipher", "PBEWithHmacSHA224AndAES_128");
469             provide("Cipher", "PBEWithHmacSHA256AndAES_128");
470             provide("Cipher", "PBEWithHmacSHA384AndAES_128");
471             provide("Cipher", "PBEWithHmacSHA512AndAES_128");
472             provide("Cipher", "PBEWithHmacSHA1AndAES_256");
473             provide("Cipher", "PBEWithHmacSHA224AndAES_256");
474             provide("Cipher", "PBEWithHmacSHA256AndAES_256");
475             provide("Cipher", "PBEWithHmacSHA384AndAES_256");
476             provide("Cipher", "PBEWithHmacSHA512AndAES_256");
477             provide("Mac", "PBEWITHHMACSHA");
478             provide("Mac", "PBEWITHHMACSHA1");
479             provide("SecretKeyFactory", "PBEWITHHMACSHA1");
480             provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL");
481             provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL");
482             provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL");
483             provide("SecretKeyFactory", "PBEWITHMD5ANDRC2");
484             provide("SecretKeyFactory", "PBEWITHSHA1ANDDES");
485             provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2");
486             provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC");
487             provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC");
488             provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC");
489             provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC");
490             provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC");
491             provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4");
492             provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC");
493             provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
494             provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC");
495             provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC");
496             provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4");
497             provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC");
498 
499             // Needed by our OpenSSL provider
500             provide("Cipher", "AES/CBC/NOPADDING");
501             provide("Cipher", "AES/CBC/PKCS5PADDING");
502             provide("Cipher", "AES/CBC/PKCS7PADDING");
503             provide("Cipher", "AES/CFB/NOPADDING");
504             provide("Cipher", "AES/CFB/PKCS5PADDING");
505             provide("Cipher", "AES/CFB/PKCS7PADDING");
506             provide("Cipher", "AES/CTR/NOPADDING");
507             provide("Cipher", "AES/CTR/PKCS5PADDING");
508             provide("Cipher", "AES/CTR/PKCS7PADDING");
509             provide("Cipher", "AES/ECB/NOPADDING");
510             provide("Cipher", "AES/ECB/PKCS5PADDING");
511             provide("Cipher", "AES/ECB/PKCS7PADDING");
512             provide("Cipher", "AES/GCM/NOPADDING");
513             provide("Cipher", "AES/GCM-SIV/NOPADDING");
514             provide("Cipher", "AES/OFB/NOPADDING");
515             provide("Cipher", "AES/OFB/PKCS5PADDING");
516             provide("Cipher", "AES/OFB/PKCS7PADDING");
517             provide("Cipher", "AES_128/CBC/NOPADDING");
518             provide("Cipher", "AES_128/CBC/PKCS5PADDING");
519             provide("Cipher", "AES_128/CBC/PKCS7PADDING");
520             provide("Cipher", "AES_128/ECB/NOPADDING");
521             provide("Cipher", "AES_128/ECB/PKCS5PADDING");
522             provide("Cipher", "AES_128/ECB/PKCS7PADDING");
523             provide("Cipher", "AES_128/GCM/NOPADDING");
524             provide("Cipher", "AES_128/GCM-SIV/NOPADDING");
525             provide("Cipher", "AES_256/CBC/NOPADDING");
526             provide("Cipher", "AES_256/CBC/PKCS5PADDING");
527             provide("Cipher", "AES_256/CBC/PKCS7PADDING");
528             provide("Cipher", "AES_256/ECB/NOPADDING");
529             provide("Cipher", "AES_256/ECB/PKCS5PADDING");
530             provide("Cipher", "AES_256/ECB/PKCS7PADDING");
531             provide("Cipher", "AES_256/GCM/NOPADDING");
532             provide("Cipher", "AES_256/GCM-SIV/NOPADDING");
533             provide("Cipher", "DESEDE/CBC/NOPADDING");
534             provide("Cipher", "DESEDE/CBC/PKCS5PADDING");
535             provide("Cipher", "DESEDE/CBC/PKCS7PADDING");
536             provide("Cipher", "DESEDE/CFB/NOPADDING");
537             provide("Cipher", "DESEDE/CFB/PKCS5PADDING");
538             provide("Cipher", "DESEDE/CFB/PKCS7PADDING");
539             provide("Cipher", "DESEDE/ECB/NOPADDING");
540             provide("Cipher", "DESEDE/ECB/PKCS5PADDING");
541             provide("Cipher", "DESEDE/ECB/PKCS7PADDING");
542             provide("Cipher", "DESEDE/OFB/NOPADDING");
543             provide("Cipher", "DESEDE/OFB/PKCS5PADDING");
544             provide("Cipher", "DESEDE/OFB/PKCS7PADDING");
545 
546             // Provided by our OpenSSL provider
547             provide("AlgorithmParameters", "ChaCha20");
548             provide("Cipher", "ChaCha20");
