Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8253912

Incorrect encoding for EC AlgorithmIdentifier

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 16
    • security-libs
    • None
    • behavioral
    • minimal
    • File or wire format
    • Implementation

      Summary

      The encoding of the algorithm identifier in JDK should omit the parameters field in AlgorithmIdentifier for the key agreement algorithms: X25519 and X448, and for the ECDSA signature algorithm: using SHA-224, SHA-256, SHA-384, or SHA-512.

      Problem

      For the X25519, X448, or ECDSA algorithm, JDK encodes its parameters field as NULL (containing two bytes for null-tag and length) in AlgorithmIdentifier. When the getEncoded() method is called by applications to obtain the key in its encoding format, the returned encoded data contains extra bytes for the parameters field.

      Solution

      RFC 8410 [1] and RFC 5758 [2] state that the parameters fields in AlgorithmIdentifier for the X25519, X448, and ECDSA algorithms should be absent. To have a conforming implementation, the encoding in JDK needs to omit the parameters field for those algorithms.

      Specification

      No changes to the JDK specification.

      RFC for the AlgorithmIdentifier can be located at:

      1. RFC 8410 [1]: Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure
      2. RFC 5758 [2]: Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA

      [1] https://tools.ietf.org/html/rfc8410#section-3

      [2] https://tools.ietf.org/html/rfc5758#section-3.2

            hchao Haimay Chao
            mullan Sean Mullan
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: