Logo Search packages:      
Sourcecode: libgnucrypto-java version File versions  Download package

SRPKeyPairGenerator.java

package gnu.crypto.key.srp6;

// ----------------------------------------------------------------------------
// $Id: SRPKeyPairGenerator.java,v 1.2 2005/10/06 04:24:16 rsdio Exp $
//
// Copyright (C) 2003 Free Software Foundation, Inc.
//
// This file is part of GNU Crypto.
//
// GNU Crypto is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2, or (at your option)
// any later version.
//
// GNU Crypto is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; see the file COPYING.  If not, write to the
//
//    Free Software Foundation Inc.,
//    51 Franklin Street, Fifth Floor,
//    Boston, MA 02110-1301
//    USA
//
// Linking this library statically or dynamically with other modules is
// making a combined work based on this library.  Thus, the terms and
// conditions of the GNU General Public License cover the whole
// combination.
//
// As a special exception, the copyright holders of this library give
// you permission to link this library with independent modules to
// produce an executable, regardless of the license terms of these
// independent modules, and to copy and distribute the resulting
// executable under terms of your choice, provided that you also meet,
// for each linked independent module, the terms and conditions of the
// license of that module.  An independent module is a module which is
// not derived from or based on this library.  If you modify this
// library, you may extend this exception to your version of the
// library, but you are not obligated to do so.  If you do not wish to
// do so, delete this exception statement from your version.
// ----------------------------------------------------------------------------

import gnu.crypto.Registry;
import gnu.crypto.key.IKeyPairGenerator;
import gnu.crypto.util.PRNG;
import gnu.crypto.util.Prime;

import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.util.Map;

/**
 *
 *
 * <p>Reference:</p>
 * <ol>
 *    <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br>
 *    Thomas J. Wu.</li>
 * </ol>
 *
 * @version $Revision: 1.2 $
 */
00068 public class SRPKeyPairGenerator implements IKeyPairGenerator {

   // Debugging methods and variables
   // -------------------------------------------------------------------------

   private static final String NAME = "srp";
   private static final boolean DEBUG = false;
   private static final int debuglevel = 5;
   private static final PrintWriter err = new PrintWriter(System.out, true);
   private static void debug(String s) {
      err.println(">>> "+NAME+": "+s);
   }

   // Constants and variables
   // -------------------------------------------------------------------------

   private static final BigInteger ZERO =  BigInteger.ZERO;
   private static final BigInteger ONE =   BigInteger.ONE;
   private static final BigInteger TWO =   BigInteger.valueOf(2L);
   private static final BigInteger THREE = BigInteger.valueOf(3L);

   /** Property name of the length (Integer) of the modulus (N) of an SRP key. */
00090    public static final String MODULUS_LENGTH = "gnu.crypto.srp.L";

   /** Property name of the Boolean indicating wether or not to use defaults. */
00093    public static final String USE_DEFAULTS = "gnu.crypto.srp.use.defaults";

   /** Property name of the modulus (N) of an SRP key. */
00096    public static final String SHARED_MODULUS = "gnu.crypto.srp.N";

   /** Property name of the generator (g) of an SRP key. */
00099    public static final String GENERATOR= "gnu.crypto.srp.g";

   /** Property name of the user's verifier (v) for a Server SRP key. */
00102    public static final String USER_VERIFIER = "gnu.crypto.srp.v";

   /**
    * Property name of an optional {@link SecureRandom} instance to use. The
    * default is to use a classloader singleton from {@link PRNG}.
    */
00108    public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.srp.prng";

   /** Default value for the modulus length. */
00111    private static final int DEFAULT_MODULUS_LENGTH = 1024;

   /** The optional {@link SecureRandom} instance to use. */
00114    private SecureRandom rnd = null;

   /** Bit length of the shared modulus. */
00117    private int l;

   /** The shared public modulus. */
00120    private BigInteger N;

   /** The Field generator. */
00123    private BigInteger g;

   /** The user's verifier MPI. */
00126    private BigInteger v;

   // Constructor(s)
   // -------------------------------------------------------------------------

   // implicit 0-arguments constructor

   // Class methods
   // -------------------------------------------------------------------------

   // Instance methods
   // -------------------------------------------------------------------------

   // gnu.crypto.key.IKeyPairGenerator interface implementation ---------------

00141    public String name() {
      return Registry.SRP_KPG;
   }

00145    public void setup(Map attributes) {
      // do we have a SecureRandom, or should we use our own?
      rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS);

