DHKeyAgreement


1   /*
2     Name:         DHKeyAgreement.java
3     Licensing:    LGPL
4   
5     API:          Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
6     Provider:     Bouncy Castle (http://www.bouncycastle.org)
7   
8     Disclaimer:
9   
10    COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
11    EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
12    IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
13    RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
14    PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
15    ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
16    CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
17    HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
18  
19    (C) Copyright 2003 Gert Van Ham
20  */
21  
22  package net.sourceforge.jcetaglib.lib;
23  
24  import org.bouncycastle.jce.provider.BouncyCastleProvider;
25  
26  import javax.crypto.KeyAgreement;
27  import javax.crypto.spec.DHParameterSpec;
28  import javax.crypto.spec.SecretKeySpec;
29  import java.math.BigInteger  ;
30  import java.security.*;
31  import java.security.spec.InvalidKeySpecException  ;
32  import java.security.spec.X509EncodedKeySpec  ;
33  
34  /**
35   * Diffie-Hellman key agreement
36   *
37   * @author Gert Van Ham
38   * @author hamgert@users.sourceforge.net
39   * @author http://jcetaglib.sourceforge.net
40   * @version $Id: DHKeyAgreement.java,v 1.3 2004/04/15 07:28:25 hamgert Exp $
41   */
42  public class DHKeyAgreement {
43      /**
44       *  Static variables for 1024 bit Diffie-Hellman algorithm.
45       *
46       *  This is required to have matching moduli between client
47       *  and server. The values are unimportant, they simply must match.
48       *  Ideally, everyone would agree on standard moduli, like SKIP,
49       *  the Simple Key management for Internet Protocols spec.
50       *
51       *  You can get more info from http://www.skip.org
52       */
53      private static final byte SKIP_1024_MODULUS_BYTES[] = {
54          (byte) 0xF4, (byte) 0x88, (byte) 0xFD, (byte) 0x58,
55          (byte) 0x4E, (byte) 0x49, (byte) 0xDB, (byte) 0xCD,
56          (byte) 0x20, (byte) 0xB4, (byte) 0x9D, (byte) 0xE4,
57          (byte) 0x91, (byte) 0x07, (byte) 0x36, (byte) 0x6B,
58          (byte) 0x33, (byte) 0x6C, (byte) 0x38, (byte) 0x0D,
59          (byte) 0x45, (byte) 0x1D, (byte) 0x0F, (byte) 0x7C,
60          (byte) 0x88, (byte) 0xB3, (byte) 0x1C, (byte) 0x7C,
61          (byte) 0x5B, (byte) 0x2D, (byte) 0x8E, (byte) 0xF6,
62          (byte) 0xF3, (byte) 0xC9, (byte) 0x23, (byte) 0xC0,
63          (byte) 0x43, (byte) 0xF0, (byte) 0xA5, (byte) 0x5B,
64          (byte) 0x18, (byte) 0x8D, (byte) 0x8E, (byte) 0xBB,
65          (byte) 0x55, (byte) 0x8C, (byte) 0xB8, (byte) 0x5D,
66          (byte) 0x38, (byte) 0xD3, (byte) 0x34, (byte) 0xFD,
67          (byte) 0x7C, (byte) 0x17, (byte) 0x57, (byte) 0x43,
68          (byte) 0xA3, (byte) 0x1D, (byte) 0x18, (byte) 0x6C,
69          (byte) 0xDE, (byte) 0x33, (byte) 0x21, (byte) 0x2C,
70          (byte) 0xB5, (byte) 0x2A, (byte) 0xFF, (byte) 0x3C,
71          (byte) 0xE1, (byte) 0xB1, (byte) 0x29, (byte) 0x40,
72          (byte) 0x18, (byte) 0x11, (byte) 0x8D, (byte) 0x7C,
73          (byte) 0x84, (byte) 0xA7, (byte) 0x0A, (byte) 0x72,
74          (byte) 0xD6, (byte) 0x86, (byte) 0xC4, (byte) 0x03,
75          (byte) 0x19, (byte) 0xC8, (byte) 0x07, (byte) 0x29,
76          (byte) 0x7A, (byte) 0xCA, (byte) 0x95, (byte) 0x0C,
77          (byte) 0xD9, (byte) 0x96, (byte) 0x9F, (byte) 0xAB,
78          (byte) 0xD0, (byte) 0x0A, (byte) 0x50, (byte) 0x9B,
79          (byte) 0x02, (byte) 0x46, (byte) 0xD3, (byte) 0x08,
80          (byte) 0x3D, (byte) 0x66, (byte) 0xA4, (byte) 0x5D,
81          (byte) 0x41, (byte) 0x9F, (byte) 0x9C, (byte) 0x7C,
82          (byte) 0xBD, (byte) 0x89, (byte) 0x4B, (byte) 0x22,
83          (byte) 0x19, (byte) 0x26, (byte) 0xBA, (byte) 0xAB,
84          (byte) 0xA2, (byte) 0x5E, (byte) 0xC3, (byte) 0x55,
85          (byte) 0xE9, (byte) 0x2F, (byte) 0x78, (byte) 0xC7
86      };
87  
88      /**
89       *  Transform the representation above to a BigInteger.
