1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.conscrypt; 18 19 import java.math.BigInteger; 20 import java.security.InvalidAlgorithmParameterException; 21 import java.security.InvalidParameterException; 22 import java.security.spec.ECField; 23 import java.security.spec.ECFieldFp; 24 import java.security.spec.ECParameterSpec; 25 import java.security.spec.ECPoint; 26 import java.security.spec.EllipticCurve; 27 28 /** 29 * Represents a BoringSSL EC_GROUP object. 30 */ 31 final class OpenSSLECGroupContext { 32 private final NativeRef.EC_GROUP groupCtx; 33 OpenSSLECGroupContext(NativeRef.EC_GROUP groupCtx)34 OpenSSLECGroupContext(NativeRef.EC_GROUP groupCtx) { 35 this.groupCtx = groupCtx; 36 } 37 getCurveByName(String curveName)38 static OpenSSLECGroupContext getCurveByName(String curveName) { 39 // Workaround for OpenSSL not supporting SECG names for NIST P-256 (aka 40 // ANSI X9.62 prime256v1). 41 if ("secp256r1".equals(curveName)) { 42 curveName = "prime256v1"; 43 } 44 45 final long ctx = NativeCrypto.EC_GROUP_new_by_curve_name(curveName); 46 if (ctx == 0) { 47 return null; 48 } 49 NativeRef.EC_GROUP groupRef = new NativeRef.EC_GROUP(ctx); 50 51 return new OpenSSLECGroupContext(groupRef); 52 } 53 54 @Override equals(Object o)55 public boolean equals(Object o) { 56 throw new IllegalArgumentException("OpenSSLECGroupContext.equals is not defined"); 57 } 58 59 @Override hashCode()60 public int hashCode() { 61 // TODO Auto-generated method stub 62 return super.hashCode(); 63 } 64 getNativeRef()65 NativeRef.EC_GROUP getNativeRef() { 66 return groupCtx; 67 } 68 getInstance(ECParameterSpec params)69 static OpenSSLECGroupContext getInstance(ECParameterSpec params) 70 throws InvalidAlgorithmParameterException { 71 String curveName = Platform.getCurveName(params); 72 if (curveName != null) { 73 return OpenSSLECGroupContext.getCurveByName(curveName); 74 } 75 76 // Try to find recognise the underlying curve from the parameters. 77 final EllipticCurve curve = params.getCurve(); 78 final ECField field = curve.getField(); 79 80 final BigInteger p; 81 if (field instanceof ECFieldFp) { 82 p = ((ECFieldFp) field).getP(); 83 } else { 84 throw new InvalidParameterException("unhandled field class " 85 + field.getClass().getName()); 86 } 87 88 final ECPoint generator = params.getGenerator(); 89 final BigInteger b = curve.getB(); 90 final BigInteger x = generator.getAffineX(); 91 final BigInteger y = generator.getAffineY(); 92 93 // The 'a' value isn't checked in the following because it's unclear 94 // whether users would set it to -3 or p-3. 95 switch (p.bitLength()) { 96 case 224: 97 if (p.toString(16).equals("ffffffffffffffffffffffffffffffff000000000000000000000001") && 98 b.toString(16).equals("b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4") && 99 x.toString(16).equals("b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21") && 100 y.toString(16).equals("bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34")) { 101 curveName = "secp224r1"; 102 } 103 break; 104 case 256: 105 if (p.toString(16).equals("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff") && 106 b.toString(16).equals("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b") && 107 x.toString(16).equals("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296") && 108 y.toString(16).equals("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")) { 109 curveName = "prime256v1"; 110 } 111 break; 112 case 384: 113 if (p.toString(16).equals("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff") && 114 b.toString(16).equals("b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef") && 115 x.toString(16).equals("aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7") && 116 y.toString(16).equals("3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")) { 117 curveName = "secp384r1"; 118 } 119 break; 120 case 521: 121 if (p.toString(16).equals("1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") && 122 b.toString(16).equals("051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00") && 123 x.toString(16).equals("c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66") && 124 y.toString(16).equals("11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650")) { 125 curveName = "secp521r1"; 126 } 127 break; 128 } 129 130 if (curveName != null) { 131 return OpenSSLECGroupContext.getCurveByName(curveName); 132 } 133 134 final BigInteger a = curve.getA(); 135 final BigInteger order = params.getOrder(); 136 final int cofactor = params.getCofactor(); 137 138 long group; 139 try { 140 group = NativeCrypto.EC_GROUP_new_arbitrary( 141 p.toByteArray(), a.toByteArray(), b.toByteArray(), x.toByteArray(), 142 y.toByteArray(), order.toByteArray(), cofactor); 143 } catch (Throwable exception) { 144 throw new InvalidAlgorithmParameterException("EC_GROUP_new_arbitrary failed", 145 exception); 146 } 147 148 if (group == 0) { 149 throw new InvalidAlgorithmParameterException("EC_GROUP_new_arbitrary returned NULL"); 150 } 151 152 NativeRef.EC_GROUP groupRef = new NativeRef.EC_GROUP(group); 153 154 return new OpenSSLECGroupContext(groupRef); 155 } 156 getECParameterSpec()157 ECParameterSpec getECParameterSpec() { 158 final String curveName = NativeCrypto.EC_GROUP_get_curve_name(groupCtx); 159 160 final byte[][] curveParams = NativeCrypto.EC_GROUP_get_curve(groupCtx); 161 final BigInteger p = new BigInteger(curveParams[0]); 162 final BigInteger a = new BigInteger(curveParams[1]); 163 final BigInteger b = new BigInteger(curveParams[2]); 164 165 final ECField field = new ECFieldFp(p); 166 167 final EllipticCurve curve = new EllipticCurve(field, a, b); 168 169 final OpenSSLECPointContext generatorCtx = new OpenSSLECPointContext(this, 170 new NativeRef.EC_POINT(NativeCrypto.EC_GROUP_get_generator(groupCtx))); 171 final ECPoint generator = generatorCtx.getECPoint(); 172 173 final BigInteger order = new BigInteger(NativeCrypto.EC_GROUP_get_order(groupCtx)); 174 final BigInteger cofactor = new BigInteger(NativeCrypto.EC_GROUP_get_cofactor(groupCtx)); 175 176 ECParameterSpec spec = new ECParameterSpec(curve, generator, order, cofactor.intValue()); 177 Platform.setCurveName(spec, curveName); 178 return spec; 179 } 180 } 181