1 /*
2  * Copyright (C) 2010 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package libcore.java.security;
18 
19 import static org.junit.Assert.assertNotNull;
20 import static org.junit.Assert.assertTrue;
21 
22 import java.security.Provider;
23 import java.security.Security;
24 import java.security.spec.DSAPrivateKeySpec;
25 import java.security.spec.DSAPublicKeySpec;
26 import java.security.spec.ECPrivateKeySpec;
27 import java.security.spec.ECPublicKeySpec;
28 import java.security.spec.KeySpec;
29 import java.security.spec.RSAPrivateCrtKeySpec;
30 import java.security.spec.RSAPublicKeySpec;
31 import java.util.Arrays;
32 import java.util.HashMap;
33 import java.util.HashSet;
34 import java.util.List;
35 import java.util.Locale;
36 import java.util.Map;
37 import java.util.Set;
38 import javax.crypto.spec.DHPrivateKeySpec;
39 import javax.crypto.spec.DHPublicKeySpec;
40 
41 /**
42  * This class defines expected string names for protocols, key types,
43  * client and server auth types, cipher suites.
44  *
45  * Initially based on "Appendix A: Standard Names" of
46  * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA">
47  * Java &trade; Secure Socket Extension (JSSE) Reference Guide
48  * for the Java &trade; 2 Platform Standard Edition 5
49  * </a>.
50  *
51  * Updated based on the
52  * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html">
53  * Java &trade; Cryptography Architecture Oracle Providers Documentation
54  * for Java &trade; Platform Standard Edition 7
55  * </a>.
56  * See also the
57  * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html">
58  * Java &trade; Cryptography Architecture Standard Algorithm Name Documentation
59  * </a>.
60  *
61  * Further updates based on the
62  * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html">
63  * Java &trade; PKCS#11 Reference Guide
64  * </a>.
65  */
66 public final class StandardNames {
67 
68     public static final boolean IS_RI
69             = !"Dalvik Core Library".equals(System.getProperty("java.specification.name"));
70 
71     public static final String JSSE_PROVIDER_NAME = (IS_RI) ? "SunJSSE" : "AndroidOpenSSL";
72     public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC";
73 
74     public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS";
75 
76     /**
77      * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation
78      */
79     private static final String CIPHER_SUITE_SECURE_RENEGOTIATION
80             = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
81 
82     /**
83      * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...)
84      */
85     static final Map<String,Set<String>> PROVIDER_ALGORITHMS
86             = new HashMap<>();
87 
88     private static final Map<String,Set<String>> CIPHER_MODES
89             = new HashMap<>();
90 
91     private static final Map<String,Set<String>> CIPHER_PADDINGS
92             = new HashMap<>();
93 
provide(String type, String algorithm)94     private static void provide(String type, String algorithm) {
95         Set<String> algorithms = PROVIDER_ALGORITHMS.get(type);
96         if (algorithms == null) {
97             algorithms = new HashSet<>();
98             PROVIDER_ALGORITHMS.put(type, algorithms);
99         }
100         assertTrue("Duplicate " + type + " " + algorithm,
101                    algorithms.add(algorithm.toUpperCase(Locale.ROOT)));
102     }
103     // Only add to PROVIDER_ALGORITHMS if actually present
provideOptional(String type, String algorithm)104     private static void provideOptional(String type, String algorithm) {
105         for (Provider p : Security.getProviders()) {
106             if (p.getService(type, algorithm) != null) {
107                 provide(type, algorithm);
108                 return;
109             }
110         }
111     }
unprovide(String type, String algorithm)112     private static void unprovide(String type, String algorithm) {
113         Set<String> algorithms = PROVIDER_ALGORITHMS.get(type);
114         assertNotNull(algorithms);
115         assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT)));
116         if (algorithms.isEmpty()) {
117             assertNotNull(PROVIDER_ALGORITHMS.remove(type));
118         }
119     }
