Google Git
Sign in
android / platform / external / conscrypt / 74449a12e0c448b0d2360c386ccdf2c64ffdb0ed / . / common / src / main / java / org / conscrypt / NativeCrypto.java
blob: cb3b9e26aba01182d692b6ae02b78cbf9da2ad3b [file] [log] [blame]
/*
* Copyright (C) 2008 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.conscrypt;
import java.io.FileDescriptor;
import java.io.IOException;
import java.io.OutputStream;
import java.net.SocketTimeoutException;
import java.nio.Buffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.ShortBufferException;
import javax.net.ssl.SSLException;
import javax.security.auth.x500.X500Principal;
import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException;
/**
* Provides the Java side of our JNI glue for OpenSSL.
* <p>
* Note: Many methods in this class take a reference to a Java object that holds a
* native pointer in the form of a long in addition to the long itself and don't use
* the Java object in the native implementation. This is to prevent the Java object
* from becoming eligible for GC while the native method is executing. See
* <a href="https://github.com/google/error-prone/blob/master/docs/bugpattern/UnsafeFinalization.md">this</a>
* for more details.
*/
@Internal
public final class NativeCrypto {
// --- OpenSSL library initialization --------------------------------------
private static final UnsatisfiedLinkError loadError;
static {
UnsatisfiedLinkError error = null;
try {
NativeCryptoJni.init();
clinit();
} catch (UnsatisfiedLinkError t) {
// Don't rethrow the error, so that we can later on interrogate the
// value of loadError.
error = t;
}
loadError = error;
}
private native static void clinit();
/**
* Checks to see whether or not the native library was successfully loaded. If not, throws
* the {@link UnsatisfiedLinkError} that was encountered while attempting to load the library.
*/
static void checkAvailability() {
if (loadError != null) {
throw loadError;
}
}
// --- DSA/RSA public/private key handling functions -----------------------
static native long EVP_PKEY_new_RSA(byte[] n, byte[] e, byte[] d, byte[] p, byte[] q,
byte[] dmp1, byte[] dmq1, byte[] iqmp);
static native int EVP_PKEY_type(NativeRef.EVP_PKEY pkey);
static native String EVP_PKEY_print_public(NativeRef.EVP_PKEY pkeyRef);
static native String EVP_PKEY_print_params(NativeRef.EVP_PKEY pkeyRef);
static native void EVP_PKEY_free(long pkey);
static native int EVP_PKEY_cmp(NativeRef.EVP_PKEY pkey1, NativeRef.EVP_PKEY pkey2);
static native byte[] EVP_marshal_private_key(NativeRef.EVP_PKEY pkey);
static native long EVP_parse_private_key(byte[] data) throws ParsingException;
static native byte[] EVP_marshal_public_key(NativeRef.EVP_PKEY pkey);
static native long EVP_parse_public_key(byte[] data) throws ParsingException;
static native long PEM_read_bio_PUBKEY(long bioCtx);
static native long PEM_read_bio_PrivateKey(long bioCtx);
static native long getRSAPrivateKeyWrapper(PrivateKey key, byte[] modulus);
static native long getECPrivateKeyWrapper(PrivateKey key, NativeRef.EC_GROUP ecGroupRef);
static native long RSA_generate_key_ex(int modulusBits, byte[] publicExponent);
static native int RSA_size(NativeRef.EVP_PKEY pkey);
static native int RSA_private_encrypt(
int flen, byte[] from, byte[] to, NativeRef.EVP_PKEY pkey, int padding);
static native int RSA_public_decrypt(int flen, byte[] from, byte[] to, NativeRef.EVP_PKEY pkey,
int padding) throws BadPaddingException, SignatureException;
static native int RSA_public_encrypt(
int flen, byte[] from, byte[] to, NativeRef.EVP_PKEY pkey, int padding);
static native int RSA_private_decrypt(int flen, byte[] from, byte[] to, NativeRef.EVP_PKEY pkey,
int padding) throws BadPaddingException, SignatureException;
/**
* @return array of {n, e}
*/
static native byte[][] get_RSA_public_params(NativeRef.EVP_PKEY rsa);
/**
* @return array of {n, e, d, p, q, dmp1, dmq1, iqmp}
*/
static native byte[][] get_RSA_private_params(NativeRef.EVP_PKEY rsa);
// --- ChaCha20 -----------------------
/**
* Returns the encrypted or decrypted version of the data.
*/
static native void chacha20_encrypt_decrypt(byte[] in, int inOffset, byte[] out, int outOffset,
int length, byte[] key, byte[] nonce, int blockCounter);
// --- EC functions --------------------------
static native long EVP_PKEY_new_EC_KEY(
NativeRef.EC_GROUP groupRef, NativeRef.EC_POINT pubkeyRef, byte[] privkey);
static native long EC_GROUP_new_by_curve_name(String curveName);
static native long EC_GROUP_new_arbitrary(
byte[] p, byte[] a, byte[] b, byte[] x, byte[] y, byte[] order, int cofactor);
static native String EC_GROUP_get_curve_name(NativeRef.EC_GROUP groupRef);
static native byte[][] EC_GROUP_get_curve(NativeRef.EC_GROUP groupRef);
static native void EC_GROUP_clear_free(long groupRef);
static native long EC_GROUP_get_generator(NativeRef.EC_GROUP groupRef);
static native byte[] EC_GROUP_get_order(NativeRef.EC_GROUP groupRef);
static native int EC_GROUP_get_degree(NativeRef.EC_GROUP groupRef);
static native byte[] EC_GROUP_get_cofactor(NativeRef.EC_GROUP groupRef);
static native long EC_POINT_new(NativeRef.EC_GROUP groupRef);
static native void EC_POINT_clear_free(long pointRef);
static native byte[][] EC_POINT_get_affine_coordinates(
NativeRef.EC_GROUP groupRef, NativeRef.EC_POINT pointRef);
static native void EC_POINT_set_affine_coordinates(
NativeRef.EC_GROUP groupRef, NativeRef.EC_POINT pointRef, byte[] x, byte[] y);
static native long EC_KEY_generate_key(NativeRef.EC_GROUP groupRef);
static native long EC_KEY_get1_group(NativeRef.EVP_PKEY pkeyRef);
static native byte[] EC_KEY_get_private_key(NativeRef.EVP_PKEY keyRef);
static native long EC_KEY_get_public_key(NativeRef.EVP_PKEY keyRef);
static native byte[] EC_KEY_marshal_curve_name(NativeRef.EC_GROUP groupRef) throws IOException;
static native long EC_KEY_parse_curve_name(byte[] encoded) throws IOException;
static native int ECDH_compute_key(byte[] out, int outOffset, NativeRef.EVP_PKEY publicKeyRef,
NativeRef.EVP_PKEY privateKeyRef) throws InvalidKeyException, IndexOutOfBoundsException;
static native int ECDSA_size(NativeRef.EVP_PKEY pkey);
static native int ECDSA_sign(byte[] data, byte[] sig, NativeRef.EVP_PKEY pkey);
static native int ECDSA_verify(byte[] data, byte[] sig, NativeRef.EVP_PKEY pkey);
// --- Message digest functions --------------
// These return const references
static native long EVP_get_digestbyname(String name);
static native int EVP_MD_size(long evp_md_const);
// --- Message digest context functions --------------
