package org.bouncycastle.crypto.generators; import org.bouncycastle.crypto.params.GOST3410Parameters; import org.bouncycastle.crypto.params.GOST3410ValidationParameters; import java.math.BigInteger; import java.security.SecureRandom; /** * generate suitable parameters for GOST3410. */ public class GOST3410ParametersGenerator { private int size; private int typeproc; private SecureRandom init_random; private static final BigInteger ONE = BigInteger.valueOf(1); private static final BigInteger TWO = BigInteger.valueOf(2); /** * initialise the key generator. * * @param size size of the key * @param typeproc type procedure A,B = 1; A',B' - else * @param random random byte source. */ public void init( int size, int typeproc, SecureRandom random) { this.size = size; this.typeproc = typeproc; this.init_random = random; } //Procedure A private int procedure_A(int x0, int c, BigInteger[] pq, int size) { //Verify and perform condition: 0<x<2^16; 0<c<2^16; c - odd. while(x0<0 || x0>65536) { x0 = init_random.nextInt()/32768; } while((c<0 || c>65536) || (c/2==0)) { c = init_random.nextInt()/32768 + 1; } BigInteger C = new BigInteger(Integer.toString(c)); BigInteger constA16 = new BigInteger("19381"); //step1 BigInteger[] y = new BigInteger[1]; // begin length = 1 y[0] = new BigInteger(Integer.toString(x0)); //step 2 int[] t = new int[1]; // t - orders; begin length = 1 t[0] = size; int s = 0; for (int i=0; t[i]>=17; i++) { // extension array t int tmp_t[] = new int[t.length + 1]; /////////////// System.arraycopy(t,0,tmp_t,0,t.length); // extension t = new int[tmp_t.length]; // array t System.arraycopy(tmp_t, 0, t, 0, tmp_t.length); /////////////// t[i+1] = t[i]/2; s = i+1; } //step3 BigInteger p[] = new BigInteger[s+1]; p[s] = new BigInteger("8003",16); //set min prime number length 16 bit int m = s-1; //step4 for (int i=0; i<s; i++) { int rm = t[m]/16; //step5 step6: for(;;) { //step 6 BigInteger tmp_y[] = new BigInteger[y.length]; //////////////// System.arraycopy(y,0,tmp_y,0,y.length); // extension y = new BigInteger[rm+1]; // array y System.arraycopy(tmp_y,0,y,0,tmp_y.length); //////////////// for (int j=0; j<rm; j++) { y[j+1] = (y[j].multiply(constA16).add(C)).mod(TWO.pow(16)); } //step 7 BigInteger Ym = new BigInteger("0"); for (int j=0; j<rm; j++) { Ym = Ym.add(y[j].multiply(TWO.pow(16*j))); } y[0] = y[rm]; //step 8 //step 9 BigInteger N = TWO.pow(t[m]-1).divide(p[m+1]). add((TWO.pow(t[m]-1).multiply(Ym)). divide(p[m+1].multiply(TWO.pow(16*rm)))); if (N.mod(TWO).compareTo(ONE)==0) { N = N.add(ONE); } int k = 0; //step 10 step11: for(;;) { //step 11 p[m] = p[m+1].multiply(N.add(BigInteger.valueOf(k))).add(ONE); if (p[m].compareTo(TWO.pow(t[m]))==1) { continue step6; //step 12 } //step13 if ((TWO.modPow(p[m+1].multiply(N.add(BigInteger.valueOf(k))),p[m]).compareTo(ONE)==0) && (TWO.modPow(N.add(BigInteger.valueOf(k)),p[m]).compareTo(ONE)!=0)) { m -= 1; break; } else { k += 2; continue step11; } } if (m>=0) { break; //step 14 } else { pq[0] = p[0]; pq[1] = p[1]; return y[0].intValue(); //return for procedure B step 2 } } } return y[0].intValue(); } //Procedure A' private long procedure_Aa(long x0, long c, BigInteger[] pq, int size) { //Verify and perform condition: 0<x<2^32; 0<c<2^32; c - odd. while(x0<0 || x0>4294967296L) { x0 = init_random.nextInt()*2; } while((c<0 || c>4294967296L) || (c/2==0)) { c = init_random.nextInt()*2+1; } BigInteger C = new