diff options
Diffstat (limited to 'core/src/main/java/org/spongycastle/crypto/generators/GOST3410KeyPairGenerator.java')
-rw-r--r-- | core/src/main/java/org/spongycastle/crypto/generators/GOST3410KeyPairGenerator.java | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/core/src/main/java/org/spongycastle/crypto/generators/GOST3410KeyPairGenerator.java b/core/src/main/java/org/spongycastle/crypto/generators/GOST3410KeyPairGenerator.java new file mode 100644 index 00000000..2929828b --- /dev/null +++ b/core/src/main/java/org/spongycastle/crypto/generators/GOST3410KeyPairGenerator.java @@ -0,0 +1,74 @@ +package org.spongycastle.crypto.generators; + +import org.spongycastle.crypto.AsymmetricCipherKeyPair; +import org.spongycastle.crypto.AsymmetricCipherKeyPairGenerator; +import org.spongycastle.crypto.KeyGenerationParameters; +import org.spongycastle.crypto.params.GOST3410KeyGenerationParameters; +import org.spongycastle.crypto.params.GOST3410Parameters; +import org.spongycastle.crypto.params.GOST3410PrivateKeyParameters; +import org.spongycastle.crypto.params.GOST3410PublicKeyParameters; +import org.spongycastle.math.ec.WNafUtil; + +import java.math.BigInteger; +import java.security.SecureRandom; + +/** + * a GOST3410 key pair generator. + * This generates GOST3410 keys in line with the method described + * in GOST R 34.10-94. + */ +public class GOST3410KeyPairGenerator + implements AsymmetricCipherKeyPairGenerator + { + private GOST3410KeyGenerationParameters param; + + public void init( + KeyGenerationParameters param) + { + this.param = (GOST3410KeyGenerationParameters)param; + } + + public AsymmetricCipherKeyPair generateKeyPair() + { + BigInteger p, q, a, x, y; + GOST3410Parameters GOST3410Params = param.getParameters(); + SecureRandom random = param.getRandom(); + + q = GOST3410Params.getQ(); + p = GOST3410Params.getP(); + a = GOST3410Params.getA(); + + int minWeight = 64; + for (;;) + { + x = new BigInteger(256, random); + + if (x.signum() < 1 || x.compareTo(q) >= 0) + { + continue; + } + + /* + * Require a minimum weight of the NAF representation, since low-weight primes may be + * weak against a version of the number-field-sieve for the discrete-logarithm-problem. + * + * See "The number field sieve for integers of low weight", Oliver Schirokauer. + */ + if (WNafUtil.getNafWeight(x) < minWeight) + { + continue; + } + + break; + } + + // + // calculate the public key. + // + y = a.modPow(x, p); + + return new AsymmetricCipherKeyPair( + new GOST3410PublicKeyParameters(y, GOST3410Params), + new GOST3410PrivateKeyParameters(x, GOST3410Params)); + } + } |