static native long EVP_MD_CTX_create();
static native void EVP_MD_CTX_cleanup(NativeRef.EVP_MD_CTX ctx);
static native void EVP_MD_CTX_destroy(long ctx);
static native int EVP_MD_CTX_copy_ex(
NativeRef.EVP_MD_CTX dst_ctx, NativeRef.EVP_MD_CTX src_ctx);
// --- Digest handling functions -------------------------------------------
static native int EVP_DigestInit_ex(NativeRef.EVP_MD_CTX ctx, long evp_md);
static native void EVP_DigestUpdate(
NativeRef.EVP_MD_CTX ctx, byte[] buffer, int offset, int length);
static native void EVP_DigestUpdateDirect(NativeRef.EVP_MD_CTX ctx, long ptr, int length);
static native int EVP_DigestFinal_ex(NativeRef.EVP_MD_CTX ctx, byte[] hash, int offset);
// --- Signature handling functions ----------------------------------------
static native long EVP_DigestSignInit(
NativeRef.EVP_MD_CTX ctx, long evpMdRef, NativeRef.EVP_PKEY key);
static native long EVP_DigestVerifyInit(
NativeRef.EVP_MD_CTX ctx, long evpMdRef, NativeRef.EVP_PKEY key);
static native void EVP_DigestSignUpdate(
NativeRef.EVP_MD_CTX ctx, byte[] buffer, int offset, int length);
static native void EVP_DigestSignUpdateDirect(NativeRef.EVP_MD_CTX ctx, long ptr, int length);
static native void EVP_DigestVerifyUpdate(
NativeRef.EVP_MD_CTX ctx, byte[] buffer, int offset, int length);
static native void EVP_DigestVerifyUpdateDirect(NativeRef.EVP_MD_CTX ctx, long ptr, int length);
static native byte[] EVP_DigestSignFinal(NativeRef.EVP_MD_CTX ctx);
static native boolean EVP_DigestVerifyFinal(NativeRef.EVP_MD_CTX ctx, byte[] signature,
int offset, int length) throws IndexOutOfBoundsException;
static native long EVP_PKEY_encrypt_init(NativeRef.EVP_PKEY pkey) throws InvalidKeyException;
static native int EVP_PKEY_encrypt(NativeRef.EVP_PKEY_CTX ctx, byte[] out, int outOffset,
byte[] input, int inOffset, int inLength)
throws IndexOutOfBoundsException, BadPaddingException;
static native long EVP_PKEY_decrypt_init(NativeRef.EVP_PKEY pkey) throws InvalidKeyException;
static native int EVP_PKEY_decrypt(NativeRef.EVP_PKEY_CTX ctx, byte[] out, int outOffset,
byte[] input, int inOffset, int inLength)
throws IndexOutOfBoundsException, BadPaddingException;
static native void EVP_PKEY_CTX_free(long pkeyCtx);
static native void EVP_PKEY_CTX_set_rsa_padding(long ctx, int pad)
throws InvalidAlgorithmParameterException;
static native void EVP_PKEY_CTX_set_rsa_pss_saltlen(long ctx, int len)
throws InvalidAlgorithmParameterException;
static native void EVP_PKEY_CTX_set_rsa_mgf1_md(long ctx, long evpMdRef)
throws InvalidAlgorithmParameterException;
static native void EVP_PKEY_CTX_set_rsa_oaep_md(long ctx, long evpMdRef)
throws InvalidAlgorithmParameterException;
static native void EVP_PKEY_CTX_set_rsa_oaep_label(long ctx, byte[] label)
throws InvalidAlgorithmParameterException;
// --- Block ciphers -------------------------------------------------------
// These return const references
static native long EVP_get_cipherbyname(String string);
static native void EVP_CipherInit_ex(NativeRef.EVP_CIPHER_CTX ctx, long evpCipher, byte[] key,
byte[] iv, boolean encrypting);
static native int EVP_CipherUpdate(NativeRef.EVP_CIPHER_CTX ctx, byte[] out, int outOffset,
byte[] in, int inOffset, int inLength) throws IndexOutOfBoundsException;
static native int EVP_CipherFinal_ex(NativeRef.EVP_CIPHER_CTX ctx, byte[] out, int outOffset)
throws BadPaddingException, IllegalBlockSizeException;
static native int EVP_CIPHER_iv_length(long evpCipher);
static native long EVP_CIPHER_CTX_new();
static native int EVP_CIPHER_CTX_block_size(NativeRef.EVP_CIPHER_CTX ctx);
static native int get_EVP_CIPHER_CTX_buf_len(NativeRef.EVP_CIPHER_CTX ctx);
static native boolean get_EVP_CIPHER_CTX_final_used(NativeRef.EVP_CIPHER_CTX ctx);
static native void EVP_CIPHER_CTX_set_padding(
NativeRef.EVP_CIPHER_CTX ctx, boolean enablePadding);
static native void EVP_CIPHER_CTX_set_key_length(NativeRef.EVP_CIPHER_CTX ctx, int keyBitSize);
static native void EVP_CIPHER_CTX_free(long ctx);
// --- AEAD ----------------------------------------------------------------
static native long EVP_aead_aes_128_gcm();
static native long EVP_aead_aes_256_gcm();
static native long EVP_aead_chacha20_poly1305();
static native long EVP_aead_aes_128_gcm_siv();
static native long EVP_aead_aes_256_gcm_siv();
static native int EVP_AEAD_max_overhead(long evpAead);
static native int EVP_AEAD_nonce_length(long evpAead);
static native int EVP_AEAD_CTX_seal(long evpAead, byte[] key, int tagLengthInBytes, byte[] out,
int outOffset, byte[] nonce, byte[] in, int inOffset, int inLength, byte[] ad)
throws ShortBufferException, BadPaddingException, IndexOutOfBoundsException;
static native int EVP_AEAD_CTX_open(long evpAead, byte[] key, int tagLengthInBytes, byte[] out,
int outOffset, byte[] nonce, byte[] in, int inOffset, int inLength, byte[] ad)
throws ShortBufferException, BadPaddingException, IndexOutOfBoundsException;
// --- HMAC functions ------------------------------------------------------
static native long HMAC_CTX_new();
static native void HMAC_CTX_free(long ctx);
static native void HMAC_Init_ex(NativeRef.HMAC_CTX ctx, byte[] key, long evp_md);
static native void HMAC_Update(NativeRef.HMAC_CTX ctx, byte[] in, int inOffset, int inLength);
static native void HMAC_UpdateDirect(NativeRef.HMAC_CTX ctx, long inPtr, int inLength);
static native byte[] HMAC_Final(NativeRef.HMAC_CTX ctx);
// --- RAND ----------------------------------------------------------------
static native void RAND_bytes(byte[] output);
// --- X509_NAME -----------------------------------------------------------
static int X509_NAME_hash(X500Principal principal) {
return X509_NAME_hash(principal, "SHA1");
}
public static int X509_NAME_hash_old(X500Principal principal) {
return X509_NAME_hash(principal, "MD5");
}
private static int X509_NAME_hash(X500Principal principal, String algorithm) {
try {
byte[] digest = MessageDigest.getInstance(algorithm).digest(principal.getEncoded());
int offset = 0;
return (((digest[offset++] & 0xff) << 0) | ((digest[offset++] & 0xff) << 8)
| ((digest[offset++] & 0xff) << 16) | ((digest[offset] & 0xff) << 24));
} catch (NoSuchAlgorithmException e) {
throw new AssertionError(e);
}
}
// --- X509 ----------------------------------------------------------------
/** Used to request get_X509_GENERAL_NAME_stack get the "altname" field. */
static final int GN_STACK_SUBJECT_ALT_NAME = 1;
/**
* Used to request get_X509_GENERAL_NAME_stack get the issuerAlternativeName
* extension.
*/
static final int GN_STACK_ISSUER_ALT_NAME = 2;
/**
* Used to request only non-critical types in get_X509*_ext_oids.
*/
static final int EXTENSION_TYPE_NON_CRITICAL = 0;
/**
* Used to request only critical types in get_X509*_ext_oids.
*/
static final int EXTENSION_TYPE_CRITICAL = 1;
static native long d2i_X509_bio(long bioCtx);
static native long d2i_X509(byte[] encoded) throws ParsingException;
static native long PEM_read_bio_X509(long bioCtx);
static native byte[] i2d_X509(long x509ctx, OpenSSLX509Certificate holder);
/** Takes an X509 context not an X509_PUBKEY context. */
static native byte[] i2d_X509_PUBKEY(long x509ctx, OpenSSLX509Certificate holder);
static native byte[] ASN1_seq_pack_X509(long[] x509CertRefs);
static native long[] ASN1_seq_unpack_X509_bio(long bioRef) throws ParsingException;
static native void X509_free(long x509ctx, OpenSSLX509Certificate holder);
static native long X509_dup(long x509ctx, OpenSSLX509Certificate holder);
static native int X509_cmp(long x509ctx1, OpenSSLX509Certificate holder, long x509ctx2, OpenSSLX509Certificate holder2);
static native void X509_print_ex(long bioCtx, long x509ctx, OpenSSLX509Certificate holder, long nmflag, long certflag);
static native byte[] X509_get_issuer_name(long x509ctx, OpenSSLX509Certificate holder);
static native byte[] X509_get_subject_name(long x509ctx, OpenSSLX509Certificate holder);
static native String get_X509_sig_alg_oid(long x509ctx, OpenSSLX509Certificate holder);
static native byte[] get_X509_sig_alg_parameter(long x509ctx, OpenSSLX509Certificate holder);
static native boolean[] get_X509_issuerUID(long x509ctx, OpenSSLX509Certificate holder);
static native boolean[] get_X509_subjectUID(long x509ctx, OpenSSLX509Certificate holder);
static native long X509_get_pubkey(long x509ctx, OpenSSLX509Certificate holder)
throws NoSuchAlgorithmException, InvalidKeyException;
static native String get_X509_pubkey_oid(long x509ctx, OpenSSLX509Certificate holder);
static native byte[] X509_get_ext_oid(long x509ctx, OpenSSLX509Certificate holder, String oid);
static native String[] get_X509_ext_oids(long x509ctx, OpenSSLX509Certificate holder, int critical);
static native Object[][] get_X509_GENERAL_NAME_stack(long x509ctx, OpenSSLX509Certificate holder, int type)
throws CertificateParsingException;
static native boolean[] get_X509_ex_kusage(long x509ctx, OpenSSLX509Certificate holder);
static native String[] get_X509_ex_xkusage(long x509ctx, OpenSSLX509Certificate holder);
static native int get_X509_ex_pathlen(long x509ctx, OpenSSLX509Certificate holder);
static native long X509_get_notBefore(long x509ctx, OpenSSLX509Certificate holder);
static native long X509_get_notAfter(long x509ctx, OpenSSLX509Certificate holder);
static native long X509_get_version(long x509ctx, OpenSSLX509Certificate holder);
static native byte[] X509_get_serialNumber(long x509ctx, OpenSSLX509Certificate holder);
static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder, NativeRef.EVP_PKEY pkeyCtx)
throws BadPaddingException;
static native byte[] get_X509_cert_info_enc(long x509ctx, OpenSSLX509Certificate holder);
static native byte[] get_X509_signature(long x509ctx, OpenSSLX509Certificate holder);
static native int get_X509_ex_flags(long x509ctx, OpenSSLX509Certificate holder);
// Used by Android platform TrustedCertificateStore.
@SuppressWarnings("unused")
static native int X509_check_issued(long ctx, OpenSSLX509Certificate holder, long ctx2, OpenSSLX509Certificate holder2);
// --- PKCS7 ---------------------------------------------------------------
/** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */
static final int PKCS7_CERTS = 1;
/** Used as the "which" field in d2i_PKCS7_bio and PEM_read_bio_PKCS7. */
static final int PKCS7_CRLS = 2;
/** Returns an array of X509 or X509_CRL pointers. */
static native long[] d2i_PKCS7_bio(long bioCtx, int which) throws ParsingException;
/** Returns an array of X509 or X509_CRL pointers. */
static native byte[] i2d_PKCS7(long[] certs);
/** Returns an array of X509 or X509_CRL pointers. */
static native long[] PEM_read_bio_PKCS7(long bioCtx, int which);
// --- X509_CRL ------------------------------------------------------------
static native long d2i_X509_CRL_bio(long bioCtx);
static native long PEM_read_bio_X509_CRL(long bioCtx);
static native byte[] i2d_X509_CRL(long x509CrlCtx, OpenSSLX509CRL holder);
static native void X509_CRL_free(long x509CrlCtx, OpenSSLX509CRL holder);
static native void X509_CRL_print(long bioCtx, long x509CrlCtx, OpenSSLX509CRL holder);
static native String get_X509_CRL_sig_alg_oid(long x509CrlCtx, OpenSSLX509CRL holder);
static native byte[] get_X509_CRL_sig_alg_parameter(long x509CrlCtx, OpenSSLX509CRL holder);
static native byte[] X509_CRL_get_issuer_name(long x509CrlCtx, OpenSSLX509CRL holder);
/** Returns X509_REVOKED reference that is not duplicated! */
static native long X509_CRL_get0_by_cert(long x509CrlCtx, OpenSSLX509CRL holder, long x509Ctx, OpenSSLX509Certificate holder2);
/** Returns X509_REVOKED reference that is not duplicated! */
static native long X509_CRL_get0_by_serial(long x509CrlCtx, OpenSSLX509CRL holder, byte[] serial);
/** Returns an array of X509_REVOKED that are owned by the caller. */
static native long[] X509_CRL_get_REVOKED(long x509CrlCtx, OpenSSLX509CRL holder);
static native String[] get_X509_CRL_ext_oids(long x509Crlctx, OpenSSLX509CRL holder, int critical);
static native byte[] X509_CRL_get_ext_oid(long x509CrlCtx, OpenSSLX509CRL holder, String oid);
static native void X509_delete_ext(long x509, OpenSSLX509Certificate holder, String oid);
static native long X509_CRL_get_version(long x509CrlCtx, OpenSSLX509CRL holder);
static native long X509_CRL_get_ext(long x509CrlCtx, OpenSSLX509CRL holder, String oid);
static native byte[] get_X509_CRL_signature(long x509ctx, OpenSSLX509CRL holder);
static native void X509_CRL_verify(long x509CrlCtx, OpenSSLX509CRL holder,
NativeRef.EVP_PKEY pkeyCtx) throws BadPaddingException, SignatureException,
NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException;
static native byte[] get_X509_CRL_crl_enc(long x509CrlCtx, OpenSSLX509CRL holder);
static native long X509_CRL_get_lastUpdate(long x509CrlCtx, OpenSSLX509CRL holder);
