jdk-sandbox: comparison jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java

equal deleted inserted replaced

-:1b01d62872eb
+:604588823b5a
 /*
-* Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 import java.security.AlgorithmParameters;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.InvalidParameterException;
+import java.security.MessageDigest;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.DSAParameterSpec;
+import java.security.spec.DSAGenParameterSpec;
 /**
 * This class generates parameters for the DSA algorithm. It uses a default
 * prime modulus size of 1024 bits, which can be overwritten during
 * initialization.
 * @since 1.2
 */
 public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
-// the modulus length
+// the default parameters
-private int modLen = 1024; // default
+private static final DSAGenParameterSpec DEFAULTS =
+new DSAGenParameterSpec(1024, 160, 160);
+// the length of prime P, subPrime Q, and seed in bits
+private int valueL = -1;
+private int valueN = -1;
+private int seedLen = -1;
 // the source of randomness
 private SecureRandom random;
 // useful constants
 private static final BigInteger ZERO = BigInteger.valueOf(0);
 private static final BigInteger ONE = BigInteger.valueOf(1);
 private static final BigInteger TWO = BigInteger.valueOf(2);
-// Make a SHA-1 hash function
-private SHA sha;
 public DSAParameterGenerator() {
-this.sha = new SHA();
 }
 /**
 * Initializes this parameter generator for a certain strength
 * and source of randomness.
 *
 * @param strength the strength (size of prime) in bits
 * @param random the source of randomness
 */
 protected void engineInit(int strength, SecureRandom random) {
-/*
+if ((strength >= 512) && (strength <= 1024) && (strength % 64 == 0)) {
-* Bruce Schneier, "Applied Cryptography", 2nd Edition,
+this.valueN = 160;
-* Description of DSA:
+} else if (strength == 2048) {
-* [...] The algorithm uses the following parameter:
+this.valueN = 224;
-* p=a prime number L bits long, when L ranges from 512 to 1024 and is
+//      } else if (strength == 3072) {
-* a multiple of 64. [...]
+//          this.valueN = 256;
-*/
+} else {
-if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) {
 throw new InvalidParameterException
-("Prime size must range from 512 to 1024 "
+("Prime size should be 512 - 1024, or 2048");
-+ "and be a multiple of 64");
+}
-}
+this.valueL = strength;
-this.modLen = strength;
+this.seedLen = valueN;
 this.random = random;
 }
 /**
 * Initializes this parameter generator with a set of
 * algorithm-specific parameter generation values.
 *
-* @param params the set of algorithm-specific parameter generation values
+* @param genParamSpec the set of algorithm-specific parameter generation values
 * @param random the source of randomness
 *
 * @exception InvalidAlgorithmParameterException if the given parameter
 * generation values are inappropriate for this parameter generator
 */
 protected void engineInit(AlgorithmParameterSpec genParamSpec,
 SecureRandom random)
 throws InvalidAlgorithmParameterException {
+if (!(genParamSpec instanceof DSAGenParameterSpec)) {
 throw new InvalidAlgorithmParameterException("Invalid parameter");
+}
+DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec;
+if (dsaGenParams.getPrimePLength() > 2048) {
+throw new InvalidParameterException
+("Prime size should be 512 - 1024, or 2048");
+}
+// directly initialize using the already validated values
+this.valueL = dsaGenParams.getPrimePLength();
+this.valueN = dsaGenParams.getSubprimeQLength();
+this.seedLen = dsaGenParams.getSeedLength();
+this.random = random;
 }
 /**
 * Generates the parameters.
 *
 AlgorithmParameters algParams = null;
 try {
 if (this.random == null) {
 this.random = new SecureRandom();
 }
+if (valueL == -1) {
-BigInteger[] pAndQ = generatePandQ(this.random, this.modLen);
+try {
+engineInit(DEFAULTS, this.random);
+} catch (InvalidAlgorithmParameterException iape) {
+// should never happen
+}
+}
+BigInteger[] pAndQ = generatePandQ(this.random, valueL,
+valueN, seedLen);
 BigInteger paramP = pAndQ[0];
 BigInteger paramQ = pAndQ[1];
 BigInteger paramG = generateG(paramP, paramQ);
-DSAParameterSpec dsaParamSpec = new DSAParameterSpec(paramP,
+DSAParameterSpec dsaParamSpec =
-paramQ,
+new DSAParameterSpec(paramP, paramQ, paramG);
-paramG);
 algParams = AlgorithmParameters.getInstance("DSA", "SUN");
 algParams.init(dsaParamSpec);
 } catch (InvalidParameterSpecException e) {
 // this should never happen
 throw new RuntimeException(e.getMessage());
 * This method will generate new seeds until a suitable
 * seed has been found.
