1 /* 2 * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.IOException; 29 import java.security.spec.ECParameterSpec; 30 import java.util.HashMap; 31 import java.util.Map; 32 33 import javax.net.ssl.SSLProtocolException; 34 35 final class SupportedEllipticCurvesExtension extends HelloExtension { 36 37 // the extension value to send in the ClientHello message 38 static final SupportedEllipticCurvesExtension DEFAULT; 39 40 private static final boolean fips; 41 42 static { 43 int[] ids; 44 fips = SunJSSE.isFIPS(); 45 if (fips == false) { 46 ids = new int[] { 47 // NIST curves first 48 // prefer NIST P-256, rest in order of increasing key length 49 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14, 50 // non-NIST curves 51 15, 16, 17, 2, 18, 4, 5, 20, 8, 22, 52 }; 53 } else { 54 ids = new int[] { 55 // same as above, but allow only NIST curves in FIPS mode 56 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14, 57 }; 58 } 59 DEFAULT = new SupportedEllipticCurvesExtension(ids); 60 } 61 62 private final int[] curveIds; 63 64 private SupportedEllipticCurvesExtension(int[] curveIds) { 65 super(ExtensionType.EXT_ELLIPTIC_CURVES); 66 this.curveIds = curveIds; 67 } 68 69 SupportedEllipticCurvesExtension(HandshakeInStream s, int len) 70 throws IOException { 71 super(ExtensionType.EXT_ELLIPTIC_CURVES); 72 int k = s.getInt16(); 73 if (((len & 1) != 0) || (k + 2 != len)) { 74 throw new SSLProtocolException("Invalid " + type + " extension"); 75 } 76 curveIds = new int[k >> 1]; 77 for (int i = 0; i < curveIds.length; i++) { 78 curveIds[i] = s.getInt16(); 79 } 80 } 81 82 boolean contains(int index) { 83 for (int curveId : curveIds) { 84 if (index == curveId) { 85 return true; 86 } 87 } 88 return false; 89 } 90 91 // Return a reference to the internal curveIds array. 92 // The caller must NOT modify the contents. 93 int[] curveIds() { 94 return curveIds; 95 } 96 97 @Override 98 int length() { 99 return 6 + (curveIds.length << 1); 100 } 101 102 @Override 103 void send(HandshakeOutStream s) throws IOException { 104 s.putInt16(type.id); 105 int k = curveIds.length << 1; 106 s.putInt16(k + 2); 107 s.putInt16(k); 108 for (int curveId : curveIds) { 109 s.putInt16(curveId); 110 } 111 } 112 113 @Override 114 public String toString() { 115 StringBuilder sb = new StringBuilder(); 116 sb.append("Extension " + type + ", curve names: {"); 117 boolean first = true; 118 for (int curveId : curveIds) { 119 if (first) { 120 first = false; 121 } else { 122 sb.append(", "); 123 } 124 // first check if it is a known named curve, then try other cases. 125 String oid = getCurveOid(curveId); 126 if (oid != null) { 127 ECParameterSpec spec = JsseJce.getECParameterSpec(oid); 128 // this toString() output will look nice for the current 129 // implementation of the ECParameterSpec class in the Sun 130 // provider, but may not look good for other implementations. 131 if (spec != null) { 132 sb.append(spec.toString().split(" ")[0]); 133 } else { 134 sb.append(oid); 135 } 136 } else if (curveId == ARBITRARY_PRIME) { 137 sb.append("arbitrary_explicit_prime_curves"); 138 } else if (curveId == ARBITRARY_CHAR2) { 139 sb.append("arbitrary_explicit_char2_curves"); 140 } else { 141 sb.append("unknown curve " + curveId); 142 } 143 } 144 sb.append("}"); 145 return sb.toString(); 146 } 147 148 // Test whether we support the curve with the given index. 149 static boolean isSupported(int index) { 150 if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) { 151 return false; 152 } 153 if (fips == false) { 154 // in non-FIPS mode, we support all valid indices 155 return true; 156 } 157 return DEFAULT.contains(index); 158 } 159 160 static int getCurveIndex(ECParameterSpec params) { 161 String oid = JsseJce.getNamedCurveOid(params); 162 if (oid == null) { 163 return -1; 164 } 165 Integer n = curveIndices.get(oid); 166 return (n == null) ? -1 : n; 167 } 168 169 static String getCurveOid(int index) { 170 if ((index > 0) && (index < NAMED_CURVE_OID_TABLE.length)) { 171 return NAMED_CURVE_OID_TABLE[index]; 172 } 173 return null; 174 } 175 176 private final static int ARBITRARY_PRIME = 0xff01; 177 private final static int ARBITRARY_CHAR2 = 0xff02; 178 179 // See sun.security.util.NamedCurve for the OIDs 180 private final static String[] NAMED_CURVE_OID_TABLE = new String[] { 181 null, // (0) unused 182 "1.3.132.0.1", // (1) sect163k1, NIST K-163 183 "1.3.132.0.2", // (2) sect163r1 184 "1.3.132.0.15", // (3) sect163r2, NIST B-163 185 "1.3.132.0.24", // (4) sect193r1 186 "1.3.132.0.25", // (5) sect193r2 187 "1.3.132.0.26", // (6) sect233k1, NIST K-233 188 "1.3.132.0.27", // (7) sect233r1, NIST B-233 189 "1.3.132.0.3", // (8) sect239k1 190 "1.3.132.0.16", // (9) sect283k1, NIST K-283 191 "1.3.132.0.17", // (10) sect283r1, NIST B-283 192 "1.3.132.0.36", // (11) sect409k1, NIST K-409 193 "1.3.132.0.37", // (12) sect409r1, NIST B-409 194 "1.3.132.0.38", // (13) sect571k1, NIST K-571 195 "1.3.132.0.39", // (14) sect571r1, NIST B-571 196 "1.3.132.0.9", // (15) secp160k1 197 "1.3.132.0.8", // (16) secp160r1 198 "1.3.132.0.30", // (17) secp160r2 199 "1.3.132.0.31", // (18) secp192k1 200 "1.2.840.10045.3.1.1", // (19) secp192r1, NIST P-192 201 "1.3.132.0.32", // (20) secp224k1 202 "1.3.132.0.33", // (21) secp224r1, NIST P-224 203 "1.3.132.0.10", // (22) secp256k1 204 "1.2.840.10045.3.1.7", // (23) secp256r1, NIST P-256 205 "1.3.132.0.34", // (24) secp384r1, NIST P-384 206 "1.3.132.0.35", // (25) secp521r1, NIST P-521 207 }; 208 209 private final static Map<String,Integer> curveIndices; 210 211 static { 212 curveIndices = new HashMap<String,Integer>(); 213 for (int i = 1; i < NAMED_CURVE_OID_TABLE.length; i++) { 214 curveIndices.put(NAMED_CURVE_OID_TABLE[i], i); 215 } 216 } 217 218 }