static native long X509_CRL_get_nextUpdate(long x509CrlCtx, OpenSSLX509CRL holder);
// --- X509_REVOKED --------------------------------------------------------
static native long X509_REVOKED_dup(long x509RevokedCtx);
static native byte[] i2d_X509_REVOKED(long x509RevokedCtx);
static native String[] get_X509_REVOKED_ext_oids(long x509ctx, int critical);
static native byte[] X509_REVOKED_get_ext_oid(long x509RevokedCtx, String oid);
static native byte[] X509_REVOKED_get_serialNumber(long x509RevokedCtx);
static native long X509_REVOKED_get_ext(long x509RevokedCtx, String oid);
/** Returns ASN1_TIME reference. */
static native long get_X509_REVOKED_revocationDate(long x509RevokedCtx);
static native void X509_REVOKED_print(long bioRef, long x509RevokedCtx);
// --- X509_EXTENSION ------------------------------------------------------
static native int X509_supported_extension(long x509ExtensionRef);
// --- ASN1_TIME -----------------------------------------------------------
static native void ASN1_TIME_to_Calendar(long asn1TimeCtx, Calendar cal) throws ParsingException;
// --- ASN1 Encoding -------------------------------------------------------
/**
* Allocates and returns an opaque reference to an object that can be used with other
* asn1_read_* functions to read the ASN.1-encoded data in val. The returned object must
* be freed after use by calling asn1_read_free.
*/
static native long asn1_read_init(byte[] val) throws IOException;
/**
* Allocates and returns an opaque reference to an object that can be used with other
* asn1_read_* functions to read the ASN.1 sequence pointed to by cbsRef. The returned
* object must be freed after use by calling asn1_read_free.
*/
static native long asn1_read_sequence(long cbsRef) throws IOException;
/**
* Returns whether the next object in the given reference is explicitly tagged with the
* given tag number.
*/
static native boolean asn1_read_next_tag_is(long cbsRef, int tag) throws IOException;
/**
* Allocates and returns an opaque reference to an object that can be used with
* other asn1_read_* functions to read the ASN.1 data pointed to by cbsRef. The returned
* object must be freed after use by calling asn1_read_free.
*/
static native long asn1_read_tagged(long cbsRef) throws IOException;
/**
* Returns the contents of an ASN.1 octet string from the given reference.
*/
static native byte[] asn1_read_octetstring(long cbsRef) throws IOException;
/**
* Returns an ASN.1 integer from the given reference. If the integer doesn't fit
* in a uint64, this method will throw an IOException.
*/
static native long asn1_read_uint64(long cbsRef) throws IOException;
/**
* Consumes an ASN.1 NULL from the given reference.
*/
static native void asn1_read_null(long cbsRef) throws IOException;
/**
* Returns an ASN.1 OID in dotted-decimal notation (eg, "1.3.14.3.2.26" for SHA-1) from the
* given reference.
*/
static native String asn1_read_oid(long cbsRef) throws IOException;
/**
* Returns whether or not the given reference has been read completely.
*/
static native boolean asn1_read_is_empty(long cbsRef);
/**
* Frees any resources associated with the given reference. After calling, the reference
* must not be used again. This may be called with a zero reference, in which case nothing
* will be done.
*/
static native void asn1_read_free(long cbsRef);
/**
* Allocates and returns an opaque reference to an object that can be used with other
* asn1_write_* functions to write ASN.1-encoded data. The returned object must be finalized
* after use by calling either asn1_write_finish or asn1_write_cleanup, and its resources
* must be freed by calling asn1_write_free.
*/
static native long asn1_write_init() throws IOException;
/**
* Allocates and returns an opaque reference to an object that can be used with other
* asn1_write_* functions to write an ASN.1 sequence into the given reference. The returned
* reference may only be used until the next call on the parent reference. The returned
* object must be freed after use by calling asn1_write_free.
*/
static native long asn1_write_sequence(long cbbRef) throws IOException;
/**
* Allocates and returns an opaque reference to an object that can be used with other
* asn1_write_* functions to write a explicitly-tagged ASN.1 object with the given tag
* into the given reference. The returned reference may only be used until the next
* call on the parent reference. The returned object must be freed after use by
* calling asn1_write_free.
*/
static native long asn1_write_tag(long cbbRef, int tag) throws IOException;
/**
* Writes the given data into the given reference as an ASN.1-encoded octet string.
*/
static native void asn1_write_octetstring(long cbbRef, byte[] data) throws IOException;
/**
* Writes the given value into the given reference as an ASN.1-encoded integer.
*/
static native void asn1_write_uint64(long cbbRef, long value) throws IOException;
/**
* Writes a NULL value into the given reference.
*/
static native void asn1_write_null(long cbbRef) throws IOException;
/**
* Writes the given OID (which must be in dotted-decimal notation) into the given reference.
*/
static native void asn1_write_oid(long cbbRef, String oid) throws IOException;
/**
* Flushes the given reference, invalidating any child references and completing their
* operations. This must be called if the child references are to be freed before
* asn1_write_finish is called on the ultimate parent. The child references must still
* be freed.
*/
static native void asn1_write_flush(long cbbRef) throws IOException;
/**
* Completes any in-progress operations and returns the ASN.1-encoded data. Either this
* or asn1_write_cleanup must be called on any reference returned from asn1_write_init
* before it is freed.
*/
static native byte[] asn1_write_finish(long cbbRef) throws IOException;
/**
* Cleans up intermediate state in the given reference. Either this or asn1_write_finish
* must be called on any reference returned from asn1_write_init before it is freed.
*/
static native void asn1_write_cleanup(long cbbRef);
/**
* Frees resources associated with the given reference. After calling, the reference
* must not be used again. This may be called with a zero reference, in which case nothing
* will be done.