 *
 * @param random the source of randomness to generate the
 * seed
-* @param L the size of <code>p</code>, in bits.
+* @param valueL the size of <code>p</code>, in bits.
+* @param valueN the size of <code>q</code>, in bits.
+* @param seedLen the length of <code>seed</code>, in bits.
 *
 * @return an array of BigInteger, with <code>p</code> at index 0 and
-* <code>q</code> at index 1.
-*/
-BigInteger[] generatePandQ(SecureRandom random, int L) {
-BigInteger[] result = null;
-byte[] seed = new byte[20];
-while(result == null) {
-for (int i = 0; i < 20; i++) {
-seed[i] = (byte)random.nextInt();
-}
-result = generatePandQ(seed, L);
-}
-return result;
-}
-/*
-* Generates the prime and subprime parameters for DSA.
-*
-* <p>The seed parameter corresponds to the <code>SEED</code> parameter
-* referenced in the FIPS specification of the DSA algorithm,
-* and L is the size of <code>p</code>, in bits.
-*
-* @param seed the seed to generate the parameters
-* @param L the size of <code>p</code>, in bits.
-*
-* @return an array of BigInteger, with <code>p</code> at index 0,
 * <code>q</code> at index 1, the seed at index 2, and the counter value
-* at index 3, or null if the seed does not yield suitable numbers.
+* at index 3.
 */
-BigInteger[] generatePandQ(byte[] seed, int L) {
+private static BigInteger[] generatePandQ(SecureRandom random, int valueL,
+int valueN, int seedLen) {
-/* Useful variables */
+String hashAlg = null;
-int g = seed.length * 8;
+if (valueN == 160) {
-int n = (L - 1) / 160;
+hashAlg = "SHA";
-int b = (L - 1) % 160;
+} else if (valueN == 224) {
+hashAlg = "SHA-224";
-BigInteger SEED = new BigInteger(1, seed);
+} else if (valueN == 256) {
-BigInteger TWOG = TWO.pow(2 * g);
+hashAlg = "SHA-256";
+}
-/* Step 2 (Step 1 is getting seed). */
+MessageDigest hashObj = null;
-byte[] U1 = SHA(seed);
+try {
-byte[] U2 = SHA(toByteArray((SEED.add(ONE)).mod(TWOG)));
+hashObj = MessageDigest.getInstance(hashAlg);
+} catch (NoSuchAlgorithmException nsae) {
-xor(U1, U2);
+// should never happen
-byte[] U = U1;
+nsae.printStackTrace();
+}
-/* Step 3: For q by setting the msb and lsb to 1 */
-U[0] |= 0x80;
+/* Step 3, 4: Useful variables */
-U[19] |= 1;
+int outLen = hashObj.getDigestLength()*8;
-BigInteger q = new BigInteger(1, U);
+int n = (valueL - 1) / outLen;
+int b = (valueL - 1) % outLen;
-/* Step 5 */
+byte[] seedBytes = new byte[seedLen/8];
-if (!q.isProbablePrime(80)) {
+BigInteger twoSl = TWO.pow(seedLen);
-return null;
+int primeCertainty = 80; // for 1024-bit prime P
+if (valueL == 2048) {
-} else {
+primeCertainty = 112;
-BigInteger V[] = new BigInteger[n + 1];
+//} else if (valueL == 3072) {
-BigInteger offset = TWO;
+//    primeCertainty = 128;
+}
-/* Step 6 */
-for (int counter = 0; counter < 4096; counter++) {
+BigInteger resultP, resultQ, seed = null;
+int counter;
-/* Step 7 */
+while (true) {
-for (int k = 0; k <= n; k++) {
+do {
-BigInteger K = BigInteger.valueOf(k);
+/* Step 5 */
-BigInteger tmp = (SEED.add(offset).add(K)).mod(TWOG);
+random.nextBytes(seedBytes);
-V[k] = new BigInteger(1, SHA(toByteArray(tmp)));
+seed = new BigInteger(1, seedBytes);
-}
+/* Step 6 */
-/* Step 8 */
+BigInteger U = new BigInteger(1, hashObj.digest(seedBytes)).
