diff options
| author | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-02-23 12:54:46 +0000 |
|---|---|---|
| committer | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-02-23 12:54:46 +0000 |
| commit | eb292aaa795e28e325d1e439e88f2ad526cb4e7e (patch) | |
| tree | ede11b56bbd8dd1d6d51a8efd5daed2ea4a69488 | |
| parent | 15fe13942e812b00a55e12bceb3e4a03322501fe (diff) | |
| download | classpath-eb292aaa795e28e325d1e439e88f2ad526cb4e7e.tar.gz | |
2006-02-23 Raif S. Naffah <raif@swiftdsl.com.au>
* gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java
(DEFAULT_PRIME_SIZE): Made public.
(DEFAULT_EXPONENT_SIZE): Likewise.
(setup): Handle DHParameterSpec as well.
* gnu/javax/crypto/key/dh/GnuDHKey.java (getEncoded): Return
defaultFormat instead of Raw.
* gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java
(checkIsConstructed): Removed.
(checkIsBigInteger): Likewise.
(decodePublicKey): Use DerUtil.
* gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java
(checkIsConstructed): Removed.
(checkIsBigInteger): Likewise.
(decodePrivateKey): Use DerUtil.
* gnu/javax/crypto/jce/GnuCrypto.java (run): Updated mapping of
KeyAgreement.DH.
Added mappings for AlgorithmParameters.DH and
AlgorithmParameterGenerator.DH.
* gnu/javax/crypto/jce/DiffieHellmanImpl.java: New file.
* gnu/javax/crypto/jce/sig/DHParametersGenerator.java: Likewise.
* gnu/javax/crypto/jce/sig/DHParameters.java: Likewise.
* gnu/javax/crypto/jce/sig/DHKeyFactory.java (engineGeneratePrivate):
Return result.
(engineGeneratePublic): Likewise.
* gnu/java/security/util/DerUtil.java: New file.
* gnu/java/security/sig/rsa/RSASignatureFactory.java (getNames):
Include only valid RSA PKCS1 (v1.5) signature names.
* gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java
(RSAPKCS1V1_5SignatureX509Codec): Removed.
(checkIsConstructed): Likewise.
* gnu/java/security/sig/dss/DSSSignatureX509Codec.java
(checkIsConstructed): Removed.
(checkIsBigInteger): Likewise.
(decodeSignature): Use DerUtil.
* gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
(checkIsConstructed): Removed.
(checkIsBigInteger): Likewise.
(decodePublicKey): Use DerUtil.
* gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java
(checkIsConstructed): Removed.
(checkIsBigInteger): Likewise.
(decodePrivateKey): Use DerUtil.
* gnu/java/security/key/dss/DSSKeyPairX509Codec.java
(checkIsConstructed): Removed.
(checkIsBigInteger): Likewise.
(decodePublicKey): Use DerUtil.
* gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
(checkIsConstructed): Removed.
(checkIsBigInteger): Likewise.
(decodePrivateKey): Use DerUtil.
* gnu/java/security/key/dss/DSSKeyPairGenerator.java
(DEFAULT_MODULUS_LENGTH): Made it public.
* gnu/java/security/key/dss/DSSKey.java (getEncoded): Return
defaultFormat instead of Raw.
* gnu/java/security/jce/sig/DSSParametersGenerator.java: New file.
* gnu/java/security/jce/sig/DSSParameters.java: Likewise..
* gnu/java/security/jce/sig/DSSKeyFactory.java (engineGeneratePrivate):
Return result.
(engineGeneratePublic): Likewise.
* gnu/javax/crypto/DiffieHellmanImpl: Removed.
23 files changed, 992 insertions, 210 deletions
@@ -1,3 +1,66 @@ +2006-02-23 Raif S. Naffah <raif@swiftdsl.com.au> + + * gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java + (DEFAULT_PRIME_SIZE): Made public. + (DEFAULT_EXPONENT_SIZE): Likewise. + (setup): Handle DHParameterSpec as well. + * gnu/javax/crypto/key/dh/GnuDHKey.java (getEncoded): Return + defaultFormat instead of Raw. + * gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java + (checkIsConstructed): Removed. + (checkIsBigInteger): Likewise. + (decodePublicKey): Use DerUtil. + * gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java + (checkIsConstructed): Removed. + (checkIsBigInteger): Likewise. + (decodePrivateKey): Use DerUtil. + * gnu/javax/crypto/jce/GnuCrypto.java (run): Updated mapping of + KeyAgreement.DH. + Added mappings for AlgorithmParameters.DH and + AlgorithmParameterGenerator.DH. + * gnu/javax/crypto/jce/DiffieHellmanImpl.java: New file. + * gnu/javax/crypto/jce/sig/DHParametersGenerator.java: Likewise. + * gnu/javax/crypto/jce/sig/DHParameters.java: Likewise. + * gnu/javax/crypto/jce/sig/DHKeyFactory.java (engineGeneratePrivate): + Return result. + (engineGeneratePublic): Likewise. + * gnu/java/security/util/DerUtil.java: New file. + * gnu/java/security/sig/rsa/RSASignatureFactory.java (getNames): + Include only valid RSA PKCS1 (v1.5) signature names. + * gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java + (RSAPKCS1V1_5SignatureX509Codec): Removed. + (checkIsConstructed): Likewise. + * gnu/java/security/sig/dss/DSSSignatureX509Codec.java + (checkIsConstructed): Removed. + (checkIsBigInteger): Likewise. + (decodeSignature): Use DerUtil. + * gnu/java/security/key/rsa/RSAKeyPairX509Codec.java + (checkIsConstructed): Removed. + (checkIsBigInteger): Likewise. + (decodePublicKey): Use DerUtil. + * gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java + (checkIsConstructed): Removed. + (checkIsBigInteger): Likewise. + (decodePrivateKey): Use DerUtil. + * gnu/java/security/key/dss/DSSKeyPairX509Codec.java + (checkIsConstructed): Removed. + (checkIsBigInteger): Likewise. + (decodePublicKey): Use DerUtil. + * gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java + (checkIsConstructed): Removed. + (checkIsBigInteger): Likewise. + (decodePrivateKey): Use DerUtil. + * gnu/java/security/key/dss/DSSKeyPairGenerator.java + (DEFAULT_MODULUS_LENGTH): Made it public. + * gnu/java/security/key/dss/DSSKey.java (getEncoded): Return + defaultFormat instead of Raw. + * gnu/java/security/jce/sig/DSSParametersGenerator.java: New file. + * gnu/java/security/jce/sig/DSSParameters.java: Likewise.. + * gnu/java/security/jce/sig/DSSKeyFactory.java (engineGeneratePrivate): + Return result. + (engineGeneratePublic): Likewise. + * gnu/javax/crypto/DiffieHellmanImpl: Removed. + 2006-02-22 Mark Wielaard <mark@klomp.org> * java/awt/Checkbox.java (setState): Check that state actually changed diff --git a/gnu/java/security/jce/sig/DSSKeyFactory.java b/gnu/java/security/jce/sig/DSSKeyFactory.java index 818d0513d..bb4d85c89 100644 --- a/gnu/java/security/jce/sig/DSSKeyFactory.java +++ b/gnu/java/security/jce/sig/DSSKeyFactory.java @@ -89,6 +89,7 @@ public class DSSKeyFactory extends KeyFactorySpi try { result = new DSSKeyPairX509Codec().decodePublicKey(encoded); + return result; } catch (RuntimeException x) { @@ -122,6 +123,7 @@ public class DSSKeyFactory extends KeyFactorySpi try { result = new DSSKeyPairPKCS8Codec().decodePrivateKey(encoded); + return result; } catch (RuntimeException x) { diff --git a/gnu/java/security/jce/sig/DSSParameters.java