-
ECKeyPairGenerator
-
KEY_SIZE_MIN: int
-
KEY_SIZE_MAX: int
-
random: SecureRandom
-
keySize: int
-
params: AlgorithmParameterSpec
-
ECKeyPairGenerator(): void
-
initialize(int, SecureRandom): void
-
initialize(AlgorithmParameterSpec, SecureRandom): void
-
ensureCurveIsSupported(ECParameterSpec): void
-
generateKeyPair(): KeyPair
-
generatePrivateScalar(SecureRandom, ECOperations, int): byte[]
-
generateKeyPairImpl(SecureRandom): Optional<KeyPair>
-
generateKeyPairNative(SecureRandom): KeyPair
-
checkKeySize(int): void
-
isCurveSupported(byte[]): boolean
-
generateECKeyPair(int, byte[], byte[]): Object[]
-
/*
* Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.InvalidParameterSpecException;
import java.util.Optional;
import sun.security.ec.NamedCurve;
import sun.security.jca.JCAUtil;
import sun.security.util.ECUtil;
import sun.security.util.math.*;
import sun.security.ec.point.*;
import static sun.security.util.SecurityProviderConstants.DEF_EC_KEY_SIZE;
import static sun.security.ec.ECOperations.IntermediateValueException;
EC keypair generator.
Standard algorithm, minimum key length is 112 bits, maximum is 571 bits.
Since: 1.7
/**
* EC keypair generator.
* Standard algorithm, minimum key length is 112 bits, maximum is 571 bits.
*
* @since 1.7
*/
public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
private static final int KEY_SIZE_MIN = 112; // min bits (see ecc_impl.h)
private static final int KEY_SIZE_MAX = 571; // max bits (see ecc_impl.h)
// used to seed the keypair generator
private SecureRandom random;
// size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX
private int keySize;
// parameters specified via init, if any
private AlgorithmParameterSpec params = null;
Constructs a new ECKeyPairGenerator.
/**
* Constructs a new ECKeyPairGenerator.
*/
public ECKeyPairGenerator() {
// initialize to default in case the app does not call initialize()
initialize(DEF_EC_KEY_SIZE, null);
}
// initialize the generator. See JCA doc
@Override
public void initialize(int keySize, SecureRandom random) {
checkKeySize(keySize);
this.params = ECUtil.getECParameterSpec(null, keySize);
if (params == null) {
throw new InvalidParameterException(
"No EC parameters available for key size " + keySize + " bits");
}
this.random = random;
}
// second initialize method. See JCA doc
@Override
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
throws InvalidAlgorithmParameterException {
ECParameterSpec ecSpec = null;
if (params instanceof ECParameterSpec) {
ECParameterSpec ecParams = (ECParameterSpec) params;
ecSpec = ECUtil.getECParameterSpec(null, ecParams);
if (ecSpec == null) {
throw new InvalidAlgorithmParameterException(
"Unsupported curve: " + params);
}
} else if (params instanceof ECGenParameterSpec) {
String name = ((ECGenParameterSpec) params).getName();
ecSpec = ECUtil.getECParameterSpec(null, name);
if (ecSpec == null) {
throw new InvalidAlgorithmParameterException(
"Unknown curve name: " + name);
}
} else {
throw new InvalidAlgorithmParameterException(
"ECParameterSpec or ECGenParameterSpec required for EC");
}
// Not all known curves are supported by the native implementation
ensureCurveIsSupported(ecSpec);
this.params = ecSpec;
this.keySize = ecSpec.getCurve().getField().getFieldSize();
this.random = random;
}
private static void ensureCurveIsSupported(ECParameterSpec ecSpec)
throws InvalidAlgorithmParameterException {
AlgorithmParameters ecParams = ECUtil.getECParameters(null);
byte[] encodedParams;
try {
ecParams.init(ecSpec);
encodedParams = ecParams.getEncoded();
} catch (InvalidParameterSpecException ex) {
throw new InvalidAlgorithmParameterException(
"Unsupported curve: " + ecSpec.toString());
} catch (IOException ex) {
throw new RuntimeException(ex);
}
if (!isCurveSupported(encodedParams)) {
throw new InvalidAlgorithmParameterException(
"Unsupported curve: " + ecParams.toString());
}
}
// generate the keypair. See JCA doc
@Override
public KeyPair generateKeyPair() {
if (random == null) {
random = JCAUtil.getSecureRandom();
}
try {
Optional<KeyPair> kp = generateKeyPairImpl(random);
if (kp.isPresent()) {
return kp.get();
}
return generateKeyPairNative(random);
} catch (Exception ex) {
throw new ProviderException(ex);
}
