/*
  Name:         DHKeyAgreement.java
  Licensing:    LGPL

  API:          Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
  Provider:     Bouncy Castle (http://www.bouncycastle.org)

  Disclaimer:

  COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
  EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
  IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
  RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
  PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
  ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
  CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
  HEREUNDER EXCEPT UNDER THIS DISCLAIMER.

  (C) Copyright 2003 Gert Van Ham
*/

package net.sourceforge.jcetaglib.lib;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.crypto.KeyAgreement;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;

/**
 * Diffie-Hellman key agreement
 *
 * @author Gert Van Ham
 * @author hamgert@users.sourceforge.net
 * @author http://jcetaglib.sourceforge.net
 * @version $Id: DHKeyAgreement.java,v 1.3 2004/04/15 07:28:25 hamgert Exp $
 */
public class DHKeyAgreement {
    /**
     *	Static variables for 1024 bit Diffie-Hellman algorithm.
     *
     *	This is required to have matching moduli between client
     *	and server. The values are unimportant, they simply must match.
     *	Ideally, everyone would agree on standard moduli, like SKIP,
     *	the Simple Key management for Internet Protocols spec.
     *
     *	You can get more info from http://www.skip.org
     */
    private static final byte SKIP_1024_MODULUS_BYTES[] = {
        (byte) 0xF4, (byte) 0x88, (byte) 0xFD, (byte) 0x58,
        (byte) 0x4E, (byte) 0x49, (byte) 0xDB, (byte) 0xCD,
        (byte) 0x20, (byte) 0xB4, (byte) 0x9D, (byte) 0xE4,
        (byte) 0x91, (byte) 0x07, (byte) 0x36, (byte) 0x6B,
        (byte) 0x33, (byte) 0x6C, (byte) 0x38, (byte) 0x0D,
        (byte) 0x45, (byte) 0x1D, (byte) 0x0F, (byte) 0x7C,
        (byte) 0x88, (byte) 0xB3, (byte) 0x1C, (byte) 0x7C,
        (byte) 0x5B, (byte) 0x2D, (byte) 0x8E, (byte) 0xF6,
        (byte) 0xF3, (byte) 0xC9, (byte) 0x23, (byte) 0xC0,
        (byte) 0x43, (byte) 0xF0, (byte) 0xA5, (byte) 0x5B,
        (byte) 0x18, (byte) 0x8D, (byte) 0x8E, (byte) 0xBB,
        (byte) 0x55, (byte) 0x8C, (byte) 0xB8, (byte) 0x5D,
        (byte) 0x38, (byte) 0xD3, (byte) 0x34, (byte) 0xFD,
        (byte) 0x7C, (byte) 0x17, (byte) 0x57, (byte) 0x43,
        (byte) 0xA3, (byte) 0x1D, (byte) 0x18, (byte) 0x6C,
        (byte) 0xDE, (byte) 0x33, (byte) 0x21, (byte) 0x2C,
        (byte) 0xB5, (byte) 0x2A, (byte) 0xFF, (byte) 0x3C,
        (byte) 0xE1, (byte) 0xB1, (byte) 0x29, (byte) 0x40,
        (byte) 0x18, (byte) 0x11, (byte) 0x8D, (byte) 0x7C,
        (byte) 0x84, (byte) 0xA7, (byte) 0x0A, (byte) 0x72,
        (byte) 0xD6, (byte) 0x86, (byte) 0xC4, (byte) 0x03,
        (byte) 0x19, (byte) 0xC8, (byte) 0x07, (byte) 0x29,
        (byte) 0x7A, (byte) 0xCA, (byte) 0x95, (byte) 0x0C,
        (byte) 0xD9, (byte) 0x96, (byte) 0x9F, (byte) 0xAB,
        (byte) 0xD0, (byte) 0x0A, (byte) 0x50, (byte) 0x9B,
        (byte) 0x02, (byte) 0x46, (byte) 0xD3, (byte) 0x08,
        (byte) 0x3D, (byte) 0x66, (byte) 0xA4, (byte) 0x5D,
        (byte) 0x41, (byte) 0x9F, (byte) 0x9C, (byte) 0x7C,
        (byte) 0xBD, (byte) 0x89, (byte) 0x4B, (byte) 0x22,
        (byte) 0x19, (byte) 0x26, (byte) 0xBA, (byte) 0xAB,
        (byte) 0xA2, (byte) 0x5E, (byte) 0xC3, (byte) 0x55,
        (byte) 0xE9, (byte) 0x2F, (byte) 0x78, (byte) 0xC7
    };

    /**
     *	Transform the representation above to a BigInteger.
     */
    private static final BigInteger MODULUS = new BigInteger
            (1, SKIP_1024_MODULUS_BYTES);

    /**
     *	The Base we're going to use is 2, as defined in SKIP.
     */
    private static final BigInteger BASE = BigInteger.valueOf(2);

    /**
     *	This wraps the parameters above into one object.
     */
    private static final DHParameterSpec PARAMETER_SPEC =
            new DHParameterSpec(MODULUS, BASE);

    /**
     * Generate DH keypair based on SKIP Modulus
     *
     * @return DH keypair
     * @throws NoSuchAlgorithmException unknown algorithm
     * @throws NoSuchProviderException unknown provider
     * @throws InvalidAlgorithmParameterException
     */
    public static KeyPair generateDHKeyPair()
            throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {

        Security.addProvider(new BouncyCastleProvider());

        KeyPairGenerator g = KeyPairGenerator.getInstance("DH", "BC");
        g.initialize(PARAMETER_SPEC);

        return g.generateKeyPair();
    }

    /**
     * Create session key from DH keypair
     *
     * @param pubkey public key other party
     * @param privkey own private key
     * @param algorithm block cipher algorithm
     * @param length block cipher length in bits
     * @return session key
     * @throws NoSuchAlgorithmException unknown algorithm
     * @throws InvalidKeyException key is not valid
     */
    public static Key generateSessionKey(PublicKey pubkey
                                         , PrivateKey privkey
                                         , String algorithm
                                         , int length) throws NoSuchAlgorithmException, InvalidKeyException {

        Security.addProvider(new BouncyCastleProvider());

        KeyAgreement ka = KeyAgreement.getInstance("DH");
        ka.init(privkey);
        ka.doPhase(pubkey, true);

        byte[] sessionKeyBytes = ka.generateSecret();

        // Create the session key
        byte[] newBytes = new byte[length / 8];
        System.arraycopy(sessionKeyBytes, 0, newBytes, 0, length / 8);

        Key sessionKey = new SecretKeySpec(newBytes, algorithm);

        Clean.blank(sessionKeyBytes);
        Clean.blank(newBytes);

        return sessionKey;
    }

    /**
     * get a byte presentation of a PublicKey object
     *
     * @param pub the public key
     * @return byte representation of a public key
     */
    public static byte[] publicKeyToBytes(PublicKey pub) {
        return pub.getEncoded();
    }

    /**
     * convert byte representation of a public key to a PublicKey object
     *
     * @param keyBytes byte representation of a public key
     * @return PublicKey object
     * @throws NoSuchAlgorithmException unknown algorithm
     * @throws InvalidKeySpecException
     */
    public static PublicKey bytesToPublicKey(byte[] keyBytes)
            throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory kf = KeyFactory.getInstance("DH");
        X509EncodedKeySpec x509Spec = new X509EncodedKeySpec(keyBytes);
        return kf.generatePublic(x509Spec);
    }
}