1
/* SRPKeyPairGenerator.java --
2
Copyright (C) 2003, 2006 Free Software Foundation, Inc.
4
This file is a part of GNU Classpath.
6
GNU Classpath is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or (at
9
your option) any later version.
11
GNU Classpath is distributed in the hope that it will be useful, but
12
WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with GNU Classpath; if not, write to the Free Software
18
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
21
Linking this library statically or dynamically with other modules is
22
making a combined work based on this library. Thus, the terms and
23
conditions of the GNU General Public License cover the whole
26
As a special exception, the copyright holders of this library give you
27
permission to link this library with independent modules to produce an
28
executable, regardless of the license terms of these independent
29
modules, and to copy and distribute the resulting executable under
30
terms of your choice, provided that you also meet, for each linked
31
independent module, the terms and conditions of the license of that
32
module. An independent module is a module which is not derived from
33
or based on this library. If you modify this library, you may extend
34
this exception to your version of the library, but you are not
35
obligated to do so. If you do not wish to do so, delete this
36
exception statement from your version. */
39
package gnu.javax.crypto.key.srp6;
41
import gnu.java.security.Registry;
42
import gnu.java.security.key.IKeyPairGenerator;
43
import gnu.java.security.util.PRNG;
44
import gnu.java.security.util.Prime2;
46
import java.io.PrintWriter;
47
import java.math.BigInteger;
48
import java.security.KeyPair;
49
import java.security.SecureRandom;
57
* <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br>
61
public class SRPKeyPairGenerator implements IKeyPairGenerator
64
// Debugging methods and variables
65
// -------------------------------------------------------------------------
67
private static final String NAME = "srp";
69
private static final boolean DEBUG = false;
71
private static final int debuglevel = 5;
73
private static final PrintWriter err = new PrintWriter(System.out, true);
75
private static void debug(String s)
77
err.println(">>> " + NAME + ": " + s);
80
// Constants and variables
81
// -------------------------------------------------------------------------
83
private static final BigInteger ZERO = BigInteger.ZERO;
85
private static final BigInteger ONE = BigInteger.ONE;
87
private static final BigInteger TWO = BigInteger.valueOf(2L);
89
private static final BigInteger THREE = BigInteger.valueOf(3L);
91
/** Property name of the length (Integer) of the modulus (N) of an SRP key. */
92
public static final String MODULUS_LENGTH = "gnu.crypto.srp.L";
94
/** Property name of the Boolean indicating wether or not to use defaults. */
95
public static final String USE_DEFAULTS = "gnu.crypto.srp.use.defaults";
97
/** Property name of the modulus (N) of an SRP key. */
98
public static final String SHARED_MODULUS = "gnu.crypto.srp.N";
100
/** Property name of the generator (g) of an SRP key. */
101
public static final String GENERATOR = "gnu.crypto.srp.g";
103
/** Property name of the user's verifier (v) for a Server SRP key. */
104
public static final String USER_VERIFIER = "gnu.crypto.srp.v";
107
* Property name of an optional {@link SecureRandom} instance to use. The
108
* default is to use a classloader singleton from {@link PRNG}.
110
public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.srp.prng";
112
/** Default value for the modulus length. */
113
private static final int DEFAULT_MODULUS_LENGTH = 1024;
115
/** The optional {@link SecureRandom} instance to use. */
116
private SecureRandom rnd = null;
118
/** Bit length of the shared modulus. */
121
/** The shared public modulus. */
122
private BigInteger N;
124
/** The Field generator. */
125
private BigInteger g;
127
/** The user's verifier MPI. */
128
private BigInteger v;
130
/** Our default source of randomness. */
131
private PRNG prng = null;
134
// -------------------------------------------------------------------------
136
// implicit 0-arguments constructor
139
// -------------------------------------------------------------------------
142
// -------------------------------------------------------------------------
144
// gnu.crypto.key.IKeyPairGenerator interface implementation ---------------
148
return Registry.SRP_KPG;
151
public void setup(Map attributes)
153
// do we have a SecureRandom, or should we use our own?
