/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.harmony.xnet.provider.jsse;
import java.security.GeneralSecurityException;
import java.util.Hashtable;
import javax.crypto.Cipher;
/**
* Represents Cipher Suite as defined in TLS 1.0 spec.,
* A.5. The CipherSuite;
* C. CipherSuite definitions.
* @see <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0 spec.</a>
*
*/
public class CipherSuite {
/**
* true if this cipher suite is supported
*/
boolean supported = true;
/**
* cipher suite key exchange
*/
final int keyExchange;
/**
* algorithm used for authentication ("RSA", "DSA", "DH", null for anonymous)
*/
final String authType;
/**
* cipher
*/
final String cipherName;
/**
* Cipher information
*/
final int keyMaterial;
final int expandedKeyMaterial;
final int effectiveKeyBytes;
final int ivSize;
final private int blockSize;
// cipher suite code
private final byte[] cipherSuiteCode;
// cipher suite name
private final String name;
// true if cipher suite is exportable
private final boolean isExportable;
// Hash algorithm
final private String hashName;
// MAC algorithm
final private String hmacName;
// Hash size
final private int hashSize;
/**
* key exchange values
*/
static final int KEY_EXCHANGE_RSA = 1;
static final int KEY_EXCHANGE_RSA_EXPORT = 2;
static final int KEY_EXCHANGE_DHE_DSS = 3;
static final int KEY_EXCHANGE_DHE_DSS_EXPORT = 4;
static final int KEY_EXCHANGE_DHE_RSA = 5;
static final int KEY_EXCHANGE_DHE_RSA_EXPORT = 6;
// BEGIN android-removed
// static final int KEY_EXCHANGE_DH_DSS = 7;
// static final int KEY_EXCHANGE_DH_RSA = 8;
// END android-removed
static final int KEY_EXCHANGE_DH_anon = 9;
static final int KEY_EXCHANGE_DH_anon_EXPORT = 10;
// BEGIN android-removed
// static final int KEY_EXCHANGE_DH_DSS_EXPORT = 11;
// static final int KEY_EXCHANGE_DH_RSA_EXPORT = 12;
// END android-removed
static final int KEY_EXCHANGE_ECDH_ECDSA = 13;
static final int KEY_EXCHANGE_ECDHE_ECDSA = 14;
static final int KEY_EXCHANGE_ECDH_RSA = 15;
static final int KEY_EXCHANGE_ECDHE_RSA = 16;
static final int KEY_EXCHANGE_ECDH_anon = 17;
/**
* TLS cipher suite codes
*/
static final byte[] CODE_SSL_NULL_WITH_NULL_NULL = { 0x00, 0x00 };
static final byte[] CODE_SSL_RSA_WITH_NULL_MD5 = { 0x00, 0x01 };
static final byte[] CODE_SSL_RSA_WITH_NULL_SHA = { 0x00, 0x02 };
static final byte[] CODE_SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x03 };
static final byte[] CODE_SSL_RSA_WITH_RC4_128_MD5 = { 0x00, 0x04 };
static final byte[] CODE_SSL_RSA_WITH_RC4_128_SHA = { 0x00, 0x05 };
static final byte[] CODE_SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00, 0x06 };
// BEGIN android-removed
// static final byte[] CODE_TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00, 0x07 };
// END android-removed
static final byte[] CODE_SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x08 };
static final byte[] CODE_SSL_RSA_WITH_DES_CBC_SHA = { 0x00, 0x09 };
static final byte[] CODE_SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0A };
// BEGIN android-removed
// static final byte[] CODE_SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x0B };
// static final byte[] CODE_SSL_DH_DSS_WITH_DES_CBC_SHA = { 0x00, 0x0C };
// static final byte[] CODE_SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0D };
// static final byte[] CODE_SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x0E };
// static final byte[] CODE_SSL_DH_RSA_WITH_DES_CBC_SHA = { 0x00, 0x0F };
// static final byte[] CODE_SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x10 };
// END android-removed
static final byte[] CODE_SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x11 };
static final byte[] CODE_SSL_DHE_DSS_WITH_DES_CBC_SHA = { 0x00, 0x12 };
static final byte[] CODE_SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x13 };
static final byte[] CODE_SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x14 };
static final byte[] CODE_SSL_DHE_RSA_WITH_DES_CBC_SHA = { 0x00, 0x15 };
static final byte[] CODE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x16 };
static final byte[] CODE_SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x17 };
static final byte[] CODE_SSL_DH_anon_WITH_RC4_128_MD5 = { 0x00, 0x18 };
static final byte[] CODE_SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x19 };
static final byte[] CODE_SSL_DH_anon_WITH_DES_CBC_SHA = { 0x00, 0x1A };
static final byte[] CODE_SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x1B };
// AES Cipher Suites from RFC 3268 - http://www.ietf.org/rfc/rfc3268.txt
static final byte[] CODE_TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x2F };
//static final byte[] CODE_TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x30 };
//static final byte[] CODE_TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x31 };
static final byte[] CODE_TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x32 };
static final byte[] CODE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x33 };
static final byte[] CODE_TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00, 0x34 };
static final byte[] CODE_TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x35 };
//static final byte[] CODE_TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00, 0x36 };
//static final byte[] CODE_TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x37 };
static final byte[] CODE_TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00, 0x38 };
static final byte[] CODE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x39 };
static final byte[] CODE_TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00, 0x3A };
// EC Cipher Suites from RFC 4492 - http://www.ietf.org/rfc/rfc4492.txt
static final byte[] CODE_TLS_ECDH_ECDSA_WITH_NULL_SHA = { (byte) 0xc0, 0x01};
static final byte[] CODE_TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { (byte) 0xc0, 0x02};
static final byte[] CODE_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { (byte) 0xc0, 0x03};
static final byte[] CODE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = { (byte) 0xc0, 0x04};
static final byte[] CODE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = { (byte) 0xc0, 0x05};
static final byte[] CODE_TLS_ECDHE_ECDSA_WITH_NULL_SHA = { (byte) 0xc0, 0x06};
static final byte[] CODE_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = { (byte) 0xc0, 0x07};
static final byte[] CODE_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = { (byte) 0xc0, 0x08};
static final byte[] CODE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = { (byte) 0xc0, 0x09};
static final byte[] CODE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = { (byte) 0xc0, 0x0A};
static final byte[] CODE_TLS_ECDH_RSA_WITH_NULL_SHA = { (byte) 0xc0, 0x0B};
static final byte[] CODE_TLS_ECDH_RSA_WITH_RC4_128_SHA = { (byte) 0xc0, 0x0C};
static final byte[] CODE_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = { (byte) 0xc0, 0x0D};
static final byte[] CODE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = { (byte) 0xc0, 0x0E};
static final byte[] CODE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = { (byte) 0xc0, 0x0F};
static final byte[] CODE_TLS_ECDHE_RSA_WITH_NULL_SHA = { (byte) 0xc0, 0x10};
static final byte[] CODE_TLS_ECDHE_RSA_WITH_RC4_128_SHA = { (byte) 0xc0, 0x11};
static final byte[] CODE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = { (byte) 0xc0, 0x12};
static final byte[] CODE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = { (byte) 0xc0, 0x13};
static final byte[] CODE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = { (byte) 0xc0, 0x14};
static final byte[] CODE_TLS_ECDH_anon_WITH_NULL_SHA = { (byte) 0xc0, 0x15};
static final byte[] CODE_TLS_ECDH_anon_WITH_RC4_128_SHA = { (byte) 0xc0, 0x16};
static final byte[] CODE_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = { (byte) 0xc0, 0x17};
static final byte[] CODE_TLS_ECDH_anon_WITH_AES_128_CBC_SHA = { (byte) 0xc0, 0x18};
static final byte[] CODE_TLS_ECDH_anon_WITH_AES_256_CBC_SHA = { (byte) 0xc0, 0x19};
static final CipherSuite SSL_NULL_WITH_NULL_NULL = new CipherSuite(
"SSL_NULL_WITH_NULL_NULL", true, 0, null, null, null,
CODE_SSL_NULL_WITH_NULL_NULL);
static final CipherSuite SSL_RSA_WITH_NULL_MD5 = new CipherSuite(
"SSL_RSA_WITH_NULL_MD5", true, KEY_EXCHANGE_RSA, "RSA", null, "MD5",
CODE_SSL_RSA_WITH_NULL_MD5);
static final CipherSuite SSL_RSA_WITH_NULL_SHA = new CipherSuite(
"SSL_RSA_WITH_NULL_SHA", true, KEY_EXCHANGE_RSA, "RSA", null, "SHA",
CODE_SSL_RSA_WITH_NULL_SHA);
static final CipherSuite SSL_RSA_EXPORT_WITH_RC4_40_MD5 = new CipherSuite(
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", true, KEY_EXCHANGE_RSA_EXPORT,
"RSA", "RC4_40", "MD5", CODE_SSL_RSA_EXPORT_WITH_RC4_40_MD5);
static final CipherSuite SSL_RSA_WITH_RC4_128_MD5 = new CipherSuite(
"SSL_RSA_WITH_RC4_128_MD5", false, KEY_EXCHANGE_RSA, "RSA", "RC4_128",
"MD5", CODE_SSL_RSA_WITH_RC4_128_MD5);
static final CipherSuite SSL_RSA_WITH_RC4_128_SHA = new CipherSuite(
"SSL_RSA_WITH_RC4_128_SHA", false, KEY_EXCHANGE_RSA, "RSA", "RC4_128",
"SHA", CODE_SSL_RSA_WITH_RC4_128_SHA);
static final CipherSuite SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = new CipherSuite(
"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", true, KEY_EXCHANGE_RSA_EXPORT,
"RSA", "RC2_CBC_40", "MD5", CODE_SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
// BEGIN android-removed
// static final CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = new CipherSuite(
// "TLS_RSA_WITH_IDEA_CBC_SHA", false, KEY_EXCHANGE_RSA, "RSA", "IDEA_CBC",
// "SHA", CODE_TLS_RSA_WITH_IDEA_CBC_SHA);
// END android-removed
static final CipherSuite SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", true, KEY_EXCHANGE_RSA_EXPORT,
"RSA", "DES40_CBC", "SHA", CODE_SSL_RSA_EXPORT_WITH_DES40_CBC_SHA);
static final CipherSuite SSL_RSA_WITH_DES_CBC_SHA = new CipherSuite(
"SSL_RSA_WITH_DES_CBC_SHA", false, KEY_EXCHANGE_RSA, "RSA", "DES_CBC",
"SHA", CODE_SSL_RSA_WITH_DES_CBC_SHA);
static final CipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
"SSL_RSA_WITH_3DES_EDE_CBC_SHA", false, KEY_EXCHANGE_RSA,
"RSA", "3DES_EDE_CBC", "SHA", CODE_SSL_RSA_WITH_3DES_EDE_CBC_SHA);
// BEGIN android-removed
// static final CipherSuite SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
// "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", true,
// KEY_EXCHANGE_DH_DSS_EXPORT, "DH", "DES40_CBC", "SHA",
// CODE_SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
//
// static final CipherSuite SSL_DH_DSS_WITH_DES_CBC_SHA = new CipherSuite(
// "SSL_DH_DSS_WITH_DES_CBC_SHA", false, KEY_EXCHANGE_DH_DSS,
// "DH", "DES_CBC", "SHA", CODE_SSL_DH_DSS_WITH_DES_CBC_SHA);
//
// static final CipherSuite SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
// "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", false, KEY_EXCHANGE_DH_DSS,
// "DH", "3DES_EDE_CBC", "SHA", CODE_SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA);
//
// static final CipherSuite SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