549             provide("Cipher", "ChaCha20/Poly1305/NoPadding");
550             provide("KeyGenerator", "ChaCha20");
551             provideCipherPaddings("AES", new String[] { "PKCS7Padding" });
552 
553             // removed LDAP
554             unprovide("CertStore", "LDAP");
555 
556             // removed MD2
557             unprovide("MessageDigest", "MD2");
558             unprovide("Signature", "MD2withRSA");
559 
560             // removed RC2
561             // NOTE the implementation remains to support PKCS12 keystores
562             unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40");
563             unprovide("AlgorithmParameters", "RC2");
564             unprovide("Cipher", "PBEWithSHA1AndRC2_40");
565             unprovide("Cipher", "RC2");
566             unprovide("KeyGenerator", "RC2");
567             unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40");
568 
569             // PBEWithMD5AndTripleDES is Sun proprietary
570             unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES");
571             unprovide("Cipher", "PBEWithMD5AndTripleDES");
572             unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES");
573 
574             // missing from Bouncy Castle
575             // Standard Names document says to use specific PBEWith*And*
576             unprovide("AlgorithmParameters", "PBE");
577 
578             // missing from Bouncy Castle
579             // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters
580             // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead
581             unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3
582 
583             // EC support
584             provide("AlgorithmParameters", "EC");
585             provide("KeyAgreement", "ECDH");
586             provide("KeyFactory", "EC");
587             provide("KeyPairGenerator", "EC");
588             provide("Signature", "NONEWITHECDSA");
589             provide("Signature", "SHA1WITHECDSA");
590             provide("Signature", "SHA224WITHECDSA");
591             provide("Signature", "SHA256WITHECDSA");
592             provide("Signature", "SHA384WITHECDSA");
593             provide("Signature", "SHA512WITHECDSA");
594 
595             // Android's CA store
596             provide("KeyStore", "AndroidCAStore");
597 
598             // Android's KeyStore provider
599             if (Security.getProvider("AndroidKeyStore") != null) {
600                 provide("KeyStore", "AndroidKeyStore");
601             }
602 
603             // TimaKeyStore provider
604             if (Security.getProvider("TimaKeyStore") != null) {
605                 provide("KeyStore", "TimaKeyStore");
606             }
607             // KnoxAndroidKeyStore provider
608             if (Security.getProvider("KnoxAndroidKeyStore") != null) {
609                 provide("KeyStore", "KnoxAndroidKeyStore");
610             }
611 
612             // Elliptic curve Diffie-Hellman
613             provide("KeyAgreement", "XDH");
614             provide("KeyFactory", "XDH");
615             provide("KeyPairGenerator", "XDH");
616 
617             // AES-CMAC Mac
618             provide("Mac", "AESCMAC");
619         }
620     }
621 
622     public static final Set<String> KEY_TYPES = new HashSet<>(Arrays.asList(
623             "RSA",
624             "DSA",
625             "DH_RSA",
626             "DH_DSA",
627             "EC",
628             "EC_EC",
629             "EC_RSA"));
630     static {
631         if (IS_RI) {
632             // DH_* are specified by standard names, but do not seem to be supported by RI
633             KEY_TYPES.remove("DH_RSA");
634             KEY_TYPES.remove("DH_DSA");
635         }
636     }
637 
638     /**
639      * Valid values for X509TrustManager.checkClientTrusted authType,
640      * either the algorithm of the public key or UNKNOWN.
641      */
642     public static final Set<String> CLIENT_AUTH_TYPES = new HashSet<>(Arrays.asList(
643             "RSA",
644             "DSA",
645             "EC",
646             "UNKNOWN"));
647 
648     /**
649      * Valid values for X509TrustManager.checkServerTrusted authType,
650      * either key exchange algorithm part of the cipher suite, UNKNOWN,
651      * or GENERIC (for TLS 1.3 cipher suites that don't imply a specific
652      * key exchange method).
653      */
654     public static final Set<String> SERVER_AUTH_TYPES = new HashSet<>(Arrays.asList(
655             "DHE_DSS",
656             "DHE_DSS_EXPORT",
657             "DHE_RSA",
658             "DHE_RSA_EXPORT",
659             "DH_DSS_EXPORT",
660             "DH_RSA_EXPORT",
661             "DH_anon",
662             "DH_anon_EXPORT",
663             "KRB5",
664             "KRB5_EXPORT",
665             "RSA",
666             "RSA_EXPORT",
667             "RSA_EXPORT1024",
668             "ECDH_ECDSA",
669             "ECDH_RSA",
670             "ECDHE_ECDSA",
671             "ECDHE_RSA",
672             "UNKNOWN",
673             "GENERIC"));
674 
675     /**
676      * Cipher suites that are only supported with TLS 1.3.
