Source for gnu.javax.crypto.key.srp6.SRPKeyPairGenerator

   1: /* SRPKeyPairGenerator.java -- 
   2:    Copyright (C) 2003, 2006 Free Software Foundation, Inc.
   3: 
   4: This file is a part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2 of the License, or (at
   9: your option) any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; if not, write to the Free Software
  18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
  19: USA
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version.  */
  37: 
  38: 
  39: package gnu.javax.crypto.key.srp6;
  40: 
  41: import gnu.java.security.Configuration;
  42: import gnu.java.security.Registry;
  43: import gnu.java.security.key.IKeyPairGenerator;
  44: import gnu.java.security.util.PRNG;
  45: 
  46: import java.math.BigInteger;
  47: import java.security.KeyPair;
  48: import java.security.SecureRandom;
  49: import java.util.Map;
  50: import java.util.logging.Logger;
  51: 
  52: /**
  53:  * Reference:
  54:  * <ol>
  55:  * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br>
  56:  * Thomas J. Wu.</li>
  57:  * </ol>
  58:  */
  59: public class SRPKeyPairGenerator
  60:     implements IKeyPairGenerator
  61: {
  62:   private static final Logger log = Logger.getLogger(SRPKeyPairGenerator.class.getName());
  63:   private static final BigInteger ZERO = BigInteger.ZERO;
  64:   private static final BigInteger ONE = BigInteger.ONE;
  65:   private static final BigInteger TWO = BigInteger.valueOf(2L);
  66:   private static final BigInteger THREE = BigInteger.valueOf(3L);
  67:   /** Property name of the length (Integer) of the modulus (N) of an SRP key. */
  68:   public static final String MODULUS_LENGTH = "gnu.crypto.srp.L";
  69:   /** Property name of the Boolean indicating wether or not to use defaults. */
  70:   public static final String USE_DEFAULTS = "gnu.crypto.srp.use.defaults";
  71:   /** Property name of the modulus (N) of an SRP key. */
  72:   public static final String SHARED_MODULUS = "gnu.crypto.srp.N";
  73:   /** Property name of the generator (g) of an SRP key. */
  74:   public static final String GENERATOR = "gnu.crypto.srp.g";
  75:   /** Property name of the user's verifier (v) for a Server SRP key. */
  76:   public static final String USER_VERIFIER = "gnu.crypto.srp.v";
  77:   /**
  78:    * Property name of an optional {@link SecureRandom} instance to use. The
  79:    * default is to use a classloader singleton from {@link PRNG}.
  80:    */
  81:   public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.srp.prng";
  82:   /** Default value for the modulus length. */
  83:   private static final int DEFAULT_MODULUS_LENGTH = 1024;
  84:   /** The optional {@link SecureRandom} instance to use. */
  85:   private SecureRandom rnd = null;
  86:   /** Bit length of the shared modulus. */
  87:   private int l;
  88:   /** The shared public modulus. */
  89:   private BigInteger N;
  90:   /** The Field generator. */
  91:   private BigInteger g;
  92:   /** The user's verifier MPI. */
  93:   private BigInteger v;
  94:   /** Our default source of randomness. */
  95:   private PRNG prng = null;
  96: 
  97:   // implicit 0-arguments constructor
  98: 
  99:   public String name()
 100:   {
 101:     return Registry.SRP_KPG;
 102:   }
 103: 
 104:   public void setup(Map attributes)
 105:   {
 106:     // do we have a SecureRandom, or should we use our own?
 107:     rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS);
 108:     N = (BigInteger) attributes.get(SHARED_MODULUS);
 109:     if (N != null)
 110:       {
 111:         l = N.bitLength();
 112:         g = (BigInteger) attributes.get(GENERATOR);
 113:         if (g == null)
 114:           g = TWO;
 115:         SRPAlgorithm.checkParams(N, g);
 116:       }
 117:     else
 118:       { // generate or use default values for N and g
 119:         Boolean useDefaults = (Boolean) attributes.get(USE_DEFAULTS);
 120:         if (useDefaults == null)
 121:           useDefaults = Boolean.TRUE;
 122:         Integer L = (Integer) attributes.get(MODULUS_LENGTH);
 123:         l = DEFAULT_MODULUS_LENGTH;
 124:         if (useDefaults.equals(Boolean.TRUE))
 125:           {
 126:             if (L != null)
 127:               {
 128:                 l = L.intValue();
 129:                 switch (l)
 130:                   {
 131:                   case 512:
 132:                     N = SRPAlgorithm.N_512;
 133:                     break;
 134:                   case 640:
 135:                     N = SRPAlgorithm.N_640;
 136:                     break;
 137:                   case 768:
 138:                     N = SRPAlgorithm.N_768;
 139:                     break;
 140:                   case 1024:
 141:                     N = SRPAlgorithm.N_1024;
 142:                     break;
 143:                   case 1280:
 144:                     N = SRPAlgorithm.N_1280;
 145:                     break;
 146:                   case 1536:
 147:                     N = SRPAlgorithm.N_1536;
 148:                     break;
 149:                   case 2048:
 150:                     N = SRPAlgorithm.N_2048;
 151:                     break;
 152:                   default:
 153:                     throw new IllegalArgumentException(
 154:                         "unknown default shared modulus bit length");
 155:                   }
 156:                 g = TWO;
 157:                 l = N.bitLength();
 158:               }
 159:           }
 160:         else // generate new N and g
 161:           {
 162:             if (L != null)
 163:               {
 164:                 l = L.intValue();
 165:                 if ((l % 256) != 0 || l < 512 || l > 2048)
 166:                   throw new IllegalArgumentException(
 167:                       "invalid shared modulus bit length");
 168:               }
 169:           }
 170:       }
 171:     // are we using this generator on the server side, or the client side?
