org.bouncycastle.jsse.provider.FipsUtils Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bctls-fips Show documentation
Show all versions of bctls-fips Show documentation
The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified and used appropriately.
package org.bouncycastle.jsse.provider;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.SignatureScheme;
abstract class FipsUtils
{
/*
* This can only be set to true if the underlying provider is able to assert it is compliant with FIPS IG
* A.5 (when GCM is used in TLS 1.2) and a mechanism has been integrated into this API accordingly to
* ensure that is the case.
*/
private static final boolean provAllowGCMCiphersIn12 = lookup("org.bouncycastle.crypto.fips.FipsNonceGenerator") != null;
private static final boolean provAllowRSAKeyExchange = PropertyUtils
.getBooleanSystemProperty("org.bouncycastle.jsse.fips.allowRSAKeyExchange", true);
private static final Set FIPS_SUPPORTED_CIPHERSUITES = createFipsSupportedCipherSuites();
private static final Set FIPS_SUPPORTED_PROTOCOLS = createFipsSupportedProtocols();
private static Set createFipsSupportedCipherSuites()
{
/*
* Cipher suite list current as of NIST SP 800-52 Revision 2.
*
* Static (EC)DH cipher suites commented out since not supported by BCJSSE.
*
* PSK cipher suites from Appendix C left out completely since the BCJSSE provider does not
* currently support _any_ PSK key exchange methods.
*/
final Set cs = new HashSet();
cs.add("TLS_AES_128_CCM_8_SHA256");
cs.add("TLS_AES_128_CCM_SHA256");
cs.add("TLS_AES_128_GCM_SHA256");
cs.add("TLS_AES_256_GCM_SHA384");
// cs.add("TLS_DH_DSS_WITH_AES_128_CBC_SHA");
// cs.add("TLS_DH_DSS_WITH_AES_128_CBC_SHA256");
// cs.add("TLS_DH_DSS_WITH_AES_256_CBC_SHA");
// cs.add("TLS_DH_DSS_WITH_AES_256_CBC_SHA256");
// cs.add("TLS_DH_RSA_WITH_AES_128_CBC_SHA");
// cs.add("TLS_DH_RSA_WITH_AES_128_CBC_SHA256");
// cs.add("TLS_DH_RSA_WITH_AES_256_CBC_SHA");
// cs.add("TLS_DH_RSA_WITH_AES_256_CBC_SHA256");
cs.add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
cs.add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256");
cs.add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA");
cs.add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256");
cs.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
cs.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
cs.add("TLS_DHE_RSA_WITH_AES_128_CCM");
cs.add("TLS_DHE_RSA_WITH_AES_128_CCM_8");
cs.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA");
cs.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256");
cs.add("TLS_DHE_RSA_WITH_AES_256_CCM");
cs.add("TLS_DHE_RSA_WITH_AES_256_CCM_8");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384");
// cs.add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
// cs.add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256");
// cs.add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
// cs.add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8");
cs.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
cs.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
cs.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
cs.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
if (provAllowGCMCiphersIn12)
{
// cs.add("TLS_DH_DSS_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_DH_DSS_WITH_AES_256_GCM_SHA384");
// cs.add("TLS_DH_RSA_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_DH_RSA_WITH_AES_256_GCM_SHA384");
cs.add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256");
cs.add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384");
cs.add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256");
cs.add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384");
// cs.add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256");
// cs.add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
cs.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
cs.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
cs.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
}
if (provAllowRSAKeyExchange)
{
cs.add("TLS_RSA_WITH_AES_128_CBC_SHA");
cs.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
cs.add("TLS_RSA_WITH_AES_128_CCM");
cs.add("TLS_RSA_WITH_AES_128_CCM_8");
cs.add("TLS_RSA_WITH_AES_256_CBC_SHA");
cs.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
cs.add("TLS_RSA_WITH_AES_256_CCM");
cs.add("TLS_RSA_WITH_AES_256_CCM_8");
if (provAllowGCMCiphersIn12)
{
cs.add("TLS_RSA_WITH_AES_128_GCM_SHA256");
cs.add("TLS_RSA_WITH_AES_256_GCM_SHA384");
}
}
return Collections.unmodifiableSet(cs);
}
private static Set createFipsSupportedProtocols()
{
final Set ps = new HashSet();
ps.add("TLSv1");
ps.add("TLSv1.1");
ps.add("TLSv1.2");
ps.add("TLSv1.3");
return Collections.unmodifiableSet(ps);
}
static boolean isFipsCipherSuite(String cipherSuite)
{
return cipherSuite != null && FIPS_SUPPORTED_CIPHERSUITES.contains(cipherSuite);
}
static boolean isFipsNamedGroup(int namedGroup)
{
/*
* NOTE: NIST SP 800-56A Revision 3 Appendix D lists several more SEC curves, however they
* are all obsolete as of TLS 1.3.
*/
switch (namedGroup)
{
case NamedGroup.secp256r1:
case NamedGroup.secp384r1:
case NamedGroup.secp521r1:
case NamedGroup.ffdhe2048:
case NamedGroup.ffdhe3072:
case NamedGroup.ffdhe4096:
case NamedGroup.ffdhe6144:
case NamedGroup.ffdhe8192:
return true;
case NamedGroup.x25519:
case NamedGroup.x448:
default:
return false;
}
}
static boolean isFipsProtocol(String protocol)
{
return protocol != null && FIPS_SUPPORTED_PROTOCOLS.contains(protocol);
}
static boolean isFipsSignatureScheme(int signatureScheme)
{
switch (signatureScheme)
{
case SignatureSchemeInfo.historical_dsa_sha1:
case SignatureSchemeInfo.historical_dsa_sha224:
case SignatureSchemeInfo.historical_dsa_sha256:
case SignatureScheme.ecdsa_sha1:
case SignatureSchemeInfo.historical_ecdsa_sha224:
case SignatureScheme.ecdsa_secp256r1_sha256:
case SignatureScheme.ecdsa_secp384r1_sha384:
case SignatureScheme.ecdsa_secp521r1_sha512:
case SignatureScheme.rsa_pkcs1_sha1:
case SignatureSchemeInfo.historical_rsa_sha224:
case SignatureScheme.rsa_pkcs1_sha256:
case SignatureScheme.rsa_pkcs1_sha384:
case SignatureScheme.rsa_pkcs1_sha512:
case SignatureScheme.rsa_pss_pss_sha256:
case SignatureScheme.rsa_pss_pss_sha384:
case SignatureScheme.rsa_pss_pss_sha512:
case SignatureScheme.rsa_pss_rsae_sha256:
case SignatureScheme.rsa_pss_rsae_sha384:
case SignatureScheme.rsa_pss_rsae_sha512:
return true;
case SignatureScheme.ed25519:
case SignatureScheme.ed448:
default:
return false;
}
}
static void removeNonFipsCipherSuites(Collection cipherSuites)
{
cipherSuites.retainAll(FIPS_SUPPORTED_CIPHERSUITES);
}
static void removeNonFipsProtocols(Collection protocols)
{
protocols.retainAll(FIPS_SUPPORTED_PROTOCOLS);
}
private static Class lookup(String className)
{
try
{
Class def = ReflectionUtil.getClass(className);
return def;
}
catch (Exception e)
{
return null;
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy