001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: /**
019: * @author Boris Kuznetsov
020: * @version $Revision$
021: */package org.apache.harmony.xnet.provider.jsse;
022:
023: import java.security.GeneralSecurityException;
024: import java.util.Hashtable;
025:
026: import javax.crypto.Cipher;
027:
028: /**
029: * Represents Cipher Suite as defined in TLS 1.0 spec.,
030: * A.5. The CipherSuite;
031: * C. CipherSuite definitions.
032: * @see TLS 1.0 spec., http://www.ietf.org/rfc/rfc2246.txt
033: *
034: */
035: public class CipherSuite {
036:
037: /**
038: * true if this cipher suite is supported
039: */
040: boolean supported = true;
041:
042: /**
043: * cipher suite key exchange
044: */
045: final int keyExchange;
046:
047: /**
048: * cipher
049: */
050: final String cipherName;
051:
052: /**
053: * Cipher information
054: */
055: final int keyMaterial;
056: final int expandedKeyMaterial;
057: final int effectiveKeyBytes;
058: final int IVSize;
059: final private int blockSize;
060:
061: // cipher suite code
062: private final byte[] cipherSuiteCode;
063:
064: // cipher suite name
065: private final String name;
066:
067: // true if cipher suite is exportable
068: private final boolean isExportable;
069:
070: // Hash algorithm
071: final private String hashName;
072:
073: // MAC algorithm
074: final private String hmacName;
075:
076: // Hash size
077: final private int hashSize;
078:
079: /**
080: * key exchange values
081: */
082: static int KeyExchange_RSA = 1;
083: static int KeyExchange_RSA_EXPORT = 2;
084: static int KeyExchange_DHE_DSS = 3;
085: static int KeyExchange_DHE_DSS_EXPORT = 4;
086: static int KeyExchange_DHE_RSA = 5;
087: static int KeyExchange_DHE_RSA_EXPORT = 6;
088: static int KeyExchange_DH_DSS = 7;
089: static int KeyExchange_DH_RSA = 8;
090: static int KeyExchange_DH_anon = 9;
091: static int KeyExchange_DH_anon_EXPORT = 10;
092: static int KeyExchange_DH_DSS_EXPORT = 11;
093: static int KeyExchange_DH_RSA_EXPORT = 12;
094:
095: /**
096: * TLS cipher suite codes
097: */
098: static byte[] code_TLS_NULL_WITH_NULL_NULL = { 0x00, 0x00 };
099: static byte[] code_TLS_RSA_WITH_NULL_MD5 = { 0x00, 0x01 };
100: static byte[] code_TLS_RSA_WITH_NULL_SHA = { 0x00, 0x02 };
101: static byte[] code_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x03 };
102: static byte[] code_TLS_RSA_WITH_RC4_128_MD5 = { 0x00, 0x04 };
103: static byte[] code_TLS_RSA_WITH_RC4_128_SHA = { 0x00, 0x05 };
104: static byte[] code_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,
105: 0x06 };
106: static byte[] code_TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00, 0x07 };
107: static byte[] code_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x08 };
108: static byte[] code_TLS_RSA_WITH_DES_CBC_SHA = { 0x00, 0x09 };
109: static byte[] code_TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0A };
110: static byte[] code_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,
111: 0x0B };
112: static byte[] code_TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00, 0x0C };
113: static byte[] code_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0D };
114: static byte[] code_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,
115: 0x0E };
116: static byte[] code_TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00, 0x0F };
117: static byte[] code_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x10 };
118: static byte[] code_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,
119: 0x11 };
120: static byte[] code_TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00, 0x12 };
121: static byte[] code_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x13 };
122: static byte[] code_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,
123: 0x14 };
124: static byte[] code_TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00, 0x15 };
125: static byte[] code_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x16 };
126: static byte[] code_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,
127: 0x17 };
128: static byte[] code_TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00, 0x18 };
129: static byte[] code_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,