provideCipherModes(String algorithm, String newModes[])120     private static void provideCipherModes(String algorithm, String newModes[]) {
121         Set<String> modes = CIPHER_MODES.get(algorithm);
122         if (modes == null) {
123             modes = new HashSet<>();
124             CIPHER_MODES.put(algorithm, modes);
125         }
126         modes.addAll(Arrays.asList(newModes));
127     }
provideCipherPaddings(String algorithm, String newPaddings[])128     private static void provideCipherPaddings(String algorithm, String newPaddings[]) {
129         Set<String> paddings = CIPHER_PADDINGS.get(algorithm);
130         if (paddings == null) {
131             paddings = new HashSet<>();
132             CIPHER_PADDINGS.put(algorithm, paddings);
133         }
134         paddings.addAll(Arrays.asList(newPaddings));
135     }
136     static {
137         provide("AlgorithmParameterGenerator", "DSA");
138         provide("AlgorithmParameterGenerator", "DiffieHellman");
139         provide("AlgorithmParameters", "AES");
140         provide("AlgorithmParameters", "Blowfish");
141         provide("AlgorithmParameters", "DES");
142         provide("AlgorithmParameters", "DESede");
143         provide("AlgorithmParameters", "DSA");
144         provide("AlgorithmParameters", "DiffieHellman");
145         provide("AlgorithmParameters", "GCM");
146         provide("AlgorithmParameters", "OAEP");
147         provide("AlgorithmParameters", "PBEWithMD5AndDES");
148         provide("AlgorithmParameters", "PBEWithMD5AndTripleDES");
149         provide("AlgorithmParameters", "PBEWithSHA1AndDESede");
150         provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40");
151         provide("AlgorithmParameters", "PSS");
152         provide("AlgorithmParameters", "RC2");
153         provide("AlgorithmParameters", "PBEWITHHMACSHA1ANDAES_128");
154         provide("AlgorithmParameters", "PBEWITHHMACSHA1ANDAES_256");
155         provide("AlgorithmParameters", "PBEWITHHMACSHA224ANDAES_128");
156         provide("AlgorithmParameters", "PBEWITHHMACSHA224ANDAES_256");
157         provide("AlgorithmParameters", "PBEWITHHMACSHA256ANDAES_128");
158         provide("AlgorithmParameters", "PBEWITHHMACSHA256ANDAES_256");
159         provide("AlgorithmParameters", "PBEWITHHMACSHA384ANDAES_128");
160         provide("AlgorithmParameters", "PBEWITHHMACSHA384ANDAES_256");
161         provide("AlgorithmParameters", "PBEWITHHMACSHA512ANDAES_128");
162         provide("AlgorithmParameters", "PBEWITHHMACSHA512ANDAES_256");
163         provide("SecretKeyFactory", "PBEWITHHMACSHA1ANDAES_128");
164         provide("SecretKeyFactory", "PBEWITHHMACSHA1ANDAES_256");
165         provide("SecretKeyFactory", "PBEWITHHMACSHA224ANDAES_128");
166         provide("SecretKeyFactory", "PBEWITHHMACSHA224ANDAES_256");
167         provide("SecretKeyFactory", "PBEWITHHMACSHA256ANDAES_128");
168         provide("SecretKeyFactory", "PBEWITHHMACSHA256ANDAES_256");
169         provide("SecretKeyFactory", "PBEWITHHMACSHA384ANDAES_128");
170         provide("SecretKeyFactory", "PBEWITHHMACSHA384ANDAES_256");
171         provide("SecretKeyFactory", "PBEWITHHMACSHA512ANDAES_128");
172         provide("SecretKeyFactory", "PBEWITHHMACSHA512ANDAES_256");
173         provide("CertPathBuilder", "PKIX");
174         provide("CertPathValidator", "PKIX");
175         provide("CertStore", "Collection");
176         provide("CertStore", "LDAP");
177         provide("CertificateFactory", "X.509");
178         // TODO: provideCipherModes and provideCipherPaddings for other Ciphers
179         provide("Cipher", "AES");
180         provideCipherModes("AES", new String[] { "CBC", "CFB", "CTR", "CTS", "ECB", "OFB" });
181         provideCipherPaddings("AES", new String[] { "NoPadding", "PKCS5Padding" });
182         provide("Cipher", "AESWrap");
183         provide("Cipher", "ARCFOUR");
184         provide("Cipher", "Blowfish");
185         provide("Cipher", "DES");
186         provide("Cipher", "DESede");
187         provide("Cipher", "DESedeWrap");
188         provide("Cipher", "PBEWithMD5AndDES");
189         provide("Cipher", "PBEWithMD5AndTripleDES");
190         provide("Cipher", "PBEWithSHA1AndDESede");
191         provide("Cipher", "PBEWithSHA1AndRC2_40");
192         provide("Cipher", "RC2");
193         provide("Cipher", "RSA");
194         // TODO: None?