b/gnu/java/security/jce/sig/DSSParameters.java new file mode 100644 index 000000000..ba1f414fa --- /dev/null +++ b/gnu/java/security/jce/sig/DSSParameters.java @@ -0,0 +1,220 @@ +/* DSSParameters.java -- DSS parameters DAO + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.jce.sig; + +import gnu.java.security.Registry; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; +import gnu.java.security.util.DerUtil; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.AlgorithmParametersSpi; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; +import java.security.spec.InvalidParameterSpecException; +import java.util.ArrayList; + +/** + * A JCE-specific Data Access Object (DAO) for DSS parameters. + */ +public class DSSParameters + extends AlgorithmParametersSpi +{ + /** + * A prime modulus, where <code>2<sup>L-1</sup> < p < 2<sup>L</sup></code> + * for <code>512 <= L <= 1024</code> and <code>L</code> a multiple of + * <code>64</code>. + */ + private BigInteger p; + + /** + * A prime divisor of <code>p - 1</code>, where <code>2<sup>159</sup> < q + * < 2<sup>160</sup></code>. + */ + private BigInteger q; + + /** + * <code>g = h<sup>(p-1)</sup>/q mod p</code>, where <code>h</code> is any + * integer with <code>1 < h < p - 1</code> such that <code>h<sup> + * (p-1)</sup>/q mod p > 1</code> (<code>g</code> has order <code>q mod p + * </code>). + */ + private BigInteger g; + + // default 0-arguments constructor + + protected void engineInit(AlgorithmParameterSpec spec) + throws InvalidParameterSpecException + { + if (! (spec instanceof DSAParameterSpec)) + throw new InvalidParameterSpecException("Wrong AlgorithmParameterSpec type: " + + spec.getClass().getName()); + DSAParameterSpec dsaSpec = (DSAParameterSpec) spec; + p = dsaSpec.getP(); + q = dsaSpec.getQ(); + g = dsaSpec.getG(); + } + + /** + * Decodes the set of DSS parameters as per RFC-2459; i.e. the DER-encoded + * form of the following ASN.1 construct: + * + * <pre> + * DssParams ::= SEQUENCE { + * p INTEGER, + * q INTEGER, + * g INTEGER + * } + * </pre> + */ + protected void engineInit(byte[] params) throws IOException + { + DERReader der = new DERReader(params); + + DERValue derParams = der.read(); + DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field"); + + DERValue val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong P field"); + p = (BigInteger) val.getValue(); + val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong Q field"); + q = (BigInteger) val.getValue(); + val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong G field"); + g = (BigInteger) val.getValue(); + } + + protected void engineInit(byte[] params, String format) throws IOException + { + if (format != null) + { + format = format.trim(); + if (format.length() == 0) + throw new IOException("Format MUST NOT be an empty string"); + + if (! format.equalsIgnoreCase(Registry.ASN1_ENCODING_SHORT_NAME)) + throw new IOException("Unknown or unsupported format: " + format); + } + + engineInit(params); + } + + protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException + { + if (! paramSpec.isAssignableFrom(DSAParameterSpec.class)) + throw new InvalidParameterSpecException("Wrong AlgorithmParameterSpec type: " + + paramSpec.getName()); + return new DSAParameterSpec(p, q, g); + } + + /** + * Encodes the set of DSS parameters as per RFC-2459; i.e. as the DER-encoded + * form of the following ASN.1 construct: + * + * <pre> + * DssParams ::= SEQUENCE { + * p INTEGER, + * q INTEGER, + * g INTEGER + * } + * </pre> + */ + protected byte[] engineGetEncoded() throws IOException + { + DERValue derP = new DERValue(DER.INTEGER, p); + DERValue derQ = new DERValue(DER.INTEGER, q); + DERValue derG = new DERValue(DER.INTEGER, g); + + ArrayList params = new ArrayList(3); + params.add(derP); + params.add(derQ); + params.add(derG); + DERValue derParams = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, params); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + DERWriter.write(baos, derParams); + byte[] result = baos.toByteArray(); + + return result; + } + + protected byte[] engineGetEncoded(String format) throws IOException + { + if (format != null) + { + format = format.trim(); + if (format.length() == 0) + throw new IOException("Format MUST NOT be an empty string"); + + if (! format.equalsIgnoreCase(Registry.ASN1_ENCODING_SHORT_NAME)) + throw new IOException("Unknown or unsupported format: " + format); + } + + return engineGetEncoded(); + } + + protected String engineToString() + { + StringBuffer sb = new StringBuffer("p="); + if (p == null) + sb.append("???"); + else + sb.append("0x").append(p.toString(16)); + + sb.append(", q="); + if (q == null) + sb.append("???"); + else + sb.append("0x").append(q.toString(16)); + + sb.append(", g="); + if (g == null) + sb.append("???"); + else + sb.append("0x").append(g.toString(16)); + + return sb.toString(); + } +} diff --git a/gnu/java/security/jce/sig/DSSParametersGenerator.java b/gnu/java/security/jce/sig/DSSParametersGenerator.java new file mode 100644 index 000000000..09c138610 --- /dev/null +++ b/gnu/java/security/jce/sig/DSSParametersGenerator.java @@ -0,0 +1,125 @@ +/* DSSParametersGenerator.java -- JCE Adapter for a generator of DSS parameters + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.jce.sig; + +import gnu.java.security.Registry; +import gnu.java.security.key.dss.DSSKeyPairGenerator; +import gnu.java.security.key.dss.FIPS186; +import gnu.java.security.provider.Gnu; + +import java.math.BigInteger; +import java.security.AlgorithmParameterGeneratorSpi; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +/** + * A JCE Adapter for a generator of DSS parameters. + */ +public class DSSParametersGenerator + extends AlgorithmParameterGeneratorSpi +{ + private static final Provider GNU = new Gnu(); + + /** Size of the public modulus in bits. */ + private int modulusLength = -1; + + /** User specified source of randomness. */ + private SecureRandom rnd; + + /** Our concrete DSS parameters generator. */ + private FIPS186 fips; + + // default 0-arguments constructor + + protected void engineInit(int size, SecureRandom random) + { + if ((size % 64) != 0 || size < 512 || size > 1024) + throw new InvalidParameterException("Modulus size/length (in bits) MUST " + + "be a multiple of 64, greater than " + + "or equal to 512, and less than or " + + "equal to 1024"); + this.modulusLength = size; + this.rnd = random; + } + + protected void engineInit(AlgorithmParameterSpec spec, SecureRandom random) + throws InvalidAlgorithmParameterException + { + if (! (spec instanceof DSAParameterSpec)) + throw new InvalidAlgorithmParameterException("Wrong