-BigInteger W = V[0];
+mod(TWO.pow(valueN - 1));
-for (int i = 1; i < n; i++) {
-W = W.add(V[i].multiply(TWO.pow(i * 160)));
+/* Step 7 */
-}
+resultQ = TWO.pow(valueN - 1).add(U).add(ONE). subtract(U.mod(TWO));
-W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * 160)));
+} while (!resultQ.isProbablePrime(primeCertainty));
-BigInteger TWOLm1 = TWO.pow(L - 1);
+/* Step 10 */
-BigInteger X = W.add(TWOLm1);
+BigInteger offset = ONE;
+/* Step 11 */
-/* Step 9 */
+for (counter = 0; counter < 4*valueL; counter++) {
-BigInteger c = X.mod(q.multiply(TWO));
+BigInteger V[] = new BigInteger[n + 1];
-BigInteger p = X.subtract(c.subtract(ONE));
+/* Step 11.1 */
+for (int j = 0; j <= n; j++) {
-/* Step 10 - 13 */
+BigInteger J = BigInteger.valueOf(j);
-if (p.compareTo(TWOLm1) > -1 && p.isProbablePrime(80)) {
+BigInteger tmp = (seed.add(offset).add(J)).mod(twoSl);
-BigInteger[] result = {p, q, SEED,
+byte[] vjBytes = hashObj.digest(toByteArray(tmp));
-BigInteger.valueOf(counter)};
+V[j] = new BigInteger(1, vjBytes);
-return result;
+}
-}
+/* Step 11.2 */
-offset = offset.add(BigInteger.valueOf(n)).add(ONE);
+BigInteger W = V[0];
+for (int i = 1; i < n; i++) {
+W = W.add(V[i].multiply(TWO.pow(i * outLen)));
+}
+W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * outLen)));
+/* Step 11.3 */
+BigInteger twoLm1 = TWO.pow(valueL - 1);
+BigInteger X = W.add(twoLm1);
+/* Step 11.4, 11.5 */
+BigInteger c = X.mod(resultQ.multiply(TWO));
+resultP = X.subtract(c.subtract(ONE));
+/* Step 11.6, 11.7 */
+if (resultP.compareTo(twoLm1) > -1
+&& resultP.isProbablePrime(primeCertainty)) {
+/* Step 11.8 */
+BigInteger[] result = {resultP, resultQ, seed,
+BigInteger.valueOf(counter)};
+return result;
+}
+/* Step 11.9 */
+offset = offset.add(BigInteger.valueOf(n)).add(ONE);
 }
-return null;
+}
-}
 }
 /*
 * Generates the <code>g</code> parameter for DSA.
 *
 * @param p the prime, <code>p</code>.
 * @param q the subprime, <code>q</code>.
 *
 * @param the <code>g</code>
 */
-BigInteger generateG(BigInteger p, BigInteger q) {
+private static BigInteger generateG(BigInteger p, BigInteger q) {
 BigInteger h = ONE;
+/* Step 1 */
 BigInteger pMinusOneOverQ = (p.subtract(ONE)).divide(q);
-BigInteger g = ONE;
+BigInteger resultG = ONE;
-while (g.compareTo(TWO) < 0) {
+while (resultG.compareTo(TWO) < 0) {
-g = h.modPow(pMinusOneOverQ, p);
+/* Step 3 */
+resultG = h.modPow(pMinusOneOverQ, p);
 h = h.add(ONE);
 }
-return g;
+return resultG;
-}
-/*
-* Returns the SHA-1 digest of some data
-*/
-private byte[] SHA(byte[] array) {
-sha.engineReset();
-sha.engineUpdate(array, 0, array.length);
-return sha.engineDigest();
 }
 /*
 * Converts the result of a BigInteger.toByteArray call to an exact
 * signed magnitude representation for any positive number.
 */
-private byte[] toByteArray(BigInteger bigInt) {
+private static byte[] toByteArray(BigInteger bigInt) {
 byte[] result = bigInt.toByteArray();
 if (result[0] == 0) {
 byte[] tmp = new byte[result.length - 1];
 System.arraycopy(result, 1, tmp, 0, tmp.length);
 result = tmp;
 }
 return result;
 }
-/*
-* XORs U2 into U1
-*/
-private void xor(byte[] U1, byte[] U2) {
-for (int i = 0; i < U1.length; i++) {
-U1[i] ^= U2[i];
-}
-}
 }

changeset 13672	604588823b5a
parent 5506	202f599c92aa
child 14003	53c498ff6b0b