195         provideCipherModes("RSA", new String[] { "ECB" });
196         // TODO: OAEPPadding
197         provideCipherPaddings("RSA", new String[] { "NoPadding", "PKCS1Padding" });
198         provide("Configuration", "JavaLoginConfig");
199         provide("KeyAgreement", "DiffieHellman");
200         provide("KeyFactory", "DSA");
201         provide("KeyFactory", "DiffieHellman");
202         provide("KeyFactory", "RSA");
203         provide("KeyGenerator", "AES");
204         provide("KeyGenerator", "ARCFOUR");
205         provide("KeyGenerator", "Blowfish");
206         provide("KeyGenerator", "DES");
207         provide("KeyGenerator", "DESede");
208         provide("KeyGenerator", "HmacMD5");
209         provide("KeyGenerator", "HmacSHA1");
210         provide("KeyGenerator", "HmacSHA224");
211         provide("KeyGenerator", "HmacSHA256");
212         provide("KeyGenerator", "HmacSHA384");
213         provide("KeyGenerator", "HmacSHA512");
214         provide("KeyGenerator", "RC2");
215         provide("KeyInfoFactory", "DOM");
216         provide("KeyManagerFactory", "PKIX");
217         provide("KeyPairGenerator", "DSA");
218         provide("KeyPairGenerator", "DiffieHellman");
219         provide("KeyPairGenerator", "RSA");
220         provide("KeyStore", "JCEKS");
221         provide("KeyStore", "JKS");
222         provide("KeyStore", "PKCS12");
223         provide("Mac", "HmacMD5");
224         provide("Mac", "HmacSHA1");
225         provide("Mac", "HmacSHA224");
226         provide("Mac", "HmacSHA256");
227         provide("Mac", "HmacSHA384");
228         provide("Mac", "HmacSHA512");
229         provide("Mac", "PBEWITHHMACSHA224");
230         provide("Mac", "PBEWITHHMACSHA256");
231         provide("Mac", "PBEWITHHMACSHA384");
232         provide("Mac", "PBEWITHHMACSHA512");
233         // If adding a new MessageDigest, consider adding it to JarVerifier
234         provide("MessageDigest", "MD2");
235         provide("MessageDigest", "MD5");
236         provide("MessageDigest", "SHA-224");
237         provide("MessageDigest", "SHA-256");
238         provide("MessageDigest", "SHA-384");
239         provide("MessageDigest", "SHA-512");
240         provide("Policy", "JavaPolicy");
241         // Android does not support SSLv3
242         if (IS_RI) {
243             provide("SSLContext", "SSLv3");
244         }
245         provide("SSLContext", "TLSv1");
246         provide("SSLContext", "TLSv1.1");
247         provide("SSLContext", "TLSv1.2");
248         provide("SSLContext", "TLSv1.3");
249         provide("SecretKeyFactory", "DES");
250         provide("SecretKeyFactory", "DESede");
251         provide("SecretKeyFactory", "PBEWithMD5AndDES");
252         provide("SecretKeyFactory", "PBEWithMD5AndTripleDES");
253         provide("SecretKeyFactory", "PBEWithSHA1AndDESede");
254         provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40");
255         provide("SecretKeyFactory", "PBKDF2WithHmacSHA1");
256         provide("SecretKeyFactory", "PBKDF2WithHmacSHA224");
257         provide("SecretKeyFactory", "PBKDF2WithHmacSHA256");
258         provide("SecretKeyFactory", "PBKDF2WithHmacSHA384");
259         provide("SecretKeyFactory", "PBKDF2WithHmacSHA512");
260         provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit");
261         provide("SecureRandom", "SHA1PRNG");
262         provide("Signature", "MD2withRSA");
263         provide("Signature", "MD5withRSA");
264         provide("Signature", "NONEwithDSA");
265         provide("Signature", "SHA1withDSA");
266         provide("Signature", "SHA224withDSA");
267         provide("Signature", "SHA256withDSA");
268         provide("Signature", "SHA1withRSA");
269         provide("Signature", "SHA224withRSA");
270         provide("Signature", "SHA256withRSA");
271         provide("Signature", "SHA384withRSA");
272         provide("Signature", "SHA512withRSA");
273         provide("TerminalFactory", "PC/SC");
274         provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64");
275         provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature");
276         provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#");
277         provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
278         provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2");
279         provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116");
280         provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116");
281         provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
282         provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
283         provide("TrustManagerFactory", "PKIX");
284         provide("XMLSignatureFactory", "DOM");
285 
286         // Not clearly documented by RI
287         provide("GssApiMechanism", "1.2.840.113554.1.2.2");
288         provide("GssApiMechanism", "1.3.6.1.5.5.2");
289 
290         // Not correctly documented by RI which left off the Factory suffix
291         provide("SaslClientFactory", "CRAM-MD5");
