# HG changeset patch # User jnimeh # Date 1426351132 25200 # Node ID 1f25b971e59a43340be68c80b03cbc788bc4b9a9 # Parent 7b3804573b41716a29e879b1ff43ab5d514efa74 6996366: convert MacAlg to an enum Reviewed-by: xuelei diff -r 7b3804573b41 -r 1f25b971e59a jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java Fri Mar 13 15:03:42 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java Sat Mar 14 09:38:52 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -257,7 +257,7 @@ throw new NoSuchAlgorithmException("Unsupported cipher " + cipher); } - if (cipher == B_NULL) { + if (cipher == BulkCipher.B_NULL) { return NULL; } else { return new CipherBox(version, cipher, key, iv, random, encrypt); diff -r 7b3804573b41 -r 1f25b971e59a jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Fri Mar 13 15:03:42 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Sat Mar 14 09:38:52 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,6 +41,8 @@ import static sun.security.ssl.CipherSuite.KeyExchange.*; import static sun.security.ssl.CipherSuite.PRF.*; import static sun.security.ssl.CipherSuite.CipherType.*; +import static sun.security.ssl.CipherSuite.MacAlg.*; +import static sun.security.ssl.CipherSuite.BulkCipher.*; import static sun.security.ssl.JsseJce.*; /** @@ -129,33 +131,15 @@ * Constructor for implemented CipherSuites. */ private CipherSuite(String name, int id, int priority, - KeyExchange keyExchange, BulkCipher cipher, + KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, boolean allowed, int obsoleted, int supported, PRF prfAlg) { this.name = name; this.id = id; this.priority = priority; this.keyExchange = keyExchange; this.cipher = cipher; + this.macAlg = mac; this.exportable = cipher.exportable; - if (cipher.cipherType == CipherType.AEAD_CIPHER) { - macAlg = M_NULL; - } else if (name.endsWith("_MD5")) { - macAlg = M_MD5; - } else if (name.endsWith("_SHA")) { - macAlg = M_SHA; - } else if (name.endsWith("_SHA256")) { - macAlg = M_SHA256; - } else if (name.endsWith("_SHA384")) { - macAlg = M_SHA384; - } else if (name.endsWith("_NULL")) { - macAlg = M_NULL; - } else if (name.endsWith("_SCSV")) { - macAlg = M_NULL; - } else { - throw new IllegalArgumentException - ("Unknown MAC algorithm for ciphersuite " + name); - } - allowed &= keyExchange.allowed; allowed &= cipher.allowed; this.allowed = allowed; @@ -269,11 +253,11 @@ * TLS 1.2+ that doesn't use the "default" PRF. */ private static void add(String name, int id, int priority, - KeyExchange keyExchange, BulkCipher cipher, + KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, boolean allowed, int obsoleted, int supported, PRF prf) { CipherSuite c = new CipherSuite(name, id, priority, keyExchange, - cipher, allowed, obsoleted, supported, prf); + cipher, mac, allowed, obsoleted, supported, prf); if (idMap.put(id, c) != null) { throw new RuntimeException("Duplicate ciphersuite definition: " + id + ", " + name); @@ -294,16 +278,13 @@ * All cipher suites in this document use P_SHA256. */ private static void add(String name, int id, int priority, - KeyExchange keyExchange, BulkCipher cipher, + KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, boolean allowed, int obsoleted) { // If this is an obsoleted suite, then don't let the TLS 1.2 // protocol have a valid PRF value. - PRF prf = P_SHA256; - if (obsoleted < ProtocolVersion.TLS12.v) { - prf = P_NONE; - } + PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256; - add(name, id, priority, keyExchange, cipher, allowed, obsoleted, + add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted, ProtocolVersion.LIMIT_MIN_VALUE, prf); } @@ -312,9 +293,10 @@ * suites which have not been obsoleted. */ private static void add(String name, int id, int priority, - KeyExchange keyExchange, BulkCipher cipher, boolean allowed) { - add(name, id, priority, keyExchange, - cipher, allowed, ProtocolVersion.LIMIT_MAX_VALUE); + KeyExchange keyExchange, BulkCipher cipher, MacAlg mac, + boolean allowed) { + add(name, id, priority, keyExchange, cipher, mac, allowed, + ProtocolVersion.LIMIT_MAX_VALUE); } /* @@ -402,7 +384,23 @@ * Also contains a factory method to obtain in initialized CipherBox * for this algorithm. */ - final static class BulkCipher { + static enum BulkCipher { + + // export strength ciphers + B_NULL("NULL", STREAM_CIPHER, 