130: 0x19 };
131: static byte[] code_TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00, 0x1A };
132: static byte[] code_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x1B };
133:
134: static CipherSuite TLS_NULL_WITH_NULL_NULL = new CipherSuite(
135: "TLS_NULL_WITH_NULL_NULL", true, 0, null, null,
136: code_TLS_NULL_WITH_NULL_NULL);
137:
138: static CipherSuite TLS_RSA_WITH_NULL_MD5 = new CipherSuite(
139: "TLS_RSA_WITH_NULL_MD5", true, KeyExchange_RSA, null,
140: "MD5", code_TLS_RSA_WITH_NULL_MD5);
141:
142: static CipherSuite TLS_RSA_WITH_NULL_SHA = new CipherSuite(
143: "TLS_RSA_WITH_NULL_SHA", true, KeyExchange_RSA, null,
144: "SHA", code_TLS_RSA_WITH_NULL_SHA);
145:
146: static CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = new CipherSuite(
147: "TLS_RSA_EXPORT_WITH_RC4_40_MD5", true,
148: KeyExchange_RSA_EXPORT, "RC4_40", "MD5",
149: code_TLS_RSA_EXPORT_WITH_RC4_40_MD5);
150:
151: static CipherSuite TLS_RSA_WITH_RC4_128_MD5 = new CipherSuite(
152: "TLS_RSA_WITH_RC4_128_MD5", false, KeyExchange_RSA,
153: "RC4_128", "MD5", code_TLS_RSA_WITH_RC4_128_MD5);
154:
155: static CipherSuite TLS_RSA_WITH_RC4_128_SHA = new CipherSuite(
156: "TLS_RSA_WITH_RC4_128_SHA", false, KeyExchange_RSA,
157: "RC4_128", "SHA", code_TLS_RSA_WITH_RC4_128_SHA);
158:
159: static CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = new CipherSuite(
160: "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", true,
161: KeyExchange_RSA_EXPORT, "RC2_CBC_40", "MD5",
162: code_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
163:
164: static CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = new CipherSuite(
165: "TLS_RSA_WITH_IDEA_CBC_SHA", false, KeyExchange_RSA,
166: "IDEA_CBC", "SHA", code_TLS_RSA_WITH_IDEA_CBC_SHA);
167:
168: static CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
169: "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", true,
170: KeyExchange_RSA_EXPORT, "DES40_CBC", "SHA",
171: code_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA);
172:
173: static CipherSuite TLS_RSA_WITH_DES_CBC_SHA = new CipherSuite(
174: "TLS_RSA_WITH_DES_CBC_SHA", false, KeyExchange_RSA,
175: "DES_CBC", "SHA", code_TLS_RSA_WITH_DES_CBC_SHA);
176:
177: static CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
178: "TLS_RSA_WITH_3DES_EDE_CBC_SHA", false, KeyExchange_RSA,
179: "3DES_EDE_CBC", "SHA", code_TLS_RSA_WITH_3DES_EDE_CBC_SHA);
180:
181: static CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
182: "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", true,
183: KeyExchange_DH_DSS_EXPORT, "DES40_CBC", "SHA",
184: code_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
185:
186: static CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = new CipherSuite(
187: "TLS_DH_DSS_WITH_DES_CBC_SHA", false, KeyExchange_DH_DSS,
188: "DES_CBC", "SHA", code_TLS_DH_DSS_WITH_DES_CBC_SHA);
189:
190: static CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
191: "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", false,
192: KeyExchange_DH_DSS, "3DES_EDE_CBC", "SHA",
193: code_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
194:
195: static CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
196: "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", true,
197: KeyExchange_DH_RSA_EXPORT, "DES40_CBC", "SHA",
198: code_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
199:
200: static CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = new CipherSuite(
201: "TLS_DH_RSA_WITH_DES_CBC_SHA", false, KeyExchange_DH_RSA,
202: "DES_CBC", "SHA", code_TLS_DH_RSA_WITH_DES_CBC_SHA);
203:
204: static CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
205: "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", false,
206: KeyExchange_DH_RSA, "3DES_EDE_CBC", "SHA",
207: code_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA);
208:
209: static CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
210: "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", true,
211: KeyExchange_DHE_DSS_EXPORT, "DES40_CBC", "SHA",
212: code_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
213:
214: static CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = new CipherSuite(
