Set default EC key size to 256-bits
NIST SP800 131A recommends 112-bits as the lowest security level
acceptable after December 31, 2013. Although the 239-bit EC group
meets that bar, the P-256, P-384, and P-521 are the more widely
supported options. Change the default to increase interoperability
while maintaining the security level recommended.
(cherry picked from commit c5a7ff00b9c78ce5e15de5b99dc78a7e8c83ecd3)
Bug: 21085656
Change-Id: Idb71fdc801bafc5ad38f0b87dc3847f48854563f
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
index 1239609..d858518 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
@@ -42,7 +42,9 @@
ECKeyGenerationParameters param;
ECKeyPairGenerator engine = new ECKeyPairGenerator();
Object ecParams = null;
- int strength = 239;
+ // BEGIN android-changed
+ int strength = 256;
+ // BEGIN android-changed
int certainty = 50;
SecureRandom random = new SecureRandom();
boolean initialised = false;
diff --git a/patches/bcprov.patch b/patches/bcprov.patch
index 81bf92f..b8e7783 100644
--- a/patches/bcprov.patch
+++ b/patches/bcprov.patch
@@ -2338,9 +2338,20 @@
public static class ECDH
extends KeyFactorySpi
diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2015-03-01 12:03:02.000000000 +0000
+--- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2015-03-01 20:03:02.000000000 +0000
+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2014-07-28 19:51:54.000000000 +0000
-@@ -84,7 +84,13 @@
+@@ -42,7 +42,9 @@
+ ECKeyGenerationParameters param;
+ ECKeyPairGenerator engine = new ECKeyPairGenerator();
+ Object ecParams = null;
+- int strength = 239;
++ // BEGIN android-changed
++ int strength = 256;
++ // BEGIN android-changed
+ int certainty = 50;
+ SecureRandom random = new SecureRandom();
+ boolean initialised = false;
+@@ -84,7 +86,13 @@
SecureRandom random)
{
this.strength = strength;
@@ -2354,7 +2365,7 @@
ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength));
if (ecParams == null)
-@@ -107,6 +113,11 @@
+@@ -107,6 +115,11 @@
SecureRandom random)
throws InvalidAlgorithmParameterException
{
@@ -2366,7 +2377,7 @@
if (params == null)
{
ECParameterSpec implicitCA = configuration.getEcImplicitlyCa();
-@@ -267,4 +278,4 @@
+@@ -267,4 +280,4 @@
super("ECMQV", BouncyCastleProvider.CONFIGURATION);
}
}