Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix EC Curve selection by size #68

Merged
merged 3 commits into from
Nov 8, 2019
Merged

Fix EC Curve selection by size #68

merged 3 commits into from
Nov 8, 2019

Conversation

SalusaSecondus
Copy link
Contributor

Now, when a new EC key pair is generated by size (rather than by curve), always select a 'secp*r1' curve.
For the standard sizes of 192, 224, 256, 384, and 521 this always matches the behavior of the SunEC provider.

This changes the behavior for sizes 192 and 256 from the secpk1 to the secpr1 curves (NIST P-192 and P-256) respectively.

For reference, SunEC uses this table to map from curve sizes to curves. Specifically the curves with the value PD (Prime Default), are those which are selected. They are:

  • 192 -> secp192r1 (NIST P-192)
  • 224 -> secp224r1 (NIST P-224)
  • 256 -> secp256r1 (NIST P-256)
  • 384 -> secp384r1 (NIST P-384)
  • 521 -> secp521r1 (NIST P-521)

Additionally, this change replaces the certificates used by the integration tests (the JKS files). This change was necessary because the 256 bit certificates incorrectly used the secp256k1 curve which is now disabled in new versions of Java 8.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@SalusaSecondus
Fix EC Curve selection by size
85e5349 
Now, when a new EC key pair is generated by size (rather than by curve), always select a 'secp*r1' curve.
For the standard sizes of 192, 224, 256, 384, and 521 this always matches the behavior of the SunEC provider.

This changes the behavior for sizes 192 and 256 from the secp*k1 to the secp*r1 curves (NIST P-192 and P-256) respectively.
@SalusaSecondus
Fix certificates
d99b5ba
@SalusaSecondus
Second fix to certificates
cf0a221
ttjsu-aws
ttjsu-aws approved these changes Nov 8, 2019
View reviewed changes
Copy link

@ttjsu-aws ttjsu-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SalusaSecondus SalusaSecondus merged commit 6d183bd into corretto:develop Nov 8, 2019
@SalusaSecondus SalusaSecondus deleted the ecgen branch November 8, 2019 22:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ttjsu-aws ttjsu-aws ttjsu-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SalusaSecondus @ttjsu-aws