1 package org.bouncycastle.jcajce.provider.asymmetric.dsa; 2 3 import java.security.AlgorithmParameters; 4 import java.security.InvalidAlgorithmParameterException; 5 import java.security.InvalidParameterException; 6 import java.security.SecureRandom; 7 import java.security.spec.AlgorithmParameterSpec; 8 import java.security.spec.DSAParameterSpec; 9 10 import org.bouncycastle.crypto.digests.SHA256Digest; 11 import org.bouncycastle.crypto.generators.DSAParametersGenerator; 12 import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; 13 import org.bouncycastle.crypto.params.DSAParameters; 14 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi; 15 import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator; 16 17 public class AlgorithmParameterGeneratorSpi 18 extends BaseAlgorithmParameterGeneratorSpi 19 { 20 protected SecureRandom random; 21 // Android-changed: Change default strength to 1024 22 // In 1.57, the default strength was changed to 2048. We keep it at 1024 for app 23 // compatibility, particularly because the default digest (SHA-1) doesn't have 24 // a sufficiently long digest to work with 2048-bit keys. 25 protected int strength = 1024; 26 protected DSAParameterGenerationParameters params; 27 28 protected void engineInit( 29 int strength, 30 SecureRandom random) 31 { 32 if (strength < 512 || strength > 3072) 33 { 34 throw new InvalidParameterException("strength must be from 512 - 3072"); 35 } 36 37 if (strength <= 1024 && strength % 64 != 0) 38 { 39 throw new InvalidParameterException("strength must be a multiple of 64 below 1024 bits."); 40 } 41 42 if (strength > 1024 && strength % 1024 != 0) 43 { 44 throw new InvalidParameterException("strength must be a multiple of 1024 above 1024 bits."); 45 } 46 47 this.strength = strength; 48 this.random = random; 49 } 50 51 protected void engineInit( 52 AlgorithmParameterSpec genParamSpec, 53 SecureRandom random) 54 throws InvalidAlgorithmParameterException 55 { 56 throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DSA parameter generation."); 57 } 58 59 protected AlgorithmParameters engineGenerateParameters() 60 { 61 DSAParametersGenerator pGen; 62 63 if (strength <= 1024) 64 { 65 pGen = new DSAParametersGenerator(); 66 } 67 else 68 { 69 pGen = new DSAParametersGenerator(new SHA256Digest()); 70 } 71 72 if (random == null) 73 { 74 random = new SecureRandom(); 75 } 76 77 int certainty = PrimeCertaintyCalculator.getDefaultCertainty(strength); 78 79 if (strength == 1024) 80 { 81 params = new DSAParameterGenerationParameters(1024, 160, certainty, random); 82 pGen.init(params); 83 } 84 else if (strength > 1024) 85 { 86 params = new DSAParameterGenerationParameters(strength, 256, certainty, random); 87 pGen.init(params); 88 } 89 else 90 { 91 pGen.init(strength, certainty, random); 92 } 93 94 DSAParameters p = pGen.generateParameters(); 95 96 AlgorithmParameters params; 97 98 try 99 { 100 params = createParametersInstance("DSA"); 101 params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG())); 102 } 103 catch (Exception e) 104 { 105 throw new RuntimeException(e.getMessage()); 106 } 107 108 return params; 109 } 110 } 111