Home | History | Annotate | Download | only in conscrypt 
      1 /*
      2  * Copyright (C) 2012 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package org.conscrypt;
     18 
     19 import java.math.BigInteger;
     20 import java.security.InvalidAlgorithmParameterException;
     21 import java.security.InvalidParameterException;
     22 import java.security.spec.ECField;
     23 import java.security.spec.ECFieldFp;
     24 import java.security.spec.ECParameterSpec;
     25 import java.security.spec.ECPoint;
     26 import java.security.spec.EllipticCurve;
     27 
     28 /**
     29  * Represents a BoringSSL EC_GROUP object.
     30  */
     31 final class OpenSSLECGroupContext {
     32     private final NativeRef.EC_GROUP groupCtx;
     33 
     34     OpenSSLECGroupContext(NativeRef.EC_GROUP groupCtx) {
     35         this.groupCtx = groupCtx;
     36     }
     37 
     38     static OpenSSLECGroupContext getCurveByName(String curveName) {
     39         // Workaround for OpenSSL not supporting SECG names for NIST P-256 (aka
     40         // ANSI X9.62 prime256v1).
     41         if ("secp256r1".equals(curveName)) {
     42             curveName = "prime256v1";
     43         }
     44 
     45         final long ctx = NativeCrypto.EC_GROUP_new_by_curve_name(curveName);
     46         if (ctx == 0) {
     47             return null;
     48         }
     49         NativeRef.EC_GROUP groupRef = new NativeRef.EC_GROUP(ctx);
     50 
     51         return new OpenSSLECGroupContext(groupRef);
     52     }
     53 
     54     @Override
     55     public boolean equals(Object o) {
     56         throw new IllegalArgumentException("OpenSSLECGroupContext.equals is not defined");
     57     }
     58 
     59     @Override
     60     public int hashCode() {
     61         // TODO Auto-generated method stub
     62         return super.hashCode();
     63     }
     64 
     65     NativeRef.EC_GROUP getNativeRef() {
     66         return groupCtx;
     67     }
     68 
     69     static OpenSSLECGroupContext getInstance(ECParameterSpec params)
     70             throws InvalidAlgorithmParameterException {
     71         String curveName = Platform.getCurveName(params);
     72         if (curveName != null) {
     73             return OpenSSLECGroupContext.getCurveByName(curveName);
     74         }
     75 
     76         // Try to find recognise the underlying curve from the parameters.
     77         final EllipticCurve curve = params.getCurve();
     78         final ECField field = curve.getField();
     79 
     80         final BigInteger p;
     81         if (field instanceof ECFieldFp) {
     82             p = ((ECFieldFp) field).getP();
     83         } else {
     84             throw new InvalidParameterException("unhandled field class "
     85                     + field.getClass().getName());
     86         }
     87 
     88         final ECPoint generator = params.getGenerator();
     89         final BigInteger b = curve.getB();
     90         final BigInteger x = generator.getAffineX();
     91         final BigInteger y = generator.getAffineY();
     92 
     93         // The 'a' value isn't checked in the following because it's unclear
     94         // whether users would set it to -3 or p-3.
     95         switch (p.bitLength()) {
     96             case 224:
     97                 if (p.toString(16).equals("ffffffffffffffffffffffffffffffff000000000000000000000001") &&
     98                     b.toString(16).equals("b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4") &&
     99                     x.toString(16).equals("b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21") &&
    100                     y.toString(16).equals("bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34")) {
    101                     curveName = "secp224r1";
    102                 }
    103                 break;
    104             case 256:
    105                 if (p.toString(16).equals("ffffffff00000001000000000000000000000000ffffffffffffffffffffffff") &&
    106                     b.toString(16).equals("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b") &&
    107                     x.toString(16).equals("6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296") &&
    108                     y.toString(16).equals("4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")) {
    109                     curveName = "prime256v1";
    110                 }
    111                 break;
    112             case 384:
    113                 if (p.toString(16).equals("fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff") &&
    114                     b.toString(16).equals("b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef") &&
    115                     x.toString(16).equals("aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7") &&
    116                     y.toString(16).equals("3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")) {
    117                     curveName = "secp384r1";
    118                 }
    119                 break;
    120             case 521:
    121                 if (p.toString(16).equals("1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") &&
    122                     b.toString(16).equals("51953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00") &&
    123                     x.toString(16).equals("c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66") &&
    124                     y.toString(16).equals("11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650")) {
    125                     curveName = "secp521r1";
    126                 }
    127                 break;
    128         }
    129 
    130         if (curveName != null) {
    131             return OpenSSLECGroupContext.getCurveByName(curveName);
    132         }
    133 
    134         final BigInteger a = curve.getA();
    135         final BigInteger order = params.getOrder();
    136         final int cofactor = params.getCofactor();
    137 
    138         long group;
    139         try {
    140             group = NativeCrypto.EC_GROUP_new_arbitrary(
    141                         p.toByteArray(), a.toByteArray(), b.toByteArray(), x.toByteArray(),
    142                         y.toByteArray(), order.toByteArray(), cofactor);
    143         } catch (Throwable exception) {
    144             throw new InvalidAlgorithmParameterException("EC_GROUP_new_arbitrary failed",
    145                                                          exception);
    146         }
    147 
    148         if (group == 0) {
    149             throw new InvalidAlgorithmParameterException("EC_GROUP_new_arbitrary returned NULL");
    150         }
    151 
    152         NativeRef.EC_GROUP groupRef = new NativeRef.EC_GROUP(group);
    153 
    154         return new OpenSSLECGroupContext(groupRef);
    155     }
    156 
    157     ECParameterSpec getECParameterSpec() {
    158         final String curveName = NativeCrypto.EC_GROUP_get_curve_name(groupCtx);
    159 
    160         final byte[][] curveParams = NativeCrypto.EC_GROUP_get_curve(groupCtx);
    161         final BigInteger p = new BigInteger(curveParams[0]);
    162         final BigInteger a = new BigInteger(curveParams[1]);
    163         final BigInteger b = new BigInteger(curveParams[2]);
    164 
    165         final ECField field = new ECFieldFp(p);
    166 
    167         final EllipticCurve curve = new EllipticCurve(field, a, b);
    168 
    169         final OpenSSLECPointContext generatorCtx = new OpenSSLECPointContext(this,
    170                 new NativeRef.EC_POINT(NativeCrypto.EC_GROUP_get_generator(groupCtx)));
    171         final ECPoint generator = generatorCtx.getECPoint();
    172 
    173         final BigInteger order = new BigInteger(NativeCrypto.EC_GROUP_get_order(groupCtx));
    174         final BigInteger cofactor = new BigInteger(NativeCrypto.EC_GROUP_get_cofactor(groupCtx));
    175 
    176         ECParameterSpec spec = new ECParameterSpec(curve, generator, order, cofactor.intValue());
    177         Platform.setCurveName(spec, curveName);
    178         return spec;
    179     }
    180 }
    181