AlgorithmParameterSpec type: " + + spec.getClass().getName()); + DSAParameterSpec dsaSpec = (DSAParameterSpec) spec; + BigInteger p = dsaSpec.getP(); + int size = p.bitLength(); + this.engineInit(size, random); + } + + protected AlgorithmParameters engineGenerateParameters() + { + if (modulusLength < 1) + modulusLength = DSSKeyPairGenerator.DEFAULT_MODULUS_LENGTH; + + fips = new FIPS186(modulusLength, rnd); + BigInteger[] params = fips.generateParameters(); + BigInteger p = params[3]; + BigInteger q = params[2]; + BigInteger g = params[5]; + DSAParameterSpec spec = new DSAParameterSpec(p, q, g); + AlgorithmParameters result = null; + try + { + result = AlgorithmParameters.getInstance(Registry.DSS_KPG, GNU); + result.init(spec); + } + catch (NoSuchAlgorithmException ignore) + { + } + catch (InvalidParameterSpecException ignore) + { + } + return result; + } +} diff --git a/gnu/java/security/key/dss/DSSKey.java b/gnu/java/security/key/dss/DSSKey.java index 8c906a650..428cab1e7 100644 --- a/gnu/java/security/key/dss/DSSKey.java +++ b/gnu/java/security/key/dss/DSSKey.java @@ -39,7 +39,6 @@ exception statement from your version. */ package gnu.java.security.key.dss; import gnu.java.security.Registry; -import gnu.java.security.key.IKeyPairCodec; import gnu.java.security.util.FormatUtil; import java.math.BigInteger; @@ -60,7 +59,7 @@ import java.security.spec.DSAParameterSpec; * the relevant <code>getEncoded()</code> methods of each of the private and * public keys.</p> * - * @version $Revision: 1.3 $ + * @version $Revision: 1.4 $ * @see DSSPrivateKey#getEncoded * @see DSSPublicKey#getEncoded */ @@ -142,7 +141,7 @@ public abstract class DSSKey implements Key, DSAKey /** @deprecated see getEncoded(int). */ public byte[] getEncoded() { - return getEncoded(IKeyPairCodec.RAW_FORMAT); + return getEncoded(defaultFormat); } public String getFormat() diff --git a/gnu/java/security/key/dss/DSSKeyPairGenerator.java b/gnu/java/security/key/dss/DSSKeyPairGenerator.java index 23dd12796..5aa746147 100644 --- a/gnu/java/security/key/dss/DSSKeyPairGenerator.java +++ b/gnu/java/security/key/dss/DSSKeyPairGenerator.java @@ -159,7 +159,7 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator public static final String PREFERRED_ENCODING_FORMAT = "gnu.crypto.dss.encoding"; /** Default value for the modulus length. */ - private static final int DEFAULT_MODULUS_LENGTH = 1024; + public static final int DEFAULT_MODULUS_LENGTH = 1024; /** Default encoding format to use when none was specified. */ private static final int DEFAULT_ENCODING_FORMAT = Registry.RAW_ENCODING_ID; diff --git a/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java b/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java index 671b5d66d..30e30bd14 100644 --- a/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java +++ b/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java @@ -45,6 +45,7 @@ import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import gnu.java.security.der.DERWriter; import gnu.java.security.key.IKeyPairCodec; +import gnu.java.security.util.DerUtil; import gnu.java.security.util.Util; import java.io.ByteArrayOutputStream; @@ -68,18 +69,6 @@ public class DSSKeyPairPKCS8Codec // implicit 0-arguments constructor - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } - - private static void checkIsBigInteger(DERValue v, String msg) - { - if (! (v.getValue() instanceof BigInteger)) - throw new InvalidParameterException(msg); - } - public int getFormatID() { return PKCS8_FORMAT; @@ -199,7 +188,7 @@ public class DSSKeyPairPKCS8Codec try { DERValue derPKI = der.read(); - checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field"); + DerUtil.checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field"); DERValue derVersion = der.read(); if (! (derVersion.getValue() instanceof BigInteger)) @@ -210,7 +199,7 @@ public class DSSKeyPairPKCS8Codec throw new InvalidParameterException("Unexpected Version: " + version); DERValue derAlgoritmID = der.read(); - checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field"); + DerUtil.checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field"); DERValue derOID = der.read(); OID algOID = (OID) derOID.getValue(); @@ -218,16 +207,16 @@ public class DSSKeyPairPKCS8Codec throw new InvalidParameterException("Unexpected OID: " + algOID); DERValue derParams = der.read(); - checkIsConstructed(derParams, "Wrong DSS Parameters field"); + DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field"); DERValue val = der.read(); - checkIsBigInteger(val, "Wrong P field"); + DerUtil.checkIsBigInteger(val, "Wrong P field"); p = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong Q field"); + DerUtil.checkIsBigInteger(val, "Wrong Q field"); q = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong G field"); + DerUtil.checkIsBigInteger(val, "Wrong G field"); g = (BigInteger) val.getValue(); val = der.read(); diff --git a/gnu/java/security/key/dss/DSSKeyPairX509Codec.java b/gnu/java/security/key/dss/DSSKeyPairX509Codec.java index baf58a026..516ef92af 100644 --- a/gnu/java/security/key/dss/DSSKeyPairX509Codec.java +++ b/gnu/java/security/key/dss/DSSKeyPairX509Codec.java @@ -46,6 +46,7 @@ import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import gnu.java.security.der.DERWriter; import gnu.java.security.key.IKeyPairCodec; +import gnu.java.security.util.DerUtil; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -66,18 +67,6 @@ public class DSSKeyPairX509Codec // implicit 0-arguments constructor - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } - - private static void checkIsBigInteger(DERValue v, String msg) - { - if (! (v.getValue() instanceof BigInteger)) - throw new InvalidParameterException(msg); - } - public int getFormatID() { return X509_FORMAT; @@ -202,10 +191,10 @@ public class DSSKeyPairX509Codec try { DERValue derSPKI = der.read(); - checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field"); + DerUtil.checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field"); DERValue derAlgorithmID = der.read(); - checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field"); + DerUtil.checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field"); DERValue derOID = der.read(); if (! (derOID.getValue() instanceof OID)) @@ -216,16 +205,16 @@ public class DSSKeyPairX509Codec throw new InvalidParameterException("Unexpected OID: " + algOID); DERValue derParams = der.read(); - checkIsConstructed(derParams, "Wrong DSS Parameters field"); + DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field"); DERValue val = der.read(); - checkIsBigInteger(val, "Wrong P field"); + DerUtil.checkIsBigInteger(val, "Wrong P field"); p = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong Q field"); + DerUtil.checkIsBigInteger(val, "Wrong Q field"); q = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong G field"); + DerUtil.checkIsBigInteger(val, "Wrong G field"); g = (BigInteger) val.getValue(); val = der.read(); @@ -236,7 +225,7 @@ public class DSSKeyPairX509Codec DERReader dsaPub = new DERReader(yBytes); val = dsaPub.read(); - checkIsBigInteger(val, "Wrong Y field"); + DerUtil.checkIsBigInteger(val, "Wrong Y field"); y = (BigInteger) val.getValue(); } catch (IOException x) diff --git a/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java b/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java index 40a67625d..a7f65b610 100644 --- a/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java +++ b/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java @@ -53,6 +53,7 @@ import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import gnu.java.security.der.DERWriter; import gnu.java.security.key.IKeyPairCodec; +import gnu.java.security.util.DerUtil; /** * An implementation of an {@link IKeyPairCodec} that knows how to encode / @@ -65,18 +66,6 @@ public class RSAKeyPairPKCS8Codec // implicit 0-arguments constructor - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } - - private static void checkIsBigInteger(DERValue v, String msg) - { - if (! (v.getValue() instanceof BigInteger)) - throw new InvalidParameterException(msg); - } - public int getFormatID() { return PKCS8_FORMAT; @@ -227,16 +216,16 @@ public class RSAKeyPairPKCS8Codec try { DERValue derPKI = der.read(); - checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field"); + DerUtil.checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field"); DERValue derVersion = der.read(); - checkIsBigInteger(derVersion, "Wrong Version field"); + DerUtil.checkIsBigInteger(derVersion, "Wrong Version field"); version = (BigInteger) derVersion.getValue(); if (version.compareTo(BigInteger.ZERO) != 0) throw new InvalidParameterException("Unexpected Version: " + version); DERValue derAlgoritmID = der.read(); - checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field"); + DerUtil.checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field"); DERValue derOID = der.read(); OID algOID = (OID) derOID.getValue(); @@ -248,38 +237,38 @@ public class RSAKeyPairPKCS8Codec der = new DERReader(pkBytes); DERValue derRSAPrivateKey = der.read(); - checkIsConstructed(derRSAPrivateKey, "Wrong RSAPrivateKey field"); + DerUtil.checkIsConstructed(derRSAPrivateKey, "Wrong RSAPrivateKey field"); val = der.read(); - checkIsBigInteger(val, "Wrong RSAPrivateKey Version field"); + DerUtil.checkIsBigInteger(val, "Wrong RSAPrivateKey Version field"); version = (BigInteger) val.getValue(); if (version.compareTo(BigInteger.ZERO) != 0) throw new InvalidParameterException("Unexpected RSAPrivateKey Version: " + version); val = der.read(); - checkIsBigInteger(val, "Wrong modulus field"); + DerUtil.checkIsBigInteger(val, "Wrong modulus field"); n = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong publicExponent field"); + DerUtil.checkIsBigInteger(val, "Wrong publicExponent field"); e = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong privateExponent field"); + DerUtil.checkIsBigInteger(val, "Wrong privateExponent field"); d = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong prime1 field"); + DerUtil.checkIsBigInteger(val, "Wrong prime1 field"); p = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong prime2 field"); + DerUtil.checkIsBigInteger(val, "Wrong prime2 field"); q = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong exponent1 field"); + DerUtil.checkIsBigInteger(val, "Wrong exponent1 field"); dP = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong exponent2 field"); + DerUtil.checkIsBigInteger(val, "Wrong exponent2 field"); dQ = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong coefficient field"); + DerUtil.checkIsBigInteger(val, "Wrong coefficient field"); qInv = (BigInteger) val.getValue(); } catch (IOException x) diff --git a/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java b/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java index 5845e7c95..f0a454992 100644 --- a/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java +++ b/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java @@ -46,6 +46,7 @@ import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import gnu.java.security.der.DERWriter; import gnu.java.security.key.IKeyPairCodec; +import gnu.java.security.util.DerUtil; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -66,18 +67,6 @@ public class RSAKeyPairX509Codec // implicit 0-arguments constructor - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } - - private static void checkIsBigInteger(DERValue v, String msg) - { - if (! (v.getValue() instanceof BigInteger)) - throw new InvalidParameterException(msg); - } - public int getFormatID() { return X509_FORMAT; @@ -193,10 +182,10 @@ public class RSAKeyPairX509Codec try { DERValue derSPKI = der.read(); - checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field"); + DerUtil.checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field"); DERValue derAlgorithmID = der.read(); - checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field"); + DerUtil.checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field"); DERValue derOID = der.read(); if (! (derOID.getValue() instanceof OID)) @@ -214,13 +203,13 @@ public class RSAKeyPairX509Codec der = new DERReader(spkBytes); val = der.read(); - checkIsConstructed(derAlgorithmID, "Wrong subjectPublicKey field"); + DerUtil.checkIsConstructed(derAlgorithmID, "Wrong subjectPublicKey field"); val = der.read(); - checkIsBigInteger(val, "Wrong modulus field"); + DerUtil.checkIsBigInteger(val, "Wrong modulus field"); n = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong publicExponent field"); + DerUtil.checkIsBigInteger(val, "Wrong publicExponent field"); e = (BigInteger) val.getValue(); } catch (IOException x) diff --git a/gnu/java/security/sig/dss/DSSSignatureX509Codec.java b/gnu/java/security/sig/dss/DSSSignatureX509Codec.java index e499c2630..81a11da42 100644 --- a/gnu/java/security/sig/dss/DSSSignatureX509Codec.java +++ b/gnu/java/security/sig/dss/DSSSignatureX509Codec.java @@ -45,6 +45,7 @@ import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import gnu.java.security.der.DERWriter; import gnu.java.security.sig.ISignatureCodec; +import gnu.java.security.util.DerUtil; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -88,18 +89,6 @@ public class DSSSignatureX509Codec { // implicit 