      N = (BigInteger) attributes.get(SHARED_MODULUS);
      if (N != null) {
         l = N.bitLength();
         g = (BigInteger) attributes.get(GENERATOR);
         if (g == null) {
            g = TWO;
         }
         SRPAlgorithm.checkParams(N, g);
      } else { // generate or use default values for N and g
         Boolean useDefaults = (Boolean) attributes.get(USE_DEFAULTS);
         if (useDefaults == null) {
            useDefaults = Boolean.TRUE;
         }
         Integer L = (Integer) attributes.get(MODULUS_LENGTH);
         l = DEFAULT_MODULUS_LENGTH;
         if (useDefaults.equals(Boolean.TRUE)) {
            if (L != null) {
               l = L.intValue();
               switch (l) {
               case 512:  N = SRPAlgorithm.N_512;  break;
               case 640:  N = SRPAlgorithm.N_640;  break;
               case 768:  N = SRPAlgorithm.N_768;  break;
               case 1024: N = SRPAlgorithm.N_1024; break;
               case 1280: N = SRPAlgorithm.N_1280; break;
               case 1536: N = SRPAlgorithm.N_1536; break;
               case 2048: N = SRPAlgorithm.N_2048; break;
               default: throw new IllegalArgumentException(
                     "unknown default shared modulus bit length");
               }
               g = TWO;
               l = N.bitLength();
            }
         } else { // generate new N and g
            if (L != null) {
               l = L.intValue();
               if ((l % 256) != 0 || l < 512 || l > 2048) {
                  throw new IllegalArgumentException("invalid shared modulus bit length");
               }
            }
         }
      }

      // are we using this generator on the server side, or the client side?
      v = (BigInteger) attributes.get(USER_VERIFIER);
   }

00195    public KeyPair generate() {
      if (N == null) {
         BigInteger[] params = generateParameters();
         BigInteger q = params[0];
         N = params[1];
         g = params[2];
         if (DEBUG && debuglevel > 0) {
            debug("q: "+q.toString(16));
            debug("N: "+N.toString(16));
            debug("g: "+g.toString(16));
         }
      }

      return (v != null ? hostKeyPair() : userKeyPair());
   }

   // helper methods ----------------------------------------------------------

   private synchronized BigInteger[] generateParameters() {
      // N    A large safe prime (N = 2q+1, where q is prime)
      // g    A generator modulo N
      BigInteger q, p, g;
      byte[] qBytes = new byte[l / 8];
      do {
         do {
            nextRandomBytes(qBytes);
            q = new BigInteger(1, qBytes);
            q = q.setBit(0).setBit(l-2).clearBit(l-1);
         } while (!Prime.isProbablePrime(q));
         p = q.multiply(TWO).add(ONE);
      } while (p.bitLength() != l || !Prime.isProbablePrime(p));

      // compute g. from FIPS-186, Appendix 4: e == 2
      BigInteger p_minus_1 = p.subtract(ONE);
      g = TWO;
      // Set h = any integer, where 1 < h < p - 1 and
      // h differs from any value previously tried
      for (BigInteger h = TWO; h.compareTo(p_minus_1) < 0; h = h.add(ONE)) {
         // Set g = h**2 mod p
         g = h.modPow(TWO, p);
         // If g = 1, go to step 3
         if (!g.equals(ONE)) {
            break;
         }
      }

      return new BigInteger[] { q, p, g };
   }

   private KeyPair hostKeyPair() {
      byte[] bBytes = new byte[(l + 7) / 8];
      BigInteger b, B;
      do {
         do {
            nextRandomBytes(bBytes);
            b = new BigInteger(1, bBytes);
         } while (b.compareTo(ONE) <= 0 || b.compareTo(N) >= 0);
         B = THREE.multiply(v).add(g.modPow(b, N)).mod(N);
      } while (B.compareTo(ZERO) == 0 || B.compareTo(N) >= 0);

      KeyPair result = new KeyPair(
            new SRPPublicKey( new BigInteger[] { N, g, B }),
            new SRPPrivateKey(new BigInteger[] { N, g, b, v }));
      return result;
   }

   private KeyPair userKeyPair() {
      byte[] aBytes = new byte[(l + 7) / 8];
      BigInteger a, A;
      do {
         do {
            nextRandomBytes(aBytes);
            a = new BigInteger(1, aBytes);
         } while (a.compareTo(ONE) <= 0 || a.compareTo(N) >= 0);
         A = g.modPow(a, N);
      } while (A.compareTo(ZERO) == 0 || A.compareTo(N) >= 0);

      KeyPair result = new KeyPair(
            new SRPPublicKey( new BigInteger[] { N, g, A } ),
            new SRPPrivateKey(new BigInteger[] { N, g, a } ));
      return result;
   }

   private void nextRandomBytes(byte[] buffer) {
      if (rnd != null) {
         rnd.nextBytes(buffer);
      } else {
         PRNG.nextBytes(buffer);
      }
   }
}

Generated by  Doxygen 1.6.0   Back to index