292         provide("SaslClientFactory", "DIGEST-MD5");
293         provide("SaslClientFactory", "EXTERNAL");
294         provide("SaslClientFactory", "GSSAPI");
295         provide("SaslClientFactory", "PLAIN");
296         provide("SaslServerFactory", "CRAM-MD5");
297         provide("SaslServerFactory", "DIGEST-MD5");
298         provide("SaslServerFactory", "GSSAPI");
299 
300         // Documentation seems to list alias instead of actual name
301         // provide("MessageDigest", "SHA-1");
302         provide("MessageDigest", "SHA");
303 
304         // Mentioned in javadoc, not documentation
305         provide("SSLContext", "Default");
306 
307         // Not documented as in RI 6 but mentioned in Standard Names
308         provide("AlgorithmParameters", "PBE");
309         provide("SSLContext", "SSL");
310         provide("SSLContext", "TLS");
311 
312         // Not documented as in RI 6 but that exist in RI 6
313         if (IS_RI) {
314             provide("CertStore", "com.sun.security.IndexedCollection");
315             provide("KeyGenerator", "SunTlsKeyMaterial");
316             provide("KeyGenerator", "SunTlsMasterSecret");
317             provide("KeyGenerator", "SunTlsPrf");
318             provide("KeyGenerator", "SunTlsRsaPremasterSecret");
319             provide("KeyStore", "CaseExactJKS");
320             provide("Mac", "HmacPBESHA1");
321             provide("Mac", "SslMacMD5");
322             provide("Mac", "SslMacSHA1");
323             provide("SecureRandom", "NativePRNG");
324             provide("Signature", "MD5andSHA1withRSA");
325             provide("TrustManagerFactory", "SunX509");
326         }
327 
328         // Only available with the SunPKCS11-NSS provider,
329         // which seems to be enabled in OpenJDK 6 but not Oracle Java 6
330         if (Security.getProvider("SunPKCS11-NSS") != null) {
331             provide("Cipher", "AES/CBC/NOPADDING");
332             provide("Cipher", "DES/CBC/NOPADDING");
333             provide("Cipher", "DESEDE/CBC/NOPADDING");
334             provide("Cipher", "RSA/ECB/PKCS1PADDING");
335             provide("KeyAgreement", "DH");
336             provide("KeyFactory", "DH");
337             provide("KeyPairGenerator", "DH");
338             provide("KeyStore", "PKCS11");
339             provide("MessageDigest", "SHA1");
340             provide("SecretKeyFactory", "AES");
341             provide("SecretKeyFactory", "ARCFOUR");
342             provide("SecureRandom", "PKCS11");
343             provide("Signature", "DSA");
344             provide("Signature", "RAWDSA");
345         }
346 
347         if (Security.getProvider("SunPKCS11-NSS") != null ||
348                 Security.getProvider("SunEC") != null) {
349             provide("AlgorithmParameters", "EC");
350             provide("KeyAgreement", "ECDH");
351             provide("KeyFactory", "EC");
352             provide("KeyPairGenerator", "EC");
353             provide("Signature", "NONEWITHECDSA");
354             provide("Signature", "SHA1WITHECDSA");
355             provide("Signature", "SHA224WITHECDSA");
356             provide("Signature", "SHA256WITHECDSA");
357             provide("Signature", "SHA384WITHECDSA");
358             provide("Signature", "SHA512WITHECDSA");
359         }
360 
361         // Documented as Standard Names, but do not exit in RI 6
362         if (IS_RI) {
363             unprovide("SSLContext", "TLSv1.1");
364             unprovide("SSLContext", "TLSv1.2");
365         }
366 
367         // Fixups for the RI
368         if (IS_RI) {
369             // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or NewSunX509
370             unprovide("KeyManagerFactory", "PKIX");
371             provide("KeyManagerFactory", "SunX509");
372             provide("KeyManagerFactory", "NewSunX509");
373         }
374 
375         // Fixups for dalvik
376         if (!IS_RI) {
377 
378             // whole types that we do not provide
379             PROVIDER_ALGORITHMS.remove("Configuration");
380             PROVIDER_ALGORITHMS.remove("GssApiMechanism");
381             PROVIDER_ALGORITHMS.remove("KeyInfoFactory");
382             PROVIDER_ALGORITHMS.remove("Policy");
383             PROVIDER_ALGORITHMS.remove("SaslClientFactory");
384             PROVIDER_ALGORITHMS.remove("SaslServerFactory");
385             PROVIDER_ALGORITHMS.remove("TerminalFactory");
386             PROVIDER_ALGORITHMS.remove("TransformService");
387             PROVIDER_ALGORITHMS.remove("XMLSignatureFactory");
388 
389             // different names Diffie-Hellman vs DH
390             unprovide("AlgorithmParameterGenerator", "DiffieHellman");
391             provide("AlgorithmParameterGenerator", "DH");
392             unprovide("AlgorithmParameters", "DiffieHellman");
393             provide("AlgorithmParameters", "DH");
394             unprovide("KeyAgreement", "DiffieHellman");
395             provide("KeyAgreement", "DH");
396             unprovide("KeyFactory", "DiffieHellman");
