1 /* SRPKeyPairGenerator.java --
2 Copyright (C) 2003, 2006, 2010 Free Software Foundation, Inc.
4 This file is a part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or (at
9 your option) any later version.
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
39 package gnu.javax.crypto.key.srp6;
41 import gnu.java.security.Configuration;
42 import gnu.java.security.Registry;
43 import gnu.java.security.key.IKeyPairGenerator;
44 import gnu.java.security.util.PRNG;
46 import java.math.BigInteger;
47 import java.security.KeyPair;
48 import java.security.SecureRandom;
50 import java.util.logging.Logger;
55 * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br>
59 public class SRPKeyPairGenerator
60 implements IKeyPairGenerator
62 private static final Logger log = Configuration.DEBUG ?
63 Logger.getLogger(SRPKeyPairGenerator.class.getName()) : null;
65 private static final BigInteger ZERO = BigInteger.ZERO;
66 private static final BigInteger ONE = BigInteger.ONE;
67 private static final BigInteger TWO = BigInteger.valueOf(2L);
68 private static final BigInteger THREE = BigInteger.valueOf(3L);
69 /** Property name of the length (Integer) of the modulus (N) of an SRP key. */
70 public static final String MODULUS_LENGTH = "gnu.crypto.srp.L";
71 /** Property name of the Boolean indicating wether or not to use defaults. */
72 public static final String USE_DEFAULTS = "gnu.crypto.srp.use.defaults";
73 /** Property name of the modulus (N) of an SRP key. */
74 public static final String SHARED_MODULUS = "gnu.crypto.srp.N";
75 /** Property name of the generator (g) of an SRP key. */
76 public static final String GENERATOR = "gnu.crypto.srp.g";
77 /** Property name of the user's verifier (v) for a Server SRP key. */
78 public static final String USER_VERIFIER = "gnu.crypto.srp.v";
80 * Property name of an optional {@link SecureRandom} instance to use. The
81 * default is to use a classloader singleton from {@link PRNG}.
83 public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.srp.prng";
84 /** Default value for the modulus length. */
85 private static final int DEFAULT_MODULUS_LENGTH = 1024;
86 /** The optional {@link SecureRandom} instance to use. */
87 private SecureRandom rnd = null;
88 /** Bit length of the shared modulus. */
90 /** The shared public modulus. */
92 /** The Field generator. */
94 /** The user's verifier MPI. */
96 /** Our default source of randomness. */
97 private PRNG prng = null;
99 // implicit 0-arguments constructor
103 return Registry.SRP_KPG;
106 public void setup(Map attributes)
108 // do we have a SecureRandom, or should we use our own?
109 rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS);
110 N = (BigInteger) attributes.get(SHARED_MODULUS);
114 g = (BigInteger) attributes.get(GENERATOR);
117 SRPAlgorithm.checkParams(N, g);
120 { // generate or use default values for N and g
121 Boolean useDefaults = (Boolean) attributes.get(USE_DEFAULTS);
122 if (useDefaults == null)
123 useDefaults = Boolean.TRUE;
124 Integer L = (Integer) attributes.get(MODULUS_LENGTH);
125 l = DEFAULT_MODULUS_LENGTH;
126 if (useDefaults.equals(Boolean.TRUE))
134 N = SRPAlgorithm.N_512;
137 N = SRPAlgorithm.N_640;
140 N = SRPAlgorithm.N_768;
143 N = SRPAlgorithm.N_1024;
146 N = SRPAlgorithm.N_1280;
149 N = SRPAlgorithm.N_1536;
152 N = SRPAlgorithm.N_2048;
155 throw new IllegalArgumentException(
156 "unknown default shared modulus bit length");
162 else // generate new N and g
167 if ((l % 256) != 0 || l < 512 || l > 2048)
168 throw new IllegalArgumentException(
169 "invalid shared modulus bit length");
173 // are we using this generator on the server side, or the client side?
174 v = (BigInteger) attributes.get(USER_VERIFIER);
177 public KeyPair generate()
181 BigInteger[] params = generateParameters();
182 BigInteger q = params[0];
185 if (Configuration.DEBUG)
187 log.fine("q: " + q.toString(16));
188 log.fine("N: " + N.toString(16));
189 log.fine("g: " + g.toString(16));
192 return (v != null ? hostKeyPair() : userKeyPair());
195 private synchronized BigInteger[] generateParameters()
197 // N A large safe prime (N = 2q+1, where q is prime)
198 // g A generator modulo N
200 byte[] qBytes = new byte[l / 8];
205 nextRandomBytes(qBytes);
206 q = new BigInteger(1, qBytes);
207 q = q.setBit(0).setBit(l - 2).clearBit(l - 1);
209 while (! q.isProbablePrime(80));
210 p = q.multiply(TWO).add(ONE);
212 while (p.bitLength() != l || ! p.isProbablePrime(80));
213 // compute g. from FIPS-186, Appendix 4: e == 2
214 BigInteger p_minus_1 = p.subtract(ONE);
216 // Set h = any integer, where 1 < h < p - 1 and
217 // h differs from any value previously tried
218 for (BigInteger h = TWO; h.compareTo(p_minus_1) < 0; h = h.add(ONE))
220 // Set g = h**2 mod p
221 g = h.modPow(TWO, p);
222 // If g = 1, go to step 3
226 return new BigInteger[] { q, p, g };
229 private KeyPair hostKeyPair()
231 byte[] bBytes = new byte[(l + 7) / 8];
237 nextRandomBytes(bBytes);
238 b = new BigInteger(1, bBytes);
240 while (b.compareTo(ONE) <= 0 || b.compareTo(N) >= 0);
241 B = THREE.multiply(v).add(g.modPow(b, N)).mod(N);
243 while (B.compareTo(ZERO) == 0 || B.compareTo(N) >= 0);
244 KeyPair result = new KeyPair(new SRPPublicKey(new BigInteger[] { N, g, B }),
245 new SRPPrivateKey(new BigInteger[] { N, g, b, v }));
249 private KeyPair userKeyPair()
251 byte[] aBytes = new byte[(l + 7) / 8];
257 nextRandomBytes(aBytes);
258 a = new BigInteger(1, aBytes);
260 while (a.compareTo(ONE) <= 0 || a.compareTo(N) >= 0);
263 while (A.compareTo(ZERO) == 0 || A.compareTo(N) >= 0);
264 KeyPair result = new KeyPair(new SRPPublicKey(new BigInteger[] { N, g, A }),
265 new SRPPrivateKey(new BigInteger[] { N, g, a }));
269 private void nextRandomBytes(byte[] buffer)
272 rnd.nextBytes(buffer);
274 getDefaultPRNG().nextBytes(buffer);
277 private PRNG getDefaultPRNG()
280 prng = PRNG.getInstance();