JDK-6542846 : EllipticCurve does not allow coefficients with value 0
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0,5.0u26-rev
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic,windows_xp
  • CPU: generic,x86
  • Submitted: 2007-04-05
  • Updated: 2011-07-20
  • Resolved: 2011-03-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
5.0u29 b01Fixed
Related Reports
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01)
Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
When attempting to create an java.security.spec.EllipticCurve object, and specifying BigInteger.ZERO as either the first or second coefficient, the following exception results.

java.lang.IllegalArgumentException: first coefficient is negative

First, the exception is clearly wrong... the first coefficient in this case is not negative, it is zero.

Secondly, it is possible to have valid elliptic curves that have coefficients of zero.  For example, refer to ANSI X9.63-2001, and look at the definitions for any of the following curves: ansip160k1, ansip192k1, ansip224k1, ansip256k1.

Solving the problem is simply... below is the source from EllipticCurve that contains the bug:

    // Check coefficient c is a valid element in ECField field.
    private static void checkValidity(ECField field, BigInteger c,
	String cName) {
	// can only perform check if field is ECFieldFp or ECFieldF2m.
	if (field instanceof ECFieldFp) {
	    BigInteger p = ((ECFieldFp)field).getP();
	    if (p.compareTo(c) != 1) {
		throw new IllegalArgumentException(cName + " is too large");
	    } else if (c.signum() != 1) {
		throw new IllegalArgumentException(cName + " is negative");
	    }
	} else if (field instanceof ECFieldF2m) {
	    int m = ((ECFieldF2m)field).getM();
	    if (c.bitLength() > m) {
		throw new IllegalArgumentException(cName + " is too large");
	    }
	}
    }

The lines:

	    } else if (c.signum() != 1) {
		throw new IllegalArgumentException(cName + " is negative");

Should be changed to:

	    } else if (c.signum() < 0) {
		throw new IllegalArgumentException(cName + " is negative");


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Call the EllipticCurve constructor as follows:

new EllipticCurve(new ECFieldFp(new  BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16)), BigInteger.ZERO, BigInteger.valueOf(7));

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Success, the result should be an EllipticCurve object instance representing the requested curve.
ACTUAL -
Failure:

java.lang.IllegalArgumentException: first coefficient is negative

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.IllegalArgumentException: first coefficient is negative

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
new EllipticCurve(new ECFieldFp(new  BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16)), BigInteger.ZERO, BigInteger.valueOf(7));
---------- END SOURCE ----------

Comments
SUGGESTED FIX web rev for 5 (submitted 2010-11-11): http://jpsesvr.sfbay.sun.com:8080/ctetools/html/ViewDetail.jsp?index=3831 putback reguest: https://jetsvr.sfbay.sun.com:8443/BugApproval/ViewDetail.jsp?index=10345&mode=view
07-12-2010

EVALUATION Closing as will-not-fix. JDK 5 updates are handled by the sustaining group, who backport fixes only if there is a business justification or if an escalation is filed. Should that happen, please reopen the bug.
10-04-2007

EVALUATION This issue affects only JDK 5 as it was fixed in JDK 6 as part of 6405536.
09-04-2007