397             provide("KeyFactory", "DH");
398             unprovide("KeyPairGenerator", "DiffieHellman");
399             provide("KeyPairGenerator", "DH");
400 
401             // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC
402             unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede");
403             unprovide("Cipher", "PBEWithSHA1AndDESede");
404             unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede");
405             provide("AlgorithmParameters", "PKCS12PBE");
406             provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC");
407             provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC");
408 
409             // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA
410             unprovide("MessageDigest", "SHA");
411             provide("MessageDigest", "SHA-1");
412 
413             // Added to support Android KeyStore operations
414             provide("Signature", "NONEwithRSA");
415             provide("Cipher", "RSA/ECB/NOPADDING");
416             provide("Cipher", "RSA/ECB/PKCS1PADDING");
417             provide("Cipher", "RSA/ECB/OAEPPadding");
418             provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
419             provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding");
420             provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
421             provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding");
422             provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
423             provide("SecretKeyFactory", "AES");
424             provide("SecretKeyFactory", "HmacSHA1");
425             provide("SecretKeyFactory", "HmacSHA224");
426             provide("SecretKeyFactory", "HmacSHA256");
427             provide("SecretKeyFactory", "HmacSHA384");
428             provide("SecretKeyFactory", "HmacSHA512");
429             provide("Signature", "SHA1withRSA/PSS");
430             provide("Signature", "SHA224withRSA/PSS");
431             provide("Signature", "SHA256withRSA/PSS");
432             provide("Signature", "SHA384withRSA/PSS");
433             provide("Signature", "SHA512withRSA/PSS");
434             provideOptional("Signature", "ED25519");
435 
436             // different names: ARCFOUR vs ARC4
437             unprovide("Cipher", "ARCFOUR");
438             provide("Cipher", "ARC4");
439             unprovide("KeyGenerator", "ARCFOUR");
440             provide("KeyGenerator", "ARC4");
441 
442             // different case names: Blowfish vs BLOWFISH
443             unprovide("AlgorithmParameters", "Blowfish");
444             provide("AlgorithmParameters", "BLOWFISH");
445             unprovide("Cipher", "Blowfish");
446             provide("Cipher", "BLOWFISH");
447             unprovide("KeyGenerator", "Blowfish");
448             provide("KeyGenerator", "BLOWFISH");
449 
450             // Harmony has X.509, BouncyCastle X509
451             // TODO remove one, probably Harmony's
452             provide("CertificateFactory", "X509");
453 
454             // not just different names, but different binary formats
455             unprovide("KeyStore", "JKS");
456             provide("KeyStore", "BKS");
457             unprovide("KeyStore", "JCEKS");
458             provide("KeyStore", "BouncyCastle");
459 
460             // Noise to support KeyStore.PKCS12
461             provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL");
462             provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL");
463             provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL");
464             provide("Cipher", "PBEWITHMD5ANDRC2");
465             provide("Cipher", "PBEWITHSHA1ANDDES");
466             provide("Cipher", "PBEWITHSHA1ANDRC2");
467             provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC");
468             provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC");
469             provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC");
470             provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC");
471             provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC");
472             provide("Cipher", "PBEWITHSHAAND128BITRC4");
473             provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC");
474             provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
475             provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC");
476             provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC");
477             provide("Cipher", "PBEWITHSHAAND40BITRC4");
478             provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC");
479             provide("Cipher", "PBEWithHmacSHA1AndAES_128");
480             provide("Cipher", "PBEWithHmacSHA224AndAES_128");
481             provide("Cipher", "PBEWithHmacSHA256AndAES_128");
482             provide("Cipher", "PBEWithHmacSHA384AndAES_128");
483             provide("Cipher", "PBEWithHmacSHA512AndAES_128");