*/
static native void asn1_write_free(long cbbRef);
// --- BIO stream creation -------------------------------------------------
static native long create_BIO_InputStream(OpenSSLBIOInputStream is, boolean isFinite);
static native long create_BIO_OutputStream(OutputStream os);
static native void BIO_free_all(long bioRef);
// --- SSL handling --------------------------------------------------------
static final String OBSOLETE_PROTOCOL_SSLV3 = "SSLv3";
private static final String SUPPORTED_PROTOCOL_TLSV1 = "TLSv1";
private static final String SUPPORTED_PROTOCOL_TLSV1_1 = "TLSv1.1";
private static final String SUPPORTED_PROTOCOL_TLSV1_2 = "TLSv1.2";
static final String SUPPORTED_PROTOCOL_TLSV1_3 = "TLSv1.3";
static final String[] SUPPORTED_TLS_1_3_CIPHER_SUITES = new String[] {
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
};
// SUPPORTED_TLS_1_2_CIPHER_SUITES_SET contains all the supported cipher suites for TLS 1.2,
// using their Java names.
static final Set<String> SUPPORTED_TLS_1_2_CIPHER_SUITES_SET = new HashSet<String>();
// SUPPORTED_LEGACY_CIPHER_SUITES_SET contains all the supported cipher suites using the legacy
// OpenSSL-style names.
private static final Set<String> SUPPORTED_LEGACY_CIPHER_SUITES_SET = new HashSet<String>();
static final Set<String> SUPPORTED_TLS_1_3_CIPHER_SUITES_SET = new HashSet<String>(
Arrays.asList(SUPPORTED_TLS_1_3_CIPHER_SUITES));
/**
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV is RFC 5746's renegotiation
* indication signaling cipher suite value. It is not a real
* cipher suite. It is just an indication in the default and
* supported cipher suite lists indicates that the implementation
* supports secure renegotiation.
* <p>
* In the RI, its presence means that the SCSV is sent in the
* cipher suite list to indicate secure renegotiation support and
* its absense means to send an empty TLS renegotiation info
* extension instead.
* <p>
* However, OpenSSL doesn't provide an API to give this level of
* control, instead always sending the SCSV and always including
* the empty renegotiation info if TLS is used (as opposed to
* SSL). So we simply allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to
* be passed for compatibility as to provide the hint that we
* support secure renegotiation.
*/
static final String TLS_EMPTY_RENEGOTIATION_INFO_SCSV = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
static String cipherSuiteToJava(String cipherSuite) {
// For historical reasons, Java uses a different name for TLS_RSA_WITH_3DES_EDE_CBC_SHA.
if ("TLS_RSA_WITH_3DES_EDE_CBC_SHA".equals(cipherSuite)) {
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
}
return cipherSuite;
}
static String cipherSuiteFromJava(String javaCipherSuite) {
if ("SSL_RSA_WITH_3DES_EDE_CBC_SHA".equals(javaCipherSuite)) {
return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
}
return javaCipherSuite;
}
/**
* TLS_FALLBACK_SCSV is from
* https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
* to indicate to the server that this is a fallback protocol
* request.
*/
private static final String TLS_FALLBACK_SCSV = "TLS_FALLBACK_SCSV";
private static final boolean HAS_AES_HARDWARE;
private static final String[] SUPPORTED_TLS_1_2_CIPHER_SUITES;
static {
if (loadError == null) {
// If loadError is not null, it means the native code was not loaded, so
// get_cipher_names will throw UnsatisfiedLinkError.
String[] allCipherSuites = get_cipher_names("ALL:!DHE");
// get_cipher_names returns an array where even indices are the standard name and odd
// indices are the OpenSSL name.
int size = allCipherSuites.length;
if (size % 2 != 0) {
throw new IllegalArgumentException(
"Invalid cipher list returned by get_cipher_names");
}
SUPPORTED_TLS_1_2_CIPHER_SUITES = new String[size / 2 + 2];
for (int i = 0; i < size; i += 2) {
String cipherSuite = cipherSuiteToJava(allCipherSuites[i]);
SUPPORTED_TLS_1_2_CIPHER_SUITES[i / 2] = cipherSuite;
SUPPORTED_TLS_1_2_CIPHER_SUITES_SET.add(cipherSuite);
SUPPORTED_LEGACY_CIPHER_SUITES_SET.add(allCipherSuites[i + 1]);
}
SUPPORTED_TLS_1_2_CIPHER_SUITES[size / 2] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
SUPPORTED_TLS_1_2_CIPHER_SUITES[size / 2 + 1] = TLS_FALLBACK_SCSV;
HAS_AES_HARDWARE = EVP_has_aes_hardware() == 1;
} else {
HAS_AES_HARDWARE = false;
SUPPORTED_TLS_1_2_CIPHER_SUITES = new String[0];
}
}
/**
* Returns 1 if the BoringSSL believes the CPU has AES accelerated hardware
* instructions. Used to determine cipher suite ordering.
*/
static native int EVP_has_aes_hardware();
static native long SSL_CTX_new();
// IMPLEMENTATION NOTE: The default list of cipher suites is a trade-off between what we'd like
// to use and what servers currently support. We strive to be secure enough by default. We thus
// avoid unacceptably weak suites (e.g., those with bulk cipher secret key shorter than 128
// bits), while maintaining the capability to connect to the majority of servers.
//
// Cipher suites are listed in preference order (favorite choice first) of the client. However,
// servers are not required to honor the order. The key rules governing the preference order
// are:
// * Prefer Forward Secrecy (i.e., cipher suites that use ECDHE and DHE for key agreement).
// * Prefer ChaCha20-Poly1305 to AES-GCM unless hardware support for AES is available.
// * Prefer AES-GCM to AES-CBC whose MAC-pad-then-encrypt approach leads to weaknesses (e.g.,
// Lucky 13).
// * Prefer 128-bit bulk encryption to 256-bit one, because 128-bit is safe enough while
// consuming less CPU/time/energy.
//
// NOTE: Removing cipher suites from this list needs to be done with caution, because this may
// prevent apps from connecting to servers they were previously able to connect to.
/** X.509 based cipher suites enabled by default (if requested), in preference order. */
static final String[] DEFAULT_X509_CIPHER_SUITES = HAS_AES_HARDWARE ?
new String[] {
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
} :
new String[] {
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
};
/** TLS-PSK cipher suites enabled by default (if requested), in preference order. */
static final String[] DEFAULT_PSK_CIPHER_SUITES = new String[] {
"TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
"TLS_PSK_WITH_AES_128_CBC_SHA",
"TLS_PSK_WITH_AES_256_CBC_SHA",
};
static String[] getSupportedCipherSuites() {
return SSLUtils.concat(SUPPORTED_TLS_1_3_CIPHER_SUITES, SUPPORTED_TLS_1_2_CIPHER_SUITES.clone());
}
static native void SSL_CTX_free(long ssl_ctx, AbstractSessionContext holder);
static native void SSL_CTX_set_session_id_context(long ssl_ctx, AbstractSessionContext holder, byte[] sid_ctx);
static native long SSL_CTX_set_timeout(long ssl_ctx, AbstractSessionContext holder, long seconds);
static native long SSL_new(long ssl_ctx, AbstractSessionContext holder) throws SSLException;
static native void SSL_enable_tls_channel_id(long ssl, NativeSsl ssl_holder) throws SSLException;
static native byte[] SSL_get_tls_channel_id(long ssl, NativeSsl ssl_holder) throws SSLException;
static native void SSL_set1_tls_channel_id(long ssl, NativeSsl ssl_holder, NativeRef.EVP_PKEY pkey);
/**
* Sets the local certificates and private key.
*
* @param ssl the SSL reference.
* @param encodedCertificates the encoded form of the local certificate chain.
* @param pkey a reference to the private key.