0, 0, 0, 0, true), + B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true), + B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false), + B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true), + + // domestic strength ciphers + B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true), + B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true), + B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true), + B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false), + B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true), + B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true), + B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true), + B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true); // Map BulkCipher -> Boolean(available) private final static Map availableCache = @@ -600,7 +598,13 @@ * Also contains a factory method to obtain an initialized MAC * for this algorithm. */ - final static class MacAlg { + static enum MacAlg { + // MACs + M_NULL ("NULL", 0, 0, 0), + M_MD5 ("MD5", 16, 64, 9), + M_SHA ("SHA", 20, 64, 9), + M_SHA256 ("SHA256", 32, 64, 9), + M_SHA384 ("SHA384", 48, 128, 17); // descriptive name, e.g. MD5 final String name; @@ -639,41 +643,6 @@ } } - // export strength ciphers - final static BulkCipher B_NULL = - new BulkCipher("NULL", STREAM_CIPHER, 0, 0, 0, 0, true); - final static BulkCipher B_RC4_40 = - new BulkCipher(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true); - final static BulkCipher B_RC2_40 = - new BulkCipher("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false); - final static BulkCipher B_DES_40 = - new BulkCipher(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true); - - // domestic strength ciphers - final static BulkCipher B_RC4_128 = - new BulkCipher(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true); - final static BulkCipher B_DES = - new BulkCipher(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true); - final static BulkCipher B_3DES = - new BulkCipher(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true); - final static BulkCipher B_IDEA = - new BulkCipher("IDEA", BLOCK_CIPHER, 16, 8, 0, false); - final static BulkCipher B_AES_128 = - new BulkCipher(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true); - final static BulkCipher B_AES_256 = - new BulkCipher(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true); - final static BulkCipher B_AES_128_GCM = - new BulkCipher(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true); - final static BulkCipher B_AES_256_GCM = - new BulkCipher(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true); - - // MACs - final static MacAlg M_NULL = new MacAlg("NULL", 0, 0, 0); - final static MacAlg M_MD5 = new MacAlg("MD5", 16, 64, 9); - final static MacAlg M_SHA = new MacAlg("SHA", 20, 64, 9); - final static MacAlg M_SHA256 = new MacAlg("SHA256", 32, 64, 9); - final static MacAlg M_SHA384 = new MacAlg("SHA384", 48, 128, 17); - /** * PRFs (PseudoRandom Function) from TLS specifications. * @@ -958,8 +927,8 @@ * 0xFF,0x00-FF Reserved for Private Use [RFC5246] */ - add("SSL_NULL_WITH_NULL_NULL", - 0x0000, 1, K_NULL, B_NULL, F); + add("SSL_NULL_WITH_NULL_NULL", 0x0000, + 1, K_NULL, B_NULL, M_NULL, F); /* * Definition of the CipherSuites that are enabled by default. @@ -992,134 +961,134 @@ // of RFC 6460. In this section, only two cipher suites are listed // so that applications can make use of Suite-B compliant cipher // suite firstly. - add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - 0xc02c, --p, K_ECDHE_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384); - add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - 0xc02b, --p, K_ECDHE_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256); + add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02c, --p, + K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); + add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02b, --p, + K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); // AES_256(GCM) - add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - 0xc030, --p, K_ECDHE_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); - add("TLS_RSA_WITH_AES_256_GCM_SHA384", - 0x009d, --p, K_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); - add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", - 