< prev index next >
jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java
Print this page
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -23,16 +23,18 @@
* questions.
*/
package sun.security.ec;
+import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
+import java.security.spec.InvalidParameterSpecException;
import sun.security.ec.ECPrivateKeyImpl;
import sun.security.ec.ECPublicKeyImpl;
import sun.security.jca.JCAUtil;
import sun.security.util.ECParameters;
@@ -83,33 +85,60 @@
// second initialize method. See JCA doc
@Override
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
throws InvalidAlgorithmParameterException {
+ ECParameterSpec ecSpec = null;
+
if (params instanceof ECParameterSpec) {
- this.params = ECUtil.getECParameterSpec(null,
+ ecSpec = ECUtil.getECParameterSpec(null,
(ECParameterSpec)params);
- if (this.params == null) {
+ if (ecSpec == null) {
throw new InvalidAlgorithmParameterException(
"Unsupported curve: " + params);
}
} else if (params instanceof ECGenParameterSpec) {
String name = ((ECGenParameterSpec)params).getName();
- this.params = ECUtil.getECParameterSpec(null, name);
- if (this.params == null) {
+ ecSpec = ECUtil.getECParameterSpec(null, name);
+ if (ecSpec == null) {
throw new InvalidAlgorithmParameterException(
"Unknown curve name: " + name);
}
} else {
throw new InvalidAlgorithmParameterException(
"ECParameterSpec or ECGenParameterSpec required for EC");
}
+
+ // Not all known curves are supported by the native implementation
+ ensureCurveIsSupported(ecSpec);
+ this.params = ecSpec;
+
this.keySize =
((ECParameterSpec)this.params).getCurve().getField().getFieldSize();
this.random = random;
}
+ private static void ensureCurveIsSupported(ECParameterSpec ecSpec)
+ throws InvalidAlgorithmParameterException {
+
+ AlgorithmParameters ecParams = ECUtil.getECParameters(null);
+ byte[] encodedParams;
+ try {
+ ecParams.init(ecSpec);
+ encodedParams = ecParams.getEncoded();
+ } catch (InvalidParameterSpecException ex) {
+ throw new InvalidAlgorithmParameterException(
+ "Unsupported curve: " + ecSpec.toString());
+ } catch (IOException ex) {
+ throw new RuntimeException(ex);
+ }
+ if (!isCurveSupported(encodedParams)) {
+ throw new InvalidAlgorithmParameterException(
+ "Unsupported curve: " + ecParams.toString());
+ }
+ }
+
// generate the keypair. See JCA doc
@Override
public KeyPair generateKeyPair() {
byte[] encodedParams =
@@ -157,10 +186,21 @@
("Key size must be at most " + KEY_SIZE_MAX + " bits");
}
this.keySize = keySize;
}
+ /**
+ * Checks whether the curve in the encoded parameters is supported by the
+ * native implementation.
+ *
+ * @param encodedParams encoded parameters in the same form accepted
+ * by generateECKeyPair
+ * @return true if and only if generateECKeyPair will succeed for
+ * the supplied parameters
+ */
+ private static native boolean isCurveSupported(byte[] encodedParams);
+
/*
* Generates the keypair and returns a 2-element array of encoding bytes.
* The first one is for the private key, the second for the public key.
*/
private static native Object[] generateECKeyPair(int keySize,
< prev index next >