154
rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS);
156
N = (BigInteger) attributes.get(SHARED_MODULUS);
160
g = (BigInteger) attributes.get(GENERATOR);
165
SRPAlgorithm.checkParams(N, g);
168
{ // generate or use default values for N and g
169
Boolean useDefaults = (Boolean) attributes.get(USE_DEFAULTS);
170
if (useDefaults == null)
172
useDefaults = Boolean.TRUE;
174
Integer L = (Integer) attributes.get(MODULUS_LENGTH);
175
l = DEFAULT_MODULUS_LENGTH;
176
if (useDefaults.equals(Boolean.TRUE))
184
N = SRPAlgorithm.N_512;
187
N = SRPAlgorithm.N_640;
190
N = SRPAlgorithm.N_768;
193
N = SRPAlgorithm.N_1024;
196
N = SRPAlgorithm.N_1280;
199
N = SRPAlgorithm.N_1536;
202
N = SRPAlgorithm.N_2048;
205
throw new IllegalArgumentException(
206
"unknown default shared modulus bit length");
213
{ // generate new N and g
217
if ((l % 256) != 0 || l < 512 || l > 2048)
219
throw new IllegalArgumentException(
220
"invalid shared modulus bit length");
226
// are we using this generator on the server side, or the client side?
227
v = (BigInteger) attributes.get(USER_VERIFIER);
230
public KeyPair generate()
234
BigInteger[] params = generateParameters();
235
BigInteger q = params[0];
238
if (DEBUG && debuglevel > 0)
240
debug("q: " + q.toString(16));
241
debug("N: " + N.toString(16));
242
debug("g: " + g.toString(16));
246
return (v != null ? hostKeyPair() : userKeyPair());
249
// helper methods ----------------------------------------------------------
251
private synchronized BigInteger[] generateParameters()
253
// N A large safe prime (N = 2q+1, where q is prime)
254
// g A generator modulo N
256
byte[] qBytes = new byte[l / 8];
261
nextRandomBytes(qBytes);
262
q = new BigInteger(1, qBytes);
263
q = q.setBit(0).setBit(l - 2).clearBit(l - 1);
265
while (!Prime2.isProbablePrime(q));
266
p = q.multiply(TWO).add(ONE);
268
while (p.bitLength() != l || !Prime2.isProbablePrime(p));
270
// compute g. from FIPS-186, Appendix 4: e == 2
271
BigInteger p_minus_1 = p.subtract(ONE);
273
// Set h = any integer, where 1 < h < p - 1 and
274
// h differs from any value previously tried
275
for (BigInteger h = TWO; h.compareTo(p_minus_1) < 0; h = h.add(ONE))
277
// Set g = h**2 mod p
278
g = h.modPow(TWO, p);
279
// If g = 1, go to step 3
286
return new BigInteger[] { q, p, g };
289
private KeyPair hostKeyPair()
291
byte[] bBytes = new byte[(l + 7) / 8];
297
nextRandomBytes(bBytes);
298
b = new BigInteger(1, bBytes);
300
while (b.compareTo(ONE) <= 0 || b.compareTo(N) >= 0);
301
B = THREE.multiply(v).add(g.modPow(b, N)).mod(N);
303
while (B.compareTo(ZERO) == 0 || B.compareTo(N) >= 0);
305
KeyPair result = new KeyPair(
306
new SRPPublicKey(new BigInteger[] { N, g, B }),
307
new SRPPrivateKey(new BigInteger[] { N, g, b,
312
private KeyPair userKeyPair()
314
byte[] aBytes = new byte[(l + 7) / 8];
320
nextRandomBytes(aBytes);
321
a = new BigInteger(1, aBytes);
323
while (a.compareTo(ONE) <= 0 || a.compareTo(N) >= 0);
326
while (A.compareTo(ZERO) == 0 || A.compareTo(N) >= 0);
328
KeyPair result = new KeyPair(
329
new SRPPublicKey(new BigInteger[] { N, g, A }),
330
new SRPPrivateKey(new BigInteger[] { N, g, a }));
334
private void nextRandomBytes(byte[] buffer)
338
rnd.nextBytes(buffer);
341
getDefaultPRNG().nextBytes(buffer);
344
private PRNG getDefaultPRNG()
347
prng = PRNG.getInstance();