Closed Bug 589158 Opened 13 years ago Closed 6 years ago

Add Sun's standard algorithm names for all ECC signature types

Categories

(JSS Graveyard :: Library, enhancement)

All
Linux
enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: david.konrad.stutzman, Assigned: david.konrad.stutzman)

Details

Attachments

(1 file, 1 obsolete file)

User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Build Identifier: JSS 4.3 RTM

JSS uses SHAxwithEC as their naming for EC Signature algorithms but Sun's "Standard Algorithm Names" are SHAxwithECDSA.  I was using Sun's CertPath API to attempt to chain some EC certificates that had SHA384withECDSA signatures and the building of the CertPath threw an exception because it couldn't find a provider that supported SHA384withECDSA.  The attached patch just adds the 4 aliases for the standard Sun algorithm names to the JSS provider.

Adding these aliases should enable JSS's ECC functionality to be used in more places throughout the entire Java library as it would now support the algorithm names that the library uses.

Reproducible: Always
diffed wrong way before
Attachment #467754 - Attachment is obsolete: true
Attachment #467756 - Flags: review?
Attachment #467754 - Flags: review?
Comment on attachment 467756 [details] [diff] [review]
correct patch showing + for lines instead of -

r=wtc.

It would be nice if we could make SHA1withECDSA
the algorithm name and make SHA1withEC an alias.
Would that break any code?
Attachment #467756 - Flags: review? → review+
As far as I could tell, the way you guys are creating the provider now, it's reporting the main names of SHAxwithEC.  After I added the new aliases I queried the Provider for it's Provider.Services and called getAlgorithm() and it doesn't explicity list the new ones (or any aliases).  It seems to only show the initial algorithm name.  I don't know if there's a way to get all the aliases for a particular Provider.Service. http://download.oracle.com/javase/6/docs/api/java/security/Provider.Service.html says: "Optionally, it also includes a list of alternate algorithm names for this service (aliases) and attributes, which are a map of (name, value) String pairs," but there doesn't appear to be any getter for that info.

http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Aliases  Not a whole lot of helpful info here, but that's the official word on aliases.

On the topic of breaking existing code by changing defaults:

Looking at it with this patch applied if you call  Signature.getInstance("SHA256withEC"), it will work.  If you call Signature.getInstance("SHA256withECDSA"), it will work.

If you change the other name to be the default, again either call above will work.  

The only thing I can see breaking is if someone queries the Provider programatically using Provider.getServices() and then accessing the Provider.Service objects to get names and is expecting to match on the old string (SHAxwithEC) at that point because that won't list aliases.

Most likely it wouldn't be a huge deal because I suspect that not many people are using JSS/NSS for ECC at this time, but that's your call.
Status: UNCONFIRMED → NEW
Ever confirmed: true
assigning to myself per Nelson
Assignee: gbmozilla → david.konrad.stutzman
pushed:
changeset:   2212:8746a3fc74785e2fd12f86d08a6886ed9160620e
tag:         tip
phase:       public
parent:      2211:9e2db7eee6652330723d935c2b900b9b09b1ab9d
parent:      -1:0000000000000000000000000000000000000000
manifest:    2011:ec7dba440cc24475fc5ad587df85cbbd467f5bf3
user:        David Stutzman<david.konrad.stutzman@us.army.mil>
date:        Thu Jan 11 18:00:00 2018 -0800
files:       org/mozilla/jss/JSSProvider.java
extra:       amend_source=b6c9f5f4b826cf3967be75ba27a2b152e2461bcd
extra:       branch=default
description:
Bug 589158 Add support for Java Security Standard Algorithm Names for EC Signature types

This patch adds the aliases for Java Security Standard Algorithm Names for EC Signature types.

cfu for dstutzman (reviewed by wtc)
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.