1 /* 2 * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ec; 27 28 import java.math.BigInteger; 29 import java.security.*; 30 import java.security.spec.AlgorithmParameterSpec; 31 import java.security.spec.ECGenParameterSpec; 32 import java.security.spec.ECParameterSpec; 33 import java.security.spec.ECPoint; 34 35 import sun.security.ec.ECPrivateKeyImpl; 36 import sun.security.ec.ECPublicKeyImpl; 37 import sun.security.jca.JCAUtil; 38 import sun.security.util.ECParameters; 39 import sun.security.util.ECUtil; 40 41 /** 42 * EC keypair generator. 43 * Standard algorithm, minimum key length is 112 bits, maximum is 571 bits. 44 * 45 * @since 1.7 46 */ 47 public final class ECKeyPairGenerator extends KeyPairGeneratorSpi { 48 49 private static final int KEY_SIZE_MIN = 112; // min bits (see ecc_impl.h) 50 private static final int KEY_SIZE_MAX = 571; // max bits (see ecc_impl.h) 51 private static final int KEY_SIZE_DEFAULT = 256; 52 53 // used to seed the keypair generator 54 private SecureRandom random; 55 56 // size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX 57 private int keySize; 58 59 // parameters specified via init, if any 60 private AlgorithmParameterSpec params = null; 61 62 /** 63 * Constructs a new ECKeyPairGenerator. 64 */ 65 public ECKeyPairGenerator() { 66 // initialize to default in case the app does not call initialize() 67 initialize(KEY_SIZE_DEFAULT, null); 68 } 69 70 // initialize the generator. See JCA doc 71 @Override 72 public void initialize(int keySize, SecureRandom random) { 73 74 checkKeySize(keySize); 75 this.params = ECUtil.getECParameterSpec(null, keySize); 76 if (params == null) { 77 throw new InvalidParameterException( 78 "No EC parameters available for key size " + keySize + " bits"); 79 } 80 this.random = random; 81 } 82 83 // second initialize method. See JCA doc 84 @Override 85 public void initialize(AlgorithmParameterSpec params, SecureRandom random) 86 throws InvalidAlgorithmParameterException { 87 88 if (params instanceof ECParameterSpec) { 89 this.params = ECUtil.getECParameterSpec(null, 90 (ECParameterSpec)params); 91 if (this.params == null) { 92 throw new InvalidAlgorithmParameterException( 93 "Unsupported curve: " + params); 94 } 95 } else if (params instanceof ECGenParameterSpec) { 96 String name = ((ECGenParameterSpec)params).getName(); 97 this.params = ECUtil.getECParameterSpec(null, name); 98 if (this.params == null) { 99 throw new InvalidAlgorithmParameterException( 100 "Unknown curve name: " + name); 101 } 102 } else { 103 throw new InvalidAlgorithmParameterException( 104 "ECParameterSpec or ECGenParameterSpec required for EC"); 105 } 106 this.keySize = 107 ((ECParameterSpec)this.params).getCurve().getField().getFieldSize(); 108 this.random = random; 109 } 110 111 // generate the keypair. See JCA doc 112 @Override 113 public KeyPair generateKeyPair() { 114 115 byte[] encodedParams = 116 ECUtil.encodeECParameterSpec(null, (ECParameterSpec)params); 117 118 // seed is twice the key size (in bytes) plus 1 119 byte[] seed = new byte[(((keySize + 7) >> 3) + 1) * 2]; 120 if (random == null) { 121 random = JCAUtil.getSecureRandom(); 122 } 123 random.nextBytes(seed); 124 125 try { 126 127 Object[] keyBytes = generateECKeyPair(keySize, encodedParams, seed); 128 129 // The 'params' object supplied above is equivalent to the native 130 // one so there is no need to fetch it. 131 // keyBytes[0] is the encoding of the native private key 132 BigInteger s = new BigInteger(1, (byte[])keyBytes[0]); 133 134 PrivateKey privateKey = 135 new ECPrivateKeyImpl(s, (ECParameterSpec)params); 136 137 // keyBytes[1] is the encoding of the native public key 138 ECPoint w = ECUtil.decodePoint((byte[])keyBytes[1], 139 ((ECParameterSpec)params).getCurve()); 140 PublicKey publicKey = 141 new ECPublicKeyImpl(w, (ECParameterSpec)params); 142 143 return new KeyPair(publicKey, privateKey); 144 145 } catch (Exception e) { 146 throw new ProviderException(e); 147 } 148 } 149 150 private void checkKeySize(int keySize) throws InvalidParameterException { 151 if (keySize < KEY_SIZE_MIN) { 152 throw new InvalidParameterException 153 ("Key size must be at least " + KEY_SIZE_MIN + " bits"); 154 } 155 if (keySize > KEY_SIZE_MAX) { 156 throw new InvalidParameterException 157 ("Key size must be at most " + KEY_SIZE_MAX + " bits"); 158 } 159 this.keySize = keySize; 160 } 161 162 /* 163 * Generates the keypair and returns a 2-element array of encoding bytes. 164 * The first one is for the private key, the second for the public key. 165 */ 166 private static native Object[] generateECKeyPair(int keySize, 167 byte[] encodedParams, byte[] seed) throws GeneralSecurityException; 168 }