215: "TLS_DHE_DSS_WITH_DES_CBC_SHA", false, KeyExchange_DHE_DSS,
216: "DES_CBC", "SHA", code_TLS_DHE_DSS_WITH_DES_CBC_SHA);
217:
218: static CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
219: "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", false,
220: KeyExchange_DHE_DSS, "3DES_EDE_CBC", "SHA",
221: code_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
222:
223: static CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
224: "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", true,
225: KeyExchange_DHE_RSA_EXPORT, "DES40_CBC", "SHA",
226: code_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
227:
228: static CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = new CipherSuite(
229: "TLS_DHE_RSA_WITH_DES_CBC_SHA", false, KeyExchange_DHE_RSA,
230: "DES_CBC", "SHA", code_TLS_DHE_RSA_WITH_DES_CBC_SHA);
231:
232: static CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
233: "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", false,
234: KeyExchange_DHE_RSA, "3DES_EDE_CBC", "SHA",
235: code_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
236:
237: static CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = new CipherSuite(
238: "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", true,
239: KeyExchange_DH_anon_EXPORT, "RC4_40", "MD5",
240: code_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5);
241:
242: static CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = new CipherSuite(
243: "TLS_DH_anon_WITH_RC4_128_MD5", false, KeyExchange_DH_anon,
244: "RC4_128", "MD5", code_TLS_DH_anon_WITH_RC4_128_MD5);
245:
246: static CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
247: "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", true,
248: KeyExchange_DH_anon_EXPORT, "DES40_CBC", "SHA",
249: code_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA);
250:
251: static CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = new CipherSuite(
252: "TLS_DH_anon_WITH_DES_CBC_SHA", false, KeyExchange_DH_anon,
253: "DES_CBC", "SHA", code_TLS_DH_anon_WITH_DES_CBC_SHA);
254:
255: static CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
256: "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", false,
257: KeyExchange_DH_anon, "3DES_EDE_CBC", "SHA",
258: code_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
259:
260: // array for quick access to cipher suite by code
261: private static CipherSuite[] cuitesByCode = {
262: TLS_NULL_WITH_NULL_NULL, TLS_RSA_WITH_NULL_MD5,
263: TLS_RSA_WITH_NULL_SHA, TLS_RSA_EXPORT_WITH_RC4_40_MD5,
264: TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA,
265: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
266: TLS_RSA_WITH_IDEA_CBC_SHA,
267: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
268: TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA,
269: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
270: TLS_DH_DSS_WITH_DES_CBC_SHA,
271: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
272: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
273: TLS_DH_RSA_WITH_DES_CBC_SHA,
274: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
275: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
276: TLS_DHE_DSS_WITH_DES_CBC_SHA,
277: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
278: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
279: TLS_DHE_RSA_WITH_DES_CBC_SHA,
280: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
281: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
282: TLS_DH_anon_WITH_RC4_128_MD5,
283: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
284: TLS_DH_anon_WITH_DES_CBC_SHA,
285: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA };
286:
287: // hash for quick access to cipher suite by name
288: private static Hashtable cuitesByName;
289:
290: /**
291: * array of supported sipher suites.
292: * Set of supported suites is defined at the moment provider's start
293: */
294: // TODO Dinamical supported suites: new providers may be dynamically
295: // added/removed and the set of supportes suites may be changed
296: static CipherSuite[] supportedCipherSuites;
297:
298: /**
299: * array of supported sipher suites names
