org.apache.sshd.common.cipher.BuiltinCiphers Maven / Gradle / Ivy
The newest version!
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.sshd.common.cipher;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.NavigableSet;
import java.util.Objects;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeMap;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.NamedFactoriesListParseResult;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
/**
* Provides easy access to the currently implemented ciphers
*
* @author Apache MINA SSHD Project
*/
public enum BuiltinCiphers implements CipherFactory {
none(Constants.NONE, 0, 0, "None", 0, "None", 8) {
@Override
public Cipher create() {
return new CipherNone();
}
@Override
public boolean isSupported() {
return !SecurityUtils.isFipsMode();
}
},
aes128cbc(Constants.AES128_CBC, 16, 0, "AES", 128, "AES/CBC/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseCBCCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
},
aes128ctr(Constants.AES128_CTR, 16, 0, "AES", 128, "AES/CTR/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseCTRCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
},
aes128gcm(Constants.AES128_GCM, 12, 16, "AES", 128, "AES/GCM/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseGCMCipher(
getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(),
getKeySize(), getTransformation(), getCipherBlockSize());
}
},
aes256gcm(Constants.AES256_GCM, 12, 16, "AES", 256, "AES/GCM/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseGCMCipher(
getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(),
getKeySize(), getTransformation(), getCipherBlockSize());
}
},
aes192cbc(Constants.AES192_CBC, 16, 0, "AES", 192, "AES/CBC/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseCBCCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
},
aes192ctr(Constants.AES192_CTR, 16, 0, "AES", 192, "AES/CTR/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseCTRCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
},
aes256cbc(Constants.AES256_CBC, 16, 0, "AES", 256, "AES/CBC/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseCBCCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
},
aes256ctr(Constants.AES256_CTR, 16, 0, "AES", 256, "AES/CTR/NoPadding", 16) {
@Override
public Cipher create() {
return new BaseCTRCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
},
/**
* @deprecated
* @see SSHD-1004
*/
@Deprecated
arcfour128(Constants.ARCFOUR128, 8, 0, "ARCFOUR", 128, "RC4", 8) {
@Override
public Cipher create() {
return new BaseRC4Cipher(getIVSize(), getKdfSize(), getKeySize(), getCipherBlockSize());
}
},
/**
* @deprecated
* @see SSHD-1004
*/
@Deprecated
arcfour256(Constants.ARCFOUR256, 8, 0, "ARCFOUR", 256, "RC4", 8) {
@Override
public Cipher create() {
return new BaseRC4Cipher(getIVSize(), getKdfSize(), getKeySize(), getCipherBlockSize());
}
},
/**
* @deprecated
* @see SSHD-1004
*/
@Deprecated
blowfishcbc(Constants.BLOWFISH_CBC, 8, 0, "Blowfish", 128, "Blowfish/CBC/NoPadding", 8) {
@Override
public Cipher create() {
return new BaseCBCCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
},
cc20p1305_openssh(Constants.CC20P1305_OPENSSH, 8, 16, "ChaCha", 512, "ChaCha", 8) {
@Override
public Cipher create() {
return new ChaCha20Cipher();
}
@Override
public boolean isSupported() {
return !SecurityUtils.isFipsMode();
}
},
/**
* @deprecated
* @see SSHD-1004
*/
@Deprecated
tripledescbc(Constants.TRIPLE_DES_CBC, 8, 0, "DESede", 192, "DESede/CBC/NoPadding", 8) {
@Override
public Cipher create() {
return new BaseCBCCipher(getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(), getKeySize(),
getTransformation(), getCipherBlockSize());
}
};
public static final Set VALUES = Collections.unmodifiableSet(EnumSet.allOf(BuiltinCiphers.class));
private static final Map EXTENSIONS = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
private final String factoryName;
private final int ivsize;
private final int authSize;
private final int keySize;
private final int blkSize;
private final String algorithm;
private final String transformation;
private final AtomicReference supported = new AtomicReference<>();
BuiltinCiphers(
String factoryName, int ivsize, int authSize, String algorithm, int keySizeInBits, String transformation,
int blkSize) {
this.factoryName = factoryName;
this.ivsize = ivsize;
this.authSize = authSize;
this.keySize = keySizeInBits;
this.algorithm = algorithm;
this.transformation = transformation;
this.blkSize = blkSize;
}
@Override
public final String getName() {
return factoryName;
}
@Override
public final String toString() {
return getName();
}
/**
* @return {@code true} if the current JVM configuration supports this cipher - e.g., AES-256 requires the
* Java Cryptography Extension (JCE)
*/
@Override
public boolean isSupported() {
Boolean value = supported.get();
if (value == null) {
value = Cipher.checkSupported(this.transformation, this.keySize);
if (!supported.compareAndSet(null, value)) {
value = supported.get();
}
}
return value.booleanValue();
}
@Override
public int getKeySize() {
return keySize;
}
@Override
public int getIVSize() {
return ivsize;
}
@Override
public int getAuthenticationTagSize() {
return authSize;
}
@Override
public int getKdfSize() {
return keySize / Byte.SIZE;
}
@Override
public int getCipherBlockSize() {
return blkSize;
}
@Override
public String getAlgorithm() {
return algorithm;
}
@Override
public String getTransformation() {
return transformation;
}
@Override
public Cipher create() {
return new BaseCipher(
getIVSize(), getAuthenticationTagSize(), getKdfSize(), getAlgorithm(),
getKeySize(), getTransformation(), getCipherBlockSize());
}
/**
* Registered a {@link NamedFactory} to be available besides the built-in ones when parsing configuration
*
* @param extension The factory to register
* @throws IllegalArgumentException if factory instance is {@code null}, or overrides a built-in one or overrides
* another registered factory with the same name (case insensitive).
