1 /*
2 * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ec;
27
28 import java.math.BigInteger;
29 import java.security.*;
30 import java.security.spec.AlgorithmParameterSpec;
31 import java.security.spec.ECGenParameterSpec;
32 import java.security.spec.ECParameterSpec;
33 import java.security.spec.ECPoint;
34
35 import sun.security.ec.ECPrivateKeyImpl;
36 import sun.security.ec.ECPublicKeyImpl;
37 import sun.security.jca.JCAUtil;
38 import sun.security.util.ECParameters;
39 import sun.security.util.ECUtil;
40
41 /**
42 * EC keypair generator.
43 * Standard algorithm, minimum key length is 112 bits, maximum is 571 bits.
44 *
45 * @since 1.7
46 */
47 public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
48
49 private static final int KEY_SIZE_MIN = 112; // min bits (see ecc_impl.h)
50 private static final int KEY_SIZE_MAX = 571; // max bits (see ecc_impl.h)
51 private static final int KEY_SIZE_DEFAULT = 256;
52
53 // used to seed the keypair generator
54 private SecureRandom random;
55
56 // size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX
57 private int keySize;
58
59 // parameters specified via init, if any
60 private AlgorithmParameterSpec params = null;
61
62 /**
63 * Constructs a new ECKeyPairGenerator.
64 */
65 public ECKeyPairGenerator() {
66 // initialize to default in case the app does not call initialize()
67 initialize(KEY_SIZE_DEFAULT, null);
68 }
69
70 // initialize the generator. See JCA doc
71 @Override
72 public void initialize(int keySize, SecureRandom random) {
73
74 checkKeySize(keySize);
75 this.params = ECUtil.getECParameterSpec(null, keySize);
76 if (params == null) {
77 throw new InvalidParameterException(
78 "No EC parameters available for key size " + keySize + " bits");
79 }
80 this.random = random;
81 }
82
83 // second initialize method. See JCA doc
84 @Override
85 public void initialize(AlgorithmParameterSpec params, SecureRandom random)
86 throws InvalidAlgorithmParameterException {
87
88 if (params instanceof ECParameterSpec) {
89 this.params = ECUtil.getECParameterSpec(null,
90 (ECParameterSpec)params);
91 if (this.params == null) {
92 throw new InvalidAlgorithmParameterException(
93 "Unsupported curve: " + params);
94 }
95 } else if (params instanceof ECGenParameterSpec) {
96 String name = ((ECGenParameterSpec)params).getName();
97 this.params = ECUtil.getECParameterSpec(null, name);
98 if (this.params == null) {
99 throw new InvalidAlgorithmParameterException(
100 "Unknown curve name: " + name);
101 }
102 } else {
103 throw new InvalidAlgorithmParameterException(
104 "ECParameterSpec or ECGenParameterSpec required for EC");
105 }
106 this.keySize =
107 ((ECParameterSpec)this.params).getCurve().getField().getFieldSize();
108 this.random = random;
109 }
110
111 // generate the keypair. See JCA doc
112 @Override
113 public KeyPair generateKeyPair() {
114
115 byte[] encodedParams =
116 ECUtil.encodeECParameterSpec(null, (ECParameterSpec)params);
117
118 // seed is twice the key size (in bytes) plus 1
119 byte[] seed = new byte[(((keySize + 7) >> 3) + 1) * 2];
120 if (random == null) {
121 random = JCAUtil.getSecureRandom();
122 }
123 random.nextBytes(seed);
124
125 try {
126
127 Object[] keyBytes = generateECKeyPair(keySize, encodedParams, seed);
128
129 // The 'params' object supplied above is equivalent to the native
130 // one so there is no need to fetch it.
131 // keyBytes[0] is the encoding of the native private key
132 BigInteger s = new BigInteger(1, (byte[])keyBytes[0]);
133
134 PrivateKey privateKey =
135 new ECPrivateKeyImpl(s, (ECParameterSpec)params);
136
137 // keyBytes[1] is the encoding of the native public key
138 ECPoint w = ECUtil.decodePoint((byte[])keyBytes[1],
139 ((ECParameterSpec)params).getCurve());
140 PublicKey publicKey =
141 new ECPublicKeyImpl(w, (ECParameterSpec)params);
142
143 return new KeyPair(publicKey, privateKey);
144
145 } catch (Exception e) {
146 throw new ProviderException(e);
147 }
148 }
149
150 private void checkKeySize(int keySize) throws InvalidParameterException {
151 if (keySize < KEY_SIZE_MIN) {
152 throw new InvalidParameterException
153 ("Key size must be at least " + KEY_SIZE_MIN + " bits");
154 }
155 if (keySize > KEY_SIZE_MAX) {
156 throw new InvalidParameterException
157 ("Key size must be at most " + KEY_SIZE_MAX + " bits");
158 }
159 this.keySize = keySize;
160 }
161
162 /*
163 * Generates the keypair and returns a 2-element array of encoding bytes.
164 * The first one is for the private key, the second for the public key.
165 */
166 private static native Object[] generateECKeyPair(int keySize,
167 byte[] encodedParams, byte[] seed) throws GeneralSecurityException;
168 }