1 /*
2 * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.security.AlgorithmConstraints;
29 import java.security.CryptoPrimitive;
30
31 import java.util.Set;
32 import java.util.HashSet;
33 import java.util.Map;
34 import java.util.EnumSet;
35 import java.util.TreeMap;
36 import java.util.Collection;
37 import java.util.Collections;
38 import java.util.ArrayList;
39
40 /**
41 * Signature and hash algorithm.
42 *
43 * [RFC5246] The client uses the "signature_algorithms" extension to
44 * indicate to the server which signature/hash algorithm pairs may be
45 * used in digital signatures. The "extension_data" field of this
46 * extension contains a "supported_signature_algorithms" value.
47 *
48 * enum {
49 * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
50 * sha512(6), (255)
51 * } HashAlgorithm;
52 *
53 * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
54 * SignatureAlgorithm;
55 *
56 * struct {
57 * HashAlgorithm hash;
58 * SignatureAlgorithm signature;
59 * } SignatureAndHashAlgorithm;
60 */
61 final class SignatureAndHashAlgorithm {
62
63 // minimum priority for default enabled algorithms
64 final static int SUPPORTED_ALG_PRIORITY_MAX_NUM = 0x00F0;
65
66 // performance optimization
67 private final static Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
68 EnumSet.of(CryptoPrimitive.SIGNATURE);
69
70 // supported pairs of signature and hash algorithm
71 private final static Map<Integer, SignatureAndHashAlgorithm> supportedMap;
72 private final static Map<Integer, SignatureAndHashAlgorithm> priorityMap;
73
74 // the hash algorithm
75 private HashAlgorithm hash;
76
77 // the signature algorithm
78 private SignatureAlgorithm signature;
79
80 // id in 16 bit MSB format, i.e. 0x0603 for SHA512withECDSA
81 private int id;
82
83 // the standard algorithm name, for example "SHA512withECDSA"
84 private String algorithm;
85
86 // Priority for the preference order. The lower the better.
87 //
88 // If the algorithm is unsupported, its priority should be bigger
89 // than SUPPORTED_ALG_PRIORITY_MAX_NUM.
90 private int priority;
91
92 // constructor for supported algorithm
93 private SignatureAndHashAlgorithm(HashAlgorithm hash,
94 SignatureAlgorithm signature, String algorithm, int priority) {
95 this.hash = hash;
96 this.signature = signature;
97 this.algorithm = algorithm;
98 this.id = ((hash.value & 0xFF) << 8) | (signature.value & 0xFF);
99 this.priority = priority;
100 }
101
102 // constructor for unsupported algorithm
103 private SignatureAndHashAlgorithm(String algorithm, int id, int sequence) {
104 this.hash = HashAlgorithm.valueOf((id >> 8) & 0xFF);
105 this.signature = SignatureAlgorithm.valueOf(id & 0xFF);
106 this.algorithm = algorithm;
107 this.id = id;
108
109 // add one more to the sequece number, in case that the number is zero
110 this.priority = SUPPORTED_ALG_PRIORITY_MAX_NUM + sequence + 1;
111 }
112
113 // Note that we do not use the sequence argument for supported algorithms,
114 // so please don't sort by comparing the objects read from handshake
115 // messages.