0xc02e, --p, K_ECDH_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384); - add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", - 0xc032, --p, K_ECDH_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); - add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", - 0x009f, --p, K_DHE_RSA, B_AES_256_GCM, T, max, tls12, P_SHA384); - add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", - 0x00a3, --p, K_DHE_DSS, B_AES_256_GCM, T, max, tls12, P_SHA384); + add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0xc030, --p, + K_ECDHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); + add("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x009d, --p, + K_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); + add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0xc02e, --p, + K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); + add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0xc032, --p, + K_ECDH_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); + add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x009f, --p, + K_DHE_RSA, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); + add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x00a3, --p, + K_DHE_DSS, B_AES_256_GCM, M_NULL, T, max, tls12, P_SHA384); // AES_128(GCM) - add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - 0xc02f, --p, K_ECDHE_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); - add("TLS_RSA_WITH_AES_128_GCM_SHA256", - 0x009c, --p, K_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); - add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", - 0xc02d, --p, K_ECDH_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256); - add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", - 0xc031, --p, K_ECDH_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); - add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", - 0x009e, --p, K_DHE_RSA, B_AES_128_GCM, T, max, tls12, P_SHA256); - add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", - 0x00a2, --p, K_DHE_DSS, B_AES_128_GCM, T, max, tls12, P_SHA256); + add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0xc02f, --p, + K_ECDHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); + add("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x009c, --p, + K_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); + add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0xc02d, --p, + K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); + add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0xc031, --p, + K_ECDH_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); + add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x009e, --p, + K_DHE_RSA, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); + add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x00a2, --p, + K_DHE_DSS, B_AES_128_GCM, M_NULL, T, max, tls12, P_SHA256); // AES_256(CBC) - add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", - 0xc024, --p, K_ECDHE_ECDSA, B_AES_256, T, max, tls12, P_SHA384); - add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", - 0xc028, --p, K_ECDHE_RSA, B_AES_256, T, max, tls12, P_SHA384); - add("TLS_RSA_WITH_AES_256_CBC_SHA256", - 0x003d, --p, K_RSA, B_AES_256, T, max, tls12, P_SHA256); - add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", - 0xc026, --p, K_ECDH_ECDSA, B_AES_256, T, max, tls12, P_SHA384); - add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", - 0xc02a, --p, K_ECDH_RSA, B_AES_256, T, max, tls12, P_SHA384); - add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", - 0x006b, --p, K_DHE_RSA, B_AES_256, T, max, tls12, P_SHA256); - add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", - 0x006a, --p, K_DHE_DSS, B_AES_256, T, max, tls12, P_SHA256); + add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0xc024, --p, + K_ECDHE_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); + add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0xc028, --p, + K_ECDHE_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); + add("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x003d, --p, + K_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0xc026, --p, + K_ECDH_ECDSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); + add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0xc02a, --p, + K_ECDH_RSA, B_AES_256, M_SHA384, T, max, tls12, P_SHA384); + add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x006b, --p, + K_DHE_RSA, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x006a, --p, + K_DHE_DSS, B_AES_256, M_SHA256, T, max, tls12, P_SHA256); - add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - 0xC00A, --p, K_ECDHE_ECDSA, B_AES_256, T); - add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - 0xC014, --p, K_ECDHE_RSA, B_AES_256, T); - add("TLS_RSA_WITH_AES_256_CBC_SHA", - 0x0035, --p, K_RSA, B_AES_256, T); - add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", - 0xC005, --p, K_ECDH_ECDSA, B_AES_256, T); - add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", - 0xC00F, --p, K_ECDH_RSA, B_AES_256, T); - add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", - 0x0039, --p, K_DHE_RSA, B_AES_256, T); - add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", - 0x0038, --p, K_DHE_DSS, B_AES_256, T); + add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 0xC00A, --p, + K_ECDHE_ECDSA, B_AES_256, M_SHA, T); + add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 0xC014, --p, + K_ECDHE_RSA, B_AES_256, M_SHA, T); + add("TLS_RSA_WITH_AES_256_CBC_SHA", 0x0035, --p, + K_RSA, B_AES_256, M_SHA, T); + add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 0xC005, --p, + K_ECDH_ECDSA, B_AES_256, M_SHA, T); + add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 0xC00F, --p, + K_ECDH_RSA, B_AES_256, M_SHA, T); + add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 0x0039, --p, + K_DHE_RSA, B_AES_256, M_SHA, T); + add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 0x0038, --p, + K_DHE_DSS, B_AES_256, M_SHA, T); // AES_128(CBC) - add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - 0xc023, --p, K_ECDHE_ECDSA, B_AES_128, T, max, tls12, P_SHA256); - add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - 0xc027, --p, K_ECDHE_RSA, B_AES_128, T, max, tls12, P_SHA256); - add("TLS_RSA_WITH_AES_128_CBC_SHA256", - 0x003c, --p, K_RSA, B_AES_128, T, max, tls12, P_SHA256); - add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", - 0xc025, --p, K_ECDH_ECDSA, B_AES_128, T, max, tls12, P_SHA256); - add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", - 0xc029, --p, K_ECDH_RSA, B_AES_128, T, max, tls12, P_SHA256); - add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", - 0x0067, --p, K_DHE_RSA, B_AES_128, T, max, tls12, P_SHA256); - add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", - 0x0040, --p, K_DHE_DSS, B_AES_128, T, max, tls12, P_SHA256); + add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0xc023, --p, + K_ECDHE_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0xc027, --p, + K_ECDHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x003c, --p, + K_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0xc025, --p, + K_ECDH_ECDSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0xc029, --p, + K_ECDH_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0067, --p, + K_DHE_RSA, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); + add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0040, --p, + K_DHE_DSS, B_AES_128, M_SHA256, T, max, tls12, P_SHA256); - add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - 0xC009, --p, K_ECDHE_ECDSA, B_AES_128, T); - add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - 0xC013, --p, K_ECDHE_RSA, B_AES_128, T); - add("TLS_RSA_WITH_AES_128_CBC_SHA", - 0x002f, --p, K_RSA, B_AES_128, T); - add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", - 0xC004, --p, K_ECDH_ECDSA, B_AES_128, T); - add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", - 0xC00E, --p, K_ECDH_RSA, B_AES_128, T); - add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", - 0x0033, --p, K_DHE_RSA, B_AES_128, T); - add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", - 0x0032, --p, K_DHE_DSS, B_AES_128, T); + add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 0xC009, --p, + K_ECDHE_ECDSA, B_AES_128, M_SHA, T); + add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 0xC013, --p, + K_ECDHE_RSA, B_AES_128, M_SHA, T); + add("TLS_RSA_WITH_AES_128_CBC_SHA", 0x002f, --p, + K_RSA, B_AES_128, M_SHA, T); + add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 