0-arguments constructor - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } - - private static void checkIsBigInteger(DERValue v, String msg) - { - if (! (v.getValue() instanceof BigInteger)) - throw new InvalidParameterException(msg); - } - public int getFormatID() { return Registry.X509_ENCODING_ID; @@ -182,13 +171,13 @@ public class DSSSignatureX509Codec der = new DERReader(sBytes); DERValue derDssSigValue = der.read(); - checkIsConstructed(derDssSigValue, "Wrong Dss-Sig-Value field"); + DerUtil.checkIsConstructed(derDssSigValue, "Wrong Dss-Sig-Value field"); DERValue val = der.read(); - checkIsBigInteger(val, "Wrong R field"); + DerUtil.checkIsBigInteger(val, "Wrong R field"); r = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong S field"); + DerUtil.checkIsBigInteger(val, "Wrong S field"); s = (BigInteger) val.getValue(); } catch (IOException x) diff --git a/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java b/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java index 8b93c2a73..90797e2d5 100644 --- a/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java +++ b/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java @@ -79,16 +79,7 @@ import java.security.InvalidParameterException; public class RSAPKCS1V1_5SignatureX509Codec implements ISignatureCodec { - public RSAPKCS1V1_5SignatureX509Codec() - { - super(); - } - - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } + // default 0-arguments constructor public int getFormatID() { diff --git a/gnu/java/security/sig/rsa/RSASignatureFactory.java b/gnu/java/security/sig/rsa/RSASignatureFactory.java index b81ff85d4..b8e12caf7 100644 --- a/gnu/java/security/sig/rsa/RSASignatureFactory.java +++ b/gnu/java/security/sig/rsa/RSASignatureFactory.java @@ -114,10 +114,16 @@ public class RSASignatureFactory for (Iterator it = hashNames.iterator(); it.hasNext();) { String mdName = (String) it.next(); - hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + mdName); hs.add(Registry.RSA_PSS_SIG + "-" + mdName); } + hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.MD2_HASH); + hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.MD5_HASH); + hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA160_HASH); + hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA256_HASH); + hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA384_HASH); + hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA512_HASH); + names = Collections.unmodifiableSet(hs); } diff --git a/gnu/java/security/util/DerUtil.java b/gnu/java/security/util/DerUtil.java new file mode 100644 index 000000000..26232ba98 --- /dev/null +++ b/gnu/java/security/util/DerUtil.java @@ -0,0 +1,64 @@ +/* DerUtil.java -- Utility methods for DER read/write operations + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.util; + +import gnu.java.security.der.DEREncodingException; +import gnu.java.security.der.DERValue; + +import java.math.BigInteger; + +/** + * Utility methods for DER encoding handling. + */ +public abstract class DerUtil +{ + public static final void checkIsConstructed(DERValue v, String msg) + throws DEREncodingException + { + if (! v.isConstructed()) + throw new DEREncodingException(msg); + } + + public static final void checkIsBigInteger(DERValue v, String msg) + throws DEREncodingException + { + if (! (v.getValue() instanceof BigInteger)) + throw new DEREncodingException(msg); + } +} diff --git a/gnu/javax/crypto/DiffieHellmanImpl.java b/gnu/javax/crypto/jce/DiffieHellmanImpl.java index 4797af7cf..02761477a 100644 --- a/gnu/javax/crypto/DiffieHellmanImpl.java +++ b/gnu/javax/crypto/jce/DiffieHellmanImpl.java @@ -1,5 +1,5 @@ /* DiffieHellmanImpl.java -- implementation of the Diffie-Hellman key agreement. - Copyright (C) 2005 Free Software Foundation, Inc. + Copyright (C) 2005, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -36,16 +36,11 @@ obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package gnu.javax.crypto; - -import gnu.java.security.provider.GnuDHPublicKey; +package gnu.javax.crypto.jce; import java.math.BigInteger; - -import java.security.Key; import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; +import java.security.Key; import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; @@ -57,13 +52,13 @@ import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.SecretKeySpec; /** - * The Diffie-Hellman key agreement. - * + * The JCE implementation of a 2-party Diffie-Hellman key agreement. + * * @author Casey Marshall (csm@gnu.org) */ -public final class DiffieHellmanImpl extends KeyAgreementSpi +public final class DiffieHellmanImpl + extends KeyAgreementSpi { - /** The private key being used for this agreement. */ private DHPrivateKey key; @@ -74,86 +69,87 @@ public final class DiffieHellmanImpl extends KeyAgreementSpi private boolean last_phase_done; /** Trivial default constructor. */ - public DiffieHellmanImpl () + public DiffieHellmanImpl() { + super(); + key = null; result = null; last_phase_done = false; } - // KeyAgreementSpi methods. - - protected Key engineDoPhase (final Key incoming, final boolean lastPhase) - throws InvalidKeyException + protected Key engineDoPhase(Key incoming, boolean lastPhase) + throws InvalidKeyException { if (key == null) - throw new IllegalStateException ("not initialized"); + throw new IllegalStateException("Not initialized"); + if (last_phase_done) - throw new IllegalStateException ("last phase already done"); + throw new IllegalStateException("Last phase already done"); + + if (! (incoming instanceof DHPublicKey)) + throw new InvalidKeyException("Key MUST be a DHPublicKey"); - if (!(incoming instanceof DHPublicKey)) - throw new InvalidKeyException ("expecting javax.crypto.interfaces.DHPublicKey"); DHPublicKey pub = (DHPublicKey) incoming; DHParameterSpec s1 = key.getParams(); DHParameterSpec s2 = pub.getParams(); - if (!s1.getG().equals (s2.getG()) - || !s1.getP().equals (s2.getP()) + if (! s1.getG().equals(s2.getG()) || ! s1.getP().equals(s2.getP()) || s1.getL() != s2.getL()) - throw new InvalidKeyException ("supplied key is not compatible"); + throw new InvalidKeyException("Incompatible key"); - result = pub.getY().modPow (key.getX(), s1.getP()); - if (lastPhase) - { - last_phase_done = true; - return null; - } + result = pub.getY().modPow(key.getX(), s1.getP()); + if (! lastPhase) + throw new IllegalArgumentException("This key-agreement MUST be concluded in one step only"); - throw new IllegalArgumentException ("only supports two-party Diffie Hellman"); + last_phase_done = true; + return null; } - protected byte[] engineGenerateSecret () + protected byte[] engineGenerateSecret() { - if (result == null || !last_phase_done) - throw new IllegalStateException ("not finished"); + if (result == null || ! last_phase_done) + throw new IllegalStateException("Not finished"); - byte[] buf = result.toByteArray (); + byte[] buf = result.toByteArray(); if (buf[0] == 0x00) { - byte[] buf2 = new byte[buf.length - 1]; - System.arraycopy (buf, 1, buf2, 0, buf2.length); - buf = buf2; + byte[] buf2 = new byte[buf.length - 1]; + System.arraycopy(buf, 1, buf2, 0, buf2.length); + buf = buf2; } + return buf; } - protected int engineGenerateSecret (final byte[] secret, final int offset) + protected int engineGenerateSecret(byte[] secret, int offset) { byte[] s = engineGenerateSecret(); - System.arraycopy (s, 0, secret, offset, s.length); + System.arraycopy(s, 0, secret, offset, s.length); return s.length; } - protected SecretKey engineGenerateSecret (final String algorithm) - throws InvalidKeyException + protected SecretKey engineGenerateSecret(String algorithm) + throws InvalidKeyException { byte[] s = engineGenerateSecret(); - return new SecretKeySpec (s, algorithm); + return new SecretKeySpec(s, algorithm); } - protected void engineInit (final Key key, final SecureRandom random) - throws InvalidKeyException + protected void engineInit(Key key, SecureRandom random) + throws InvalidKeyException { - if (!(key instanceof DHPrivateKey)) - throw new InvalidKeyException ("not a javax.crypto.interfaces.DHPrivateKey"); + if (! (key instanceof DHPrivateKey)) + throw new InvalidKeyException("Key MUST be a DHPrivateKey"); + this.key = (DHPrivateKey) key; result = null; last_phase_done = false; } - protected void engineInit (final Key key, final AlgorithmParameterSpec params, - final SecureRandom random) - throws InvalidKeyException + protected void engineInit(Key key, AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidKeyException { - engineInit (key, random); + engineInit(key, random); } } diff --git a/gnu/javax/crypto/jce/GnuCrypto.java b/gnu/javax/crypto/jce/GnuCrypto.java index b22aa8823..b0e73b132 100644 --- a/gnu/javax/crypto/jce/GnuCrypto.java +++ b/gnu/javax/crypto/jce/GnuCrypto.java @@ -531,9 +531,9 @@ public final class GnuCrypto extends Provider put("Alg.Alias.Mac.HmacWhirlpool", "HMAC-WHIRLPOOL"); // KeyAgreement - put("KeyAgreement.DiffieHellman", - gnu.javax.crypto.DiffieHellmanImpl.class.getName()); - put("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); + put("KeyAgreement.DH", + gnu.javax.crypto.jce.DiffieHellmanImpl.class.getName()); + put("Alg.Alias.KeyAgreement.DiffieHellman", "DH"); // Cipher put("Cipher.RSAES-PKCS1-v1_5", @@ -570,6 +570,18 @@ public final class GnuCrypto extends Provider put("Alg.Alias,KeyFactory.DiffieHellman", "DH"); + // Algorithm Parameters ----------------------------------------------- + put("AlgorithmParameters.DH", + gnu.javax.crypto.jce.sig.DHParameters.class.getName()); + + put("Alg.Alias.AlgorithmParameters.DiffieHellman", "DH"); + + // Algorithm Parameters Generator ------------------------------------- + put("AlgorithmParameterGenerator.DH", + gnu.javax.crypto.jce.sig.DHParametersGenerator.class.getName()); + + put("Alg.Alias.AlgorithmParameterGenerator.DiffieHellman", "DH"); + return null; } }); diff --git a/gnu/javax/crypto/jce/sig/DHKeyFactory.java b/gnu/javax/crypto/jce/sig/DHKeyFactory.java index 67daefb9e..701191adc 100644 --- a/gnu/javax/crypto/jce/sig/DHKeyFactory.java +++ b/gnu/javax/crypto/jce/sig/DHKeyFactory.java @@ -88,6 +88,7 @@ public class DHKeyFactory try { result = new DHKeyPairX509Codec().decodePublicKey(encoded); + return result; } catch (RuntimeException x) { @@ -120,6 +121,7 @@ public class DHKeyFactory try { result = new DHKeyPairPKCS8Codec().decodePrivateKey(encoded); + return result; } catch (RuntimeException x) { diff --git a/gnu/javax/crypto/jce/sig/DHParameters.java b/gnu/javax/crypto/jce/sig/DHParameters.java new file mode 100644 index 000000000..0357c163d --- /dev/null +++ b/gnu/javax/crypto/jce/sig/DHParameters.java @@ -0,0 +1,220 @@ +/* DHParameters.java -- DH parameters DAO + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.sig; + +import gnu.java.security.Registry; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; +import gnu.java.security.util.DerUtil; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.AlgorithmParametersSpi; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; +import java.util.ArrayList; + +import javax.crypto.spec.DHGenParameterSpec; +import javax.crypto.spec.DHParameterSpec; + +/** + * A JCE-specific Data Access Object (DAO) for DH parameters. + */ +public class DHParameters + extends AlgorithmParametersSpi +{ + /** The prime public modulus. */ + private BigInteger p; + + /** The generator. */ + private BigInteger g; + + /** A prime factor of p-1. */ + private BigInteger q; + + /** The (private) random exponent's size (in bits). */ + private int l; + + // default 0-arguments constructor + + protected void engineInit(AlgorithmParameterSpec spec) + throws InvalidParameterSpecException + { + if (! (spec instanceof DHParameterSpec)) + throw new InvalidParameterSpecException("Wrong AlgorithmParameterSpec type: " + + spec.getClass().getName()); + DHParameterSpec dhSpec = (DHParameterSpec) spec; + p = dhSpec.getP(); + g = dhSpec.getG(); + l = dhSpec.getL(); + } + + /** + * Decodes the set of DH parameters as per RFC-2459; i.e. the DER-encoded + * form of the following ASN.1 construct: + * + * <pre> + * DhParams ::= SEQUENCE { + * p INTEGER, -- odd prime, p=jq +1 + * g INTEGER, -- generator, g + * q INTEGER -- factor of p-1 + * } + * </pre> + */ + protected void engineInit(byte[] params) throws IOException + { + DERReader der = new DERReader(params); + + DERValue derParams = der.read(); + DerUtil.checkIsConstructed(derParams, "Wrong DH Parameters field"); + + DERValue val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong P field"); + p = (BigInteger) val.getValue(); + val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong G field"); + g = (BigInteger) val.getValue(); + val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong Q field"); + q = (BigInteger) val.getValue(); + l = q.bitLength(); + } + + protected void engineInit(byte[] params, String format) throws IOException + { + if (format != null) + { + format = format.trim(); + if (format.length() == 0) + throw new IOException("Format MUST NOT be an empty string"); + + if (! format.equalsIgnoreCase(Registry.ASN1_ENCODING_SHORT_NAME)) + throw new IOException("Unknown or unsupported format: " + format); + } + + engineInit(params); + } + + protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec.isAssignableFrom(DHParameterSpec.class)) + return new DHParameterSpec(p, g, l); + + if (paramSpec.isAssignableFrom(DHGenParameterSpec.class)) + return new DHGenParameterSpec(p.bitLength(), l); + + throw new InvalidParameterSpecException("Wrong AlgorithmParameterSpec type: " + + paramSpec.getName()); + } + + /** + * Encodes the set of DH parameters as per RFC-2459; i.e. as the DER-encoded + * form of the following ASN.1 construct: + * + * <pre> + * DhParams ::= SEQUENCE { + * p INTEGER, -- odd prime, p=jq +1 + * g INTEGER, -- generator, g + * q INTEGER -- factor of p-1 + * } + * </pre> + */ + protected byte[] engineGetEncoded() throws IOException + { + DERValue derP = new DERValue(DER.INTEGER, p); + DERValue derG = new DERValue(DER.INTEGER, g); + DERValue derQ = new DERValue(DER.INTEGER, q); + + ArrayList params = new ArrayList(3); + params.add(derP); + params.add(derG); + params.add(derQ); + DERValue derParams = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, params); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + DERWriter.write(baos, derParams); + byte[] result = baos.toByteArray(); + + return result; + } + + protected byte[] engineGetEncoded(String format) throws IOException + { + if (format != null) + { + format = format.trim(); + if (format.length() == 0) + throw new IOException("Format MUST NOT be an empty string"); + + if (! format.equalsIgnoreCase(Registry.ASN1_ENCODING_SHORT_NAME)) + throw new IOException("Unknown or unsupported format: " + format); + } + + return engineGetEncoded(); + } + + protected String engineToString() + { + StringBuffer sb = new StringBuffer("p="); + if (p == null) + sb.append("???"); + else + sb.append("0x").append(p.toString(16)); + + sb.append(", g="); + if (g == null) + sb.append("???"); + else + sb.append("0x").append(g.toString(16)); + + sb.append(", q="); + if (q == null) + sb.append("???"); + else + sb.append("0x").append(q.toString(16)); + + sb.append(", l=").append(l); + + return sb.toString(); + } +} diff --git a/gnu/javax/crypto/jce/sig/DHParametersGenerator.java b/gnu/javax/crypto/jce/sig/DHParametersGenerator.java new file mode 100644 index 000000000..3687ac3ca --- /dev/null +++ b/gnu/javax/crypto/jce/sig/DHParametersGenerator.java @@ -0,0 +1,152 @@ +/* DHParametersGenerator.java -- JCE Adapter for a generator of DH parameters + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.sig; + +import gnu.java.security.Registry; +import gnu.javax.crypto.jce.GnuCrypto; +import gnu.javax.crypto.key.dh.GnuDHKeyPairGenerator; +import gnu.javax.crypto.key.dh.RFC2631; + +import java.math.BigInteger; +import java.security.AlgorithmParameterGeneratorSpi; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.DHGenParameterSpec; +import javax.crypto.spec.DHParameterSpec; + +/** + * A JCE Adapter for a generator of DH parameters. + */ +public class DHParametersGenerator + extends AlgorithmParameterGeneratorSpi +{ + private static final Provider GNU_CRYPTO = new GnuCrypto(); + + /** Size of the prime (public) modulus in bits. */ + private int modulusSize = -1; + + /** Size of the prime (private) modulus in bits. */ + private int exponentSize = -1; + + /** User specified source of randomness. */ + private SecureRandom rnd; + + /** Our concrete DH parameters generator. */ + private RFC2631 rfc2631; + + + protected void engineInit(int size, SecureRandom random) + { + if ((size % 256) != 0 || size < GnuDHKeyPairGenerator.DEFAULT_PRIME_SIZE) + throw new InvalidParameterException("Prime modulus (p) size (in bits) " + + "MUST be a multiple of 256, and " + + "greater than or equal to 1024"); + this.modulusSize = size; + this.rnd = random; + } + + protected void engineInit(AlgorithmParameterSpec spec, SecureRandom random) + throws InvalidAlgorithmParameterException + { + if (spec instanceof DHParameterSpec) + { + DHParameterSpec dhSpec = (DHParameterSpec) spec; + BigInteger p = dhSpec.getP(); + int size = p.bitLength(); + this.engineInit(size, random); + } + else if (spec instanceof DHGenParameterSpec) + { + DHGenParameterSpec dhSpec = (DHGenParameterSpec) spec; + int size = dhSpec.getPrimeSize(); + this.engineInit(size, random); + exponentSize = dhSpec.getExponentSize(); + + if ((exponentSize % 8) != 0 + || exponentSize < GnuDHKeyPairGenerator.DEFAULT_EXPONENT_SIZE) + throw new InvalidParameterException("Random exponent size (in bits) " + + "MUST be a multiple of 8, and " + + "greater than or equal to " + + GnuDHKeyPairGenerator.DEFAULT_EXPONENT_SIZE); + if (exponentSize > modulusSize) + throw new InvalidParameterException("Random exponent size (in bits) " + + "MUST be less than that of the " + + "public prime modulus (p)"); + } + + throw new InvalidAlgorithmParameterException("Wrong AlgorithmParameterSpec type: " + + spec.getClass().getName()); + } + + protected AlgorithmParameters engineGenerateParameters() + { + if (modulusSize < 1) + modulusSize = GnuDHKeyPairGenerator.DEFAULT_PRIME_SIZE; + + if (exponentSize < 1) + exponentSize = GnuDHKeyPairGenerator.DEFAULT_EXPONENT_SIZE; + + rfc2631 = new RFC2631(exponentSize, modulusSize, rnd); + BigInteger[] params = rfc2631.generateParameters(); + BigInteger p = params[RFC2631.DH_PARAMS_P]; + BigInteger g = params[RFC2631.DH_PARAMS_G]; + int l = params[RFC2631.DH_PARAMS_Q].bitLength(); + DHParameterSpec spec = new DHParameterSpec(p, g, l); + AlgorithmParameters result = null; + try + { + result = AlgorithmParameters.getInstance(Registry.DH_KPG, GNU_CRYPTO); + result.init(spec); + } + catch (NoSuchAlgorithmException ignore) + { + } + catch (InvalidParameterSpecException ignore) + { + } + return result; + } +} diff --git a/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java b/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java index b1be1d251..34fb00706 100644 --- a/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java +++ b/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java @@ -53,6 +53,7 @@ import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import gnu.java.security.der.DERWriter; import gnu.java.security.key.IKeyPairCodec; +import gnu.java.security.util.DerUtil; import gnu.java.security.util.Util; public class DHKeyPairPKCS8Codec @@ -62,18 +63,6 @@ public class DHKeyPairPKCS8Codec // implicit 0-arguments constructor - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } - - private static void checkIsBigInteger(DERValue v, String msg) - { - if (! (v.getValue() instanceof BigInteger)) - throw new InvalidParameterException(msg); - } - public int getFormatID() { return PKCS8_FORMAT; @@ -193,7 +182,7 @@ public class DHKeyPairPKCS8Codec try { DERValue derPKI = der.read(); - checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field"); + DerUtil.checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field"); DERValue derVersion = der.read(); if (! (derVersion.getValue() instanceof BigInteger)) @@ -204,7 +193,7 @@ public class DHKeyPairPKCS8Codec throw new InvalidParameterException("Unexpected Version: " + version); DERValue derAlgoritmID = der.read(); - checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field"); + DerUtil.checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field"); DERValue derOID = der.read(); OID algOID = (OID) derOID.getValue(); @@ -212,16 +201,16 @@ public class DHKeyPairPKCS8Codec throw new InvalidParameterException("Unexpected OID: " + algOID); DERValue derParams = der.read(); - checkIsConstructed(derParams, "Wrong DSS Parameters field"); + DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field"); DERValue val = der.read(); - checkIsBigInteger(val, "Wrong P field"); + DerUtil.checkIsBigInteger(val, "Wrong P field"); p = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong G field"); + DerUtil.checkIsBigInteger(val, "Wrong G field"); g = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong Q field"); + DerUtil.checkIsBigInteger(val, "Wrong Q field"); q = (BigInteger) val.getValue(); val = der.read(); diff --git a/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java b/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java index bd93c23e8..7e8688bd3 100644 --- a/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java +++ b/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java @@ -54,6 +54,7 @@ import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import gnu.java.security.der.DERWriter; import gnu.java.security.key.IKeyPairCodec; +import gnu.java.security.util.DerUtil; public class DHKeyPairX509Codec implements IKeyPairCodec @@ -62,18 +63,6 @@ public class DHKeyPairX509Codec // implicit 0-arguments constructor - private static void checkIsConstructed(DERValue v, String msg) - { - if (! v.isConstructed()) - throw new InvalidParameterException(msg); - } - - private static void checkIsBigInteger(DERValue v, String msg) - { - if (! (v.getValue() instanceof BigInteger)) - throw new InvalidParameterException(msg); - } - public int getFormatID() { return X509_FORMAT; @@ -198,10 +187,10 @@ public class DHKeyPairX509Codec try { DERValue derSPKI = der.read(); - checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field"); + DerUtil.checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field"); DERValue derAlgorithmID = der.read(); - checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field"); + DerUtil.checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field"); DERValue derOID = der.read(); if (! (derOID.getValue() instanceof OID)) @@ -212,16 +201,16 @@ public class DHKeyPairX509Codec throw new InvalidParameterException("Unexpected OID: " + algOID); DERValue derParams = der.read(); - checkIsConstructed(derParams, "Wrong DH Parameters field"); + DerUtil.checkIsConstructed(derParams, "Wrong DH Parameters field"); DERValue val = der.read(); - checkIsBigInteger(val, "Wrong P field"); + DerUtil.checkIsBigInteger(val, "Wrong P field"); p = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong G field"); + DerUtil.checkIsBigInteger(val, "Wrong G field"); g = (BigInteger) val.getValue(); val = der.read(); - checkIsBigInteger(val, "Wrong Q field"); + DerUtil.checkIsBigInteger(val, "Wrong Q field"); q = (BigInteger) val.getValue(); val = der.read(); @@ -232,7 +221,7 @@ public class DHKeyPairX509Codec DERReader dhPub = new DERReader(yBytes); val = dhPub.read(); - checkIsBigInteger(val, "Wrong Y field"); + DerUtil.checkIsBigInteger(val, "Wrong Y field"); y = (BigInteger) val.getValue(); } catch (IOException x) diff --git a/gnu/javax/crypto/key/dh/GnuDHKey.java b/gnu/javax/crypto/key/dh/GnuDHKey.java index 8dba07a23..f1e42d93a 100644 --- a/gnu/javax/crypto/key/dh/GnuDHKey.java +++ b/gnu/javax/crypto/key/dh/GnuDHKey.java @@ -39,7 +39,6 @@ exception statement from your version. */ package gnu.javax.crypto.key.dh; import gnu.java.security.Registry; -import gnu.java.security.key.IKeyPairCodec; import gnu.java.security.util.FormatUtil; import java.math.BigInteger; @@ -140,7 +139,7 @@ public abstract class GnuDHKey implements Key, DHKey /** @deprecated see getEncoded(int). */ public byte[] getEncoded() { - return getEncoded(IKeyPairCodec.RAW_FORMAT); + return getEncoded(defaultFormat); } public String getFormat() diff --git a/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java b/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java index 7fc300fe7..eafc8d01c 100644 --- a/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java +++ b/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java @@ -52,6 +52,7 @@ import java.security.SecureRandom; import java.util.Map; import javax.crypto.spec.DHGenParameterSpec; +import javax.crypto.spec.DHParameterSpec; /** * <p>An implementation of a Diffie-Hellman keypair generator.</p> @@ -92,8 +93,8 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.dh.prng"; /** - * Property name of an optional {@link DHGenParameterSpec} instance to use - * for this generator. + * Property name of an optional {@link DHGenParameterSpec} or + * {@link DHParameterSpec} instance to use for this generator. */ public static final String DH_PARAMETERS = "gnu.crypto.dh.params"; @@ -112,10 +113,10 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator /** Default value for the size in bits of the public prime (p). */ // private static final int DEFAULT_PRIME_SIZE = 1024; - private static final int DEFAULT_PRIME_SIZE = 512; + public static final int DEFAULT_PRIME_SIZE = 512; /** Default value for the size in bits of the private exponent (x). */ - private static final int DEFAULT_EXPONENT_SIZE = 160; + public static final int DEFAULT_EXPONENT_SIZE = 160; /** Default encoding format to use when none was specified. */ private static final int DEFAULT_ENCODING_FORMAT = Registry.RAW_ENCODING_ID; @@ -175,13 +176,20 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator // are we given a set of Diffie-Hellman generation parameters or we shall // use our own? - DHGenParameterSpec params = (DHGenParameterSpec) attributes.get(DH_PARAMETERS); + Object params = attributes.get(DH_PARAMETERS); // find out the desired sizes - if (params != null) + if (params instanceof DHGenParameterSpec) { - l = params.getPrimeSize(); - m = params.getExponentSize(); + DHGenParameterSpec jceSpec = (DHGenParameterSpec) params; + l = jceSpec.getPrimeSize(); + m = jceSpec.getExponentSize(); + } + else if (params instanceof DHParameterSpec) + { + DHParameterSpec jceSpec = (DHParameterSpec) params; + l = jceSpec.getP().bitLength(); + m = jceSpec.getL(); } else { |