1 /* 2 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.math.BigInteger; 29 30 import java.security.*; 31 import java.security.SecureRandom; 32 import java.security.interfaces.DSAParams; 33 import java.security.spec.AlgorithmParameterSpec; 34 import java.security.spec.InvalidParameterSpecException; 35 import java.security.spec.DSAParameterSpec; 36 37 import sun.security.jca.JCAUtil; 38 39 /** 40 * This class generates DSA key parameters and public/private key 41 * pairs according to the DSS standard NIST FIPS 186. It uses the 42 * updated version of SHA, SHA-1 as described in FIPS 180-1. 43 * 44 * @author Benjamin Renaud 45 * @author Andreas Sterbenz 46 * 47 */ 48 public class DSAKeyPairGenerator extends KeyPairGenerator 49 implements java.security.interfaces.DSAKeyPairGenerator { 50 51 /* Length for prime P and subPrime Q in bits */ 52 private int plen; 53 private int qlen; 54 55 /* whether to force new parameters to be generated for each KeyPair */ 56 private boolean forceNewParameters; 57 58 /* preset algorithm parameters. */ 59 private DSAParameterSpec params; 60 61 /* The source of random bits to use */ 62 private SecureRandom random; 63 64 public DSAKeyPairGenerator() { 65 super("DSA"); 66 initialize(1024, null); 67 } 68 69 private static void checkStrength(int sizeP, int sizeQ) { 70 if ((sizeP >= 512) && (sizeP <= 1024) && (sizeP % 64 == 0) 71 && sizeQ == 160) { 72 // traditional - allow for backward compatibility 73 // L=multiples of 64 and between 512 and 1024 (inclusive) 74 // N=160 75 } else if (sizeP == 2048 && (sizeQ == 224 || sizeQ == 256)) { 76 // L=2048, N=224 or 256 77 } else { 78 throw new InvalidParameterException 79 ("Unsupported prime and subprime size combination: " + 80 sizeP + ", " + sizeQ); 81 } 82 } 83 84 public void initialize(int modlen, SecureRandom random) { 85 // generate new parameters when no precomputed ones available. 86 initialize(modlen, true, random); 87 this.forceNewParameters = false; 88 } 89 90 /** 91 * Initializes the DSA key pair generator. If <code>genParams</code> 92 * is false, a set of pre-computed parameters is used. 93 */ 94 public void initialize(int modlen, boolean genParams, SecureRandom random) { 95 int subPrimeLen = -1; 96 if (modlen <= 1024) { 97 subPrimeLen = 160; 98 } else if (modlen == 2048) { 99 subPrimeLen = 224; 100 } 101 checkStrength(modlen, subPrimeLen); 102 if (genParams) { 103 params = null; 104 } else { 105 params = ParameterCache.getCachedDSAParameterSpec(modlen, 106 subPrimeLen); 107 if (params == null) { 108 throw new InvalidParameterException 109 ("No precomputed parameters for requested modulus size " 110 + "available"); 111 } 112 113 } 114 this.plen = modlen; 115 this.qlen = subPrimeLen; 116 this.random = random; 117 this.forceNewParameters = genParams; 118 } 119 120 /** 121 * Initializes the DSA object using a DSA parameter object. 122 * 123 * @param params a fully initialized DSA parameter object. 124 */ 125 public void initialize(DSAParams params, SecureRandom random) { 126 if (params == null) { 127 throw new InvalidParameterException("Params must not be null"); 128 } 129 DSAParameterSpec spec = new DSAParameterSpec 130 (params.getP(), params.getQ(), params.getG()); 131 initialize0(spec, random); 132 } 133 134 /** 135 * Initializes the DSA object using a parameter object. 136 * 137 * @param params the parameter set to be used to generate 138 * the keys. 139 * @param random the source of randomness for this generator. 140 * 141 * @exception InvalidAlgorithmParameterException if the given parameters 142 * are inappropriate for this key pair generator 143 */ 144 public void initialize(AlgorithmParameterSpec params, SecureRandom random) 145 throws InvalidAlgorithmParameterException { 146 if (!(params instanceof DSAParameterSpec)) { 147 throw new InvalidAlgorithmParameterException 148 ("Inappropriate parameter"); 149 } 150 initialize0((DSAParameterSpec)params, random); 151 } 152 153 private void initialize0(DSAParameterSpec params, SecureRandom random) { 154 int sizeP = params.getP().bitLength(); 155 int sizeQ = params.getQ().bitLength(); 156 checkStrength(sizeP, sizeQ); 157 this.plen = sizeP; 158 this.qlen = sizeQ; 159 this.params = params; 160 this.random = random; 161 this.forceNewParameters = false; 162 } 163 164 /** 165 * Generates a pair of keys usable by any JavaSecurity compliant 166 * DSA implementation. 167 */ 168 public KeyPair generateKeyPair() { 169 if (random == null) { 170 random = JCAUtil.getSecureRandom(); 171 } 172 DSAParameterSpec spec; 173 try { 174 if (forceNewParameters) { 175 // generate new parameters each time 176 spec = ParameterCache.getNewDSAParameterSpec(plen, qlen, random); 177 } else { 178 if (params == null) { 179 params = 180 ParameterCache.getDSAParameterSpec(plen, qlen, random); 181 } 182 spec = params; 183 } 184 } catch (GeneralSecurityException e) { 185 throw new ProviderException(e); 186 } 187 return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random); 188 } 189 190 public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g, 191 SecureRandom random) { 192 193 BigInteger x = generateX(random, q); 194 BigInteger y = generateY(x, p, g); 195 196 try { 197 198 // See the comments in DSAKeyFactory, 4532506, and 6232513. 199 200 DSAPublicKey pub; 201 if (DSAKeyFactory.SERIAL_INTEROP) { 202 pub = new DSAPublicKey(y, p, q, g); 203 } else { 204 pub = new DSAPublicKeyImpl(y, p, q, g); 205 } 206 DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g); 207 208 KeyPair pair = new KeyPair(pub, priv); 209 return pair; 210 } catch (InvalidKeyException e) { 211 throw new ProviderException(e); 212 } 213 } 214 215 /** 216 * Generate the private key component of the key pair using the 217 * provided source of random bits. This method uses the random but 218 * source passed to generate a seed and then calls the seed-based 219 * generateX method. 220 */ 221 private BigInteger generateX(SecureRandom random, BigInteger q) { 222 BigInteger x = null; 223 byte[] temp = new byte[qlen]; 224 while (true) { 225 random.nextBytes(temp); 226 x = new BigInteger(1, temp).mod(q); 227 if (x.signum() > 0 && (x.compareTo(q) < 0)) { 228 return x; 229 } 230 } 231 } 232 233 /** 234 * Generate the public key component y of the key pair. 235 * 236 * @param x the private key component. 237 * 238 * @param p the base parameter. 239 */ 240 BigInteger generateY(BigInteger x, BigInteger p, BigInteger g) { 241 BigInteger y = g.modPow(x, p); 242 return y; 243 } 244 245 }