Negative parameter in c'tor of EllipticCurve
Yasumasa Suenaga
yasuenag at gmail.com
Tue Jan 5 13:19:13 UTC 2016
Hi all,
I encountered IllegalArgumentException when I generate EC key pair as below.
reproducer:
-----------------
import java.math.*;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
public class ECKeyGen{
public static BigInteger P =
new BigInteger("900812823637587646514106462588455890498729007071");
public static BigInteger A = new BigInteger("-3");
public static BigInteger B =
new BigInteger("366394034647231750324370400222002566844354703832");
public static BigInteger Gx =
new BigInteger("264865613959729647018113670854605162895977008838");
public static BigInteger Gy =
new BigInteger("51841075954883162510413392745168936296187808697");
public static BigInteger R =
new BigInteger("900812823637587646514106555566573588779770753047");
public static void main(String[] args) throws Exception{
EllipticCurve curve = new EllipticCurve(new ECFieldFp(P), A, B);
ECParameterSpec spec =
new ECParameterSpec(curve, new ECPoint(Gx, Gy), R, 1);
KeyPairGenerator keygen = KeyPairGenerator.getInstance("EC");
KeyPair keypair = keygen.generateKeyPair();
ECPrivateKey privateKey = (ECPrivateKey)keypair.getPrivate();
ECPoint publicKey = ((ECPublicKey)keypair.getPublic()).getW();
System.out.println("Private Key: " + privateKey.getS().toString(16));
System.out.println("Public Key:");
System.out.println(" x: " + publicKey.getAffineX().toString(16));
System.out.println(" y: " + publicKey.getAffineY().toString(16));
}
}
-----------------
console:
-----------------
$ /usr/local/jdk1.8.0_66/bin/java ECKeyGen
Exception in thread "main" java.lang.IllegalArgumentException: first coefficient is negative
at java.security.spec.EllipticCurve.checkValidity(EllipticCurve.java:59)
at java.security.spec.EllipticCurve.<init>(EllipticCurve.java:112)
at java.security.spec.EllipticCurve.<init>(EllipticCurve.java:83)
at ECKeyGen.main(ECKeyGen.java:27)
-----------------
I checked this exception with both 8u66 and 9.
Cause of this is the "a" parameter is negative value.
However, these parameters are based on [1] .
I'm not sure about the EC.
However, [1] shows negative parameter, and C code which uses OpenSSL
does not occur error with same parameters.
If JDK implementation is incorrect, I will file it to JBS and create
a webrev to avoid the check for negative value.
Could you help?
Thanks,
Yasumasa
[1] Advanced Access Content System (AACS)
Introduction and Common Cryptographic Elements
Table 2-1 - ECC Parameters
http://www.aacsla.com/specifications/AACS_Spec_Common_Final_0953.pdf
More information about the security-dev
mailing list