BigInteger(Long.toString(c)); BigInteger constA32 = new BigInteger("97781173"); //step1 BigInteger[] y = new BigInteger[1]; // begin length = 1 y[0] = new BigInteger(Long.toString(x0)); //step 2 int[] t = new int[1]; // t - orders; begin length = 1 t[0] = size; int s = 0; for (int i=0; t[i]>=33; i++) { // extension array t int tmp_t[] = new int[t.length + 1]; /////////////// System.arraycopy(t,0,tmp_t,0,t.length); // extension t = new int[tmp_t.length]; // array t System.arraycopy(tmp_t, 0, t, 0, tmp_t.length); /////////////// t[i+1] = t[i]/2; s = i+1; } //step3 BigInteger p[] = new BigInteger[s+1]; p[s] = new BigInteger("8000000B",16); //set min prime number length 32 bit int m = s-1; //step4 for (int i=0; i<s; i++) { int rm = t[m]/32; //step5 step6: for(;;) { //step 6 BigInteger tmp_y[] = new BigInteger[y.length]; //////////////// System.arraycopy(y,0,tmp_y,0,y.length); // extension y = new BigInteger[rm+1]; // array y System.arraycopy(tmp_y,0,y,0,tmp_y.length); //////////////// for (int j=0; j<rm; j++) { y[j+1] = (y[j].multiply(constA32).add(C)).mod(TWO.pow(32)); } //step 7 BigInteger Ym = new BigInteger("0"); for (int j=0; j<rm; j++) { Ym = Ym.add(y[j].multiply(TWO.pow(32*j))); } y[0] = y[rm]; //step 8 //step 9 BigInteger N = TWO.pow(t[m]-1).divide(p[m+1]). add((TWO.pow(t[m]-1).multiply(Ym)). divide(p[m+1].multiply(TWO.pow(32*rm)))); if (N.mod(TWO).compareTo(ONE)==0) { N = N.add(ONE); } int k = 0; //step 10 step11: for(;;) { //step 11 p[m] = p[m+1].multiply(N.add(BigInteger.valueOf(k))).add(ONE); if (p[m].compareTo(TWO.pow(t[m]))==1) { continue step6; //step 12 } //step13 if ((TWO.modPow(p[m+1].multiply(N.add(BigInteger.valueOf(k))),p[m]).compareTo(ONE)==0) && (TWO.modPow(N.add(BigInteger.valueOf(k)),p[m]).compareTo(ONE)!=0)) { m -= 1; break; } else { k += 2; continue step11; } } if (m>=0) { break; //step 14 } else { pq[0] = p[0]; pq[1] = p[1]; return y[0].longValue(); //return for procedure B' step 2 } } } return y[0].longValue(); } //Procedure B private void procedure_B(int x0, int c, BigInteger[] pq) { //Verify and perform condition: 0<x<2^16; 0<c<2^16; c - odd. while(x0<0 || x0>65536) { x0 = init_random.nextInt()/32768; } while((c<0 || c>65536) || (c/2==0)) { c = init_random.nextInt()/32768 + 1; } BigInteger [] qp = new BigInteger[2]; BigInteger q = null, Q = null, p = null; BigInteger C = new BigInteger(Integer.toString(c)); BigInteger constA16 = new BigInteger("19381"); //step1 x0 = procedure_A(x0, c, qp, 256); q = qp[0]; //step2 x0 = procedure_A(x0, c, qp, 512); Q = qp[0]; BigInteger[] y = new BigInteger[65]; y[0] = new BigInteger(Integer.toString(x0)); int tp = 1024; step3: for(;;) { //step 3 for (int j=0; j<64; j++) { y[j+1] = (y[j].multiply(constA16).add(C)).mod(TWO.pow(16)); } //step 4 BigInteger Y = new BigInteger("0"); for (int j=0; j<64; j++) { Y = Y.add(y[j].multiply(TWO.pow(16*j))); } y[0] = y[64]; //step 5 //step 6 BigInteger N = TWO.pow(tp-1).divide(q.multiply(Q)). add((TWO.pow(tp-1).multiply(Y)). divide(q.multiply(Q).multiply(TWO.pow(1024)))); if (N.mod(TWO).compareTo(ONE)==0) { N = N.add(ONE); } int k = 0; //step 7 step8: for(;;) { //step 11 p = q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))).add(ONE); if (p.compareTo(TWO.pow(tp))==1) { continue step3; //step 9 } //step10 if ((TWO.modPow(q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)==0) && (TWO.modPow(q.multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)!=0)) { pq[0] = p; pq[1] = q; return; } else { k += 2; continue step8; } } } } //Procedure B' private void procedure_Bb(long x0, long c, BigInteger[] pq) { //Verify and perform condition: 0<x<2^32; 0<c<2^32; c - odd. while(x0<0 || x0>4294967296L) { x0 = init_random.nextInt()*2; } while((c<0 || c>4294967296L) || (c/2==0)) { c = init_random.nextInt()*2+1; } BigInteger [] qp = new BigInteger[2]; BigInteger q = null, Q = null, p = null; BigInteger C = new BigInteger(Long.toString(c)); BigInteger constA32 = new BigInteger("97781173"); //step1 x0 = procedure_Aa(x0, c, qp, 256); q = qp[0]; //step2 x0 = procedure_Aa(x0, c, qp, 512); Q = qp[0]; BigInteger[] y = new BigInteger[33]; y[0] = new BigInteger(Long.toString(x0)); int tp = 1024; step3: for(;;) { //step 3 for (int j=0; j<32; j++) { y[j+1] = (y[j].multiply(constA32).add(C)).mod(TWO.pow(32)); } //step 4 BigInteger Y = new BigInteger("0"); for (int j=0; j<32; j++) { Y = Y.add(y[j].multiply(TWO.pow(32*j))); } y[0] = y[32]; //step 5 //step 6 BigInteger N = TWO.pow(tp-1).divide(q.multiply(Q)). add((TWO.pow(tp-1).multiply(Y)). divide(q.multiply(Q).multiply(TWO.pow(1024)))); if (N.mod(TWO).compareTo(ONE)==0) { N = N.add(ONE); } int k = 0; //step 7 step8: for(;;) { //step 11 p = q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))).add(ONE); if (p.compareTo(TWO.pow(tp))==1) { continue step3; //step 9 } //step10 if ((TWO.modPow(q.multiply(Q).multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)==0) && (TWO.modPow(q.multiply(N.add(BigInteger.valueOf(k))),p).compareTo(ONE)!=0)) { pq[0] = p; pq[1] = q; return; } else { k += 2; continue step8; } } } } /** * Procedure C * procedure generates the a value from the given p,q, * returning the a value. */ private BigInteger procedure_C(BigInteger p, BigInteger q) { BigInteger pSub1 = p.subtract(ONE); BigInteger pSub1DivQ = pSub1.divide(q); int length = p.bitLength(); for(;;) { BigInteger d = new BigInteger(length, init_random); // 1 < d < p-1 if (d.compareTo(ONE) > 0 && d.compareTo(pSub1) < 0) { BigInteger a = d.modPow(pSub1DivQ, p); if (a.compareTo(ONE) != 0) { return a; } } } } /** * which generates the p , q and a values from the given parameters, * returning the GOST3410Parameters object. */ public GOST3410Parameters generateParameters() { BigInteger [] pq = new BigInteger[2]; BigInteger q = null, p = null, a = null; int x0, c; long x0L, cL; if (typeproc==1) { x0 = init_random.nextInt(); c = init_random.nextInt(); switch(size) { case 512: procedure_A(x0, c, pq, 512); break; case 1024: procedure_B(x0, c, pq); break; default: throw new IllegalArgumentException("Ooops! key size 512 or 1024 bit."); } p = pq[0]; q = pq[1]; a = procedure_C(p, q); //System.out.println("p:"+p.toString(16)+"\n"+"q:"+q.toString(16)+"\n"+"a:"+a.toString(16)); //System.out.println("p:"+p+"\n"+"q:"+q+"\n"+"a:"+a); return new GOST3410Parameters(p, q, a, new GOST3410ValidationParameters(x0, c)); } else { x0L = init_random.nextLong(); cL = init_random.nextLong(); switch(size) { case 512: procedure_Aa(x0L, cL, pq, 512); break; case 1024: procedure_Bb(x0L, cL, pq); break; default: throw new IllegalStateException("Ooops! key size 512 or 1024 bit."); } p = pq[0]; q = pq[1]; a = procedure_C(p, q); //System.out.println("p:"+p.toString(16)+"\n"+"q:"+q.toString(16)+"\n"+"a:"+a.toString(16)); //System.out.println("p:"+p+"\n"+"q:"+q+"\n"+"a:"+a); return new GOST3410Parameters(p, q, a, new GOST3410ValidationParameters(x0L, cL)); } } }