// "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", true,
// KEY_EXCHANGE_DH_RSA_EXPORT, "DH", "DES40_CBC", "SHA",
// CODE_SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
//
// static final CipherSuite SSL_DH_RSA_WITH_DES_CBC_SHA = new CipherSuite(
// "SSL_DH_RSA_WITH_DES_CBC_SHA", false, KEY_EXCHANGE_DH_RSA,
// "DH", "DES_CBC", "SHA", CODE_SSL_DH_RSA_WITH_DES_CBC_SHA);
//
// static final CipherSuite SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
// "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", false, KEY_EXCHANGE_DH_RSA,
// "DH", "3DES_EDE_CBC", "SHA", CODE_SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA);
// END android-removed
static final CipherSuite SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", true,
KEY_EXCHANGE_DHE_DSS_EXPORT, "DSA", "DES40_CBC", "SHA",
CODE_SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
static final CipherSuite SSL_DHE_DSS_WITH_DES_CBC_SHA = new CipherSuite(
"SSL_DHE_DSS_WITH_DES_CBC_SHA", false, KEY_EXCHANGE_DHE_DSS,
"DSA", "DES_CBC", "SHA", CODE_SSL_DHE_DSS_WITH_DES_CBC_SHA);
static final CipherSuite SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", false, KEY_EXCHANGE_DHE_DSS,
"DSA", "3DES_EDE_CBC", "SHA", CODE_SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", true,
KEY_EXCHANGE_DHE_RSA_EXPORT, "RSA", "DES40_CBC", "SHA",
CODE_SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
static final CipherSuite SSL_DHE_RSA_WITH_DES_CBC_SHA = new CipherSuite(
"SSL_DHE_RSA_WITH_DES_CBC_SHA", false, KEY_EXCHANGE_DHE_RSA,
"RSA", "DES_CBC", "SHA", CODE_SSL_DHE_RSA_WITH_DES_CBC_SHA);
static final CipherSuite SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", false, KEY_EXCHANGE_DHE_RSA,
"RSA", "3DES_EDE_CBC", "SHA", CODE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = new CipherSuite(
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", true,
KEY_EXCHANGE_DH_anon_EXPORT, "DH", "RC4_40", "MD5",
CODE_SSL_DH_anon_EXPORT_WITH_RC4_40_MD5);
static final CipherSuite SSL_DH_anon_WITH_RC4_128_MD5 = new CipherSuite(
"SSL_DH_anon_WITH_RC4_128_MD5", false, KEY_EXCHANGE_DH_anon,
"DH", "RC4_128", "MD5", CODE_SSL_DH_anon_WITH_RC4_128_MD5);
static final CipherSuite SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", true,
KEY_EXCHANGE_DH_anon_EXPORT, "DH", "DES40_CBC", "SHA",
CODE_SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA);
static final CipherSuite SSL_DH_anon_WITH_DES_CBC_SHA = new CipherSuite(
"SSL_DH_anon_WITH_DES_CBC_SHA", false, KEY_EXCHANGE_DH_anon,
"DH", "DES_CBC", "SHA", CODE_SSL_DH_anon_WITH_DES_CBC_SHA);
static final CipherSuite SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", false, KEY_EXCHANGE_DH_anon,
"DH", "3DES_EDE_CBC", "SHA", CODE_SSL_DH_anon_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_RSA_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_RSA,
"RSA",
"AES_128_CBC",
"SHA",
CODE_TLS_RSA_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_DHE_DSS,
"DSA",
"AES_128_CBC",
"SHA",
CODE_TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_DHE_RSA,
"RSA",
"AES_128_CBC",
"SHA",
CODE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_DH_anon_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_DH_anon,
"DH",
"AES_128_CBC",
"SHA",
CODE_TLS_DH_anon_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_RSA_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_RSA,
"RSA",
"AES_256_CBC",
"SHA",
CODE_TLS_RSA_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_DHE_DSS,
"DSA",
"AES_256_CBC",
"SHA",
CODE_TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_DHE_RSA,
"RSA",
"AES_256_CBC",
"SHA",
CODE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_DH_anon_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_DH_anon,
"DH",
"AES_256_CBC",
"SHA",
CODE_TLS_DH_anon_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA
= new CipherSuite("TLS_ECDH_ECDSA_WITH_NULL_SHA",
false,
KEY_EXCHANGE_ECDH_ECDSA,
"EC",
null,
"SHA",
CODE_TLS_ECDH_ECDSA_WITH_NULL_SHA);
static final CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA
= new CipherSuite("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
false,
KEY_EXCHANGE_ECDH_ECDSA,
"EC",
"RC4_128",
"SHA",
CODE_TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
static final CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
= new CipherSuite("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_ECDSA,
"EC",
"3DES_EDE_CBC",
"SHA",
CODE_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_ECDSA,
"EC",
"AES_128_CBC",
"SHA",
CODE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_ECDSA,
"EC",
"AES_256_CBC",
"SHA",
CODE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_ECDHE_ECDSA_WITH_NULL_SHA
= new CipherSuite("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
false,
KEY_EXCHANGE_ECDHE_ECDSA,
"EC",
null,
"SHA",
CODE_TLS_ECDHE_ECDSA_WITH_NULL_SHA);
static final CipherSuite TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
= new CipherSuite("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
false,
KEY_EXCHANGE_ECDHE_ECDSA,
"EC",
"RC4_128",
"SHA",
CODE_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
static final CipherSuite TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
= new CipherSuite("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
false,
KEY_EXCHANGE_ECDHE_ECDSA,
"EC",
"3DES_EDE_CBC",
"SHA",
CODE_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_ECDHE_ECDSA,
"EC",
"AES_128_CBC",
"SHA",
CODE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_ECDHE_ECDSA,
"EC",