484             provide("Cipher", "PBEWithHmacSHA1AndAES_256");
485             provide("Cipher", "PBEWithHmacSHA224AndAES_256");
486             provide("Cipher", "PBEWithHmacSHA256AndAES_256");
487             provide("Cipher", "PBEWithHmacSHA384AndAES_256");
488             provide("Cipher", "PBEWithHmacSHA512AndAES_256");
489             provide("Mac", "PBEWITHHMACSHA");
490             provide("Mac", "PBEWITHHMACSHA1");
491             provide("SecretKeyFactory", "PBEWITHHMACSHA1");
492             provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL");
493             provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL");
494             provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL");
495             provide("SecretKeyFactory", "PBEWITHMD5ANDRC2");
496             provide("SecretKeyFactory", "PBEWITHSHA1ANDDES");
497             provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2");
498             provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC");
499             provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC");
500             provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC");
501             provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC");
502             provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC");
503             provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4");
504             provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC");
505             provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
506             provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC");
507             provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC");
508             provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4");
509             provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC");
510 
511             // Needed by our OpenSSL provider
512             provide("Cipher", "AES/CBC/NOPADDING");
513             provide("Cipher", "AES/CBC/PKCS5PADDING");
514             provide("Cipher", "AES/CBC/PKCS7PADDING");
515             provide("Cipher", "AES/CFB/NOPADDING");
516             provide("Cipher", "AES/CFB/PKCS5PADDING");
517             provide("Cipher", "AES/CFB/PKCS7PADDING");
518             provide("Cipher", "AES/CTR/NOPADDING");
519             provide("Cipher", "AES/CTR/PKCS5PADDING");
520             provide("Cipher", "AES/CTR/PKCS7PADDING");
521             provide("Cipher", "AES/ECB/NOPADDING");
522             provide("Cipher", "AES/ECB/PKCS5PADDING");
523             provide("Cipher", "AES/ECB/PKCS7PADDING");
524             provide("Cipher", "AES/GCM/NOPADDING");
525             provide("Cipher", "AES/GCM-SIV/NOPADDING");
526             provide("Cipher", "AES/OFB/NOPADDING");
527             provide("Cipher", "AES/OFB/PKCS5PADDING");
528             provide("Cipher", "AES/OFB/PKCS7PADDING");
529             provide("Cipher", "AES_128/CBC/NOPADDING");
530             provide("Cipher", "AES_128/CBC/PKCS5PADDING");
531             provide("Cipher", "AES_128/CBC/PKCS7PADDING");
532             provide("Cipher", "AES_128/ECB/NOPADDING");
533             provide("Cipher", "AES_128/ECB/PKCS5PADDING");
534             provide("Cipher", "AES_128/ECB/PKCS7PADDING");
535             provide("Cipher", "AES_128/GCM/NOPADDING");
536             provide("Cipher", "AES_128/GCM-SIV/NOPADDING");
537             provide("Cipher", "AES_256/CBC/NOPADDING");
538             provide("Cipher", "AES_256/CBC/PKCS5PADDING");
539             provide("Cipher", "AES_256/CBC/PKCS7PADDING");
540             provide("Cipher", "AES_256/ECB/NOPADDING");
541             provide("Cipher", "AES_256/ECB/PKCS5PADDING");
542             provide("Cipher", "AES_256/ECB/PKCS7PADDING");
543             provide("Cipher", "AES_256/GCM/NOPADDING");
544             provide("Cipher", "AES_256/GCM-SIV/NOPADDING");
545             provide("Cipher", "DESEDE/CBC/NOPADDING");
546             provide("Cipher", "DESEDE/CBC/PKCS5PADDING");
547             provide("Cipher", "DESEDE/CBC/PKCS7PADDING");
548             provide("Cipher", "DESEDE/CFB/NOPADDING");
549             provide("Cipher", "DESEDE/CFB/PKCS5PADDING");
550             provide("Cipher", "DESEDE/CFB/PKCS7PADDING");
551             provide("Cipher", "DESEDE/ECB/NOPADDING");
552             provide("Cipher", "DESEDE/ECB/PKCS5PADDING");
553             provide("Cipher", "DESEDE/ECB/PKCS7PADDING");
554             provide("Cipher", "DESEDE/OFB/NOPADDING");
555             provide("Cipher", "DESEDE/OFB/PKCS5PADDING");
556             provide("Cipher", "DESEDE/OFB/PKCS7PADDING");
557 
558             // Provided by our OpenSSL provider
559             provide("AlgorithmParameters", "ChaCha20");
560             provide("Cipher", "ChaCha20");
561             provide("Cipher", "ChaCha20/Poly1305/NoPadding");
562             provide("KeyGenerator", "ChaCha20");
563             provideCipherPaddings("AES", new String[] { "PKCS7Padding" });
564 