* @throws SSLException if a problem occurs setting the cert/key.
*/
static native void setLocalCertsAndPrivateKey(long ssl, NativeSsl ssl_holder, byte[][] encodedCertificates,
NativeRef.EVP_PKEY pkey) throws SSLException;
static native void SSL_set_client_CA_list(long ssl, NativeSsl ssl_holder, byte[][] asn1DerEncodedX500Principals)
throws SSLException;
static native long SSL_set_mode(long ssl, NativeSsl ssl_holder, long mode);
static native long SSL_set_options(long ssl, NativeSsl ssl_holder, long options);
static native long SSL_clear_options(long ssl, NativeSsl ssl_holder, long options);
static native int SSL_set_protocol_versions(long ssl, NativeSsl ssl_holder, int min_version, int max_version);
static native void SSL_enable_signed_cert_timestamps(long ssl, NativeSsl ssl_holder);
static native byte[] SSL_get_signed_cert_timestamp_list(long ssl, NativeSsl ssl_holder);
static native void SSL_set_signed_cert_timestamp_list(long ssl, NativeSsl ssl_holder, byte[] list);
static native void SSL_enable_ocsp_stapling(long ssl, NativeSsl ssl_holder);
static native byte[] SSL_get_ocsp_response(long ssl, NativeSsl ssl_holder);
static native void SSL_set_ocsp_response(long ssl, NativeSsl ssl_holder, byte[] response);
static native byte[] SSL_get_tls_unique(long ssl, NativeSsl ssl_holder);
static native byte[] SSL_export_keying_material(long ssl, NativeSsl ssl_holder, byte[] label, byte[] context, int num_bytes) throws SSLException;
static native void SSL_use_psk_identity_hint(long ssl, NativeSsl ssl_holder, String identityHint) throws SSLException;
static native void set_SSL_psk_client_callback_enabled(long ssl, NativeSsl ssl_holder, boolean enabled);
static native void set_SSL_psk_server_callback_enabled(long ssl, NativeSsl ssl_holder, boolean enabled);
/** Protocols to enable by default when "TLSv1.3" is requested. */
static final String[] TLSV13_PROTOCOLS = new String[] {
SUPPORTED_PROTOCOL_TLSV1,
SUPPORTED_PROTOCOL_TLSV1_1,
SUPPORTED_PROTOCOL_TLSV1_2,
SUPPORTED_PROTOCOL_TLSV1_3,
};
/** Protocols to enable by default when "TLSv1.2" is requested. */
static final String[] TLSV12_PROTOCOLS = new String[] {
SUPPORTED_PROTOCOL_TLSV1,
SUPPORTED_PROTOCOL_TLSV1_1,
SUPPORTED_PROTOCOL_TLSV1_2,
};
/** Protocols to enable by default when "TLSv1.1" is requested. */
static final String[] TLSV11_PROTOCOLS = TLSV12_PROTOCOLS;
/** Protocols to enable by default when "TLSv1" is requested. */
static final String[] TLSV1_PROTOCOLS = TLSV11_PROTOCOLS;
static final String[] DEFAULT_PROTOCOLS = TLSV13_PROTOCOLS;
private static final String[] SUPPORTED_PROTOCOLS = new String[] {
SUPPORTED_PROTOCOL_TLSV1,
SUPPORTED_PROTOCOL_TLSV1_1,
SUPPORTED_PROTOCOL_TLSV1_2,
SUPPORTED_PROTOCOL_TLSV1_3,
};;
static String[] getSupportedProtocols() {
return SUPPORTED_PROTOCOLS.clone();
}
private static class Range {
public final String min;
public final String max;
public Range(String min, String max) {
this.min = min;
this.max = max;
}
}
private static Range getProtocolRange(String[] protocols) {
// TLS protocol negotiation only allows a min and max version
// to be set, despite the Java API allowing a sparse set of
// protocols to be enabled. Use the lowest contiguous range
// of protocols provided by the caller, which is what we've
// done historically.
List<String> protocolsList = Arrays.asList(protocols);
String min = null;
String max = null;
for (int i = 0; i < SUPPORTED_PROTOCOLS.length; i++) {
String protocol = SUPPORTED_PROTOCOLS[i];
if (protocolsList.contains(protocol)) {
if (min == null) {
min = protocol;
}
max = protocol;
} else if (min != null) {
break;
}
}
if ((min == null) || (max == null)) {
throw new IllegalArgumentException("No protocols enabled.");
}
return new Range(min, max);
}
static void setEnabledProtocols(long ssl, NativeSsl ssl_holder, String[] protocols) {
checkEnabledProtocols(protocols);
Range range = getProtocolRange(protocols);
SSL_set_protocol_versions(
ssl, ssl_holder, getProtocolConstant(range.min), getProtocolConstant(range.max));
}
private static int getProtocolConstant(String protocol) {
if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1)) {
return NativeConstants.TLS1_VERSION;
} else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)) {
return NativeConstants.TLS1_1_VERSION;
} else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2)) {
return NativeConstants.TLS1_2_VERSION;
} else if (protocol.equals(SUPPORTED_PROTOCOL_TLSV1_3)) {
return NativeConstants.TLS1_3_VERSION;
} else {
throw new AssertionError("Unknown protocol encountered: " + protocol);
}
}
static String[] checkEnabledProtocols(String[] protocols) {
if (protocols == null) {
throw new IllegalArgumentException("protocols == null");
}
for (String protocol : protocols) {
if (protocol == null) {
throw new IllegalArgumentException("protocols contains null");
}
if (!protocol.equals(SUPPORTED_PROTOCOL_TLSV1)
&& !protocol.equals(SUPPORTED_PROTOCOL_TLSV1_1)
&& !protocol.equals(SUPPORTED_PROTOCOL_TLSV1_2)
&& !protocol.equals(SUPPORTED_PROTOCOL_TLSV1_3)
&& !protocol.equals(OBSOLETE_PROTOCOL_SSLV3)) {
throw new IllegalArgumentException("protocol " + protocol + " is not supported");
}
}
return protocols;
}
static native void SSL_set_cipher_lists(long ssl, NativeSsl ssl_holder, String[] ciphers);
/**
* Gets the list of cipher suites enabled for the provided {@code SSL} instance.
*
* @return array of {@code SSL_CIPHER} references.