300: */
301: static String[] supportedCipherSuiteNames;
302:
303: /**
304: * default sipher suites
305: */
306: static CipherSuite[] defaultCipherSuites;
307:
308: static {
309: int count = 0;
310: cuitesByName = new Hashtable();
311: for (int i = 0; i < cuitesByCode.length; i++) {
312: cuitesByName
313: .put(cuitesByCode[i].getName(), cuitesByCode[i]);
314: if (cuitesByCode[i].supported) {
315: count++;
316: }
317: }
318: supportedCipherSuites = new CipherSuite[count];
319: supportedCipherSuiteNames = new String[count];
320: count = 0;
321: for (int i = 0; i < cuitesByCode.length; i++) {
322: if (cuitesByCode[i].supported) {
323: supportedCipherSuites[count] = cuitesByCode[i];
324: supportedCipherSuiteNames[count] = supportedCipherSuites[count]
325: .getName();
326: count++;
327: }
328: }
329:
330: CipherSuite[] defaultPretendent = {
331: TLS_RSA_WITH_RC4_128_MD5,
332: TLS_RSA_WITH_RC4_128_SHA,
333: // TLS_RSA_WITH_AES_128_CBC_SHA,
334: // TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
335: // LS_DHE_DSS_WITH_AES_128_CBC_SHA,
336: TLS_RSA_WITH_3DES_EDE_CBC_SHA,
337: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
338: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
339: TLS_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA,
340: TLS_DHE_DSS_WITH_DES_CBC_SHA,
341: TLS_RSA_EXPORT_WITH_RC4_40_MD5,
342: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
343: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
344: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA };
345: count = 0;
346: for (int i = 0; i < defaultPretendent.length; i++) {
347: if (defaultPretendent[i].supported) {
348: count++;
349: }
350: }
351: defaultCipherSuites = new CipherSuite[count];
352: count = 0;
353: for (int i = 0; i < defaultPretendent.length; i++) {
354: if (defaultPretendent[i].supported) {
355: defaultCipherSuites[count++] = defaultPretendent[i];
356: }
357: }
358: }
359:
360: /**
361: * Returns CipherSuite by name
362: * @param name
363: * @return
364: */
365: public static CipherSuite getByName(String name) {
366: return (CipherSuite) cuitesByName.get(name);
367: }
368:
369: /**
370: * Returns CipherSuite based on TLS CipherSuite code
371: * @see TLS 1.0 spec., A.5. The CipherSuite;
372: * @param b1
373: * @param b2
374: * @return
375: */
376: public static CipherSuite getByCode(byte b1, byte b2) {
377: if (b1 != 0 || b2 > cuitesByCode.length) {
378: // Unknoun
379: return new CipherSuite("UNKNOUN_" + b1 + "_" + b2, false,
380: 0, "", "", new byte[] { b1, b2 });
381: }
382: return cuitesByCode[b2];
383: }
384:
385: /**
386: * Returns CipherSuite based on V2CipherSpec code
387: * as described in TLS 1.0 spec., E. Backward Compatibility With SSL
388: *
389: * @param b1
390: * @param b2
391: * @param b3
392: * @return CipherSuite
393: */
394: public static CipherSuite getByCode(byte b1, byte b2, byte b3) {
395: if (b1 == 0 && b2 == 0) {
396: if (b3 <= cuitesByCode.length) {
397: return cuitesByCode[b3];
398: }
399: }
400: // as TLSv1 equivalent of V2CipherSpec should be included in
401: // V2ClientHello, ignore V2CipherSpec
402: return new CipherSuite("UNKNOUN_" + b1 + "_" + b2 + "_" + b3,
403: false, 0, "", "", new byte[] { b1, b2, b3 });
404: }
405:
406: /**
407: * Creates CipherSuite
408: * @param name
409: * @param isExportable
410: * @param keyExchange
411: * @param cipherName
412: * @param hash
413: * @param code
414: */
415: public CipherSuite(String name, boolean isExportable,
416: int keyExchange, String cipherName, String hash, byte[] code) {
417: this .name = name;
418: this .keyExchange = keyExchange;
419: this .isExportable = isExportable;
420: if (cipherName == null) {
421: this .cipherName = null;
422: keyMaterial = 0;
423: expandedKeyMaterial = 0;
424: effectiveKeyBytes = 0;
425: IVSize = 0;
426: blockSize = 0;
427: } else if ("IDEA_CBC".equals(cipherName)) {
428: this .cipherName = "IDEA/CBC/NoPadding";
429: keyMaterial = 16;
430: expandedKeyMaterial = 16;
431: effectiveKeyBytes = 16;
432: IVSize = 8;
433: blockSize = 8;
434: } else if ("RC2_CBC_40".equals(cipherName)) {
435: this .cipherName = "RC2/CBC/NoPadding";
436: keyMaterial = 5;
437: expandedKeyMaterial = 16;
