| /* |
| * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package sun.security.provider; |
| |
| import java.math.BigInteger; |
| |
| import java.security.*; |
| import java.security.SecureRandom; |
| import java.security.interfaces.DSAParams; |
| import java.security.spec.AlgorithmParameterSpec; |
| import java.security.spec.InvalidParameterSpecException; |
| import java.security.spec.DSAParameterSpec; |
| |
| import sun.security.jca.JCAUtil; |
| |
| /** |
| * This class generates DSA key parameters and public/private key |
| * pairs according to the DSS standard NIST FIPS 186. It uses the |
| * updated version of SHA, SHA-1 as described in FIPS 180-1. |
| * |
| * @author Benjamin Renaud |
| * @author Andreas Sterbenz |
| * |
| */ |
| public class DSAKeyPairGenerator extends KeyPairGenerator |
| implements java.security.interfaces.DSAKeyPairGenerator { |
| |
| /* Length for prime P and subPrime Q in bits */ |
| private int plen; |
| private int qlen; |
| |
| /* whether to force new parameters to be generated for each KeyPair */ |
| private boolean forceNewParameters; |
| |
| /* preset algorithm parameters. */ |
| private DSAParameterSpec params; |
| |
| /* The source of random bits to use */ |
| private SecureRandom random; |
| |
| public DSAKeyPairGenerator() { |
| super("DSA"); |
| initialize(1024, null); |
| } |
| |
| private static void checkStrength(int sizeP, int sizeQ) { |
| if ((sizeP >= 512) && (sizeP <= 1024) && (sizeP % 64 == 0) |
| && sizeQ == 160) { |
| // traditional - allow for backward compatibility |
| // L=multiples of 64 and between 512 and 1024 (inclusive) |
| // N=160 |
| } else if (sizeP == 2048 && (sizeQ == 224 || sizeQ == 256)) { |
| // L=2048, N=224 or 256 |
| } else if (sizeP == 3072 && sizeQ == 256) { |
| // L=3072, N=256 |
| } else { |
| throw new InvalidParameterException |
| ("Unsupported prime and subprime size combination: " + |
| sizeP + ", " + sizeQ); |
| } |
| } |
| |
| public void initialize(int modlen, SecureRandom random) { |
| // generate new parameters when no precomputed ones available. |
| initialize(modlen, true, random); |
| this.forceNewParameters = false; |
| } |
| |
| /** |
| * Initializes the DSA key pair generator. If <code>genParams</code> |
| * is false, a set of pre-computed parameters is used. |
| */ |
| @Override |
| public void initialize(int modlen, boolean genParams, SecureRandom random) |
| throws InvalidParameterException { |
| |
| int subPrimeLen = -1; |
| if (modlen <= 1024) { |
| subPrimeLen = 160; |
| } else if (modlen == 2048) { |
| subPrimeLen = 224; |
| } else if (modlen == 3072) { |
| subPrimeLen = 256; |
| } |
| checkStrength(modlen, subPrimeLen); |
| if (genParams) { |
| params = null; |
| } else { |
| params = ParameterCache.getCachedDSAParameterSpec(modlen, |
| subPrimeLen); |
| if (params == null) { |
| throw new InvalidParameterException |
| ("No precomputed parameters for requested modulus size " |
| + "available"); |
| } |
| |
| } |
| this.plen = modlen; |
| this.qlen = subPrimeLen; |
| this.random = random; |
| this.forceNewParameters = genParams; |
| } |
| |
| /** |
| * Initializes the DSA object using a DSA parameter object. |
| * |
| * @param params a fully initialized DSA parameter object. |
| */ |
| @Override |
| public void initialize(DSAParams params, SecureRandom random) |
| throws InvalidParameterException { |
| |
| if (params == null) { |
| throw new InvalidParameterException("Params must not be null"); |
| } |
| DSAParameterSpec spec = new DSAParameterSpec |
| (params.getP(), params.getQ(), params.getG()); |
| initialize0(spec, random); |
| } |
| |
| /** |
| * Initializes the DSA object using a parameter object. |
| * |
| * @param params the parameter set to be used to generate |
| * the keys. |
| * @param random the source of randomness for this generator. |
| * |
| * @exception InvalidAlgorithmParameterException if the given parameters |
| * are inappropriate for this key pair generator |
| */ |
| public void initialize(AlgorithmParameterSpec params, SecureRandom random) |
| throws InvalidAlgorithmParameterException { |
| if (!(params instanceof DSAParameterSpec)) { |
| throw new InvalidAlgorithmParameterException |
| ("Inappropriate parameter"); |
| } |
| initialize0((DSAParameterSpec)params, random); |
| } |
| |
| private void initialize0(DSAParameterSpec params, SecureRandom random) { |
| int sizeP = params.getP().bitLength(); |
| int sizeQ = params.getQ().bitLength(); |
| checkStrength(sizeP, sizeQ); |
| this.plen = sizeP; |
| this.qlen = sizeQ; |
| this.params = params; |
| this.random = random; |
| this.forceNewParameters = false; |
| } |
| |
| /** |
| * Generates a pair of keys usable by any JavaSecurity compliant |
| * DSA implementation. |
| */ |
| public KeyPair generateKeyPair() { |
| if (random == null) { |
| random = JCAUtil.getSecureRandom(); |
| } |
| DSAParameterSpec spec; |
| try { |
| if (forceNewParameters) { |
| // generate new parameters each time |
| spec = ParameterCache.getNewDSAParameterSpec(plen, qlen, random); |
| } else { |
| if (params == null) { |
| params = |
| ParameterCache.getDSAParameterSpec(plen, qlen, random); |
| } |
| spec = params; |
| } |
| } catch (GeneralSecurityException e) { |
| throw new ProviderException(e); |
| } |
| return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random); |
| } |
| |
| public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g, |
| SecureRandom random) { |
| |
| BigInteger x = generateX(random, q); |
| BigInteger y = generateY(x, p, g); |
| |
| try { |
| |
| // See the comments in DSAKeyFactory, 4532506, and 6232513. |
| |
| DSAPublicKey pub; |
| if (DSAKeyFactory.SERIAL_INTEROP) { |
| pub = new DSAPublicKey(y, p, q, g); |
| } else { |
| pub = new DSAPublicKeyImpl(y, p, q, g); |
| } |
| DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g); |
| |
| KeyPair pair = new KeyPair(pub, priv); |
| return pair; |
| } catch (InvalidKeyException e) { |
| throw new ProviderException(e); |
| } |
| } |
| |
| /** |
| * Generate the private key component of the key pair using the |
| * provided source of random bits. This method uses the random but |
| * source passed to generate a seed and then calls the seed-based |
| * generateX method. |
| */ |
| private BigInteger generateX(SecureRandom random, BigInteger q) { |
| BigInteger x = null; |
| byte[] temp = new byte[qlen]; |
| while (true) { |
| random.nextBytes(temp); |
| x = new BigInteger(1, temp).mod(q); |
| if (x.signum() > 0 && (x.compareTo(q) < 0)) { |
| return x; |
| } |
| } |
| } |
| |
| /** |
| * Generate the public key component y of the key pair. |
| * |
| * @param x the private key component. |
| * |
| * @param p the base parameter. |
| */ |
| BigInteger generateY(BigInteger x, BigInteger p, BigInteger g) { |
| BigInteger y = g.modPow(x, p); |
| return y; |
| } |
| |
| } |