0xC004, --p, + K_ECDH_ECDSA, B_AES_128, M_SHA, T); + add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 0xC00E, --p, + K_ECDH_RSA, B_AES_128, M_SHA, T); + add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 0x0033, --p, + K_DHE_RSA, B_AES_128, M_SHA, T); + add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 0x0032, --p, + K_DHE_DSS, B_AES_128, M_SHA, T); // 3DES_EDE - add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", - 0xC008, --p, K_ECDHE_ECDSA, B_3DES, T); - add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", - 0xC012, --p, K_ECDHE_RSA, B_3DES, T); - add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", - 0x000a, --p, K_RSA, B_3DES, T); - add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", - 0xC003, --p, K_ECDH_ECDSA, B_3DES, T); - add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", - 0xC00D, --p, K_ECDH_RSA, B_3DES, T); - add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", - 0x0016, --p, K_DHE_RSA, B_3DES, T); - add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", - 0x0013, --p, K_DHE_DSS, B_3DES, N); + add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC008, --p, + K_ECDHE_ECDSA, B_3DES, M_SHA, T); + add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 0xC012, --p, + K_ECDHE_RSA, B_3DES, M_SHA, T); + add("SSL_RSA_WITH_3DES_EDE_CBC_SHA", 0x000a, --p, + K_RSA, B_3DES, M_SHA, T); + add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 0xC003, --p, + K_ECDH_ECDSA, B_3DES, M_SHA, T); + add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 0xC00D, --p, + K_ECDH_RSA, B_3DES, M_SHA, T); + add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 0x0016, --p, + K_DHE_RSA, B_3DES, M_SHA, T); + add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 0x0013, --p, + K_DHE_DSS, B_3DES, M_SHA, N); // RC-4 - add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", - 0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N); - add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", - 0xC011, --p, K_ECDHE_RSA, B_RC4_128, N); - add("SSL_RSA_WITH_RC4_128_SHA", - 0x0005, --p, K_RSA, B_RC4_128, N); - add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", - 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N); - add("TLS_ECDH_RSA_WITH_RC4_128_SHA", - 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N); - add("SSL_RSA_WITH_RC4_128_MD5", - 0x0004, --p, K_RSA, B_RC4_128, N); + add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 0xC007, --p, + K_ECDHE_ECDSA, B_RC4_128, M_SHA, N); + add("TLS_ECDHE_RSA_WITH_RC4_128_SHA", 0xC011, --p, + K_ECDHE_RSA, B_RC4_128, M_SHA, N); + add("SSL_RSA_WITH_RC4_128_SHA", 0x0005, --p, + K_RSA, B_RC4_128, M_SHA, N); + add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 0xC002, --p, + K_ECDH_ECDSA, B_RC4_128, M_SHA, N); + add("TLS_ECDH_RSA_WITH_RC4_128_SHA", 0xC00C, --p, + K_ECDH_RSA, B_RC4_128, M_SHA, N); + add("SSL_RSA_WITH_RC4_128_MD5", 0x0004, --p, + K_RSA, B_RC4_128, M_MD5, N); // Renegotiation protection request Signalling Cipher Suite Value (SCSV) - add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", - 0x00ff, --p, K_SCSV, B_NULL, T); + add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0x00ff, --p, + K_SCSV, B_NULL, M_NULL, T); /* * Definition of the CipherSuites that are supported but not enabled @@ -1142,98 +1111,98 @@ */ p = DEFAULT_SUITES_PRIORITY; - add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", - 0x00a7, --p, K_DH_ANON, B_AES_256_GCM, N, max, tls12, P_SHA384); - add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", - 0x00a6, --p, K_DH_ANON, B_AES_128_GCM, N, max, tls12, P_SHA256); + add("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x00a7, --p, + K_DH_ANON, B_AES_256_GCM, M_NULL, N, max, tls12, P_SHA384); + add("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x00a6, --p, + K_DH_ANON, B_AES_128_GCM, M_NULL, N, max, tls12, P_SHA256); - add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", - 0x006d, --p, K_DH_ANON, B_AES_256, N, max, tls12, P_SHA256); - add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", - 0xC019, --p, K_ECDH_ANON, B_AES_256, N); - add("TLS_DH_anon_WITH_AES_256_CBC_SHA", - 0x003a, --p, K_DH_ANON, B_AES_256, N); + add("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x006d, --p, + K_DH_ANON, B_AES_256, M_SHA256, N, max, tls12, P_SHA256); + add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", 