565             // removed LDAP
566             unprovide("CertStore", "LDAP");
567 
568             // removed MD2
569             unprovide("MessageDigest", "MD2");
570             unprovide("Signature", "MD2withRSA");
571 
572             // removed RC2
573             // NOTE the implementation remains to support PKCS12 keystores
574             unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40");
575             unprovide("AlgorithmParameters", "RC2");
576             unprovide("Cipher", "PBEWithSHA1AndRC2_40");
577             unprovide("Cipher", "RC2");
578             unprovide("KeyGenerator", "RC2");
579             unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40");
580 
581             // PBEWithMD5AndTripleDES is Sun proprietary
582             unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES");
583             unprovide("Cipher", "PBEWithMD5AndTripleDES");
584             unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES");
585 
586             // missing from Bouncy Castle
587             // Standard Names document says to use specific PBEWith*And*
588             unprovide("AlgorithmParameters", "PBE");
589 
590             // missing from Bouncy Castle
591             // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters
592             // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead
593             unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3
594 
595             // EC support
596             provide("AlgorithmParameters", "EC");
597             provide("KeyAgreement", "ECDH");
598             provide("KeyFactory", "EC");
599             provide("KeyPairGenerator", "EC");
600             provide("Signature", "NONEWITHECDSA");
601             provide("Signature", "SHA1WITHECDSA");
602             provide("Signature", "SHA224WITHECDSA");
603             provide("Signature", "SHA256WITHECDSA");
604             provide("Signature", "SHA384WITHECDSA");
605             provide("Signature", "SHA512WITHECDSA");
606 
607             // Android's CA store
608             provide("KeyStore", "AndroidCAStore");
609 
610             // Android's KeyStore provider
611             if (Security.getProvider("AndroidKeyStore") != null) {
612                 provide("KeyStore", "AndroidKeyStore");
613                 provideOptional("KeyFactory", "ED25519");
614                 provideOptional("KeyPairGenerator", "ED25519");
615             }
616 
617             // TimaKeyStore provider
618             if (Security.getProvider("TimaKeyStore") != null) {
619                 provide("KeyStore", "TimaKeyStore");
620             }
621             // KnoxAndroidKeyStore provider
622             if (Security.getProvider("KnoxAndroidKeyStore") != null) {
623                 provide("KeyStore", "KnoxAndroidKeyStore");
624             }
625 
626             // Elliptic curve Diffie-Hellman
627             provide("KeyAgreement", "XDH");
628             provide("KeyFactory", "XDH");
629             provide("KeyPairGenerator", "XDH");
630 
631             // AES-CMAC Mac
632             provide("Mac", "AESCMAC");
633         }
634     }
635 
636     public static final Set<String> KEY_TYPES = new HashSet<>(Arrays.asList(
637             "RSA",
638             "DSA",
639             "DH_RSA",
640             "DH_DSA",
641             "EC",
642             "EC_EC",
643             "EC_RSA"));
644     static {
645         if (IS_RI) {
646             // DH_* are specified by standard names, but do not seem to be supported by RI
647             KEY_TYPES.remove("DH_RSA");
648             KEY_TYPES.remove("DH_DSA");
649         }
650     }
651 
652     /**
653      * Valid values for X509TrustManager.checkClientTrusted authType,
654      * either the algorithm of the public key or UNKNOWN.
655      */
656     public static final Set<String> CLIENT_AUTH_TYPES = new HashSet<>(Arrays.asList(
657             "RSA",
658             "DSA",
659             "EC",
660             "UNKNOWN"));
661 
662     /**
663      * Valid values for X509TrustManager.checkServerTrusted authType,
664      * either key exchange algorithm part of the cipher suite, UNKNOWN,
665      * or GENERIC (for TLS 1.3 cipher suites that don't imply a specific
666      * key exchange method).
667      */
668     public static final Set<String> SERVER_AUTH_TYPES = new HashSet<>(Arrays.asList(
669             "DHE_DSS",
670             "DHE_DSS_EXPORT",
671             "DHE_RSA",
672             "DHE_RSA_EXPORT",
673             "DH_DSS_EXPORT",
674             "DH_RSA_EXPORT",
675             "DH_anon",
676             "DH_anon_EXPORT",
677             "KRB5",
678             "KRB5_EXPORT",
679             "RSA",
680             "RSA_EXPORT",
681             "RSA_EXPORT1024",
682             "ECDH_ECDSA",
683             "ECDH_RSA",
684             "ECDHE_ECDSA",
685             "ECDHE_RSA",
686             "UNKNOWN",
687             "GENERIC"));
688 
689     /**
690      * Cipher suites that are only supported with TLS 1.3.