"AES_256_CBC",
"SHA",
CODE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_ECDH_RSA_WITH_NULL_SHA
= new CipherSuite("TLS_ECDH_RSA_WITH_NULL_SHA",
false,
KEY_EXCHANGE_ECDH_RSA,
"EC",
null,
"SHA",
CODE_TLS_ECDH_RSA_WITH_NULL_SHA);
static final CipherSuite TLS_ECDH_RSA_WITH_RC4_128_SHA
= new CipherSuite("TLS_ECDH_RSA_WITH_RC4_128_SHA",
false,
KEY_EXCHANGE_ECDH_RSA,
"EC",
"RC4_128",
"SHA",
CODE_TLS_ECDH_RSA_WITH_RC4_128_SHA);
static final CipherSuite TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
= new CipherSuite("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_RSA,
"EC",
"3DES_EDE_CBC",
"SHA",
CODE_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_RSA,
"EC",
"AES_128_CBC",
"SHA",
CODE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_RSA,
"EC",
"AES_256_CBC",
"SHA",
CODE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_ECDHE_RSA_WITH_NULL_SHA
= new CipherSuite("TLS_ECDHE_RSA_WITH_NULL_SHA",
false,
KEY_EXCHANGE_ECDHE_RSA,
"EC",
null,
"SHA",
CODE_TLS_ECDHE_RSA_WITH_NULL_SHA);
static final CipherSuite TLS_ECDHE_RSA_WITH_RC4_128_SHA
= new CipherSuite("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
false,
KEY_EXCHANGE_ECDHE_RSA,
"EC",
"RC4_128",
"SHA",
CODE_TLS_ECDHE_RSA_WITH_RC4_128_SHA);
static final CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
= new CipherSuite("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
false,
KEY_EXCHANGE_ECDHE_RSA,
"EC",
"3DES_EDE_CBC",
"SHA",
CODE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_ECDHE_RSA,
"EC",
"AES_128_CBC",
"SHA",
CODE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_ECDHE_RSA,
"EC",
"AES_256_CBC",
"SHA",
CODE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
static final CipherSuite TLS_ECDH_anon_WITH_NULL_SHA
= new CipherSuite("TLS_ECDH_anon_WITH_NULL_SHA",
false,
KEY_EXCHANGE_ECDH_anon,
"EC",
null,
"SHA",
CODE_TLS_ECDH_anon_WITH_NULL_SHA);
static final CipherSuite TLS_ECDH_anon_WITH_RC4_128_SHA
= new CipherSuite("TLS_ECDH_anon_WITH_RC4_128_SHA",
false,
KEY_EXCHANGE_ECDH_anon,
"EC",
"RC4_128",
"SHA",
CODE_TLS_ECDH_anon_WITH_RC4_128_SHA);
static final CipherSuite TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
= new CipherSuite("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_anon,
"EC",
"3DES_EDE_CBC",
"SHA",
CODE_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
static final CipherSuite TLS_ECDH_anon_WITH_AES_128_CBC_SHA
= new CipherSuite("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_anon,
"EC",
"AES_128_CBC",
"SHA",
CODE_TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
static final CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA
= new CipherSuite("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
false,
KEY_EXCHANGE_ECDH_anon,
"EC",
"AES_256_CBC",
"SHA",
CODE_TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
// arrays for quick access to cipher suite by code
private static final CipherSuite[] SUITES_BY_CODE_0x00 = {
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
SSL_NULL_WITH_NULL_NULL, // { 0x00, 0x00 };
SSL_RSA_WITH_NULL_MD5, // { 0x00, 0x01 };
SSL_RSA_WITH_NULL_SHA, // { 0x00, 0x02 };
SSL_RSA_EXPORT_WITH_RC4_40_MD5, // { 0x00, 0x03 };
SSL_RSA_WITH_RC4_128_MD5, // { 0x00, 0x04 };
SSL_RSA_WITH_RC4_128_SHA, // { 0x00, 0x05 };
// BEGIN android-changed
null, // SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, // { 0x00, 0x06 };
null, // TLS_RSA_WITH_IDEA_CBC_SHA, // { 0x00, 0x07 };
// END android-changed
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, // { 0x00, 0x08 };
SSL_RSA_WITH_DES_CBC_SHA, // { 0x00, 0x09 };
SSL_RSA_WITH_3DES_EDE_CBC_SHA, // { 0x00, 0x0a };
// BEGIN android-changed
null, // SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA // { 0x00, 0x0b };
null, // SSL_DH_DSS_WITH_DES_CBC_SHA, // { 0x00, 0x0c };
null, // SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, // { 0x00, 0x0d };
null, // SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, // { 0x00, 0x0e };
null, // SSL_DH_RSA_WITH_DES_CBC_SHA, // { 0x00, 0x0f };
null, // SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, // { 0x00, 0x10 };
// END android-changed
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, // { 0x00, 0x11 };
SSL_DHE_DSS_WITH_DES_CBC_SHA, // { 0x00, 0x12 };
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, // { 0x00, 0x13 };
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, // { 0x00, 0x14 };
SSL_DHE_RSA_WITH_DES_CBC_SHA, // { 0x00, 0x15 };
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, // { 0x00, 0x16 };
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, // { 0x00, 0x17 };
SSL_DH_anon_WITH_RC4_128_MD5, // { 0x00, 0x18 };
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, // { 0x00, 0x19 };
SSL_DH_anon_WITH_DES_CBC_SHA, // { 0x00, 0x1A };
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, // { 0x00, 0x1B };
// BEGIN android-added
null, // SSL_FORTEZZA_KEA_WITH_NULL_SHA // { 0x00, 0x1C };
null, // SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA // { 0x00, 0x1D };
null, // TLS_KRB5_WITH_DES_CBC_SHA // { 0x00, 0x1E };
null, // TLS_KRB5_WITH_3DES_EDE_CBC_SHA // { 0x00, 0x1F };
null, // TLS_KRB5_WITH_RC4_128_SHA // { 0x00, 0x20 };
null, // TLS_KRB5_WITH_IDEA_CBC_SHA // { 0x00, 0x21 };
null, // TLS_KRB5_WITH_DES_CBC_MD5 // { 0x00, 0x22 };
null, // TLS_KRB5_WITH_3DES_EDE_CBC_MD5 // { 0x00, 0x23 };
null, // TLS_KRB5_WITH_RC4_128_MD5 // { 0x00, 0x24 };
null, // TLS_KRB5_WITH_IDEA_CBC_MD5 // { 0x00, 0x25 };
null, // TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA // { 0x00, 0x26 };
null, // TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA // { 0x00, 0x27 };
null, // TLS_KRB5_EXPORT_WITH_RC4_40_SHA // { 0x00, 0x28 };
null, // TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 // { 0x00, 0x29 };
null, // TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 // { 0x00, 0x2A };
null, // TLS_KRB5_EXPORT_WITH_RC4_40_MD5 // { 0x00, 0x2B };
null, // TLS_PSK_WITH_NULL_SHA // { 0x00, 0x2C };
null, // TLS_DHE_PSK_WITH_NULL_SHA // { 0x00, 0x2D };
null, // TLS_RSA_PSK_WITH_NULL_SHA // { 0x00, 0x2E };
TLS_RSA_WITH_AES_128_CBC_SHA, // { 0x00, 0x2F };
null, // TLS_DH_DSS_WITH_AES_128_CBC_SHA // { 0x00, 0x30 };
null, // TLS_DH_RSA_WITH_AES_128_CBC_SHA // { 0x00, 0x31 };
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, // { 0x00, 0x32 };
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, // { 0x00, 0x33 };
TLS_DH_anon_WITH_AES_128_CBC_SHA, // { 0x00, 0x34 };
TLS_RSA_WITH_AES_256_CBC_SHA, // { 0x00, 0x35 };
null, // TLS_DH_DSS_WITH_AES_256_CBC_SHA, // { 0x00, 0x36 };
null, // TLS_DH_RSA_WITH_AES_256_CBC_SHA, // { 0x00, 0x37 };
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, // { 0x00, 0x38 };
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, // { 0x00, 0x39 };
TLS_DH_anon_WITH_AES_256_CBC_SHA, // { 0x00, 0x3A };
// END android-added
};
private static final CipherSuite[] SUITES_BY_CODE_0xc0 = {
null, // { 0xc0, 0x00};
TLS_ECDH_ECDSA_WITH_NULL_SHA, // { 0xc0, 0x01};
TLS_ECDH_ECDSA_WITH_RC4_128_SHA, // { 0xc0, 0x02};
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x03};
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, // { 0xc0, 0x04};
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, // { 0xc0, 0x05};
TLS_ECDHE_ECDSA_WITH_NULL_SHA, // { 0xc0, 0x06};
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, // { 0xc0, 0x07};
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x08};
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, // { 0xc0, 0x09};
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, // { 0xc0, 0x0A};
TLS_ECDH_RSA_WITH_NULL_SHA, // { 0xc0, 0x0B};
TLS_ECDH_RSA_WITH_RC4_128_SHA, // { 0xc0, 0x0C};
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x0D};
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, // { 0xc0, 0x0E};
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, // { 0xc0, 0x0F};
TLS_ECDHE_RSA_WITH_NULL_SHA, // { 0xc0, 0x10};
TLS_ECDHE_RSA_WITH_RC4_128_SHA, // { 0xc0, 0x11};
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x12};
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // { 0xc0, 0x13};
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, // { 0xc0, 0x14};
TLS_ECDH_anon_WITH_NULL_SHA, // { 0xc0, 0x15};
TLS_ECDH_anon_WITH_RC4_128_SHA, // { 0xc0, 0x16};
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x17};
TLS_ECDH_anon_WITH_AES_128_CBC_SHA, // { 0xc0, 0x18};
TLS_ECDH_anon_WITH_AES_256_CBC_SHA, // { 0xc0, 0x19};
// TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x1A};
// TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x1B};
// TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x1C};
// TLS_SRP_SHA_WITH_AES_128_CBC_SHA, // { 0xc0, 0x1D};
// TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, // { 0xc0, 0x1E};
// TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, // { 0xc0, 0x1F};
// TLS_SRP_SHA_WITH_AES_256_CBC_SHA, // { 0xc0, 0x20};
// TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, // { 0xc0, 0x21};
// TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, // { 0xc0, 0x22};
// TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, // { 0xc0, 0x23};
// TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, // { 0xc0, 0x24};
// TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, // { 0xc0, 0x25};
// TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, // { 0xc0, 0x26};
// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, // { 0xc0, 0x27};
// TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, // { 0xc0, 0x28};
// TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, // { 0xc0, 0x29};
// TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, // { 0xc0, 0x2A};
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // { 0xc0, 0x2B};
// TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, // { 0xc0, 0x2C};
// TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, // { 0xc0, 0x2D};
// TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, // { 0xc0, 0x2E};
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // { 0xc0, 0x2F};
// TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, // { 0xc0, 0x30};
// TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, // { 0xc0, 0x31};
// TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, // { 0xc0, 0x32};
// TLS_ECDHE_PSK_WITH_RC4_128_SHA, // { 0xc0, 0x33};
// TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, // { 0xc0, 0x34};
// TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, // { 0xc0, 0x35};
// TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, // { 0xc0, 0x36};
// TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, // { 0xc0, 0x37};
// TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, // { 0xc0, 0x38};
// TLS_ECDHE_PSK_WITH_NULL_SHA, // { 0xc0, 0x39};
// TLS_ECDHE_PSK_WITH_NULL_SHA256, // { 0xc0, 0x3A};
// TLS_ECDHE_PSK_WITH_NULL_SHA384, // { 0xc0, 0x3B};
};
// hash for quick access to cipher suite by name
private static final Hashtable<String, CipherSuite> SUITES_BY_NAME;
/**
* array of supported cipher suites.
* Set of supported suites is defined at the moment provider's start
*/
// TODO Dynamically supported suites: new providers may be dynamically
// added/removed and the set of supported suites may be changed
static final CipherSuite[] SUPPORTED_CIPHER_SUITES;
/**
* array of supported cipher suites names
*/
static final String[] SUPPORTED_CIPHER_SUITE_NAMES;
/**
* default cipher suites
*/
static final CipherSuite[] DEFAULT_CIPHER_SUITES;
static {
SUITES_BY_NAME = new Hashtable<String, CipherSuite>();
int count_0x00 = registerCipherSuitesByCode(SUITES_BY_CODE_0x00);
int count_0xc0 = registerCipherSuitesByCode(SUITES_BY_CODE_0xc0);
int count = count_0x00 + count_0xc0;
SUPPORTED_CIPHER_SUITES = new CipherSuite[count];
SUPPORTED_CIPHER_SUITE_NAMES = new String[count];
registerSupportedCipherSuites(0, SUITES_BY_CODE_0x00);
registerSupportedCipherSuites(count_0x00, SUITES_BY_CODE_0xc0);
CipherSuite[] defaultCipherSuites = {
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
};
count = 0;
for (int i = 0; i < defaultCipherSuites.length; i++) {
if (defaultCipherSuites[i].supported) {
count++;
}
}
DEFAULT_CIPHER_SUITES = new CipherSuite[count];
count = 0;
for (int i = 0; i < defaultCipherSuites.length; i++) {
if (defaultCipherSuites[i].supported) {
DEFAULT_CIPHER_SUITES[count++] = defaultCipherSuites[i];
}
}
}
private static int registerCipherSuitesByCode(CipherSuite[] cipherSuites) {
int count = 0;
for (int i = 0; i < cipherSuites.length; i++) {
if (cipherSuites[i] == SSL_NULL_WITH_NULL_NULL) {
continue;
}
if (cipherSuites[i] == null) {
continue;
}
SUITES_BY_NAME.put(cipherSuites[i].getName(), cipherSuites[i]);
if (cipherSuites[i].supported) {
count++;
}
}
return count;
}
private static void registerSupportedCipherSuites(int offset, CipherSuite[] cipherSuites) {
int count = offset;
for (int i = 0; i < cipherSuites.length; i++) {
if (cipherSuites[i] == SSL_NULL_WITH_NULL_NULL) {
continue;
}
if (cipherSuites[i] == null) {
continue;
}
if (cipherSuites[i].supported) {
SUPPORTED_CIPHER_SUITES[count] = cipherSuites[i];
SUPPORTED_CIPHER_SUITE_NAMES[count] = SUPPORTED_CIPHER_SUITES[count].getName();
count++;
}
}
}
/**
* Returns CipherSuite by name
*/
public static CipherSuite getByName(String name) {
return SUITES_BY_NAME.get(name);
}
/**
* Returns CipherSuite based on TLS CipherSuite code
* @see <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0 spec., A.5. The CipherSuite</a>
*/
public static CipherSuite getByCode(byte b1, byte b2) {
int i1 = b1 & 0xff;
int i2 = b2 & 0xff;
CipherSuite cs = getCipherSuiteByCode(0, i1, i2);
if (cs != null) {
return cs;
}
return new CipherSuite("UNKNOWN_" + i1 + "_" + i2, false, 0, null,
null, null, new byte[] { b1, b2 });
}
/**
* Returns CipherSuite based on V2CipherSpec code
* as described in TLS 1.0 spec., E. Backward Compatibility With SSL
*/
public static CipherSuite getByCode(byte b1, byte b2, byte b3) {
int i1 = b1 & 0xff;
int i2 = b2 & 0xff;
int i3 = b3 & 0xff;
CipherSuite cs = getCipherSuiteByCode(i1, i2, i3);
if (cs != null) {
return cs;
}
return new CipherSuite("UNKNOWN_" + i1 + "_" + i2 + "_" + i3, false, 0,
null, null, null, new byte[] { b1, b2, b3 });
}
private static CipherSuite getCipherSuiteByCode(int i1, int i2, int i3) {
CipherSuite[] cipherSuites;
if (i1 == 0x00 && i2 == 0x00) {
cipherSuites = SUITES_BY_CODE_0x00;
} else if (i1 == 0x00 && i2 == 0xc0) {
cipherSuites = SUITES_BY_CODE_0xc0;
} else {
return null;
}
if (i3 >= cipherSuites.length) {
return null;
}
return cipherSuites[i3];
}
/**
* Creates CipherSuite
*/
private CipherSuite(String name, boolean isExportable, int keyExchange,
String authType, String cipherName, String hash, byte[] code) {
this.name = name;
this.keyExchange = keyExchange;
this.authType = authType;
this.isExportable = isExportable;
if (cipherName == null) {
this.cipherName = null;
keyMaterial = 0;
expandedKeyMaterial = 0;
effectiveKeyBytes = 0;
ivSize = 0;
blockSize = 0;
// BEGIN android-removed
// } else if ("IDEA_CBC".equals(cipherName)) {
// this.cipherName = "IDEA/CBC/NoPadding";
// keyMaterial = 16;
// expandedKeyMaterial = 16;
// effectiveKeyBytes = 16;
// ivSize = 8;
// blockSize = 8;
// } else if ("RC2_CBC_40".equals(cipherName)) {