*/
public static void registerExtension(CipherFactory extension) {
String name = Objects.requireNonNull(extension, "No extension provided").getName();
ValidateUtils.checkTrue(fromFactoryName(name) == null, "Extension overrides built-in: %s", name);
synchronized (EXTENSIONS) {
ValidateUtils.checkTrue(!EXTENSIONS.containsKey(name), "Extension overrides existing: %s", name);
EXTENSIONS.put(name, extension);
}
}
/**
* @return A {@link SortedSet} of the currently registered extensions, sorted according to the factory name (case
* insensitive)
*/
public static NavigableSet getRegisteredExtensions() {
synchronized (EXTENSIONS) {
return GenericUtils.asSortedSet(NamedResource.BY_NAME_COMPARATOR, EXTENSIONS.values());
}
}
/**
* Unregisters specified extension
*
* @param name The factory name - ignored if {@code null}/empty
* @return The registered extension - {@code null} if not found
*/
public static NamedFactory unregisterExtension(String name) {
if (GenericUtils.isEmpty(name)) {
return null;
}
synchronized (EXTENSIONS) {
return EXTENSIONS.remove(name);
}
}
/**
* @param s The {@link Enum}'s name - ignored if {@code null}/empty
* @return The matching {@link BuiltinCiphers} whose {@link Enum#name()} matches (case insensitive) the
* provided argument - {@code null} if no match
*/
public static BuiltinCiphers fromString(String s) {
if (GenericUtils.isEmpty(s)) {
return null;
}
for (BuiltinCiphers c : VALUES) {
if (s.equalsIgnoreCase(c.name())) {
return c;
}
}
return null;
}
/**
* @param factory The {@link NamedFactory} for the cipher - ignored if {@code null}
* @return The matching {@link BuiltinCiphers} whose factory name matches (case insensitive) the
* cipher factory name
* @see #fromFactoryName(String)
*/
public static BuiltinCiphers fromFactory(NamedFactory factory) {
if (factory == null) {
return null;
} else {
return fromFactoryName(factory.getName());
}
}
/**
* @param name The factory name - ignored if {@code null}/empty
* @return The matching {@link BuiltinCiphers} whose factory name matches (case insensitive) the
* provided name - {@code null} if no match
*/
public static BuiltinCiphers fromFactoryName(String name) {
return NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, VALUES);
}
/**
* @param ciphers A comma-separated list of ciphers' names - ignored if {@code null}/empty
* @return A {@link ParseResult} containing the successfully parsed factories and the unknown ones.
* Note: it is up to caller to ensure that the lists do not contain duplicates
*/
public static ParseResult parseCiphersList(String ciphers) {
return parseCiphersList(GenericUtils.split(ciphers, ','));
}
public static ParseResult parseCiphersList(String... ciphers) {
return parseCiphersList(GenericUtils.isEmpty((Object[]) ciphers) ? Collections.emptyList() : Arrays.asList(ciphers));
}
public static ParseResult parseCiphersList(Collection ciphers) {
if (GenericUtils.isEmpty(ciphers)) {
return ParseResult.EMPTY;
}
List factories = new ArrayList<>(ciphers.size());
List unknown = Collections.emptyList();
for (String name : ciphers) {
CipherFactory c = resolveFactory(name);
if (c != null) {
factories.add(c);
} else {
// replace the (unmodifiable) empty list with a real one
if (unknown.isEmpty()) {
unknown = new ArrayList<>();
}
unknown.add(name);
}
}
return new ParseResult(factories, unknown);
}
/**
* @param name The factory name
* @return The factory or {@code null} if it is neither a built-in one or a registered extension
*/
public static CipherFactory resolveFactory(String name) {
if (GenericUtils.isEmpty(name)) {
return null;
}
CipherFactory c = fromFactoryName(name);
if (c != null) {
return c;
}
synchronized (EXTENSIONS) {
return EXTENSIONS.get(name);
}
}
/**
* Holds the result of {@link BuiltinCiphers#parseCiphersList(String)}
*
* @author Apache MINA SSHD Project
*/
public static class ParseResult extends NamedFactoriesListParseResult {
public static final ParseResult EMPTY = new ParseResult(Collections.emptyList(), Collections.emptyList());
public ParseResult(List parsed, List unsupported) {
super(parsed, unsupported);
}
}
public static final class Constants {
public static final String NONE = "none";
public static final Pattern NONE_CIPHER_PATTERN = Pattern.compile("(^|.*,)" + NONE + "($|,.*)");
public static final String AES128_CBC = "aes128-cbc";
public static final String AES128_CTR = "aes128-ctr";
public static final String AES128_GCM = "[email protected]";
public static final String AES192_CBC = "aes192-cbc";
public static final String AES192_CTR = "aes192-ctr";
public static final String AES256_CBC = "aes256-cbc";
public static final String AES256_CTR = "aes256-ctr";
public static final String AES256_GCM = "[email protected]";
public static final String ARCFOUR128 = "arcfour128";
public static final String ARCFOUR256 = "arcfour256";
public static final String BLOWFISH_CBC = "blowfish-cbc";
public static final String CC20P1305_OPENSSH = "[email protected]";
public static final String TRIPLE_DES_CBC = "3des-cbc";
private Constants() {
throw new UnsupportedOperationException("No instance allowed");
}
/**
* @param s A comma-separated list of ciphers - ignored if {@code null}/empty
* @return {@code true} if the {@link #NONE} cipher name appears in it
*/
public static boolean isNoneCipherIncluded(String s) {
if (GenericUtils.isEmpty(s)) {
return false;
}
Matcher m = NONE_CIPHER_PATTERN.matcher(s);
return m.matches();
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy