com.intel.crypto
Class RsaAlg
- java.lang.Object
-
- com.intel.crypto.RsaAlg
-
public abstract class RsaAlg extends java.lang.Object implements Cipher, Signature
This abstract class represents RSA encryption and signing algorithms. This class implements both the cipher and signature interfaces and allows to instantiate an RSA implementation class through the
create
method. All methods in this class are independent. No state is maintained between calling one method and another.The following encryption and signing algorithms are supported by this class:
- Raw RSA encryption with 1024, 2048 and 4096 bit keys
- RSA encryption with 1024, 2048 and 4096 bit keys and PKCS1 padding scheme
- RSA encryption with 1024, 2048 and 4096 bit keys and OAEP padding scheme
- RSA signing with 1024, 2048 and 4096 bit keys, SHA1 and SHA256 hashing algorithms and PKCS1 padding scheme.
- Keys (using
setKey
orgenerateKeys
methods): public key for encryption or signature verification or private key for decryption or signing. - Padding scheme (using
setPadding
method). - Hash algorithm (using
setHashAlg
method) for signing or signature verification.
-
-
Field Summary
Fields Modifier and Type Field and Description static short
HASH_TYPE_SHA1
SHA1 hash algorithm.static short
HASH_TYPE_SHA256
SHA256 hash algorithm.static short
PAD_TYPE_NONE
No padding.static short
PAD_TYPE_OAEP
OAEP padding scheme.static short
PAD_TYPE_PKCS1
PKCS1 padding scheme.static short
PRIVATE_KEY_COMPONENT_TYPE_COEFFICIENT
The private key component - coefficientstatic short
PRIVATE_KEY_COMPONENT_TYPE_DP
The private key component - dPstatic short
PRIVATE_KEY_COMPONENT_TYPE_DQ
The private key component - dQstatic short
PRIVATE_KEY_COMPONENT_TYPE_P
The private key component - prime pstatic short
PRIVATE_KEY_COMPONENT_TYPE_Q
The private key component - prime q
-
Method Summary
Methods Modifier and Type Method and Description static RsaAlg
create()
Factory method for creating a concrete instance.abstract short
decryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
Decrypts the provided input data using the key currently stored by the instance.abstract short
encryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
Encrypts the provided input data using the key currently stored by the instance.abstract void
generateKeys(short modulusSize)
Generates RSA public and private keys for the provided modulus size and stores them internally in the instance.abstract short
getHashAlg()
Obtains the hash algorithm which is currently used by this instance during signing operations.abstract void
getKey(byte[] mod, short modIndex, byte[] e, short eIndex)
Obtains the RSA public key which is stored in this instance.abstract void
getKey(byte[] mod, short modIndex, byte[] e, short eIndex, byte[] d, short dIndex)
Obtains the RSA public and private keys which is stored in this instance.abstract short
getModulusSize()
Returns the RSA key modulus (N) size currently used by this instance.abstract short
getPaddingScheme()
Obtains the padding scheme which is currently used by this instance during encrypt, decrypt, sign and verify operations.abstract short
getPrivateExponentSize()
Returns the RSA key private exponent (D) size currently used by this instance.abstract void
getPrivateKeyComponents(byte[] p, short pIndex, byte[] q, short qIndex, byte[] dP, short dPIndex, byte[] dQ, short dQIndex, byte[] coefficient, short coefficientIndex)
Get the private key components created during key generationabstract short
getPrivateKeyComponentSize(short type)
Returns the RSA private key component size according to the type (one of PRIVATE_KEY_COMPONENT_X)abstract short
getPublicExponentSize()
Returns the RSA key public exponent (E) size currently used by this instance.abstract void
setHashAlg(short hashAlgType)
Sets the hash algorithm to be used by this instance during signing operations.abstract void
setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength)
Sets the RSA public key to be used by this instance.abstract void
setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength, byte[] d, short dIndex, short dLength)
Sets the RSA public and private keys to be used by this instance.abstract void
setPaddingScheme(short paddingType)
Sets the padding scheme to be used by this instance during subsequent encrypt, decrypt, sign and verify operations.abstract short
signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex)
Signs the provided input data using the key currently stored by the instance.abstract short
signHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex)
Signs the provided already hashed data using the key currently stored in the instance.abstract boolean
verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength)
Verifies the signature on the provided input data using the key currently stored by the instance.abstract boolean
verifyHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex, short signatureLength)
