diff options
Diffstat (limited to 'gnu/java/security/key/dss/DSSKeyPairGenerator.java')
-rw-r--r-- | gnu/java/security/key/dss/DSSKeyPairGenerator.java | 80 |
1 files changed, 73 insertions, 7 deletions
diff --git a/gnu/java/security/key/dss/DSSKeyPairGenerator.java b/gnu/java/security/key/dss/DSSKeyPairGenerator.java index 3f9c80625..16af5e048 100644 --- a/gnu/java/security/key/dss/DSSKeyPairGenerator.java +++ b/gnu/java/security/key/dss/DSSKeyPairGenerator.java @@ -41,6 +41,7 @@ package gnu.java.security.key.dss; import gnu.java.security.Registry; import gnu.java.security.hash.Sha160; import gnu.java.security.key.IKeyPairGenerator; +import gnu.java.security.util.PRNG; import java.io.PrintWriter; import java.math.BigInteger; @@ -88,10 +89,55 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator /** Property name of the length (Integer) of the modulus (p) of a DSS key. */ public static final String MODULUS_LENGTH = "gnu.crypto.dss.L"; - /** Property name of the Boolean indicating wether or not to use defaults. */ + /** + * Property name of the Boolean indicating wether or not to use default pre- + * computed values of <code>p</code>, <code>q</code> and <code>g</code> for + * a given modulus length. The ultimate behaviour of this generator with + * regard to using pre-computed parameter sets will depend on the value of + * this property and of the following one {@link #STRICT_DEFAULTS}: + * + * <ol> + * <li>If this property is {@link Boolean#FALSE} then this generator + * will accept being setup for generating parameters for any modulus length + * provided the modulus length is between <code>512</code> and + * <code>1024</code>, and is of the form <code>512 + 64 * n</code>. In + * addition, a new paramter set will always be generated; i.e. no pre- + * computed values are used.</li> + * + * <li>If this property is {@link Boolean#TRUE} and the value of + * {@link #STRICT_DEFAULTS} is also {@link Boolean#TRUE} then this generator + * will only accept being setup for generating parameters for modulus + * lengths of <code>512</code>, <code>768</code> and <code>1024</code>. Any + * other value, of the modulus length, even if between <code>512</code> and + * <code>1024</code>, and of the form <code>512 + 64 * n</code>, will cause + * an {@link IllegalArgumentException} to be thrown. When those modulus + * length (<code>512</code>, <code>768</code>, and <code>1024</code>) are + * specified, the paramter set is always the same.</li> + * + * <li>Finally, if this property is {@link Boolean#TRUE} and the value of + * {@link #STRICT_DEFAULTS} is {@link Boolean#FALSE} then this generator + * will behave as in point 1 above, except that it will use pre-computed + * values when possible; i.e. the modulus length is one of <code>512</code>, + * <code>768</code>, or <code>1024</code>.</li> + * </ol> + * + * The default value of this property is {@link Boolean#TRUE}. + */ public static final String USE_DEFAULTS = "gnu.crypto.dss.use.defaults"; /** + * Property name of the Boolean indicating wether or not to generate new + * parameters, even if the modulus length <i>L</i> is not one of the pre- + * computed defaults (value {@link Boolean#FALSE}), or throw an exception + * (value {@link Boolean#TRUE}) -- the exception in this case is an + * {@link IllegalArgumentException}. The default value for this property is + * {@link Boolean#FALSE}. The ultimate behaviour of this generator will + * depend on the values of this and {@link #USE_DEFAULTS} properties -- see + * {@link #USE_DEFAULTS} for more information. + */ + public static final String STRICT_DEFAULTS = "gnu.crypto.dss.strict.defaults"; + + /** * Property name of an optional {@link SecureRandom} instance to use. The * default is to use a classloader singleton from {@link PRNG}. */ @@ -181,6 +227,9 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator private BigInteger XKEY; + /** Our default source of randomness. */ + private PRNG prng = null; + // Constructor(s) // ------------------------------------------------------------------------- @@ -222,6 +271,10 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator useDefaults = Boolean.TRUE; } + Boolean strictDefaults = (Boolean) attributes.get(STRICT_DEFAULTS); + if (strictDefaults == null) + strictDefaults = Boolean.FALSE; + // are we given a set of DSA params or we shall use/generate our own? DSAParameterSpec params = (DSAParameterSpec) attributes.get(DSS_PARAMETERS); if (params != null) @@ -250,9 +303,16 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator g = KEY_PARAMS_1024.getG(); break; default: - p = null; - q = null; - g = null; + if (strictDefaults.equals(Boolean.TRUE)) + throw new IllegalArgumentException( + "Does not provide default parameters for " + L + + "-bit modulus length"); + else + { + p = null; + q = null; + g = null; + } } } else @@ -353,8 +413,14 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator rnd.nextBytes(buffer); } else - { - new SecureRandom ().nextBytes(buffer); - } + getDefaultPRNG().nextBytes(buffer); + } + + private PRNG getDefaultPRNG() + { + if (prng == null) + prng = PRNG.getInstance(); + + return prng; } } |