}
private byte[] generatePrivateScalar(SecureRandom random,
ECOperations ecOps, int seedSize) {
// Attempt to create the private scalar in a loop that uses new random
// input each time. The chance of failure is very small assuming the
// implementation derives the nonce using extra bits
int numAttempts = 128;
byte[] seedArr = new byte[seedSize];
for (int i = 0; i < numAttempts; i++) {
random.nextBytes(seedArr);
try {
return ecOps.seedToScalar(seedArr);
} catch (IntermediateValueException ex) {
// try again in the next iteration
}
}
throw new ProviderException("Unable to produce private key after "
+ numAttempts + " attempts");
}
private Optional<KeyPair> generateKeyPairImpl(SecureRandom random)
throws InvalidKeyException {
ECParameterSpec ecParams = (ECParameterSpec) params;
Optional<ECOperations> opsOpt = ECOperations.forParameters(ecParams);
if (!opsOpt.isPresent()) {
return Optional.empty();
}
ECOperations ops = opsOpt.get();
IntegerFieldModuloP field = ops.getField();
int numBits = ecParams.getOrder().bitLength();
int seedBits = numBits + 64;
int seedSize = (seedBits + 7) / 8;
byte[] privArr = generatePrivateScalar(random, ops, seedSize);
ECPoint genPoint = ecParams.getGenerator();
ImmutableIntegerModuloP x = field.getElement(genPoint.getAffineX());
ImmutableIntegerModuloP y = field.getElement(genPoint.getAffineY());
AffinePoint affGen = new AffinePoint(x, y);
Point pub = ops.multiply(affGen, privArr);
AffinePoint affPub = pub.asAffine();
PrivateKey privateKey = new ECPrivateKeyImpl(privArr, ecParams);
ECPoint w = new ECPoint(affPub.getX().asBigInteger(),
affPub.getY().asBigInteger());
PublicKey publicKey = new ECPublicKeyImpl(w, ecParams);
return Optional.of(new KeyPair(publicKey, privateKey));
}
private KeyPair generateKeyPairNative(SecureRandom random)
throws Exception {
ECParameterSpec ecParams = (ECParameterSpec) params;
byte[] encodedParams = ECUtil.encodeECParameterSpec(null, ecParams);
// seed is twice the key size (in bytes) plus 1
byte[] seed = new byte[(((keySize + 7) >> 3) + 1) * 2];
random.nextBytes(seed);
Object[] keyBytes = generateECKeyPair(keySize, encodedParams, seed);
// The 'params' object supplied above is equivalent to the native
// one so there is no need to fetch it.
// keyBytes[0] is the encoding of the native private key
BigInteger s = new BigInteger(1, (byte[]) keyBytes[0]);
PrivateKey privateKey = new ECPrivateKeyImpl(s, ecParams);
// keyBytes[1] is the encoding of the native public key
byte[] pubKey = (byte[]) keyBytes[1];
ECPoint w = ECUtil.decodePoint(pubKey, ecParams.getCurve());
PublicKey publicKey = new ECPublicKeyImpl(w, ecParams);
return new KeyPair(publicKey, privateKey);
}
private void checkKeySize(int keySize) throws InvalidParameterException {
if (keySize < KEY_SIZE_MIN) {
throw new InvalidParameterException
("Key size must be at least " + KEY_SIZE_MIN + " bits");
}
if (keySize > KEY_SIZE_MAX) {
throw new InvalidParameterException
("Key size must be at most " + KEY_SIZE_MAX + " bits");
}
this.keySize = keySize;
}
Checks whether the curve in the encoded parameters is supported by the
native implementation. Some curve operations will be performed by the
Java implementation, but not all of them. So native support is still
required for all curves.
Params: - encodedParams – encoded parameters in the same form accepted
by generateECKeyPair
Returns: true if and only if generateECKeyPair will succeed for
the supplied parameters
/**
* Checks whether the curve in the encoded parameters is supported by the
* native implementation. Some curve operations will be performed by the
* Java implementation, but not all of them. So native support is still
* required for all curves.
*
* @param encodedParams encoded parameters in the same form accepted
* by generateECKeyPair
* @return true if and only if generateECKeyPair will succeed for
* the supplied parameters
*/
private static native boolean isCurveSupported(byte[] encodedParams);
/*
* Generates the keypair and returns a 2-element array of encoding bytes.
* The first one is for the private key, the second for the public key.
*/
private static native Object[] generateECKeyPair(int keySize,
byte[] encodedParams, byte[] seed) throws GeneralSecurityException;
}