438: effectiveKeyBytes = 5;
439: IVSize = 8;
440: blockSize = 8;
441: } else if ("RC4_40".equals(cipherName)) {
442: this .cipherName = "RC4";
443: keyMaterial = 5;
444: expandedKeyMaterial = 16;
445: effectiveKeyBytes = 5;
446: IVSize = 0;
447: blockSize = 0;
448: } else if ("RC4_128".equals(cipherName)) {
449: this .cipherName = "RC4";
450: keyMaterial = 16;
451: expandedKeyMaterial = 16;
452: effectiveKeyBytes = 16;
453: IVSize = 0;
454: blockSize = 0;
455: } else if ("DES40_CBC".equals(cipherName)) {
456: this .cipherName = "DES/CBC/NoPadding";
457: keyMaterial = 5;
458: expandedKeyMaterial = 8;
459: effectiveKeyBytes = 5;
460: IVSize = 8;
461: blockSize = 8;
462: } else if ("DES_CBC".equals(cipherName)) {
463: this .cipherName = "DES/CBC/NoPadding";
464: keyMaterial = 8;
465: expandedKeyMaterial = 8;
466: effectiveKeyBytes = 7;
467: IVSize = 8;
468: blockSize = 8;
469: } else if ("3DES_EDE_CBC".equals(cipherName)) {
470: this .cipherName = "DESede/CBC/NoPadding";
471: keyMaterial = 24;
472: expandedKeyMaterial = 24;
473: effectiveKeyBytes = 24;
474: IVSize = 8;
475: blockSize = 8;
476: } else {
477: this .cipherName = cipherName;
478: keyMaterial = 0;
479: expandedKeyMaterial = 0;
480: effectiveKeyBytes = 0;
481: IVSize = 0;
482: blockSize = 0;
483: }
484:
485: if ("MD5".equals(hash)) {
486: this .hmacName = "HmacMD5";
487: this .hashName = "MD5";
488: hashSize = 16;
489: } else if ("SHA".equals(hash)) {
490: this .hmacName = "HmacSHA1";
491: this .hashName = "SHA-1";
492: hashSize = 20;
493: } else {
494: this .hmacName = null;
495: this .hashName = null;
496: hashSize = 0;
497: }
498:
499: cipherSuiteCode = code;
500:
501: if (this .cipherName != null) {
502: try {
503: Cipher.getInstance(this .cipherName);
504: } catch (GeneralSecurityException e) {
505: supported = false;
506: }
507: }
508:
509: }
510:
511: /**
512: * Returns true if cipher suite is anonymous
513: * @return
514: */
515: public boolean isAnonymous() {
516: if (keyExchange == KeyExchange_DH_anon
517: || keyExchange == KeyExchange_DH_anon_EXPORT) {
518: return true;
519: }
520: return false;
521: }
522:
523: /**
524: * Returns array of supported CipherSuites
525: * @return
526: */
527: public static CipherSuite[] getSupported() {
528: return supportedCipherSuites;
529: }
530:
531: /**
532: * Returns array of supported cipher suites names
533: * @return
534: */
535: public static String[] getSupportedCipherSuiteNames() {
536: return (String[]) supportedCipherSuiteNames.clone();
537: }
538:
539: /**
540: * Returns cipher suite name
541: * @return
542: */
543: public String getName() {
544: return name;
545: }
546:
547: /**
548: * Returns cipher suite code as byte array
549: * @return
550: */
551: public byte[] toBytes() {
552: return cipherSuiteCode;
553: }
554:
555: /**
556: * Returns cipher suite description
557: */
558: public String toString() {
559: return name + ": " + cipherSuiteCode[0] + " "
560: + cipherSuiteCode[1];
561: }
562:
563: /**
564: * Compares this cipher suite to the specified object.
565: */
566: public boolean equals(Object obj) {
567: if (obj instanceof CipherSuite
568: && this .cipherSuiteCode[0] == ((CipherSuite) obj).cipherSuiteCode[0]
569: && this .cipherSuiteCode[1] == ((CipherSuite) obj).cipherSuiteCode[1]) {
570: return true;
571: }
572: return false;
573: }
574:
575: /**
576: * Returns cipher algorithm name
577: * @return
578: */
579: public String getBulkEncryptionAlgorithm() {
580: return cipherName;
581: }
582:
583: /**
584: * Returns cipher block size
585: * @return
586: */
587: public int getBlockSize() {
588: return blockSize;
589: }
590:
591: /**
592: * Returns MAC algorithm name
593: * @return
594: */
595: public String getHmacName() {
596: return hmacName;
597: }
598:
599: /**
600: * Returns hash algorithm name
601: * @return
602: */
603: public String getHashName() {
604: return hashName;
605: }
606:
607: /**
608: * Returns hash size
609: * @return
610: */
611: public int getMACLength() {
612: return hashSize;
613: }
614:
615: /**
616: * Indicates whether this cipher suite is exportable
617: * @return
618: */
619: public boolean isExportable() {
620: return isExportable;
621: }
622:
623: }
|