diff options
author | Kenny Root <kroot@google.com> | 2015-05-12 10:22:22 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2015-05-13 10:47:31 -0700 |
commit | c51d6837f84377c47bc0f43d58c80f09f460e194 (patch) | |
tree | e9040b649495bd6a82e57f4a00d335ede9962a33 | |
parent | eaa486a9a2ef620ba3c4d45e373709b31f354a09 (diff) | |
download | android_external_bouncycastle-c51d6837f84377c47bc0f43d58c80f09f460e194.tar.gz android_external_bouncycastle-c51d6837f84377c47bc0f43d58c80f09f460e194.tar.bz2 android_external_bouncycastle-c51d6837f84377c47bc0f43d58c80f09f460e194.zip |
Set default EC key size to 256-bits
NIST SP800 131A recommends 112-bits as the lowest security level
acceptable after December 31, 2013. Although the 239-bit EC group
meets that bar, the P-256, P-384, and P-521 are the more widely
supported options. Change the default to increase interoperability
while maintaining the security level recommended.
(cherry picked from commit c5a7ff00b9c78ce5e15de5b99dc78a7e8c83ecd3)
Bug: 21085656
Change-Id: Idb71fdc801bafc5ad38f0b87dc3847f48854563f
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java | 4 | ||||
-rw-r--r-- | patches/bcprov.patch | 19 |
2 files changed, 18 insertions, 5 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java index 1239609..d858518 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java @@ -42,7 +42,9 @@ public abstract class KeyPairGeneratorSpi ECKeyGenerationParameters param; ECKeyPairGenerator engine = new ECKeyPairGenerator(); Object ecParams = null; - int strength = 239; + // BEGIN android-changed + int strength = 256; + // BEGIN android-changed int certainty = 50; SecureRandom random = new SecureRandom(); boolean initialised = false; diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 81bf92f..b8e7783 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -2338,9 +2338,20 @@ diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/e public static class ECDH extends KeyFactorySpi diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java ---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2015-03-01 12:03:02.000000000 +0000 +--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2015-03-01 20:03:02.000000000 +0000 +++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2014-07-28 19:51:54.000000000 +0000 -@@ -84,7 +84,13 @@ +@@ -42,7 +42,9 @@ + ECKeyGenerationParameters param; + ECKeyPairGenerator engine = new ECKeyPairGenerator(); + Object ecParams = null; +- int strength = 239; ++ // BEGIN android-changed ++ int strength = 256; ++ // BEGIN android-changed + int certainty = 50; + SecureRandom random = new SecureRandom(); + boolean initialised = false; +@@ -84,7 +86,13 @@ SecureRandom random) { this.strength = strength; @@ -2354,7 +2365,7 @@ diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/e ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength)); if (ecParams == null) -@@ -107,6 +113,11 @@ +@@ -107,6 +115,11 @@ SecureRandom random) throws InvalidAlgorithmParameterException { @@ -2366,7 +2377,7 @@ diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/e if (params == null) { ECParameterSpec implicitCA = configuration.getEcImplicitlyCa(); -@@ -267,4 +278,4 @@ +@@ -267,4 +280,4 @@ super("ECMQV", BouncyCastleProvider.CONFIGURATION); } } |