589158 - Add Sun's standard algorithm names for all ECC signature types

Status: RESOLVED FIXED

(JSS Graveyard :: Library, enhancement)

Description

[David Stutzman]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Build Identifier: JSS 4.3 RTM

JSS uses SHAxwithEC as their naming for EC Signature algorithms but Sun's "Standard Algorithm Names" are SHAxwithECDSA.  I was using Sun's CertPath API to attempt to chain some EC certificates that had SHA384withECDSA signatures and the building of the CertPath threw an exception because it couldn't find a provider that supported SHA384withECDSA.  The attached patch just adds the 4 aliases for the standard Sun algorithm names to the JSS provider.

Adding these aliases should enable JSS's ECC functionality to be used in more places throughout the entire Java library as it would now support the algorithm names that the library uses.

Reproducible: Always

Comment 1

[David Stutzman]

Attachment: patch adding standard names as aliases for JSS algorithms

Comment 2

[David Stutzman]

Attachment: correct patch showing + for lines instead of -

diffed wrong way before

Comment 3

[Wan-Teh Chang]

Comment on attachment 467756 [details] [diff] [review]
correct patch showing + for lines instead of -

r=wtc.

It would be nice if we could make SHA1withECDSA
the algorithm name and make SHA1withEC an alias.
Would that break any code?

Comment 4

[David Stutzman]

As far as I could tell, the way you guys are creating the provider now, it's reporting the main names of SHAxwithEC.  After I added the new aliases I queried the Provider for it's Provider.Services and called getAlgorithm() and it doesn't explicity list the new ones (or any aliases).  It seems to only show the initial algorithm name.  I don't know if there's a way to get all the aliases for a particular Provider.Service. http://download.oracle.com/javase/6/docs/api/java/security/Provider.Service.html says: "Optionally, it also includes a list of alternate algorithm names for this service (aliases) and attributes, which are a map of (name, value) String pairs," but there doesn't appear to be any getter for that info.

http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Aliases  Not a whole lot of helpful info here, but that's the official word on aliases.

On the topic of breaking existing code by changing defaults:

Looking at it with this patch applied if you call  Signature.getInstance("SHA256withEC"), it will work.  If you call Signature.getInstance("SHA256withECDSA"), it will work.

If you change the other name to be the default, again either call above will work.  

The only thing I can see breaking is if someone queries the Provider programatically using Provider.getServices() and then accessing the Provider.Service objects to get names and is expecting to match on the old string (SHAxwithEC) at that point because that won't list aliases.

Most likely it wouldn't be a huge deal because I suspect that not many people are using JSS/NSS for ECC at this time, but that's your call.

Comment 5

[David Stutzman]

assigning to myself per Nelson

Comment 6

[Christina Fu]

pushed:
changeset:   2212:8746a3fc74785e2fd12f86d08a6886ed9160620e
tag:         tip
phase:       public
parent:      2211:9e2db7eee6652330723d935c2b900b9b09b1ab9d
parent:      -1:0000000000000000000000000000000000000000
manifest:    2011:ec7dba440cc24475fc5ad587df85cbbd467f5bf3
user:        David Stutzman<david.konrad.stutzman@us.army.mil>
date:        Thu Jan 11 18:00:00 2018 -0800
files:       org/mozilla/jss/JSSProvider.java
extra:       amend_source=b6c9f5f4b826cf3967be75ba27a2b152e2461bcd
extra:       branch=default
description:
Bug 589158 Add support for Java Security Standard Algorithm Names for EC Signature types

This patch adds the aliases for Java Security Standard Algorithm Names for EC Signature types.

cfu for dstutzman (reviewed by wtc)