*/
static native long[] SSL_get_ciphers(long ssl, NativeSsl ssl_holder);
static void setEnabledCipherSuites(long ssl, NativeSsl ssl_holder, String[] cipherSuites,
String[] protocols) {
checkEnabledCipherSuites(cipherSuites);
String maxProtocol = getProtocolRange(protocols).max;
List<String> opensslSuites = new ArrayList<String>();
for (int i = 0; i < cipherSuites.length; i++) {
String cipherSuite = cipherSuites[i];
if (cipherSuite.equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
continue;
}
// Only send TLS_FALLBACK_SCSV if max version >= 1.2 to prevent inadvertent connection
// problems when servers upgrade. See https://github.com/google/conscrypt/issues/574
// for more discussion.
if (cipherSuite.equals(TLS_FALLBACK_SCSV)
&& (maxProtocol.equals(SUPPORTED_PROTOCOL_TLSV1)
|| maxProtocol.equals(SUPPORTED_PROTOCOL_TLSV1_1))) {
SSL_set_mode(ssl, ssl_holder, NativeConstants.SSL_MODE_SEND_FALLBACK_SCSV);
continue;
}
opensslSuites.add(cipherSuiteFromJava(cipherSuite));
}
SSL_set_cipher_lists(ssl, ssl_holder, opensslSuites.toArray(new String[opensslSuites.size()]));
}
static String[] checkEnabledCipherSuites(String[] cipherSuites) {
if (cipherSuites == null) {
throw new IllegalArgumentException("cipherSuites == null");
}
// makes sure all suites are valid, throwing on error
for (int i = 0; i < cipherSuites.length; i++) {
if (cipherSuites[i] == null) {
throw new IllegalArgumentException("cipherSuites[" + i + "] == null");
}
if (cipherSuites[i].equals(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
|| cipherSuites[i].equals(TLS_FALLBACK_SCSV)) {
continue;
}
if (SUPPORTED_TLS_1_2_CIPHER_SUITES_SET.contains(cipherSuites[i])) {
continue;
}
// For backwards compatibility, it's allowed for |cipherSuite| to
// be an OpenSSL-style cipher-suite name.
if (SUPPORTED_LEGACY_CIPHER_SUITES_SET.contains(cipherSuites[i])) {
// TODO log warning about using backward compatability
continue;
}
throw new IllegalArgumentException(
"cipherSuite " + cipherSuites[i] + " is not supported.");
}
return cipherSuites;
}
static native void SSL_set_accept_state(long ssl, NativeSsl ssl_holder);
static native void SSL_set_connect_state(long ssl, NativeSsl ssl_holder);
static native void SSL_set_verify(long ssl, NativeSsl ssl_holder, int mode);
static native void SSL_set_session(long ssl, NativeSsl ssl_holder, long sslSessionNativePointer)
throws SSLException;
static native void SSL_set_session_creation_enabled(
long ssl, NativeSsl ssl_holder, boolean creationEnabled) throws SSLException;
static native boolean SSL_session_reused(long ssl, NativeSsl ssl_holder);
static native void SSL_accept_renegotiations(long ssl, NativeSsl ssl_holder) throws SSLException;
static native void SSL_set_tlsext_host_name(long ssl, NativeSsl ssl_holder, String hostname)
throws SSLException;
static native String SSL_get_servername(long ssl, NativeSsl ssl_holder);
static native void SSL_do_handshake(
long ssl, NativeSsl ssl_holder, FileDescriptor fd, SSLHandshakeCallbacks shc, int timeoutMillis)
throws SSLException, SocketTimeoutException, CertificateException;
public static native String SSL_get_current_cipher(long ssl, NativeSsl ssl_holder);
public static native String SSL_get_version(long ssl, NativeSsl ssl_holder);
/**
* Returns the peer certificate chain.
*/
static native byte[][] SSL_get0_peer_certificates(long ssl, NativeSsl ssl_holder);
/**
* Reads with the native SSL_read function from the encrypted data stream
* @return -1 if error or the end of the stream is reached.
*/
static native int SSL_read(long ssl, NativeSsl ssl_holder, FileDescriptor fd, SSLHandshakeCallbacks shc,
byte[] b, int off, int len, int readTimeoutMillis) throws IOException;
/**
* Writes with the native SSL_write function to the encrypted data stream.
*/
static native void SSL_write(long ssl, NativeSsl ssl_holder, FileDescriptor fd,
SSLHandshakeCallbacks shc, byte[] b, int off, int len, int writeTimeoutMillis)
throws IOException;
static native void SSL_interrupt(long ssl, NativeSsl ssl_holder);
static native void SSL_shutdown(
long ssl, NativeSsl ssl_holder, FileDescriptor fd, SSLHandshakeCallbacks shc) throws IOException;
static native int SSL_get_shutdown(long ssl, NativeSsl ssl_holder);
static native void SSL_free(long ssl, NativeSsl ssl_holder);
static native long SSL_get_time(long ssl, NativeSsl ssl_holder);
static native long SSL_set_timeout(long ssl, NativeSsl ssl_holder, long millis);
static native long SSL_get_timeout(long ssl, NativeSsl ssl_holder);
static native int SSL_get_signature_algorithm_key_type(int signatureAlg);
static native byte[] SSL_session_id(long ssl, NativeSsl ssl_holder);
static native byte[] SSL_SESSION_session_id(long sslSessionNativePointer);
static native long SSL_SESSION_get_time(long sslSessionNativePointer);
static native long SSL_SESSION_get_timeout(long sslSessionNativePointer);
static native String SSL_SESSION_get_version(long sslSessionNativePointer);
static native String SSL_SESSION_cipher(long sslSessionNativePointer);
static native boolean SSL_SESSION_should_be_single_use(long sslSessionNativePointer);
static native void SSL_SESSION_up_ref(long sslSessionNativePointer);
static native void SSL_SESSION_free(long sslSessionNativePointer);
static native byte[] i2d_SSL_SESSION(long sslSessionNativePointer);
static native long d2i_SSL_SESSION(byte[] data) throws IOException;
/**
* A collection of callbacks from the native OpenSSL code that are
* related to the SSL handshake initiated by SSL_do_handshake.
*/
interface SSLHandshakeCallbacks {
/**
* Verify that the certificate chain is trusted.
*
* @param certificateChain chain of X.509 certificates in their encoded form
* @param authMethod auth algorithm name
*
* @throws CertificateException if the certificate is untrusted
*/
@SuppressWarnings("unused")
void verifyCertificateChain(byte[][] certificateChain, String authMethod)
throws CertificateException;
/**
* Called on an SSL client when the server requests (or
* requires a certificate). The client can respond by using
* SSL_use_certificate and SSL_use_PrivateKey to set a
* certificate if has an appropriate one available, similar to
* how the server provides its certificate.
*
* @param keyTypes key types supported by the server,
* convertible to strings with #keyType
* @param asn1DerEncodedX500Principals CAs known to the server
*/
@SuppressWarnings("unused")
void clientCertificateRequested(byte[] keyTypes, int[] signatureAlgs,
byte[][] asn1DerEncodedX500Principals)
throws CertificateEncodingException, SSLException;
/**
* Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key
* exchange.
*
* @param identityHint PSK identity hint provided by the server or {@code null} if no hint
* provided.
* @param identity buffer to be populated with PSK identity (NULL-terminated modified UTF-8)
* by this method. This identity will be provided to the server.
* @param key buffer to be populated with key material by this method.
*
* @return number of bytes this method stored in the {@code key} buffer or {@code 0} if an
* error occurred in which case the handshake will be aborted.
*/
int clientPSKKeyRequested(String identityHint, byte[] identity, byte[] key);
/**
* Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key
* exchange.
*
* @param identityHint PSK identity hint provided by this server to the client or
* {@code null} if no hint was provided.
* @param identity PSK identity provided by the client.
* @param key buffer to be populated with key material by this method.
*
* @return number of bytes this method stored in the {@code key} buffer or {@code 0} if an
* error occurred in which case the handshake will be aborted.
*/
int serverPSKKeyRequested(String identityHint, String identity, byte[] key);
/**
* Called when SSL state changes. This could be handshake completion.
*/
@SuppressWarnings("unused")
void onSSLStateChange(int type, int val);
/**
* Called when a new session has been established and may be added to the session cache.
* The callee is responsible for incrementing the reference count on the returned session.
*/
@SuppressWarnings("unused")
void onNewSessionEstablished(long sslSessionNativePtr);
/**
* Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than
* application session caches).
*
* <p/>Looks up the session by ID in the application's session cache. If a valid session
* is returned, this callback is responsible for incrementing the reference count (and any
* required synchronization).
*
* @param id the ID of the session to find.
* @return the cached session or {@code 0} if no session was found matching the given ID.
*/
@SuppressWarnings("unused")
long serverSessionRequested(byte[] id);
}
static native String SSL_CIPHER_get_kx_name(long cipherAddress);
static native String[] get_cipher_names(String selection);
public static native byte[] get_ocsp_single_extension(
byte[] ocspResponse, String oid, long x509Ref, OpenSSLX509Certificate holder, long issuerX509Ref, OpenSSLX509Certificate holder2);
/**
* Returns the starting address of the memory region referenced by the provided direct
* {@link Buffer} or {@code 0} if the provided buffer is not direct or if such access to direct
* buffers is not supported by the platform.
*
* <p>NOTE: This method ignores the buffer's current {@code position}.
*/
static native long getDirectBufferAddress(Buffer buf);
static native long SSL_BIO_new(long ssl, NativeSsl ssl_holder) throws SSLException;
static native int SSL_get_error(long ssl, NativeSsl ssl_holder, int ret);
static native void SSL_clear_error();
static native int SSL_pending_readable_bytes(long ssl, NativeSsl ssl_holder);
static native int SSL_pending_written_bytes_in_BIO(long bio);
/**
* Returns the maximum overhead, in bytes, of sealing a record with SSL.
*/
static native int SSL_max_seal_overhead(long ssl, NativeSsl ssl_holder);
/**
* Enables ALPN for this TLS endpoint and sets the list of supported ALPN protocols in
* wire-format (length-prefixed 8-bit strings).
*/
static native void setApplicationProtocols(
long ssl, NativeSsl ssl_holder, boolean client, byte[] protocols) throws IOException;
/**
* Called for a server endpoint only. Enables ALPN and sets a BiFunction that will
* be called to delegate protocol selection to the application. Calling this method overrides
* {@link #setApplicationProtocols(long, NativeSsl, boolean, byte[])}.
*/
static native void setApplicationProtocolSelector(
long ssl, NativeSsl ssl_holder, ApplicationProtocolSelectorAdapter selector) throws IOException;
/**
* Returns the selected ALPN protocol. If the server did not select a
* protocol, {@code null} will be returned.
*/
static native byte[] getApplicationProtocol(long ssl, NativeSsl ssl_holder);
/**
* Variant of the {@link #SSL_do_handshake} used by {@link ConscryptEngine}. This differs
* slightly from the raw BoringSSL API in that it returns the SSL error code from the
* operation, rather than the return value from {@code SSL_do_handshake}. This is done in
* order to allow to properly handle SSL errors and propagate useful exceptions.
*
* @return Returns the SSL error code for the operation when the error was {@code
* SSL_ERROR_NONE}, {@code SSL_ERROR_WANT_READ}, or {@code SSL_ERROR_WANT_WRITE}.
* @throws IOException when the error code is anything except those returned by this method.
*/
static native int ENGINE_SSL_do_handshake(long ssl, NativeSsl ssl_holder, SSLHandshakeCallbacks shc)
throws IOException;
/**
* Variant of the {@link #SSL_read} for a direct {@link java.nio.ByteBuffer} used by {@link
* ConscryptEngine}.
*
* @return if positive, represents the number of bytes read into the given buffer.
* Returns {@code -SSL_ERROR_WANT_READ} if more data is needed. Returns
* {@code -SSL_ERROR_WANT_WRITE} if data needs to be written out to flush the BIO.
*
* @throws java.io.InterruptedIOException if the read was interrupted.
* @throws java.io.EOFException if the end of stream has been reached.
* @throws CertificateException if the application's certificate verification callback failed.
* Only occurs during handshake processing.
* @throws SSLException if any other error occurs.
*/
static native int ENGINE_SSL_read_direct(long ssl, NativeSsl ssl_holder, long address, int length,
SSLHandshakeCallbacks shc) throws IOException, CertificateException;
/**
* Variant of the {@link #SSL_write} for a direct {@link java.nio.ByteBuffer} used by {@link
* ConscryptEngine}. This version does not lock or and does no error pre-processing.
*/
static native int ENGINE_SSL_write_direct(long ssl, NativeSsl ssl_holder, long address, int length,
SSLHandshakeCallbacks shc) throws IOException;
/**
* Writes data from the given direct {@link java.nio.ByteBuffer} to the BIO.
*/
static native int ENGINE_SSL_write_BIO_direct(long ssl, NativeSsl ssl_holder, long bioRef, long pos, int length,
SSLHandshakeCallbacks shc) throws IOException;
/**
* Writes data from the given array to the BIO.
*/
static native int ENGINE_SSL_write_BIO_heap(long ssl, NativeSsl ssl_holder, long bioRef, byte[] sourceJava,
int sourceOffset, int sourceLength, SSLHandshakeCallbacks shc)
throws IOException, IndexOutOfBoundsException;
/**
* Reads data from the given BIO into a direct {@link java.nio.ByteBuffer}.
*/
static native int ENGINE_SSL_read_BIO_direct(long ssl, NativeSsl ssl_holder, long bioRef, long address, int len,
SSLHandshakeCallbacks shc) throws IOException;
/**
* Reads data from the given BIO into an array.
*/
static native int ENGINE_SSL_read_BIO_heap(long ssl, NativeSsl ssl_holder, long bioRef, byte[] destJava,
int destOffset, int destLength, SSLHandshakeCallbacks shc)
throws IOException, IndexOutOfBoundsException;
/**
* Forces the SSL object to process any data pending in the BIO.
*/
static native void ENGINE_SSL_force_read(long ssl, NativeSsl ssl_holder,
SSLHandshakeCallbacks shc) throws IOException;
/**
* Variant of the {@link #SSL_shutdown} used by {@link ConscryptEngine}. This version does not
* lock.
*/
static native void ENGINE_SSL_shutdown(long ssl, NativeSsl ssl_holder, SSLHandshakeCallbacks shc)
throws IOException;
/**
* Used for testing only.
*/
static native int BIO_read(long bioRef, byte[] buffer) throws IOException;
static native void BIO_write(long bioRef, byte[] buffer, int offset, int length)
throws IOException, IndexOutOfBoundsException;
static native long SSL_clear_mode(long ssl, NativeSsl ssl_holder, long mode);
static native long SSL_get_mode(long ssl, NativeSsl ssl_holder);
static native long SSL_get_options(long ssl, NativeSsl ssl_holder);
static native long SSL_get1_session(long ssl, NativeSsl ssl_holder);
}