90       */
91      private static final BigInteger   MODULUS = new BigInteger  
92              (1, SKIP_1024_MODULUS_BYTES);
93  
94      /**
95       *  The Base we're going to use is 2, as defined in SKIP.
96       */
97      private static final BigInteger   BASE = BigInteger.valueOf(2);
98  
99      /**
100      *  This wraps the parameters above into one object.
101      */
102     private static final DHParameterSpec PARAMETER_SPEC =
103             new DHParameterSpec(MODULUS, BASE);
104 
105     /**
106      * Generate DH keypair based on SKIP Modulus
107      *
108      * @return DH keypair
109      * @throws NoSuchAlgorithmException unknown algorithm
110      * @throws NoSuchProviderException unknown provider
111      * @throws InvalidAlgorithmParameterException
112      */
113     public static KeyPair generateDHKeyPair()
114             throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
115 
116         Security.addProvider(new BouncyCastleProvider());
117 
118         KeyPairGenerator g = KeyPairGenerator.getInstance("DH", "BC");
119         g.initialize(PARAMETER_SPEC);
120 
121         return g.generateKeyPair();
122     }
123 
124     /**
125      * Create session key from DH keypair
126      *
127      * @param pubkey public key other party
128      * @param privkey own private key
129      * @param algorithm block cipher algorithm
130      * @param length block cipher length in bits
131      * @return session key
132      * @throws NoSuchAlgorithmException unknown algorithm
133      * @throws InvalidKeyException key is not valid
134      */
135     public static Key generateSessionKey(PublicKey pubkey
136                                          , PrivateKey privkey
137                                          , String   algorithm
138                                          , int length) throws NoSuchAlgorithmException, InvalidKeyException {
139 
140         Security.addProvider(new BouncyCastleProvider());
141 
142         KeyAgreement ka = KeyAgreement.getInstance("DH");
143         ka.init(privkey);
144         ka.doPhase(pubkey, true);
145 
146         byte[] sessionKeyBytes = ka.generateSecret();
147 
148         // Create the session key
149         byte[] newBytes = new byte[length / 8];
150         System.arraycopy(sessionKeyBytes, 0, newBytes, 0, length / 8);
151 
152         Key sessionKey = new SecretKeySpec(newBytes, algorithm);
153 
154         Clean.blank(sessionKeyBytes);
155         Clean.blank(newBytes);
156 
157         return sessionKey;
158     }
159 
160     /**
161      * get a byte presentation of a PublicKey object
162      *
163      * @param pub the public key
164      * @return byte representation of a public key
165      */
166     public static byte[] publicKeyToBytes(PublicKey pub) {
167         return pub.getEncoded();
168     }
169 
170     /**
171      * convert byte representation of a public key to a PublicKey object
172      *
173      * @param keyBytes byte representation of a public key
174      * @return PublicKey object
175      * @throws NoSuchAlgorithmException unknown algorithm
176      * @throws InvalidKeySpecException
177      */
178     public static PublicKey bytesToPublicKey(byte[] keyBytes)
179             throws NoSuchAlgorithmException, InvalidKeySpecException   {
180         KeyFactory kf = KeyFactory.getInstance("DH");
181         X509EncodedKeySpec   x509Spec = new X509EncodedKeySpec  (keyBytes);
182         return kf.generatePublic(x509Spec);
183     }
184 }
185
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags