diff --git a/CHANGELOG.md b/CHANGELOG.md index 6482821b..601408ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ ### Patches * Detects stuck AMD Ryzen RDRAND and correctly treats as an error +* `KeyPairGenerator` for "EC" keys when initialized with a `int` always uses "secp*r1" curves now. + This matches the behavior of SunEC. + **This changes the curves selected for 192 and 256 from secp192k1 to secp192r1/P-192 and secp256k1 to secp256r1/P-256 respectively.** ### Maintenance * Add prefix to test output lines indicating if suite will fail. diff --git a/src/com/amazon/corretto/crypto/provider/EcGen.java b/src/com/amazon/corretto/crypto/provider/EcGen.java index d55f17ae..2719ce46 100644 --- a/src/com/amazon/corretto/crypto/provider/EcGen.java +++ b/src/com/amazon/corretto/crypto/provider/EcGen.java @@ -166,12 +166,7 @@ private static byte[] encodeSpec(final AlgorithmParameterSpec spec) { public void initialize(final int keysize, final SecureRandom random) throws InvalidParameterException { try { - final String curveName; - if (keysize == 192 || keysize == 256) { - curveName = "secp" + keysize + "k1"; - } else { - curveName = "secp" + keysize + "r1"; - } + final String curveName = "secp" + keysize + "r1"; initialize(new ECGenParameterSpec(curveName), random); } catch (final InvalidAlgorithmParameterException ex) { throw new InvalidParameterException(ex.getMessage()); diff --git a/tst/com/amazon/corretto/crypto/provider/test/EcGenTest.java b/tst/com/amazon/corretto/crypto/provider/test/EcGenTest.java index 4e706886..6eeea9aa 100644 --- a/tst/com/amazon/corretto/crypto/provider/test/EcGenTest.java +++ b/tst/com/amazon/corretto/crypto/provider/test/EcGenTest.java @@ -4,13 +4,12 @@ package com.amazon.corretto.crypto.provider.test; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import java.math.BigInteger; import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; @@ -42,6 +41,7 @@ import org.junit.Test; public class EcGenTest { + public static final int[] KNOWN_SIZES = {192, 224, 256, 384, 521}; public static final String[][] KNOWN_CURVES = new String[][] { // Prime Curves new String[]{"secp112r1", "1.3.132.0.6"}, @@ -170,6 +170,28 @@ public void knownCurves() throws GeneralSecurityException { } } + @Test + public void knownSizes() throws GeneralSecurityException { + TestUtil.assumeMinimumVersion("1.2.0", nativeGen.getProvider()); + for (int keysize : KNOWN_SIZES) { + nativeGen.initialize(keysize); + jceGen.initialize(keysize); + + final KeyPair nativePair = nativeGen.generateKeyPair(); + final KeyPair jcePair = jceGen.generateKeyPair(); + + final ECParameterSpec jceParams = ((ECPublicKey) jcePair.getPublic()).getParams(); + final ECParameterSpec nativeParams = ((ECPublicKey) nativePair.getPublic()).getParams(); + assertECEquals(Integer.toString(keysize), jceParams, nativeParams); + } + } + + @Test + public void unknownSize() throws GeneralSecurityException { + TestUtil.assertThrows(InvalidParameterException.class, + () -> nativeGen.initialize(13)); + } + @Test public void explicitCurve() throws GeneralSecurityException { jceGen.initialize(EXPLICIT_CURVE); diff --git a/tst/com/amazon/corretto/crypto/provider/test/integration/test_CA.jks b/tst/com/amazon/corretto/crypto/provider/test/integration/test_CA.jks index 63071c11..29cbe642 100644 Binary files a/tst/com/amazon/corretto/crypto/provider/test/integration/test_CA.jks and b/tst/com/amazon/corretto/crypto/provider/test/integration/test_CA.jks differ diff --git a/tst/com/amazon/corretto/crypto/provider/test/integration/test_private_keys.jks b/tst/com/amazon/corretto/crypto/provider/test/integration/test_private_keys.jks index 2d9afe22..3ef10d64 100644 Binary files a/tst/com/amazon/corretto/crypto/provider/test/integration/test_private_keys.jks and b/tst/com/amazon/corretto/crypto/provider/test/integration/test_private_keys.jks differ