691      */
692     public static final List<String> CIPHER_SUITES_TLS13 = Arrays.asList(
693             "TLS_AES_128_GCM_SHA256",
694             "TLS_AES_256_GCM_SHA384",
695             "TLS_CHACHA20_POLY1305_SHA256");
696 
697     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
698     // javax.net.ssl.SSLEngine.
699     private static final List<String> CIPHER_SUITES_ANDROID_AES_HARDWARE = Arrays.asList(
700             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
701             "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
702             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
703             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
704             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
705             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
706             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
707             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
708             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
709             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
710             "TLS_RSA_WITH_AES_128_GCM_SHA256",
711             "TLS_RSA_WITH_AES_256_GCM_SHA384",
712             "TLS_RSA_WITH_AES_128_CBC_SHA",
713             "TLS_RSA_WITH_AES_256_CBC_SHA",
714             CIPHER_SUITE_SECURE_RENEGOTIATION
715     );
716 
717     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
718     // javax.net.ssl.SSLEngine.
719     private static final List<String> CIPHER_SUITES_ANDROID_SOFTWARE = Arrays.asList(
720             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
721             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
722             "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
723             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
724             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
725             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
726             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
727             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
728             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
729             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
730             "TLS_RSA_WITH_AES_128_GCM_SHA256",
731             "TLS_RSA_WITH_AES_256_GCM_SHA384",
732             "TLS_RSA_WITH_AES_128_CBC_SHA",
733             "TLS_RSA_WITH_AES_256_CBC_SHA",
734             CIPHER_SUITE_SECURE_RENEGOTIATION
735     );
736 
737     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
738     // javax.net.ssl.SSLEngine.
739     public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI)
740             ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
741                             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
742                             "TLS_RSA_WITH_AES_256_CBC_SHA256",
743                             "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
744                             "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
745                             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
746                             "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
747                             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
748                             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
749                             "TLS_RSA_WITH_AES_256_CBC_SHA",
750                             "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
751                             "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
752                             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
753                             "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
754                             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
755                             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
756                             "TLS_RSA_WITH_AES_128_CBC_SHA256",
757                             "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
758                             "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
759                             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
760                             "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
761                             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
762                             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
763                             "TLS_RSA_WITH_AES_128_CBC_SHA",
764                             "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
765                             "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
766                             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
767                             "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
768                             "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
769                             "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
770                             "SSL_RSA_WITH_RC4_128_SHA",
771                             "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
772                             "TLS_ECDH_RSA_WITH_RC4_128_SHA",
773                             "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
774                             "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
775                             "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
776                             "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
777                             "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
778                             "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
779                             "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
780                             "SSL_RSA_WITH_RC4_128_MD5",
781                             "TLS_EMPTY_RENEGOTIATION_INFO_SCSV")
782             : CpuFeatures.isAesHardwareAccelerated() ? CIPHER_SUITES_ANDROID_AES_HARDWARE
783                     : CIPHER_SUITES_ANDROID_SOFTWARE;
784 
785     private static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES;
786     private static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES;
787     private static final Map<String, Integer> MINIMUM_KEY_SIZE;
788     static {
789         PRIVATE_KEY_SPEC_CLASSES = new HashMap<>();
790         PUBLIC_KEY_SPEC_CLASSES = new HashMap<>();
791         MINIMUM_KEY_SIZE = new HashMap<>();
792         PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class);
793         PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class);
794         MINIMUM_KEY_SIZE.put("RSA", 512);
795         PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class);
796         PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class);
797         MINIMUM_KEY_SIZE.put("DSA", 512);
798         PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class);
799         PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class);
800         MINIMUM_KEY_SIZE.put("DH", 256);
801         PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class);
802         PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class);
803         MINIMUM_KEY_SIZE.put("EC", 256);
804     }
805 
getPrivateKeySpecClass(String algName)806     public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) {
807         return PRIVATE_KEY_SPEC_CLASSES.get(algName);
808     }
809 
getPublicKeySpecClass(String algName)810     public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) {
811         return PUBLIC_KEY_SPEC_CLASSES.get(algName);
812     }
813 
getMinimumKeySize(String algName)814     public static int getMinimumKeySize(String algName) {
815         return MINIMUM_KEY_SIZE.get(algName);
816     }
817 
818 }
819