677      */
678     public static final List<String> CIPHER_SUITES_TLS13 = Arrays.asList(
679             "TLS_AES_128_GCM_SHA256",
680             "TLS_AES_256_GCM_SHA384",
681             "TLS_CHACHA20_POLY1305_SHA256");
682 
683     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
684     // javax.net.ssl.SSLEngine.
685     private static final List<String> CIPHER_SUITES_ANDROID_AES_HARDWARE = Arrays.asList(
686             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
687             "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
688             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
689             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
690             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
691             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
692             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
693             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
694             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
695             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
696             "TLS_RSA_WITH_AES_128_GCM_SHA256",
697             "TLS_RSA_WITH_AES_256_GCM_SHA384",
698             "TLS_RSA_WITH_AES_128_CBC_SHA",
699             "TLS_RSA_WITH_AES_256_CBC_SHA",
700             CIPHER_SUITE_SECURE_RENEGOTIATION
701     );
702 
703     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
704     // javax.net.ssl.SSLEngine.
705     private static final List<String> CIPHER_SUITES_ANDROID_SOFTWARE = Arrays.asList(
706             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
707             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
708             "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
709             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
710             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
711             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
712             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
713             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
714             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
715             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
716             "TLS_RSA_WITH_AES_128_GCM_SHA256",
717             "TLS_RSA_WITH_AES_256_GCM_SHA384",
718             "TLS_RSA_WITH_AES_128_CBC_SHA",
719             "TLS_RSA_WITH_AES_256_CBC_SHA",
720             CIPHER_SUITE_SECURE_RENEGOTIATION
721     );
722 
723     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
724     // javax.net.ssl.SSLEngine.
725     public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI)
726             ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
727                             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
728                             "TLS_RSA_WITH_AES_256_CBC_SHA256",
729                             "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
730                             "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
731                             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
732                             "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
733                             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
734                             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
735                             "TLS_RSA_WITH_AES_256_CBC_SHA",
736                             "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
737                             "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
738                             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
739                             "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
740                             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
741                             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
742                             "TLS_RSA_WITH_AES_128_CBC_SHA256",
743                             "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
744                             "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
745                             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
746                             "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
747                             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
748                             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
749                             "TLS_RSA_WITH_AES_128_CBC_SHA",
750                             "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
751                             "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
752                             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
753                             "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
754                             "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
755                             "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
756                             "SSL_RSA_WITH_RC4_128_SHA",
757                             "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
758                             "TLS_ECDH_RSA_WITH_RC4_128_SHA",
759                             "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
760                             "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
761                             "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
762                             "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
763                             "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
764                             "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
765                             "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
766                             "SSL_RSA_WITH_RC4_128_MD5",
767                             "TLS_EMPTY_RENEGOTIATION_INFO_SCSV")
768             : CpuFeatures.isAesHardwareAccelerated() ? CIPHER_SUITES_ANDROID_AES_HARDWARE
769                     : CIPHER_SUITES_ANDROID_SOFTWARE;
770 
771     private static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES;
772     private static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES;
773     private static final Map<String, Integer> MINIMUM_KEY_SIZE;
774     static {
775         PRIVATE_KEY_SPEC_CLASSES = new HashMap<>();
776         PUBLIC_KEY_SPEC_CLASSES = new HashMap<>();
777         MINIMUM_KEY_SIZE = new HashMap<>();
778         PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class);
779         PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class);
780         MINIMUM_KEY_SIZE.put("RSA", 512);
781         PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class);
782         PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class);
783         MINIMUM_KEY_SIZE.put("DSA", 512);
784         PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class);
785         PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class);
786         MINIMUM_KEY_SIZE.put("DH", 256);
787         PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class);
788         PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class);
789         MINIMUM_KEY_SIZE.put("EC", 256);
790     }
791 
getPrivateKeySpecClass(String algName)792     public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) {
793         return PRIVATE_KEY_SPEC_CLASSES.get(algName);
794     }
795 
getPublicKeySpecClass(String algName)796     public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) {
797         return PUBLIC_KEY_SPEC_CLASSES.get(algName);
798     }
799 
getMinimumKeySize(String algName)800     public static int getMinimumKeySize(String algName) {
801         return MINIMUM_KEY_SIZE.get(algName);
802     }
803 
804 }
805