 172:     v = (BigInteger) attributes.get(USER_VERIFIER);
 173:   }
 174: 
 175:   public KeyPair generate()
 176:   {
 177:     if (N == null)
 178:       {
 179:         BigInteger[] params = generateParameters();
 180:         BigInteger q = params[0];
 181:         N = params[1];
 182:         g = params[2];
 183:         if (Configuration.DEBUG)
 184:           {
 185:             log.fine("q: " + q.toString(16));
 186:             log.fine("N: " + N.toString(16));
 187:             log.fine("g: " + g.toString(16));
 188:           }
 189:       }
 190:     return (v != null ? hostKeyPair() : userKeyPair());
 191:   }
 192: 
 193:   private synchronized BigInteger[] generateParameters()
 194:   {
 195:     // N A large safe prime (N = 2q+1, where q is prime)
 196:     // g A generator modulo N
 197:     BigInteger q, p, g;
 198:     byte[] qBytes = new byte[l / 8];
 199:     do
 200:       {
 201:         do
 202:           {
 203:             nextRandomBytes(qBytes);
 204:             q = new BigInteger(1, qBytes);
 205:             q = q.setBit(0).setBit(l - 2).clearBit(l - 1);
 206:           }
 207:         while (! q.isProbablePrime(80));
 208:         p = q.multiply(TWO).add(ONE);
 209:       }
 210:     while (p.bitLength() != l || ! p.isProbablePrime(80));
 211:     // compute g. from FIPS-186, Appendix 4: e == 2
 212:     BigInteger p_minus_1 = p.subtract(ONE);
 213:     g = TWO;
 214:     // Set h = any integer, where 1 < h < p - 1 and
 215:     // h differs from any value previously tried
 216:     for (BigInteger h = TWO; h.compareTo(p_minus_1) < 0; h = h.add(ONE))
 217:       {
 218:         // Set g = h**2 mod p
 219:         g = h.modPow(TWO, p);
 220:         // If g = 1, go to step 3
 221:         if (! g.equals(ONE))
 222:           break;
 223:       }
 224:     return new BigInteger[] { q, p, g };
 225:   }
 226: 
 227:   private KeyPair hostKeyPair()
 228:   {
 229:     byte[] bBytes = new byte[(l + 7) / 8];
 230:     BigInteger b, B;
 231:     do
 232:       {
 233:         do
 234:           {
 235:             nextRandomBytes(bBytes);
 236:             b = new BigInteger(1, bBytes);
 237:           }
 238:         while (b.compareTo(ONE) <= 0 || b.compareTo(N) >= 0);
 239:         B = THREE.multiply(v).add(g.modPow(b, N)).mod(N);
 240:       }
 241:     while (B.compareTo(ZERO) == 0 || B.compareTo(N) >= 0);
 242:     KeyPair result = new KeyPair(new SRPPublicKey(new BigInteger[] { N, g, B }),
 243:                                  new SRPPrivateKey(new BigInteger[] { N, g, b, v }));
 244:     return result;
 245:   }
 246: 
 247:   private KeyPair userKeyPair()
 248:   {
 249:     byte[] aBytes = new byte[(l + 7) / 8];
 250:     BigInteger a, A;
 251:     do
 252:       {
 253:         do
 254:           {
 255:             nextRandomBytes(aBytes);
 256:             a = new BigInteger(1, aBytes);
 257:           }
 258:         while (a.compareTo(ONE) <= 0 || a.compareTo(N) >= 0);
 259:         A = g.modPow(a, N);
 260:       }
 261:     while (A.compareTo(ZERO) == 0 || A.compareTo(N) >= 0);
 262:     KeyPair result = new KeyPair(new SRPPublicKey(new BigInteger[] { N, g, A }),
 263:                                  new SRPPrivateKey(new BigInteger[] { N, g, a }));
 264:     return result;
 265:   }
 266: 
 267:   private void nextRandomBytes(byte[] buffer)
 268:   {
 269:     if (rnd != null)
 270:       rnd.nextBytes(buffer);
 271:     else
 272:       getDefaultPRNG().nextBytes(buffer);
 273:   }
 274: 
 275:   private PRNG getDefaultPRNG()
 276:   {
 277:     if (prng == null)
 278:       prng = PRNG.getInstance();
 279: 
 280:     return prng;
 281:   }
 282: }