0xC019, --p, + K_ECDH_ANON, B_AES_256, M_SHA, N); + add("TLS_DH_anon_WITH_AES_256_CBC_SHA", 0x003a, --p, + K_DH_ANON, B_AES_256, M_SHA, N); - add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", - 0x006c, --p, K_DH_ANON, B_AES_128, N, max, tls12, P_SHA256); - add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", - 0xC018, --p, K_ECDH_ANON, B_AES_128, N); - add("TLS_DH_anon_WITH_AES_128_CBC_SHA", - 0x0034, --p, K_DH_ANON, B_AES_128, N); + add("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x006c, --p, + K_DH_ANON, B_AES_128, M_SHA256, N, max, tls12, P_SHA256); + add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", 0xC018, --p, + K_ECDH_ANON, B_AES_128, M_SHA, N); + add("TLS_DH_anon_WITH_AES_128_CBC_SHA", 0x0034, --p, + K_DH_ANON, B_AES_128, M_SHA, N); - add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", - 0xC017, --p, K_ECDH_ANON, B_3DES, N); - add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", - 0x001b, --p, K_DH_ANON, B_3DES, N); + add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", 0xC017, --p, + K_ECDH_ANON, B_3DES, M_SHA, N); + add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 0x001b, --p, + K_DH_ANON, B_3DES, M_SHA, N); - add("TLS_ECDH_anon_WITH_RC4_128_SHA", - 0xC016, --p, K_ECDH_ANON, B_RC4_128, N); - add("SSL_DH_anon_WITH_RC4_128_MD5", - 0x0018, --p, K_DH_ANON, B_RC4_128, N); + add("TLS_ECDH_anon_WITH_RC4_128_SHA", 0xC016, --p, + K_ECDH_ANON, B_RC4_128, M_SHA, N); + add("SSL_DH_anon_WITH_RC4_128_MD5", 0x0018, --p, + K_DH_ANON, B_RC4_128, M_MD5, N); // weak cipher suites obsoleted in TLS 1.2 - add("SSL_RSA_WITH_DES_CBC_SHA", - 0x0009, --p, K_RSA, B_DES, N, tls12); - add("SSL_DHE_RSA_WITH_DES_CBC_SHA", - 0x0015, --p, K_DHE_RSA, B_DES, N, tls12); - add("SSL_DHE_DSS_WITH_DES_CBC_SHA", - 0x0012, --p, K_DHE_DSS, B_DES, N, tls12); - add("SSL_DH_anon_WITH_DES_CBC_SHA", - 0x001a, --p, K_DH_ANON, B_DES, N, tls12); + add("SSL_RSA_WITH_DES_CBC_SHA", 0x0009, --p, + K_RSA, B_DES, M_SHA, N, tls12); + add("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0015, --p, + K_DHE_RSA, B_DES, M_SHA, N, tls12); + add("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0012, --p, + K_DHE_DSS, B_DES, M_SHA, N, tls12); + add("SSL_DH_anon_WITH_DES_CBC_SHA", 0x001a, --p, + K_DH_ANON, B_DES, M_SHA, N, tls12); // weak cipher suites obsoleted in TLS 1.1 - add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", - 0x0008, --p, K_RSA_EXPORT, B_DES_40, N, tls11); - add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", - 0x0014, --p, K_DHE_RSA, B_DES_40, N, tls11); - add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", - 0x0011, --p, K_DHE_DSS, B_DES_40, N, tls11); - add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", - 0x0019, --p, K_DH_ANON, B_DES_40, N, tls11); + add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0008, --p, + K_RSA_EXPORT, B_DES_40, M_SHA, N, tls11); + add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0014, --p, + K_DHE_RSA, B_DES_40, M_SHA, N, tls11); + add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0011, --p, + K_DHE_DSS, B_DES_40, M_SHA, N, tls11); + add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0019, --p, + K_DH_ANON, B_DES_40, M_SHA, N, tls11); - add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", - 0x0003, --p, K_RSA_EXPORT, B_RC4_40, N, tls11); - add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", - 0x0017, --p, K_DH_ANON, B_RC4_40, N, tls11); + add("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0003, --p, + K_RSA_EXPORT, B_RC4_40, M_MD5, N, tls11); + add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0017, --p, + K_DH_ANON, B_RC4_40, M_MD5, N, tls11); - add("TLS_RSA_WITH_NULL_SHA256", - 0x003b, --p, K_RSA, B_NULL, N, max, tls12, P_SHA256); - add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", - 0xC006, --p, K_ECDHE_ECDSA, B_NULL, N); - add("TLS_ECDHE_RSA_WITH_NULL_SHA", - 0xC010, --p, K_ECDHE_RSA, B_NULL, N); - add("SSL_RSA_WITH_NULL_SHA", - 0x0002, --p, K_RSA, B_NULL, N); - add("TLS_ECDH_ECDSA_WITH_NULL_SHA", - 0xC001, --p, K_ECDH_ECDSA, B_NULL, N); - add("TLS_ECDH_RSA_WITH_NULL_SHA", - 0xC00B, --p, K_ECDH_RSA, B_NULL, N); - add("TLS_ECDH_anon_WITH_NULL_SHA", - 0xC015, --p, K_ECDH_ANON, B_NULL, N); - add("SSL_RSA_WITH_NULL_MD5", - 