1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.conscrypt; 18 19 import java.math.BigInteger; 20 import java.security.InvalidAlgorithmParameterException; 21 import java.security.InvalidParameterException; 22 import java.security.spec.ECField; 23 import java.security.spec.ECFieldF2m; 24 import java.security.spec.ECFieldFp; 25 import java.security.spec.ECParameterSpec; 26 import java.security.spec.ECPoint; 27 import java.security.spec.EllipticCurve; 28 29 public final class OpenSSLECGroupContext { 30 private final NativeRef.EC_GROUP groupCtx; 31 OpenSSLECGroupContext(NativeRef.EC_GROUP groupCtx)32 public OpenSSLECGroupContext(NativeRef.EC_GROUP groupCtx) { 33 this.groupCtx = groupCtx; 34 } 35 getCurveByName(String curveName)36 public static OpenSSLECGroupContext getCurveByName(String curveName) { 37 // Workaround for OpenSSL not supporting SECG names for NIST P-192 and P-256 38 // (aka ANSI X9.62 prime192v1 and prime256v1) curve names. 39 if ("secp256r1".equals(curveName)) { 40 curveName = "prime256v1"; 41 } else if ("secp192r1".equals(curveName)) { 42 curveName = "prime192v1"; 43 } 44 45 final long ctx = NativeCrypto.EC_GROUP_new_by_curve_name(curveName); 46 if (ctx == 0) { 47 return null; 48 } 49 NativeRef.EC_GROUP groupRef = new NativeRef.EC_GROUP(ctx); 50 51 NativeCrypto.EC_GROUP_set_point_conversion_form(groupRef, 52 NativeConstants.POINT_CONVERSION_UNCOMPRESSED); 53 NativeCrypto.EC_GROUP_set_asn1_flag(groupRef, NativeConstants.OPENSSL_EC_NAMED_CURVE); 54 55 return new OpenSSLECGroupContext(groupRef); 56 } 57 58 @Override equals(Object o)59 public boolean equals(Object o) { 60 throw new IllegalArgumentException("OpenSSLECGroupContext.equals is not defined"); 61 } 62 63 @Override hashCode()64 public int hashCode() { 65 // TODO Auto-generated method stub 66 return super.hashCode(); 67 } 68 getNativeRef()69 public NativeRef.EC_GROUP getNativeRef() { 70 return groupCtx; 71 } 72 getInstance(ECParameterSpec params)73 public static OpenSSLECGroupContext getInstance(ECParameterSpec params) 74 throws InvalidAlgorithmParameterException { 75 String curveName = Platform.getCurveName(params); 76 if (curveName != null) { 77 return OpenSSLECGroupContext.getCurveByName(curveName); 78 } 79 80 // Try to find recognise the underlying curve from the parameters. 81 final EllipticCurve curve = params.getCurve(); 82 final ECField field = curve.getField(); 83 84 final BigInteger p; 85 if (field instanceof ECFieldFp) { 86 p = ((ECFieldFp) field).getP(); 87 } else { 88 throw new InvalidParameterException("unhandled field class " 89 + field.getClass().getName()); 90 } 91 92 final ECPoint generator = params.getGenerator(); 93 final BigInteger b = curve.getB(); 94 final BigInteger x = generator.getAffineX(); 95 final BigInteger y = generator.getAffineY(); 96 97 // The 'a' value isn't checked in the following because it's unclear 98 // whether users would set it to -3 or p-3. 99 switch (p.bitLength()) { 100 case 224: 101 if (p.toString(16).equals("ffffffffffffffffffffffffffffffff000000000000000000000001") && 102 b.toString(16).equals("b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4") && 103 x.toString(16).equals("b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21") && 104 y.toString(16).equals("bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34")) { 105 curveName = "secp224r1"; 106 } 107 break; 108 case 256: 109 if (p.toString(16).equals("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff") && 110 b.toString(16).equals("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b") && 111 x.toString(16).equals("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296") && 112 y.toString(16).equals("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")) { 113 curveName = "prime256v1"; 114 } 115 break; 116 case 384: 117 if (p.toString(16).equals("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff") && 118 b.toString(16).equals("b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef") && 119 x.toString(16).equals("aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7") && 120 y.toString(16).equals("3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")) { 121 curveName = "secp384r1"; 122 } 123 break; 124 case 521: 125 if (p.toString(16).equals("1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") && 126 b.toString(16).equals("051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00") && 127 x.toString(16).equals("c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66") && 128 y.toString(16).equals("11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650")) { 129 curveName = "secp521r1"; 130 } 131 break; 132 } 133 134 if (curveName != null) { 135 return OpenSSLECGroupContext.getCurveByName(curveName); 136 } 137 138 final BigInteger a = curve.getA(); 139 final BigInteger order = params.getOrder(); 140 final int cofactor = params.getCofactor(); 141 142 long group; 143 try { 144 group = NativeCrypto.EC_GROUP_new_arbitrary( 145 p.toByteArray(), a.toByteArray(), b.toByteArray(), x.toByteArray(), 146 y.toByteArray(), order.toByteArray(), cofactor); 147 } catch (Throwable exception) { 148 throw new InvalidAlgorithmParameterException("EC_GROUP_new_arbitrary failed", 149 exception); 150 } 151 152 if (group == 0) { 153 throw new InvalidAlgorithmParameterException("EC_GROUP_new_arbitrary returned NULL"); 154 } 155 156 NativeRef.EC_GROUP groupRef = new NativeRef.EC_GROUP(group); 157 NativeCrypto.EC_GROUP_set_point_conversion_form(groupRef, 158 NativeConstants.POINT_CONVERSION_UNCOMPRESSED); 159 160 return new OpenSSLECGroupContext(groupRef); 161 } 162 getECParameterSpec()163 public ECParameterSpec getECParameterSpec() { 164 final String curveName = NativeCrypto.EC_GROUP_get_curve_name(groupCtx); 165 166 final byte[][] curveParams = NativeCrypto.EC_GROUP_get_curve(groupCtx); 167 final BigInteger p = new BigInteger(curveParams[0]); 168 final BigInteger a = new BigInteger(curveParams[1]); 169 final BigInteger b = new BigInteger(curveParams[2]); 170 171 final ECField field; 172 final int type = NativeCrypto.get_EC_GROUP_type(groupCtx); 173 if (type == NativeCrypto.EC_CURVE_GFP) { 174 field = new ECFieldFp(p); 175 } else if (type == NativeCrypto.EC_CURVE_GF2M) { 176 field = new ECFieldF2m(p.bitLength() - 1, p); 177 } else { 178 throw new RuntimeException("unknown curve type " + type); 179 } 180 181 final EllipticCurve curve = new EllipticCurve(field, a, b); 182 183 final OpenSSLECPointContext generatorCtx = new OpenSSLECPointContext(this, 184 new NativeRef.EC_POINT(NativeCrypto.EC_GROUP_get_generator(groupCtx))); 185 final ECPoint generator = generatorCtx.getECPoint(); 186 187 final BigInteger order = new BigInteger(NativeCrypto.EC_GROUP_get_order(groupCtx)); 188 final BigInteger cofactor = new BigInteger(NativeCrypto.EC_GROUP_get_cofactor(groupCtx)); 189 190 ECParameterSpec spec = new ECParameterSpec(curve, generator, order, cofactor.intValue()); 191 Platform.setCurveName(spec, curveName); 192 return spec; 193 } 194 } 195