116 static SignatureAndHashAlgorithm valueOf(int hash,
117 int signature, int sequence) {
118 hash &= 0xFF;
119 signature &= 0xFF;
120
121 int id = (hash << 8) | signature;
122 SignatureAndHashAlgorithm signAlg = supportedMap.get(id);
123 if (signAlg == null) {
124 // unsupported algorithm
125 signAlg = new SignatureAndHashAlgorithm(
126 "Unknown (hash:0x" + Integer.toString(hash, 16) +
127 ", signature:0x" + Integer.toString(signature, 16) + ")",
128 id, sequence);
129 }
130
131 return signAlg;
132 }
133
134 int getHashValue() {
135 return (id >> 8) & 0xFF;
136 }
137
138 int getSignatureValue() {
139 return id & 0xFF;
140 }
141
142 String getAlgorithmName() {
143 return algorithm;
144 }
145
146 // return the size of a SignatureAndHashAlgorithm structure in TLS record
147 static int sizeInRecord() {
148 return 2;
149 }
150
151 // Get local supported algorithm collection complying to
152 // algorithm constraints
153 static Collection<SignatureAndHashAlgorithm>
154 getSupportedAlgorithms(AlgorithmConstraints constraints) {
155
156 Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
157 synchronized (priorityMap) {
158 for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
159 if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
160 constraints.permits(SIGNATURE_PRIMITIVE_SET,
161 sigAlg.algorithm, null)) {
162 supported.add(sigAlg);
163 }
164 }
165 }
166
167 return supported;
168 }
169
170 // Get supported algorithm collection from an untrusted collection
171 static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
172 Collection<SignatureAndHashAlgorithm> algorithms ) {
173 Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
174 for (SignatureAndHashAlgorithm sigAlg : algorithms) {
175 if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
176 supported.add(sigAlg);
177 }
178 }
179
180 return supported;
181 }
182
183 static String[] getAlgorithmNames(
184 Collection<SignatureAndHashAlgorithm> algorithms) {
185 ArrayList<String> algorithmNames = new ArrayList<>();
186 if (algorithms != null) {
187 for (SignatureAndHashAlgorithm sigAlg : algorithms) {
188 algorithmNames.add(sigAlg.algorithm);
189 }
190 }
191
192 String[] array = new String[algorithmNames.size()];
193 return algorithmNames.toArray(array);
194 }
195
196 static Set<String> getHashAlgorithmNames(
197 Collection<SignatureAndHashAlgorithm> algorithms) {
198 Set<String> algorithmNames = new HashSet<>();
199 if (algorithms != null) {
200 for (SignatureAndHashAlgorithm sigAlg : algorithms) {
201 if (sigAlg.hash.value > 0) {
202 algorithmNames.add(sigAlg.hash.standardName);
203 }
204 }
205 }
206
207 return algorithmNames;
208 }
209
210 static String getHashAlgorithmName(SignatureAndHashAlgorithm algorithm) {
211 return algorithm.hash.standardName;
212 }
213
214 private static void supports(HashAlgorithm hash,
215 SignatureAlgorithm signature, String algorithm, int priority) {
216
217 SignatureAndHashAlgorithm pair =
218 new SignatureAndHashAlgorithm(hash, signature, algorithm, priority);
219 if (supportedMap.put(pair.id, pair) != null) {
220 throw new RuntimeException(
221 "Duplicate SignatureAndHashAlgorithm definition, id: " +
222 pair.id);
223 }
224 if (priorityMap.put(pair.priority, pair) != null) {
225 throw new RuntimeException(
226 "Duplicate SignatureAndHashAlgorithm definition, priority: " +
227 pair.priority);
228 }
229 }
230
231 static SignatureAndHashAlgorithm getPreferableAlgorithm(
232 Collection<SignatureAndHashAlgorithm> algorithms, String expected) {
233
234 if (expected == null && !algorithms.isEmpty()) {
235 for (SignatureAndHashAlgorithm sigAlg : algorithms) {
236 if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
237 return sigAlg;
238 }
239 }
240
241 return null; // no supported algorithm
242 }
243
244
245 for (SignatureAndHashAlgorithm algorithm : algorithms) {