// this.cipherName = "RC2/CBC/NoPadding";
// keyMaterial = 5;
// expandedKeyMaterial = 16;
// effectiveKeyBytes = 5;
// ivSize = 8;
// blockSize = 8;
// END android-removed
} else if ("RC4_40".equals(cipherName)) {
this.cipherName = "RC4";
keyMaterial = 5;
expandedKeyMaterial = 16;
effectiveKeyBytes = 5;
ivSize = 0;
blockSize = 0;
} else if ("RC4_128".equals(cipherName)) {
this.cipherName = "RC4";
keyMaterial = 16;
expandedKeyMaterial = 16;
effectiveKeyBytes = 16;
ivSize = 0;
blockSize = 0;
} else if ("DES40_CBC".equals(cipherName)) {
this.cipherName = "DES/CBC/NoPadding";
keyMaterial = 5;
expandedKeyMaterial = 8;
effectiveKeyBytes = 5;
ivSize = 8;
blockSize = 8;
} else if ("DES_CBC".equals(cipherName)) {
this.cipherName = "DES/CBC/NoPadding";
keyMaterial = 8;
expandedKeyMaterial = 8;
effectiveKeyBytes = 7;
ivSize = 8;
blockSize = 8;
} else if ("3DES_EDE_CBC".equals(cipherName)) {
this.cipherName = "DESede/CBC/NoPadding";
keyMaterial = 24;
expandedKeyMaterial = 24;
effectiveKeyBytes = 24;
ivSize = 8;
blockSize = 8;
} else if ("AES_128_CBC".equals(cipherName)) {
this.cipherName = "AES/CBC/NoPadding";
keyMaterial = 16;
expandedKeyMaterial = 16;
effectiveKeyBytes = 16;
ivSize = 16;
blockSize = 16;
} else if ("AES_256_CBC".equals(cipherName)) {
this.cipherName = "AES/CBC/NoPadding";
keyMaterial = 32;
expandedKeyMaterial = 32;
effectiveKeyBytes = 32;
ivSize = 16;
blockSize = 16;
} else {
this.cipherName = cipherName;
keyMaterial = 0;
expandedKeyMaterial = 0;
effectiveKeyBytes = 0;
ivSize = 0;
blockSize = 0;
}
if ("MD5".equals(hash)) {
this.hmacName = "HmacMD5";
this.hashName = "MD5";
hashSize = 16;
} else if ("SHA".equals(hash)) {
this.hmacName = "HmacSHA1";
this.hashName = "SHA-1";
hashSize = 20;
} else {
this.hmacName = null;
this.hashName = null;
hashSize = 0;
}
cipherSuiteCode = code;
if (this.cipherName != null) {
try {
Cipher.getInstance(this.cipherName);
} catch (GeneralSecurityException e) {
supported = false;
}
}
// We define the Elliptic Curve cipher suites for use with
// code shared by OpenSSL, but they are not supported by
// SSLEngine or SSLSocket's built with SSLEngine.
if (this.name.startsWith("TLS_EC")) {
supported = false;
}
}
/**
* Returns true if cipher suite is anonymous
* @return
*/
public boolean isAnonymous() {
if (keyExchange == KEY_EXCHANGE_DH_anon
|| keyExchange == KEY_EXCHANGE_DH_anon_EXPORT
|| keyExchange == KEY_EXCHANGE_ECDH_anon) {
return true;
}
return false;
}
/**
* Returns array of supported CipherSuites
* @return
*/
public static CipherSuite[] getSupported() {
return SUPPORTED_CIPHER_SUITES;
}
/**
* Returns array of supported cipher suites names
* @return
*/
public static String[] getSupportedCipherSuiteNames() {
return SUPPORTED_CIPHER_SUITE_NAMES.clone();
}
/**
* Returns cipher suite name
* @return
*/
public String getName() {
return name;
}
/**
* Returns cipher suite code as byte array
* @return
*/
public byte[] toBytes() {
return cipherSuiteCode;
}
/**
* Returns cipher suite description
*/
@Override
public String toString() {
return name + ": " + cipherSuiteCode[0] + " " + cipherSuiteCode[1];
}
/**
* Returns cipher algorithm name
* @return
*/
public String getBulkEncryptionAlgorithm() {
return cipherName;
}
/**
* Returns cipher block size
* @return
*/
public int getBlockSize() {
return blockSize;
}
/**
* Returns MAC algorithm name
* @return
*/
public String getHmacName() {
return hmacName;
}
/**
* Returns hash algorithm name
* @return
*/
public String getHashName() {
return hashName;
}
/**
* Returns hash size
* @return
*/
public int getMACLength() {
return hashSize;
}
/**
* Indicates whether this cipher suite is exportable
* @return
*/
public boolean isExportable() {
return isExportable;
}
static final String KEY_TYPE_RSA = "RSA";
static final String KEY_TYPE_DSA = "DSA";
static final String KEY_TYPE_DH_RSA = "DH_RSA";
static final String KEY_TYPE_DH_DSA = "DH_DSA";
static final String KEY_TYPE_EC = "EC";
static final String KEY_TYPE_EC_EC = "EC_EC";
static final String KEY_TYPE_EC_RSA = "EC_RSA";
/**
* Returns key type constant suitable for calling
* X509KeyManager.chooseServerAlias or
* X509ExtendedKeyManager.chooseEngineServerAlias.