Verifies the signature on the provided already hashed input data using the key currently stored in the instance.-
Methods inherited from interface com.intel.crypto.Signature
getSignatureLength
-
-
-
-
Field Detail
-
PAD_TYPE_NONE
public static final short PAD_TYPE_NONE
No padding. If this type of padding is configured, all input data for encryption/signing must be aligned with the key size.- See Also:
- Constant Field Values
-
PAD_TYPE_PKCS1
public static final short PAD_TYPE_PKCS1
PKCS1 padding scheme.- See Also:
- Constant Field Values
-
PAD_TYPE_OAEP
public static final short PAD_TYPE_OAEP
OAEP padding scheme.- See Also:
- Constant Field Values
-
HASH_TYPE_SHA1
public static final short HASH_TYPE_SHA1
SHA1 hash algorithm.- See Also:
- Constant Field Values
-
HASH_TYPE_SHA256
public static final short HASH_TYPE_SHA256
SHA256 hash algorithm.- See Also:
- Constant Field Values
-
PRIVATE_KEY_COMPONENT_TYPE_P
public static final short PRIVATE_KEY_COMPONENT_TYPE_P
The private key component - prime p- See Also:
- Constant Field Values
-
PRIVATE_KEY_COMPONENT_TYPE_Q
public static final short PRIVATE_KEY_COMPONENT_TYPE_Q
The private key component - prime q- See Also:
- Constant Field Values
-
PRIVATE_KEY_COMPONENT_TYPE_DP
public static final short PRIVATE_KEY_COMPONENT_TYPE_DP
The private key component - dP- See Also:
- Constant Field Values
-
PRIVATE_KEY_COMPONENT_TYPE_DQ
public static final short PRIVATE_KEY_COMPONENT_TYPE_DQ
The private key component - dQ- See Also:
- Constant Field Values
-
PRIVATE_KEY_COMPONENT_TYPE_COEFFICIENT
public static final short PRIVATE_KEY_COMPONENT_TYPE_COEFFICIENT
The private key component - coefficient- See Also:
- Constant Field Values
-
-
Method Detail
-
getModulusSize
public abstract short getModulusSize() throws CryptoException
Returns the RSA key modulus (N) size currently used by this instance.- Returns:
- Modulus size in bytes.
- Throws:
NotInitializedException
- if the key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
-
getPublicExponentSize
public abstract short getPublicExponentSize() throws CryptoException
Returns the RSA key public exponent (E) size currently used by this instance.- Returns:
- Public exponent size in bytes.
- Throws:
NotInitializedException
- if the key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
-
getPrivateExponentSize
public abstract short getPrivateExponentSize() throws CryptoException
Returns the RSA key private exponent (D) size currently used by this instance.- Returns:
- Private exponent size in bytes.
- Throws:
NotInitializedException
- if the private key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
-
generateKeys
public abstract void generateKeys(short modulusSize) throws CryptoException
Generates RSA public and private keys for the provided modulus size and stores them internally in the instance. Calling this method will override any other key (public or private) previously stored by this instance.- Parameters:
modulusSize
- the size of the key to generate in bytes- Throws:
NotSupportedException
- if the provided key size is not supported.CryptoException
-
setKey
public abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength) throws CryptoException
Sets the RSA public key to be used by this instance. Calling this method will override any other key (public or private) previously stored by this instance. The only public exponent supported is 65537.- Parameters:
mod
- RSA key modulus (N)modIndex
- index in the modulus arraymodLength
- modulus length in bytese
- RSA key public exponent (E)eIndex
- index in the public exponent arrayeLength
- public exponent length in bytes- Throws:
NotSupportedException
- if the provided key size is not supported, or if the public exponent is not 65537.CryptoException
-
setKey
public abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength, byte[] d, short dIndex, short dLength) throws CryptoException
Sets the RSA public and private keys to be used by this instance. Calling this method will override any other key (public or private) previously stored by this instance. The only public exponent supported is 65537.- Parameters:
mod
- RSA key modulus (N)modIndex
- index in the modulus arraymodLength
- modulus length in bytese
- RSA key public exponent (E)eIndex
- index in the public exponent arrayeLength
- public exponent length in bytesd
- RSA key private exponent (D)dIndex
- index in the private exponent arraydLength
- private exponent length in bytes- Throws:
NotSupportedException
- if the provided key size is not supported, or if the public exponent is not 65537.IllegalParameterException
- if the private exponent length is different than the modulus length.CryptoException
-
getKey
public abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex) throws CryptoException
Obtains the RSA public key which is stored in this instance. ThegetModulusSize
andgetPublicExponentSize
methods can be used to retrieve the required size of the output arrays.- Parameters:
mod
