org.spongycastle.jsse.provider.FipsUtils Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bctls-jdk15on Show documentation
Show all versions of bctls-jdk15on Show documentation
Spongy Castle is a package-rename (org.bouncycastle.* to org.spongycastle.*) of Bouncy Castle
intended for the Android platform. Android unfortunately ships with a stripped-down version of
Bouncy Castle, which prevents easy upgrades - Spongy Castle overcomes this and provides a full,
up-to-date version of the Bouncy Castle cryptographic libs.
The newest version!
package org.spongycastle.jsse.provider;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.spongycastle.tls.NamedGroup;
abstract class FipsUtils
{
private static final Set FIPS_SUPPORTED_CIPHERSUITES = createFipsSupportedCipherSuites();
private static Set createFipsSupportedCipherSuites()
{
final Set cs = new HashSet();
// "shall support"
cs.add("TLS_RSA_WITH_3DES_EDE_CBC_SHA");
cs.add("TLS_RSA_WITH_AES_128_CBC_SHA");
// "shall support" (TLS 1.2)
// cs.add("TLS_RSA_WITH_AES_128_GCM_SHA256");
// "should support"
cs.add("TLS_RSA_WITH_AES_256_CBC_SHA");
cs.add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
cs.add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
cs.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
// "may support"
cs.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
cs.add("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA");
cs.add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
cs.add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA");
cs.add("TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA");
cs.add("TLS_DH_DSS_WITH_AES_128_CBC_SHA");
cs.add("TLS_DH_DSS_WITH_AES_256_CBC_SHA");
cs.add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
cs.add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
cs.add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
// "should support" (TLS 1.2)
// cs.add("TLS_RSA_WITH_AES_256_GCM_SHA384");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
// cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
cs.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
// cs.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
// "may support" (TLS 1.2);
cs.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
cs.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
cs.add("TLS_RSA_WITH_AES_128_CCM");
cs.add("TLS_RSA_WITH_AES_256_CCM");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
cs.add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256");
cs.add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256");
// cs.add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384");
cs.add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256");
cs.add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256");
// cs.add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384");
cs.add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256");
cs.add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384");
return Collections.unmodifiableSet(cs);
}
static int getFipsMaximumCurveBits()
{
return 384;
}
static boolean isFipsCipherSuite(String cipherSuite)
{
return cipherSuite != null && FIPS_SUPPORTED_CIPHERSUITES.contains(cipherSuite);
}
static boolean isFipsCurve(int namedGroup)
{
switch (namedGroup)
{
case NamedGroup.secp256r1:
case NamedGroup.secp384r1:
return true;
default:
return false;
}
}
static void removeNonFipsCipherSuites(Collection cipherSuites)
{
cipherSuites.retainAll(FIPS_SUPPORTED_CIPHERSUITES);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy