Negative parameter in c'tor of EllipticCurve

Yasumasa Suenaga yasuenag at gmail.com
Tue Jan 5 13:19:13 UTC 2016


Hi all,

I encountered IllegalArgumentException when I generate EC key pair as below.

reproducer:
-----------------
import java.math.*;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;


public class ECKeyGen{

  public static BigInteger P =
             new BigInteger("900812823637587646514106462588455890498729007071");

  public static BigInteger A = new BigInteger("-3");

  public static BigInteger B =
             new BigInteger("366394034647231750324370400222002566844354703832");

  public static BigInteger Gx =
             new BigInteger("264865613959729647018113670854605162895977008838");

  public static BigInteger Gy =
              new BigInteger("51841075954883162510413392745168936296187808697");

  public static BigInteger R =
             new BigInteger("900812823637587646514106555566573588779770753047");

  public static void main(String[] args) throws Exception{
    EllipticCurve curve = new EllipticCurve(new ECFieldFp(P), A, B);
    ECParameterSpec spec =
                      new ECParameterSpec(curve, new ECPoint(Gx, Gy), R, 1);

    KeyPairGenerator keygen = KeyPairGenerator.getInstance("EC");
    KeyPair keypair = keygen.generateKeyPair();

    ECPrivateKey privateKey = (ECPrivateKey)keypair.getPrivate();
    ECPoint publicKey = ((ECPublicKey)keypair.getPublic()).getW();
    System.out.println("Private Key: " + privateKey.getS().toString(16));
    System.out.println("Public Key:");
    System.out.println("  x: " + publicKey.getAffineX().toString(16));
    System.out.println("  y: " + publicKey.getAffineY().toString(16));
  }

}

-----------------

console:
-----------------
$ /usr/local/jdk1.8.0_66/bin/java ECKeyGen
Exception in thread "main" java.lang.IllegalArgumentException: first coefficient is negative
        at java.security.spec.EllipticCurve.checkValidity(EllipticCurve.java:59)
        at java.security.spec.EllipticCurve.<init>(EllipticCurve.java:112)
        at java.security.spec.EllipticCurve.<init>(EllipticCurve.java:83)
        at ECKeyGen.main(ECKeyGen.java:27)
-----------------

I checked this exception with both 8u66 and 9.
Cause of this is the "a" parameter is negative value.
However, these parameters are based on [1] .

I'm not sure about the EC.
However, [1] shows negative parameter, and C code which uses OpenSSL
does not occur error with same parameters.

If JDK implementation is incorrect, I will file it to JBS and create
a webrev to avoid the check for negative value.

Could you help?


Thanks,

Yasumasa


[1] Advanced Access Content System (AACS)
     Introduction and Common Cryptographic Elements 
      Table 2-1 - ECC Parameters
    http://www.aacsla.com/specifications/AACS_Spec_Common_Final_0953.pdf




More information about the security-dev mailing list