Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / src / share / classes / sun / security / provider / DSAKeyPairGenerator.java
blob: 4e13b2e134f78f3db7406c1fe90979a9e8f60043 [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1/*
2 * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Sun designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Sun in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 * have any questions.
24 */
25
26package sun.security.provider;
27
28import java.math.BigInteger;
29
30import java.security.*;
31import java.security.SecureRandom;
32import java.security.interfaces.DSAParams;
33import java.security.spec.AlgorithmParameterSpec;
34import java.security.spec.InvalidParameterSpecException;
35import java.security.spec.DSAParameterSpec;
36
37import sun.security.jca.JCAUtil;
38
39/**
40 * This class generates DSA key parameters and public/private key
41 * pairs according to the DSS standard NIST FIPS 186. It uses the
42 * updated version of SHA, SHA-1 as described in FIPS 180-1.
43 *
44 * @author Benjamin Renaud
45 * @author Andreas Sterbenz
46 *
47 */
48public class DSAKeyPairGenerator extends KeyPairGenerator
49implements java.security.interfaces.DSAKeyPairGenerator {
50
51 /* The modulus length */
52 private int modlen;
53
54 /* whether to force new parameters to be generated for each KeyPair */
55 private boolean forceNewParameters;
56
57 /* preset algorithm parameters. */
58 private DSAParameterSpec params;
59
60 /* The source of random bits to use */
61 private SecureRandom random;
62
63 public DSAKeyPairGenerator() {
64 super("DSA");
65 initialize(1024, null);
66 }
67
68 private static void checkStrength(int strength) {
69 if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) {
70 throw new InvalidParameterException
71 ("Modulus size must range from 512 to 1024 "
72 + "and be a multiple of 64");
73 }
74 }
75
76 public void initialize(int modlen, SecureRandom random) {
77 checkStrength(modlen);
78 this.random = random;
79 this.modlen = modlen;
80 this.params = null;
81 this.forceNewParameters = false;
82 }
83
84 /**
85 * Initializes the DSA key pair generator. If <code>genParams</code>
86 * is false, a set of pre-computed parameters is used.
87 */
88 public void initialize(int modlen, boolean genParams, SecureRandom random) {
89 checkStrength(modlen);
90 if (genParams) {
91 params = null;
92 } else {
93 params = ParameterCache.getCachedDSAParameterSpec(modlen);
94 if (params == null) {
95 throw new InvalidParameterException
96 ("No precomputed parameters for requested modulus size "
97 + "available");
98 }
99 }
100 this.modlen = modlen;
101 this.random = random;
102 this.forceNewParameters = genParams;
103 }
104
105 /**
106 * Initializes the DSA object using a DSA parameter object.
107 *
108 * @param params a fully initialized DSA parameter object.
109 */
110 public void initialize(DSAParams params, SecureRandom random) {
111 if (params == null) {
112 throw new InvalidParameterException("Params must not be null");
113 }
114 DSAParameterSpec spec = new DSAParameterSpec
115 (params.getP(), params.getQ(), params.getG());
116 initialize0(spec, random);
117 }
118
119 /**
120 * Initializes the DSA object using a parameter object.
121 *
122 * @param params the parameter set to be used to generate
123 * the keys.
124 * @param random the source of randomness for this generator.
125 *
126 * @exception InvalidAlgorithmParameterException if the given parameters
127 * are inappropriate for this key pair generator
128 */
129 public void initialize(AlgorithmParameterSpec params, SecureRandom random)
130 throws InvalidAlgorithmParameterException {
131 if (!(params instanceof DSAParameterSpec)) {
132 throw new InvalidAlgorithmParameterException
133 ("Inappropriate parameter");
134 }
135 initialize0((DSAParameterSpec)params, random);
136 }
137
138 private void initialize0(DSAParameterSpec params, SecureRandom random) {
139 int modlen = params.getP().bitLength();
140 checkStrength(modlen);
141 this.modlen = modlen;
142 this.params = params;
143 this.random = random;
144 this.forceNewParameters = false;
145 }
146
147 /**
148 * Generates a pair of keys usable by any JavaSecurity compliant
149 * DSA implementation.
150 */
151 public KeyPair generateKeyPair() {
152 if (random == null) {
153 random = JCAUtil.getSecureRandom();
154 }
155 DSAParameterSpec spec;
156 try {
157 if (forceNewParameters) {
158 // generate new parameters each time
159 spec = ParameterCache.getNewDSAParameterSpec(modlen, random);
160 } else {
161 if (params == null) {
162 params =
163 ParameterCache.getDSAParameterSpec(modlen, random);
164 }
165 spec = params;
166 }
167 } catch (GeneralSecurityException e) {
168 throw new ProviderException(e);
169 }
170 return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random);
171 }
172
173 public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g,
174 SecureRandom random) {
175
176 BigInteger x = generateX(random, q);
177 BigInteger y = generateY(x, p, g);
178
179 try {
180
181 // See the comments in DSAKeyFactory, 4532506, and 6232513.
182
183 DSAPublicKey pub;
184 if (DSAKeyFactory.SERIAL_INTEROP) {
185 pub = new DSAPublicKey(y, p, q, g);
186 } else {
187 pub = new DSAPublicKeyImpl(y, p, q, g);
188 }
189 DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g);
190
191 KeyPair pair = new KeyPair(pub, priv);
192 return pair;
193 } catch (InvalidKeyException e) {
194 throw new ProviderException(e);
195 }
196 }
197
198 /**
199 * Generate the private key component of the key pair using the
200 * provided source of random bits. This method uses the random but
201 * source passed to generate a seed and then calls the seed-based
202 * generateX method.
203 */
204 private BigInteger generateX(SecureRandom random, BigInteger q) {
205 BigInteger x = null;
206 while (true) {
207 int[] seed = new int[5];
208 for (int i = 0; i < 5; i++) {
209 seed[i] = random.nextInt();
210 }
211 x = generateX(seed, q);
212 if (x.signum() > 0 && (x.compareTo(q) < 0)) {
213 break;
214 }
215 }
216 return x;
217 }
218
219 /**
220 * Given a seed, generate the private key component of the key
221 * pair. In the terminology used in the DSA specification
222 * (FIPS-186) seed is the XSEED quantity.
223 *
224 * @param seed the seed to use to generate the private key.
225 */
226 BigInteger generateX(int[] seed, BigInteger q) {
227
228 // check out t in the spec.
229 int[] t = { 0x67452301, 0xEFCDAB89, 0x98BADCFE,
230 0x10325476, 0xC3D2E1F0 };
231 //
232
233 int[] tmp = DSA.SHA_7(seed, t);
234 byte[] tmpBytes = new byte[tmp.length * 4];
235 for (int i = 0; i < tmp.length; i++) {
236 int k = tmp[i];
237 for (int j = 0; j < 4; j++) {
238 tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8)));
239 }
240 }
241 BigInteger x = new BigInteger(1, tmpBytes).mod(q);
242 return x;
243 }
244
245 /**
246 * Generate the public key component y of the key pair.
247 *
248 * @param x the private key component.
249 *
250 * @param p the base parameter.
251 */
252 BigInteger generateY(BigInteger x, BigInteger p, BigInteger g) {
253 BigInteger y = g.modPow(x, p);
254 return y;
255 }
256
257}