1 /*
2 * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29 import java.security.spec.ECParameterSpec;
30 import java.util.HashMap;
31 import java.util.Map;
32
33 import javax.net.ssl.SSLProtocolException;
34
35 final class SupportedEllipticCurvesExtension extends HelloExtension {
36
37 // the extension value to send in the ClientHello message
38 static final SupportedEllipticCurvesExtension DEFAULT;
39
40 private static final boolean fips;
41
42 static {
43 int[] ids;
44 fips = SunJSSE.isFIPS();
45 if (fips == false) {
46 ids = new int[] {
47 // NIST curves first
48 // prefer NIST P-256, rest in order of increasing key length
49 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
50 // non-NIST curves
51 15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
52 };
53 } else {
54 ids = new int[] {
55 // same as above, but allow only NIST curves in FIPS mode
56 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
57 };
58 }
59 DEFAULT = new SupportedEllipticCurvesExtension(ids);
60 }
61
62 private final int[] curveIds;
63
64 private SupportedEllipticCurvesExtension(int[] curveIds) {
65 super(ExtensionType.EXT_ELLIPTIC_CURVES);
66 this.curveIds = curveIds;
67 }
68
69 SupportedEllipticCurvesExtension(HandshakeInStream s, int len)
70 throws IOException {
71 super(ExtensionType.EXT_ELLIPTIC_CURVES);
72 int k = s.getInt16();
73 if (((len & 1) != 0) || (k + 2 != len)) {
74 throw new SSLProtocolException("Invalid " + type + " extension");
75 }
76 curveIds = new int[k >> 1];
77 for (int i = 0; i < curveIds.length; i++) {
78 curveIds[i] = s.getInt16();
79 }
80 }
81
82 boolean contains(int index) {
83 for (int curveId : curveIds) {
84 if (index == curveId) {
85 return true;
86 }
87 }
88 return false;
89 }
90
91 // Return a reference to the internal curveIds array.
92 // The caller must NOT modify the contents.
93 int[] curveIds() {
94 return curveIds;
95 }
96
97 @Override
98 int length() {
99 return 6 + (curveIds.length << 1);
100 }
101
102 @Override
103 void send(HandshakeOutStream s) throws IOException {
104 s.putInt16(type.id);
105 int k = curveIds.length << 1;
106 s.putInt16(k + 2);
107 s.putInt16(k);
108 for (int curveId : curveIds) {
109 s.putInt16(curveId);
110 }
111 }
112
113 @Override
114 public String toString() {
115 StringBuilder sb = new StringBuilder();
116 sb.append("Extension " + type + ", curve names: {");
117 boolean first = true;
118 for (int curveId : curveIds) {
119 if (first) {
120 first = false;
121 } else {
122 sb.append(", ");
123 }
124 // first check if it is a known named curve, then try other cases.
125 String oid = getCurveOid(curveId);
126 if (oid != null) {
127 ECParameterSpec spec = JsseJce.getECParameterSpec(oid);
128 // this toString() output will look nice for the current
129 // implementation of the ECParameterSpec class in the Sun
130 // provider, but may not look good for other implementations.
131 if (spec != null) {
132 sb.append(spec.toString().split(" ")[0]);
133 } else {
134 sb.append(oid);
135 }
136 } else if (curveId == ARBITRARY_PRIME) {
137 sb.append("arbitrary_explicit_prime_curves");
138 } else if (curveId == ARBITRARY_CHAR2) {
139 sb.append("arbitrary_explicit_char2_curves");
140 } else {
141 sb.append("unknown curve " + curveId);
142 }
143 }
144 sb.append("}");
145 return sb.toString();
146 }
147
148 // Test whether we support the curve with the given index.
149 static boolean isSupported(int index) {
150 if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
151 return false;
152 }
153 if (fips == false) {
154 // in non-FIPS mode, we support all valid indices
155 return true;
156 }
157 return DEFAULT.contains(index);
158 }
159
160 static int getCurveIndex(ECParameterSpec params) {
161 String oid = JsseJce.getNamedCurveOid(params);
162 if (oid == null) {
163 return -1;
164 }
165 Integer n = curveIndices.get(oid);
166 return (n == null) ? -1 : n;
167 }
168
169 static String getCurveOid(int index) {
170 if ((index > 0) && (index < NAMED_CURVE_OID_TABLE.length)) {
171 return NAMED_CURVE_OID_TABLE[index];
172 }
173 return null;
174 }
175
176 private final static int ARBITRARY_PRIME = 0xff01;
177 private final static int ARBITRARY_CHAR2 = 0xff02;
178
179 // See sun.security.util.NamedCurve for the OIDs
180 private final static String[] NAMED_CURVE_OID_TABLE = new String[] {
181 null, // (0) unused
182 "1.3.132.0.1", // (1) sect163k1, NIST K-163
183 "1.3.132.0.2", // (2) sect163r1
184 "1.3.132.0.15", // (3) sect163r2, NIST B-163
185 "1.3.132.0.24", // (4) sect193r1
186 "1.3.132.0.25", // (5) sect193r2
187 "1.3.132.0.26", // (6) sect233k1, NIST K-233
188 "1.3.132.0.27", // (7) sect233r1, NIST B-233
189 "1.3.132.0.3", // (8) sect239k1
190 "1.3.132.0.16", // (9) sect283k1, NIST K-283
191 "1.3.132.0.17", // (10) sect283r1, NIST B-283
192 "1.3.132.0.36", // (11) sect409k1, NIST K-409
193 "1.3.132.0.37", // (12) sect409r1, NIST B-409
194 "1.3.132.0.38", // (13) sect571k1, NIST K-571
195 "1.3.132.0.39", // (14) sect571r1, NIST B-571
196 "1.3.132.0.9", // (15) secp160k1
197 "1.3.132.0.8", // (16) secp160r1
198 "1.3.132.0.30", // (17) secp160r2
199 "1.3.132.0.31", // (18) secp192k1
200 "1.2.840.10045.3.1.1", // (19) secp192r1, NIST P-192
201 "1.3.132.0.32", // (20) secp224k1
202 "1.3.132.0.33", // (21) secp224r1, NIST P-224
203 "1.3.132.0.10", // (22) secp256k1
204 "1.2.840.10045.3.1.7", // (23) secp256r1, NIST P-256
205 "1.3.132.0.34", // (24) secp384r1, NIST P-384
206 "1.3.132.0.35", // (25) secp521r1, NIST P-521
207 };
208
209 private final static Map<String,Integer> curveIndices;
210
211 static {
212 curveIndices = new HashMap<String,Integer>();
213 for (int i = 1; i < NAMED_CURVE_OID_TABLE.length; i++) {
214 curveIndices.put(NAMED_CURVE_OID_TABLE[i], i);
215 }
216 }
217
218 }