Support for ECParameters with explicit (not named) parameter spec

Bernd Eckenfels ecki at zusammenkunft.net
Wed Dec 6 20:36:38 UTC 2017


It is however very likely that the HSM does not accept/allow/implement arbitrary curves which it does not know how to handle and optimize the arithmetics. Especially not when it also needs to create points. (And some vendors sell them for a premium...)

Safenet HSMs seem to only accept parameters if opt in (which turns FIPS mode off) - and those curves can be used for a limited set of mechanisms. But then again they also claim to offer named brainpool curves in recent firmwares..

Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
From: security-dev <security-dev-bounces at openjdk.java.net> on behalf of Adam Petcher <adam.petcher at oracle.com>
Sent: Wednesday, December 6, 2017 8:38:35 PM
To: security-dev at openjdk.java.net
Subject: Re: Support for ECParameters with explicit (not named) parameter spec


On 12/6/2017 11:39 AM, Max Fichtelmann wrote:

We use a HSM to generate ECDSA Keys and are required to use the curve brainpoolP256r1.

Although the HSM does not specifically support brainpool, it is possible to generate these keys by providing the specific Curve Parameters. These curve parameters are then saved in CKA_EC_PARAMS...
<snip>
When using SunPKCS11 to load the KeyPair, ECParams is used with the value of CKA_EC_PARAMS which then fails.

So there are not many options I see - either patching JDK or getting the HSM-Vendor to add support for brainpool...

I think this problem is pretty good motivation for enhancing this code to support specified domain parameters. So if you are going to write code to fix this, please consider submitting a patch.

There may be another way to fix this problem without patching the JDK. You could develop (or locate) a JCA provider including an AlgorithmParameters service for "EC" that has this desired functionality. Install[1] this provider with a preference higher than SunEC, and it will be used to decode the CKA_EC_PARAMS. But note that this may also change other (unrelated) crypto behavior in your application.

[1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#ProviderInstalling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20171206/4db44b51/attachment.html>


More information about the security-dev mailing list