1 /*
2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.math.BigInteger;
29
30 import java.security.*;
31 import java.security.spec.*;
32
33 import javax.crypto.spec.DHParameterSpec;
34
35 import sun.security.provider.ParameterCache;
36
37 import static sun.security.pkcs11.TemplateManager.*;
38 import sun.security.pkcs11.wrapper.*;
39 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
40
41 import sun.security.rsa.RSAKeyFactory;
42
43 /**
44 * KeyPairGenerator implementation class. This class currently supports
45 * RSA, DSA, DH, and EC.
46 *
47 * Note that for DSA and DH we rely on the Sun and SunJCE providers to
48 * obtain the parameters from.
49 *
50 * @author Andreas Sterbenz
51 * @since 1.5
52 */
53 final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
54
55 // token instance
56 private final Token token;
57
58 // algorithm name
59 private final String algorithm;
60
81 P11KeyPairGenerator(Token token, String algorithm, long mechanism)
82 throws PKCS11Exception {
83 super();
84 int minKeyLen = -1;
85 int maxKeyLen = -1;
86 try {
87 CK_MECHANISM_INFO mechInfo = token.getMechanismInfo(mechanism);
88 if (mechInfo != null) {
89 minKeyLen = (int) mechInfo.ulMinKeySize;
90 maxKeyLen = (int) mechInfo.ulMaxKeySize;
91 }
92 } catch (PKCS11Exception p11e) {
93 // Should never happen
94 throw new ProviderException
95 ("Unexpected error while getting mechanism info", p11e);
96 }
97 // set default key sizes and apply our own algorithm-specific limits
98 // override lower limit to disallow unsecure keys being generated
99 // override upper limit to deter DOS attack
100 if (algorithm.equals("EC")) {
101 keySize = 256;
102 if ((minKeyLen == -1) || (minKeyLen < 112)) {
103 minKeyLen = 112;
104 }
105 if ((maxKeyLen == -1) || (maxKeyLen > 2048)) {
106 maxKeyLen = 2048;
107 }
108 } else {
109 // RSA, DH, and DSA
110 keySize = 1024;
111 if ((minKeyLen == -1) || (minKeyLen < 512)) {
112 minKeyLen = 512;
113 }
114 if (algorithm.equals("RSA")) {
115 if ((maxKeyLen == -1) || (maxKeyLen > 64 * 1024)) {
116 maxKeyLen = 64 * 1024;
117 }
118 }
119 }
120
121 // auto-adjust default keysize in case it's out-of-range
122 if ((minKeyLen != -1) && (keySize < minKeyLen)) {
123 keySize = minKeyLen;
124 }
125 if ((maxKeyLen != -1) && (keySize > maxKeyLen)) {
126 keySize = maxKeyLen;
127 }
128 this.token = token;
129 this.algorithm = algorithm;
130 this.mechanism = mechanism;
|
1 /*
2 * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.math.BigInteger;
29
30 import java.security.*;
31 import java.security.spec.*;
32
33 import javax.crypto.spec.DHParameterSpec;
34
35 import sun.security.provider.ParameterCache;
36 import static sun.security.util.SecurityProviderConstants.*;
37
38 import static sun.security.pkcs11.TemplateManager.*;
39 import sun.security.pkcs11.wrapper.*;
40 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
41
42
43 import sun.security.rsa.RSAKeyFactory;
44
45 /**
46 * KeyPairGenerator implementation class. This class currently supports
47 * RSA, DSA, DH, and EC.
48 *
49 * Note that for DSA and DH we rely on the Sun and SunJCE providers to
50 * obtain the parameters from.
51 *
52 * @author Andreas Sterbenz
53 * @since 1.5
54 */
55 final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
56
57 // token instance
58 private final Token token;
59
60 // algorithm name
61 private final String algorithm;
62
83 P11KeyPairGenerator(Token token, String algorithm, long mechanism)
84 throws PKCS11Exception {
85 super();
86 int minKeyLen = -1;
87 int maxKeyLen = -1;
88 try {
89 CK_MECHANISM_INFO mechInfo = token.getMechanismInfo(mechanism);
90 if (mechInfo != null) {
91 minKeyLen = (int) mechInfo.ulMinKeySize;
92 maxKeyLen = (int) mechInfo.ulMaxKeySize;
93 }
94 } catch (PKCS11Exception p11e) {
95 // Should never happen
96 throw new ProviderException
97 ("Unexpected error while getting mechanism info", p11e);
98 }
99 // set default key sizes and apply our own algorithm-specific limits
100 // override lower limit to disallow unsecure keys being generated
101 // override upper limit to deter DOS attack
102 if (algorithm.equals("EC")) {
103 keySize = DEF_EC_KEY_SIZE;
104 if ((minKeyLen == -1) || (minKeyLen < 112)) {
105 minKeyLen = 112;
106 }
107 if ((maxKeyLen == -1) || (maxKeyLen > 2048)) {
108 maxKeyLen = 2048;
109 }
110 } else {
111 if (algorithm.equals("DSA")) {
112 keySize = DEF_DSA_KEY_SIZE;
113 } else if (algorithm.equals("RSA")) {
114 keySize = DEF_RSA_KEY_SIZE;
115 } else {
116 keySize = DEF_DH_KEY_SIZE;
117 }
118 if ((minKeyLen == -1) || (minKeyLen < 512)) {
119 minKeyLen = 512;
120 }
121 if (algorithm.equals("RSA")) {
122 if ((maxKeyLen == -1) || (maxKeyLen > 64 * 1024)) {
123 maxKeyLen = 64 * 1024;
124 }
125 }
126 }
127
128 // auto-adjust default keysize in case it's out-of-range
129 if ((minKeyLen != -1) && (keySize < minKeyLen)) {
130 keySize = minKeyLen;
131 }
132 if ((maxKeyLen != -1) && (keySize > maxKeyLen)) {
133 keySize = maxKeyLen;
134 }
135 this.token = token;
136 this.algorithm = algorithm;
137 this.mechanism = mechanism;
|