246 int signValue = algorithm.id & 0xFF;
247 if ((expected.equalsIgnoreCase("dsa") &&
248 signValue == SignatureAlgorithm.DSA.value) ||
249 (expected.equalsIgnoreCase("rsa") &&
250 signValue == SignatureAlgorithm.RSA.value) ||
251 (expected.equalsIgnoreCase("ecdsa") &&
252 signValue == SignatureAlgorithm.ECDSA.value) ||
253 (expected.equalsIgnoreCase("ec") &&
254 signValue == SignatureAlgorithm.ECDSA.value)) {
255 return algorithm;
256 }
257 }
258
259 return null;
260 }
261
262 static enum HashAlgorithm {
263 UNDEFINED("undefined", "", -1),
264 NONE( "none", "NONE", 0),
265 MD5( "md5", "MD5", 1),
266 SHA1( "sha1", "SHA-1", 2),
267 SHA224( "sha224", "SHA-224", 3),
268 SHA256( "sha256", "SHA-256", 4),
269 SHA384( "sha384", "SHA-384", 5),
270 SHA512( "sha512", "SHA-512", 6);
271
272 final String name; // not the standard signature algorithm name
273 // except the UNDEFINED, other names are defined
274 // by TLS 1.2 protocol
275 final String standardName; // the standard MessageDigest algorithm name
276 final int value;
277
278 private HashAlgorithm(String name, String standardName, int value) {
279 this.name = name;
280 this.standardName = standardName;
281 this.value = value;
282 }
283
284 static HashAlgorithm valueOf(int value) {
285 HashAlgorithm algorithm = UNDEFINED;
286 switch (value) {
287 case 0:
288 algorithm = NONE;
289 break;
290 case 1:
291 algorithm = MD5;
292 break;
293 case 2:
294 algorithm = SHA1;
295 break;
296 case 3:
297 algorithm = SHA224;
298 break;
299 case 4:
300 algorithm = SHA256;
301 break;
302 case 5:
303 algorithm = SHA384;
304 break;
305 case 6:
306 algorithm = SHA512;
307 break;
308 }
309
310 return algorithm;
311 }
312 }
313
314 static enum SignatureAlgorithm {
315 UNDEFINED("undefined", -1),
316 ANONYMOUS("anonymous", 0),
317 RSA( "rsa", 1),
318 DSA( "dsa", 2),
319 ECDSA( "ecdsa", 3);
320
321 final String name; // not the standard signature algorithm name
322 // except the UNDEFINED, other names are defined
323 // by TLS 1.2 protocol
324 final int value;
325
326 private SignatureAlgorithm(String name, int value) {
327 this.name = name;
328 this.value = value;
329 }
330
331 static SignatureAlgorithm valueOf(int value) {
332 SignatureAlgorithm algorithm = UNDEFINED;
333 switch (value) {
334 case 0:
335 algorithm = ANONYMOUS;
336 break;
337 case 1:
338 algorithm = RSA;
339 break;
340 case 2:
341 algorithm = DSA;
342 break;
343 case 3:
344 algorithm = ECDSA;
345 break;
346 }
347
348 return algorithm;
349 }
350 }
351
352 static {
353 supportedMap = Collections.synchronizedSortedMap(
354 new TreeMap<Integer, SignatureAndHashAlgorithm>());
355 priorityMap = Collections.synchronizedSortedMap(
356 new TreeMap<Integer, SignatureAndHashAlgorithm>());
357
358 synchronized (supportedMap) {
359 int p = SUPPORTED_ALG_PRIORITY_MAX_NUM;
360 supports(HashAlgorithm.MD5, SignatureAlgorithm.RSA,
361 "MD5withRSA", --p);
362 supports(HashAlgorithm.SHA1, SignatureAlgorithm.DSA,
363 "SHA1withDSA", --p);
364 supports(HashAlgorithm.SHA1, SignatureAlgorithm.RSA,
365 "SHA1withRSA", --p);
366 supports(HashAlgorithm.SHA1, SignatureAlgorithm.ECDSA,
367 "SHA1withECDSA", --p);
368 supports(HashAlgorithm.SHA224, SignatureAlgorithm.RSA,
369 "SHA224withRSA", --p);
370 supports(HashAlgorithm.SHA224, SignatureAlgorithm.ECDSA,
371 "SHA224withECDSA", --p);
372 supports(HashAlgorithm.SHA256, SignatureAlgorithm.RSA,
373 "SHA256withRSA", --p);
374 supports(HashAlgorithm.SHA256, SignatureAlgorithm.ECDSA,
375 "SHA256withECDSA", --p);
376 supports(HashAlgorithm.SHA384, SignatureAlgorithm.RSA,
377 "SHA384withRSA", --p);
378 supports(HashAlgorithm.SHA384, SignatureAlgorithm.ECDSA,
379 "SHA384withECDSA", --p);
380 supports(HashAlgorithm.SHA512, SignatureAlgorithm.RSA,
381 "SHA512withRSA", --p);
382 supports(HashAlgorithm.SHA512, SignatureAlgorithm.ECDSA,
383 "SHA512withECDSA", --p);
384 }
385 }
386 }
387