diff options
| author | Kenny Root <kroot@google.com> | 2016-03-21 16:53:23 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-03-21 16:53:23 +0000 |
| commit | 83a15b343f0e671f96b77236484a4ab8d0eec6a4 (patch) | |
| tree | b393217bf96773b365c10c7a5cb71ee4c1ff72a7 | |
| parent | 1ac7ddaa619f9d98524844e903afdccadfa4af4c (diff) | |
| parent | 5a5cec13fc0b5907b97b70779929d5d6464a1241 (diff) | |
| download | conscrypt-83a15b343f0e671f96b77236484a4ab8d0eec6a4.tar.gz | |
Merge "Prefer AES when hardware acceleration is available" into nyc-dev
| -rw-r--r-- | src/main/java/org/conscrypt/NativeCrypto.java | 68 | ||||
| -rw-r--r-- | src/main/native/org_conscrypt_NativeCrypto.cpp | 10 |
2 files changed, 58 insertions, 20 deletions
diff --git a/src/main/java/org/conscrypt/NativeCrypto.java b/src/main/java/org/conscrypt/NativeCrypto.java index be7edc7e..693d7021 100644 --- a/src/main/java/org/conscrypt/NativeCrypto.java +++ b/src/main/java/org/conscrypt/NativeCrypto.java @@ -757,6 +757,12 @@ public final class NativeCrypto { SUPPORTED_CIPHER_SUITES[size + 1] = TLS_FALLBACK_SCSV; } + /** + * Returns 1 if the BoringSSL believes the CPU has AES accelerated hardware + * instructions. Used to determine cipher suite ordering. + */ + public static native int EVP_has_aes_hardware(); + public static native long SSL_CTX_new(); // IMPLEMENTATION NOTE: The default list of cipher suites is a trade-off between what we'd like @@ -768,6 +774,7 @@ public final class NativeCrypto { // servers are not required to honor the order. The key rules governing the preference order // are: // * Prefer Forward Secrecy (i.e., cipher suites that use ECDHE and DHE for key agreement). + // * Prefer ChaCha20-Poly1305 to AES-GCM unless hardware support for AES is available. // * Prefer AES-GCM to AES-CBC whose MAC-pad-then-encrypt approach leads to weaknesses (e.g., // Lucky 13). // * Prefer 128-bit bulk encryption to 256-bit one, because 128-bit is safe enough while @@ -777,26 +784,47 @@ public final class NativeCrypto { // prevent apps from connecting to servers they were previously able to connect to. /** X.509 based cipher suites enabled by default (if requested), in preference order. */ - static final String[] DEFAULT_X509_CIPHER_SUITES = new String[] { - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_RSA_WITH_AES_128_GCM_SHA256", - "TLS_RSA_WITH_AES_256_GCM_SHA384", - "TLS_RSA_WITH_AES_128_CBC_SHA", - "TLS_RSA_WITH_AES_256_CBC_SHA", - }; + static final String[] DEFAULT_X509_CIPHER_SUITES = EVP_has_aes_hardware() == 1 ? + new String[] { + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA", + } : + new String[] { + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA", + }; /** TLS-PSK cipher suites enabled by default (if requested), in preference order. */ static final String[] DEFAULT_PSK_CIPHER_SUITES = new String[] { diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp index e36a5c5c..43ed0aa8 100644 --- a/src/main/native/org_conscrypt_NativeCrypto.cpp +++ b/src/main/native/org_conscrypt_NativeCrypto.cpp @@ -8024,6 +8024,15 @@ static DH* tmp_dh_callback(SSL* ssl __attribute__ ((unused)), return tmp_dh; } +static jint NativeCrypto_EVP_has_aes_hardware(JNIEnv*, jclass) { + int ret = 0; +#if defined(OPENSSL_IS_BORINGSSL) + ret = EVP_has_aes_hardware(); +#endif + JNI_TRACE("EVP_has_aes_hardware => %d", ret); + return ret; +} + /* * public static native int SSL_CTX_new(); */ @@ -11197,6 +11206,7 @@ static JNINativeMethod sNativeCryptoMethods[] = { NATIVE_METHOD(NativeCrypto, i2d_X509_REVOKED, "(J)[B"), NATIVE_METHOD(NativeCrypto, X509_supported_extension, "(J)I"), NATIVE_METHOD(NativeCrypto, ASN1_TIME_to_Calendar, "(JLjava/util/Calendar;)V"), + NATIVE_METHOD(NativeCrypto, EVP_has_aes_hardware, "()I"), NATIVE_METHOD(NativeCrypto, SSL_CTX_new, "()J"), NATIVE_METHOD(NativeCrypto, SSL_CTX_free, "(J)V"), NATIVE_METHOD(NativeCrypto, SSL_CTX_set_session_id_context, "(J[B)V"), |