diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java --- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix 2010-10-20 09:54:35.189680000 -0700 +++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java 2010-10-20 10:54:53.154835000 -0700 @@ -196,7 +196,10 @@ public class KeyPairGenerator { engine.setKeyPairUsages(usages,usages_mask); } - + public int getCurveCodeByName(String curveName) + throws InvalidParameterException { + return engine.getCurveCodeByName(curveName); + } diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java --- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix 2010-10-20 09:54:52.393628000 -0700 +++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java 2010-10-20 10:55:39.441698000 -0700 @@ -94,4 +94,6 @@ public abstract class KeyPairGeneratorSp public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask); + + public abstract int getCurveCodeByName(String curveName) throws InvalidParameterException; } diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java --- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix 2010-10-15 10:30:57.832196000 -0700 +++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java 2010-10-20 11:09:30.523208000 -0700 @@ -44,6 +44,7 @@ import java.security.*; import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.DSAParameterSpec; +import java.util.Hashtable; /** @@ -55,6 +56,246 @@ public final class PK11KeyPairGenerator extends org.mozilla.jss.crypto.KeyPairGeneratorSpi { + // curve code for getting the actual EC curve + private enum ECCurve_Code { + // NIST, SEC2 Prime curves + secp521r1 , // == nistp521 + nistp521 , + secp384r1 , // == nistp384 + nistp384 , + secp256r1 , // == nistp256 + nistp256 , + secp256k1 , + secp224r1 , // == nistp224 + nistp224 , + secp224k1 , + secp192r1 , // == nistp192 + nistp192 , + secp192k1 , + secp160r2 , + secp160r1 , + secp160k1 , + secp128r2 , + secp128r1 , + secp112r2 , + secp112r1 , + // NIST, SEC2 Binary curves + sect571r1 , // == nistb571 + nistb571 , + sect571k1 , // == nistk571 + nistk571 , + sect409r1 , // == nistb409 + nistb409 , + sect409k1 , // == nistk409 + nistk409 , + sect283r1 , // == nistb283 + nistb283 , + sect283k1 , // == nistk283 + nistk283 , + sect239k1 , + sect233r1 , // == nistb233 + nistb233 , + sect233k1 , // == nistk233 + nistk233 , + sect193r2 , + sect193r1 , + nistb163 , + sect163r2 , // == nistb163 + sect163r1 , + sect163k1 , // == nistk163 + nistk163 , + sect131r2 , + sect131r1 , + sect113r2 , + sect113r1 , + // ANSI X9.62 Prime curves + prime239v3 , + prime239v2 , + prime239v1 , + prime192v3 , + prime192v2 , + prime192v1 , // == nistp192 + // prime256v1 == nistp256 + // ANSI X9.62 Binary curves + c2pnb163v1 , + c2pnb163v2 , + c2pnb163v3 , + c2pnb176v1 , + c2tnb191v1 , + c2tnb191v2 , + c2tnb191v3 , + //c2onb191v4 , + //c2onb191v5 , + c2pnb208w1 , + c2tnb239v1 , + c2tnb239v2 , + c2tnb239v3 , + //c2onb239v4 , + //c2onb239v5 , + c2pnb272w1 , + c2pnb304w1 , + c2tnb359v1 , + c2pnb368w1 , + c2tnb431r1 + // no WTLS curves fo now + }; + + private static Hashtable ECCurve_NameToCode = new Hashtable(); + static { + // NIST, SEC2 Prime curves + ECCurve_NameToCode.put( + "secp521r1", ECCurve_Code.secp521r1); + ECCurve_NameToCode.put( + "nistp521", ECCurve_Code.nistp521); + ECCurve_NameToCode.put( + "secp384r1", ECCurve_Code.secp384r1); + ECCurve_NameToCode.put( + "nistp384", ECCurve_Code.nistp384); + ECCurve_NameToCode.put( + "secp256r1", ECCurve_Code.secp256r1); + ECCurve_NameToCode.put( + "nistp256", ECCurve_Code.nistp256); + ECCurve_NameToCode.put( + "secp256k1", ECCurve_Code.secp256k1); + ECCurve_NameToCode.put( + "secp224r1", ECCurve_Code.secp224r1); + ECCurve_NameToCode.put( + "nistp224", ECCurve_Code.nistp224); + ECCurve_NameToCode.put( + "secp224k1", ECCurve_Code.secp224k1); + ECCurve_NameToCode.put( + "secp192r1", ECCurve_Code.secp192r1); + ECCurve_NameToCode.put( + "nistp192", ECCurve_Code.nistp192); + ECCurve_NameToCode.put( + "secp192k1", ECCurve_Code.secp192k1); + ECCurve_NameToCode.put( + "secp160r2", ECCurve_Code.secp160r2); + ECCurve_NameToCode.put( + "secp160r1", ECCurve_Code.secp160r1); + ECCurve_NameToCode.put( + "secp160k1", ECCurve_Code.secp160k1); + ECCurve_NameToCode.put( + "secp128r2", ECCurve_Code.secp128r2); + ECCurve_NameToCode.put( + "secp128r1", ECCurve_Code.secp128r1); + ECCurve_NameToCode.put( + "secp112r2", ECCurve_Code.secp112r2); + ECCurve_NameToCode.put( + "secp112r1", ECCurve_Code.secp112r1); + // NIST, SEC2 Binary curves + ECCurve_NameToCode.put( + "sect571r1", ECCurve_Code.sect571r1); + ECCurve_NameToCode.put( + "nistb571", ECCurve_Code.nistb571); + ECCurve_NameToCode.put( + "sect571k1", ECCurve_Code.sect571k1); + ECCurve_NameToCode.put( + "nistk571", ECCurve_Code.nistk571); + ECCurve_NameToCode.put( + "sect409r1", ECCurve_Code.sect409r1); + ECCurve_NameToCode.put( + "nistb409", ECCurve_Code.nistb409); + ECCurve_NameToCode.put( + "sect409k1", ECCurve_Code.sect409k1); + ECCurve_NameToCode.put( + "nistk409", ECCurve_Code.nistk409); + ECCurve_NameToCode.put( + "sect283r1", ECCurve_Code.sect283r1); + ECCurve_NameToCode.put( + "nistb283", ECCurve_Code.nistb283); + ECCurve_NameToCode.put( + "sect283k1", ECCurve_Code.sect283k1); + ECCurve_NameToCode.put( + "nistk283", ECCurve_Code.nistk283); + ECCurve_NameToCode.put( + "sect239k1", ECCurve_Code.sect239k1); + ECCurve_NameToCode.put( + "sect233r1", ECCurve_Code.sect233r1); + ECCurve_NameToCode.put( + "nistb233", ECCurve_Code.nistb233); + ECCurve_NameToCode.put( + "sect233k1", ECCurve_Code.sect233k1); + ECCurve_NameToCode.put( + "nistk233", ECCurve_Code.nistk233); + ECCurve_NameToCode.put( + "sect193r2", ECCurve_Code.sect193r2); + ECCurve_NameToCode.put( + "sect193r1", ECCurve_Code.sect193r1); + ECCurve_NameToCode.put( + "nistb163", ECCurve_Code.nistb163); + ECCurve_NameToCode.put( + "sect163r2", ECCurve_Code.sect163r2); + ECCurve_NameToCode.put( + "sect163r1", ECCurve_Code.sect163r1); + ECCurve_NameToCode.put( + "sect163k1", ECCurve_Code.sect163k1); + ECCurve_NameToCode.put( + "nistk163", ECCurve_Code.nistk163); + ECCurve_NameToCode.put( + "sect131r2", ECCurve_Code.sect131r2); + ECCurve_NameToCode.put( + "sect131r1", ECCurve_Code.sect131r1); + ECCurve_NameToCode.put( + "sect113r2", ECCurve_Code.sect113r2); + ECCurve_NameToCode.put( + "sect113r1", ECCurve_Code.sect113r1); + // ANSI Prime curves + ECCurve_NameToCode.put( + "prime239v3", ECCurve_Code.prime239v3); + ECCurve_NameToCode.put( + "prime239v2", ECCurve_Code.prime239v2); + ECCurve_NameToCode.put( + "prime239v1", ECCurve_Code.prime239v1); + ECCurve_NameToCode.put( + "prime192v3", ECCurve_Code.prime192v3); + ECCurve_NameToCode.put( + "prime192v2", ECCurve_Code.prime192v2); + ECCurve_NameToCode.put( + "prime192v1", ECCurve_Code.prime192v1); + // ANSI Binary curves + ECCurve_NameToCode.put( + "c2pnb163v1", ECCurve_Code.c2pnb163v1); + ECCurve_NameToCode.put( + "c2pnb163v2", ECCurve_Code.c2pnb163v2); + ECCurve_NameToCode.put( + "c2pnb163v3", ECCurve_Code.c2pnb163v3); + ECCurve_NameToCode.put( + "c2pnb176v1", ECCurve_Code.c2pnb176v1); + ECCurve_NameToCode.put( + "c2tnb191v1", ECCurve_Code.c2tnb191v1); + ECCurve_NameToCode.put( + "c2tnb191v2", ECCurve_Code.c2tnb191v2); + ECCurve_NameToCode.put( + "c2tnb191v3", ECCurve_Code.c2tnb191v3); + //ECCurve_NameToCode.put( + // "c2onb191v4", ECCurve_Code.c2onb191v4); + //ECCurve_NameToCode.put( + // "c2onb191v5", ECCurve_Code.c2onb191v5); + ECCurve_NameToCode.put( + "c2pnb208w1", ECCurve_Code.c2pnb208w1); + ECCurve_NameToCode.put( + "c2tnb239v1", ECCurve_Code.c2tnb239v1); + ECCurve_NameToCode.put( + "c2tnb239v2", ECCurve_Code.c2tnb239v2); + ECCurve_NameToCode.put( + "c2tnb239v3", ECCurve_Code.c2tnb239v3); + //ECCurve_NameToCode.put( + // "c2onb239v4", ECCurve_Code.c2onb239v4); + //ECCurve_NameToCode.put( + // "c2onb239v5", ECCurve_Code.c2onb239v5); + ECCurve_NameToCode.put( + "c2pnb272w1", ECCurve_Code.c2pnb272w1); + ECCurve_NameToCode.put( + "c2pnb304w1", ECCurve_Code.c2pnb304w1); + ECCurve_NameToCode.put( + "c2tnb359v1", ECCurve_Code.c2tnb359v1); + ECCurve_NameToCode.put( + "c2pnb368w1", ECCurve_Code.c2pnb368w1); + ECCurve_NameToCode.put( + "c2tnb431r1", ECCurve_Code.c2tnb431r1); + } + // opFlag constants: each of these flags specifies a crypto operation // the key will support. Their values must match the same-named C // preprocessor macros defined in the PKCS #11 header pkcs11t.h. @@ -165,7 +406,15 @@ public final class PK11KeyPairGenerator } } else { Assert._assert( algorithm == KeyPairAlgorithm.EC ); - params = getCurve(strength); + if (strength < 112) { + // for EC, "strength" is actually a code for curves defined in + // ECCurve_Code + params = getECCurve(strength); + } else { + // this is the old method of strength to curve mapping, + // which is somewhat defective + params = getCurve(strength); + } } } @@ -642,6 +891,189 @@ public final class PK11KeyPairGenerator static final OBJECT_IDENTIFIER CURVE_SECG_T571R1 = SECG_EC_CURVE.subBranch(39); + // the EC curvecode to oid hash table + private static Hashtable mECCurve_CodeToCurve = new Hashtable(); + static { + // SEG Prime curves + mECCurve_CodeToCurve.put( + ECCurve_Code.secp521r1.ordinal(), (Object) CURVE_SECG_P521R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistp521.ordinal(), (Object) CURVE_SECG_P521R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp384r1.ordinal(), (Object) CURVE_SECG_P384R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistp384.ordinal(), (Object) CURVE_SECG_P384R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp256r1.ordinal(), (Object) CURVE_ANSI_P256V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistp256.ordinal(), (Object) CURVE_ANSI_P256V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp256k1.ordinal(), (Object) CURVE_SECG_P256K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp224r1.ordinal(), (Object) CURVE_SECG_P224R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistp224.ordinal(), (Object) CURVE_SECG_P224R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp224k1.ordinal(), (Object) CURVE_SECG_P224K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp192r1.ordinal(), (Object) CURVE_ANSI_P192V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistp192.ordinal(), (Object) CURVE_ANSI_P192V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp192k1.ordinal(), (Object) CURVE_SECG_P192K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp160r2.ordinal(), (Object) CURVE_SECG_P160R2); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp160r1.ordinal(), (Object) CURVE_SECG_P160R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp160k1.ordinal(), (Object) CURVE_SECG_P160K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp128r2.ordinal(), (Object) CURVE_SECG_P128R2); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp128r1.ordinal(), (Object) CURVE_SECG_P128R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp112r2.ordinal(), (Object) CURVE_SECG_P112R2); + mECCurve_CodeToCurve.put( + ECCurve_Code.secp112r1.ordinal(), (Object) CURVE_SECG_P112R1); + // SEG Binary curves + mECCurve_CodeToCurve.put( + ECCurve_Code.sect571r1.ordinal(), (Object) CURVE_SECG_T571R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistb571.ordinal(), (Object) CURVE_SECG_T571R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect571k1.ordinal(), (Object) CURVE_SECG_T571K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistk571.ordinal(), (Object) CURVE_SECG_T571K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect409r1.ordinal(), (Object) CURVE_SECG_T409R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistb409.ordinal(), (Object) CURVE_SECG_T409R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect409k1.ordinal(), (Object) CURVE_SECG_T409K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistk409.ordinal(), (Object) CURVE_SECG_T409K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect283r1.ordinal(), (Object) CURVE_SECG_T283R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistb283.ordinal(), (Object) CURVE_SECG_T283R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect283k1.ordinal(), (Object) CURVE_SECG_T283K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistk283.ordinal(), (Object) CURVE_SECG_T283K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect239k1.ordinal(), (Object) CURVE_SECG_T239K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect233r1.ordinal(), (Object) CURVE_SECG_T233R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistb233.ordinal(), (Object) CURVE_SECG_T233R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect233k1.ordinal(), (Object) CURVE_SECG_T233K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistk233.ordinal(), (Object) CURVE_SECG_T233K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect193r2.ordinal(), (Object) CURVE_SECG_T193R2); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect193r1.ordinal(), (Object) CURVE_SECG_T193R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistb163.ordinal(), (Object) CURVE_SECG_T163K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect163r2.ordinal(), (Object) CURVE_SECG_T163R2); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect163r1.ordinal(), (Object) CURVE_SECG_T163R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect163k1.ordinal(), (Object) CURVE_SECG_T163K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.nistk163.ordinal(), (Object) CURVE_SECG_T163K1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect131r2.ordinal(), (Object) CURVE_SECG_T131R2); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect131r1.ordinal(), (Object) CURVE_SECG_T131R1); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect113r2.ordinal(), (Object) CURVE_SECG_T113R2); + mECCurve_CodeToCurve.put( + ECCurve_Code.sect113r1.ordinal(), (Object) CURVE_SECG_T113R1); + // ANSI Prime curves + mECCurve_CodeToCurve.put( + ECCurve_Code.prime239v3.ordinal(), (Object) CURVE_ANSI_P239V3); + mECCurve_CodeToCurve.put( + ECCurve_Code.prime239v2.ordinal(), (Object) CURVE_ANSI_P239V2); + mECCurve_CodeToCurve.put( + ECCurve_Code.prime239v1.ordinal(), (Object) CURVE_ANSI_P239V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.prime192v3.ordinal(), (Object) CURVE_ANSI_P192V3); + mECCurve_CodeToCurve.put( + ECCurve_Code.prime192v2.ordinal(), (Object) CURVE_ANSI_P192V2); + mECCurve_CodeToCurve.put( + ECCurve_Code.prime192v1.ordinal(), (Object) CURVE_ANSI_P192V1); + // ANSI Binary curves + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb163v1.ordinal(), (Object) CURVE_ANSI_PNB163V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb163v2.ordinal(), (Object) CURVE_ANSI_PNB163V2); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb163v3.ordinal(), (Object) CURVE_ANSI_PNB163V3); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb176v1.ordinal(), (Object) CURVE_ANSI_PNB176V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb191v1.ordinal(), (Object) CURVE_ANSI_TNB191V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb191v2.ordinal(), (Object) CURVE_ANSI_TNB191V2); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb191v3.ordinal(), (Object) CURVE_ANSI_TNB191V3); + //mECCurve_CodeToCurve.put( + // ECCurve_Code.c2onb191v4.ordinal(), (Object) CURVE_ANSI_ONB191V4); + //mECCurve_CodeToCurve.put( + // ECCurve_Code.c2onb191v5.ordinal(), (Object) CURVE_ANSI_ONB191V5); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb208w1.ordinal(), (Object) CURVE_ANSI_PNB208W1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb239v1.ordinal(), (Object) CURVE_ANSI_TNB239V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb239v2.ordinal(), (Object) CURVE_ANSI_TNB239V2); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb239v3.ordinal(), (Object) CURVE_ANSI_TNB239V3); + //mECCurve_CodeToCurve.put( + // ECCurve_Code.c2onb239v4.ordinal(), (Object) CURVE_ANSI_ONB239V4); + //mECCurve_CodeToCurve.put( + // ECCurve_Code.c2onb239v5.ordinal(), (Object) CURVE_ANSI_ONB239V5); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb272w1.ordinal(), (Object) CURVE_ANSI_PNB272W1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb304w1.ordinal(), (Object) CURVE_ANSI_PNB304W1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb359v1.ordinal(), (Object) CURVE_ANSI_TNB359V1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2pnb368w1.ordinal(), (Object) CURVE_ANSI_PNB368W1); + mECCurve_CodeToCurve.put( + ECCurve_Code.c2tnb431r1.ordinal(), (Object) CURVE_ANSI_TNB431R1); + } + + public int getCurveCodeByName(String curveName) + throws InvalidParameterException { + if (curveName == null) + throw new InvalidParameterException(); + ECCurve_Code c = (ECCurve_Code) ECCurve_NameToCode.get(curveName); + if (c == null) + throw new InvalidParameterException(curveName); + return c.ordinal(); + } + + /* + * getECCurve + * maps curvecode to the actual oid of the curve and + * returns the PK11ParameterSpec + */ + private AlgorithmParameterSpec getECCurve(int curvecode) + throws InvalidParameterException + { + OBJECT_IDENTIFIER oid; + + oid = (OBJECT_IDENTIFIER) mECCurve_CodeToCurve.get(curvecode); + if (oid == null) + throw new IllegalArgumentException("curvecode ="+curvecode); + return new PK11ParameterSpec(ASN1Util.encode(oid)); + } + private AlgorithmParameterSpec getCurve(int strength) throws InvalidParameterException {