0x0001, --p, K_RSA, B_NULL, N); + add("TLS_RSA_WITH_NULL_SHA256", 0x003b, --p, + K_RSA, B_NULL, M_SHA256, N, max, tls12, P_SHA256); + add("TLS_ECDHE_ECDSA_WITH_NULL_SHA", 0xC006, --p, + K_ECDHE_ECDSA, B_NULL, M_SHA, N); + add("TLS_ECDHE_RSA_WITH_NULL_SHA", 0xC010, --p, + K_ECDHE_RSA, B_NULL, M_SHA, N); + add("SSL_RSA_WITH_NULL_SHA", 0x0002, --p, + K_RSA, B_NULL, M_SHA, N); + add("TLS_ECDH_ECDSA_WITH_NULL_SHA", 0xC001, --p, + K_ECDH_ECDSA, B_NULL, M_SHA, N); + add("TLS_ECDH_RSA_WITH_NULL_SHA", 0xC00B, --p, + K_ECDH_RSA, B_NULL, M_SHA, N); + add("TLS_ECDH_anon_WITH_NULL_SHA", 0xC015, --p, + K_ECDH_ANON, B_NULL, M_SHA, N); + add("SSL_RSA_WITH_NULL_MD5", 0x0001, --p, + K_RSA, B_NULL, M_MD5, N); // Supported Kerberos ciphersuites from RFC2712 - add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", - 0x001f, --p, K_KRB5, B_3DES, N); - add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", - 0x0023, --p, K_KRB5, B_3DES, N); - add("TLS_KRB5_WITH_RC4_128_SHA", - 0x0020, --p, K_KRB5, B_RC4_128, N); - add("TLS_KRB5_WITH_RC4_128_MD5", - 0x0024, --p, K_KRB5, B_RC4_128, N); - add("TLS_KRB5_WITH_DES_CBC_SHA", - 0x001e, --p, K_KRB5, B_DES, N, tls12); - add("TLS_KRB5_WITH_DES_CBC_MD5", - 0x0022, --p, K_KRB5, B_DES, N, tls12); - add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", - 0x0026, --p, K_KRB5_EXPORT, B_DES_40, N, tls11); - add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", - 0x0029, --p, K_KRB5_EXPORT, B_DES_40, N, tls11); - add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", - 0x0028, --p, K_KRB5_EXPORT, B_RC4_40, N, tls11); - add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", - 0x002b, --p, K_KRB5_EXPORT, B_RC4_40, N, tls11); + add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001f, --p, + K_KRB5, B_3DES, M_SHA, N); + add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023, --p, + K_KRB5, B_3DES, M_MD5, N); + add("TLS_KRB5_WITH_RC4_128_SHA", 0x0020, --p, + K_KRB5, B_RC4_128, M_SHA, N); + add("TLS_KRB5_WITH_RC4_128_MD5", 0x0024, --p, + K_KRB5, B_RC4_128, M_MD5, N); + add("TLS_KRB5_WITH_DES_CBC_SHA", 0x001e, --p, + K_KRB5, B_DES, M_SHA, N, tls12); + add("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022, --p, + K_KRB5, B_DES, M_MD5, N, tls12); + add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026, --p, + K_KRB5_EXPORT, B_DES_40, M_SHA, N, tls11); + add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029, --p, + K_KRB5_EXPORT, B_DES_40, M_MD5, N, tls11); + add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028, --p, + K_KRB5_EXPORT, B_RC4_40, M_SHA, N, tls11); + add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002b, --p, + K_KRB5_EXPORT, B_RC4_40, M_MD5, N, tls11); /* * Other values from the TLS Cipher Suite Registry, as of August 2010. diff -r 7b3804573b41 -r 1f25b971e59a jdk/src/java.base/share/classes/sun/security/ssl/MAC.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/MAC.java Fri Mar 13 15:03:42 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/MAC.java Sat Mar 14 09:38:52 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,6 +36,7 @@ import sun.security.ssl.CipherSuite.MacAlg; import static sun.security.ssl.CipherSuite.*; +import static sun.security.ssl.CipherSuite.MacAlg.*; /** * This class computes the "Message Authentication Code" (MAC) for each diff -r 7b3804573b41 -r 1f25b971e59a jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Fri Mar 13 15:03:42 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Sat Mar 14 09:38:52 2015 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -382,18 +382,18 @@ protected Set decomposes(MacAlg macAlg) { Set components = new HashSet<>(); - if (macAlg == CipherSuite.M_MD5) { + if (macAlg == CipherSuite.MacAlg.M_MD5) { components.add("MD5"); components.add("HmacMD5"); - } else if (macAlg == CipherSuite.M_SHA) { + } else if (macAlg == CipherSuite.MacAlg.M_SHA) { components.add("SHA1"); components.add("SHA-1"); components.add("HmacSHA1"); - } else if (macAlg == CipherSuite.M_SHA256) { + } else if (macAlg == CipherSuite.MacAlg.M_SHA256) { components.add("SHA256"); components.add("SHA-256"); components.add("HmacSHA256"); - } else if (macAlg == CipherSuite.M_SHA384) { + } else if (macAlg == CipherSuite.MacAlg.M_SHA384) { components.add("SHA384"); components.add("SHA-384"); components.add("HmacSHA384");