*/
public String getServerKeyType() {
switch (keyExchange) {
case KEY_EXCHANGE_DHE_RSA:
case KEY_EXCHANGE_DHE_RSA_EXPORT:
case KEY_EXCHANGE_ECDHE_RSA:
case KEY_EXCHANGE_RSA:
case KEY_EXCHANGE_RSA_EXPORT:
return KEY_TYPE_RSA;
case KEY_EXCHANGE_DHE_DSS:
case KEY_EXCHANGE_DHE_DSS_EXPORT:
return KEY_TYPE_DSA;
case KEY_EXCHANGE_ECDH_ECDSA:
case KEY_EXCHANGE_ECDHE_ECDSA:
return KEY_TYPE_EC_EC;
case KEY_EXCHANGE_ECDH_RSA:
return KEY_TYPE_EC_RSA;
case KEY_EXCHANGE_DH_anon:
case KEY_EXCHANGE_DH_anon_EXPORT:
case KEY_EXCHANGE_ECDH_anon:
return null;
default:
throw new IllegalStateException("Unknown key type for key exchange " + keyExchange);
}
}
/**
* Client certificate types as defined in
* TLS 1.0 spec., 7.4.4. Certificate request.
* EC constants from RFC 4492.
* Names match openssl constants.
*/
static final byte TLS_CT_RSA_SIGN = 1;
static final byte TLS_CT_DSS_SIGN = 2;
static final byte TLS_CT_RSA_FIXED_DH = 3;
static final byte TLS_CT_DSS_FIXED_DH = 4;
static final byte TLS_CT_ECDSA_SIGN = 64;
static final byte TLS_CT_RSA_FIXED_ECDH = 65;
static final byte TLS_CT_ECDSA_FIXED_ECDH = 66;
/**
* Similar to getServerKeyType, but returns value given TLS
* ClientCertificateType byte values from a CertificateRequest
* message for use with X509KeyManager.chooseClientAlias or
* X509ExtendedKeyManager.chooseEngineClientAlias.
*/
public static String getClientKeyType(byte keyType) {
// See also http://www.ietf.org/assignments/tls-parameters/tls-parameters.xml
switch (keyType) {
case TLS_CT_RSA_SIGN:
return KEY_TYPE_RSA; // RFC rsa_sign
case TLS_CT_DSS_SIGN:
return KEY_TYPE_DSA; // RFC dss_sign
case TLS_CT_RSA_FIXED_DH:
return KEY_TYPE_DH_RSA; // RFC rsa_fixed_dh
case TLS_CT_DSS_FIXED_DH:
return KEY_TYPE_DH_DSA; // RFC dss_fixed_dh
case TLS_CT_ECDSA_SIGN:
return KEY_TYPE_EC; // RFC ecdsa_sign
case TLS_CT_RSA_FIXED_ECDH:
return KEY_TYPE_EC_RSA; // RFC rsa_fixed_ecdh
case TLS_CT_ECDSA_FIXED_ECDH:
return KEY_TYPE_EC_EC; // RFC ecdsa_fixed_ecdh
default:
return null;
}
}
private static final String AUTH_TYPE_RSA = "RSA";
private static final String AUTH_TYPE_RSA_EXPORT = "RSA_EXPORT";
private static final String AUTH_TYPE_DHE_DSS = "DHE_DSS";
private static final String AUTH_TYPE_DHE_RSA = "DHE_RSA";
private static final String AUTH_TYPE_DH_DSS = "DH_DSS";
private static final String AUTH_TYPE_DH_RSA = "DH_RSA";
private static final String AUTH_TYPE_ECDH_ECDSA = "ECDH_ECDSA";
private static final String AUTH_TYPE_ECDH_RSA = "ECDH_RSA";
private static final String AUTH_TYPE_ECDHE_ECDSA = "ECDHE_ECDSA";
private static final String AUTH_TYPE_ECDHE_RSA = "ECDHE_RSA";
/**
* Returns auth type constant suitable for calling X509TrustManager.checkServerTrusted.
*/
public String getAuthType(boolean emphemeral) {
switch (keyExchange) {
case KEY_EXCHANGE_RSA:
return AUTH_TYPE_RSA;
case KEY_EXCHANGE_RSA_EXPORT:
return emphemeral ? AUTH_TYPE_RSA_EXPORT : AUTH_TYPE_RSA;
case KEY_EXCHANGE_DHE_DSS:
case KEY_EXCHANGE_DHE_DSS_EXPORT:
return AUTH_TYPE_DHE_DSS;
case KEY_EXCHANGE_DHE_RSA:
case KEY_EXCHANGE_DHE_RSA_EXPORT:
return AUTH_TYPE_DHE_RSA;
case KEY_EXCHANGE_ECDH_ECDSA:
return AUTH_TYPE_ECDH_ECDSA;
case KEY_EXCHANGE_ECDHE_ECDSA:
return AUTH_TYPE_ECDHE_ECDSA;
case KEY_EXCHANGE_ECDH_RSA:
return AUTH_TYPE_ECDH_RSA;
case KEY_EXCHANGE_ECDHE_RSA:
return AUTH_TYPE_ECDHE_RSA;
case KEY_EXCHANGE_DH_anon:
case KEY_EXCHANGE_DH_anon_EXPORT:
case KEY_EXCHANGE_ECDH_anon:
return null;
default:
throw new IllegalStateException("Unknown auth type for key exchange " + keyExchange);
}
}
}