- an array to hold the RSA key modulus (N)modIndex
- index in the modulus arraye
- an array to hold the RSA key public exponent (E)eIndex
- index in the public exponent array- Throws:
NotInitializedException
- if the key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
-
getKey
public abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex, byte[] d, short dIndex) throws CryptoException
Obtains the RSA public and private keys which is stored in this instance.getModulusSize
,getPublicExponentSize
andgetPrivateExponentSize
methods can be used to retrieve the required size of the output arrays.- Parameters:
mod
- an array to hold the RSA key modulus (N)modIndex
- index in the modulus arraye
- an array to hold the RSA key public exponent (E)eIndex
- index in the public exponent arrayd
- an array to hold the RSA key private exponent (D)dIndex
- index in the private exponent array- Throws:
NotInitializedException
- if the private key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
-
setPaddingScheme
public abstract void setPaddingScheme(short paddingType) throws CryptoException
Sets the padding scheme to be used by this instance during subsequent encrypt, decrypt, sign and verify operations. For encryption the following padding schemes are supported:-
PAD_TYPE_NONE
-
PAD_TYPE_PKCS1
-
PAD_TYPE_OAEP
-
PAD_TYPE_PKCS1
- Parameters:
paddingType
- the padding scheme that will be used during subsequent operations- Throws:
NotSupportedException
- if the provided padding scheme is not supported.CryptoException
-
-
getPaddingScheme
public abstract short getPaddingScheme() throws CryptoException
Obtains the padding scheme which is currently used by this instance during encrypt, decrypt, sign and verify operations.- Returns:
- the padding scheme that is used during encryption and signing operations, see PAD_TYPE_... definitions above for possible values
- Throws:
NotInitializedException
- if the padding scheme was not set yet using thesetPaddingScheme
method.CryptoException
-
setHashAlg
public abstract void setHashAlg(short hashAlgType) throws CryptoException
Sets the hash algorithm to be used by this instance during signing operations.- Parameters:
hashAlgType
- the hash algorithm that will be used during signing operations, see HASH_TYPE_... definitions above for possible values- Throws:
NotSupportedException
- if the provided hashing algorithm is not supported.CryptoException
-
getHashAlg
public abstract short getHashAlg() throws CryptoException
Obtains the hash algorithm which is currently used by this instance during signing operations.- Returns:
- The hash algorithm that is used during signing operations, see HASH_TYPE_... definitions above for possible values
- Throws:
NotInitializedException
- if the hash algorithm was not set yet using thesetHashAlg
method.CryptoException
-
signHash
public abstract short signHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex) throws CryptoException
Signs the provided already hashed data using the key currently stored in the instance.- Parameters:
hash
- the input data to signhashIndex
- index in the input arrayhashLength
- input data lengthsignature
- an array to hold the output datasignatureIndex
- index in the output array- Returns:
- The length of the signature in bytes.
- Throws:
NotInitializedException
- if this instance is not configured correctly in order to generate a signature. For example, the private key, the padding scheme or the hash algorithm are not set.IllegalParameterException
- if the provided hash length does not match the hash algorithm set throughsetHashAlg
method.ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineCryptoException
-
verifyHash
public abstract boolean verifyHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex, short signatureLength) throws CryptoException
Verifies the signature on the provided already hashed input data using the key currently stored in the instance.- Parameters:
hash
- the hash that was signedhashIndex
- index in the hash arrayhashLength
- hash data lengthsignature
- the signature to verifysignatureIndex
- index in the signature arraysignatureLength
- signature length in bytes- Returns:
true
if the signature verified successfully,false
otherwise.- Throws:
NotInitializedException
- if this instance is not configured correctly in order to verify the signature. For example, the public key, the padding scheme or the hash algorithm are not set.IllegalParameterException
- if the provided hash length does not match the hash algorithm set throughsetHashAlg
method.ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineCryptoException
-
signComplete
public abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex) throws CryptoException
Signs the provided input data using the key currently stored by the instance.- Specified by:
signComplete
in interfaceSignature
- Parameters:
data
- the input data to signdataIndex
- index in the input arraydataLength
- input data lengthsignature
- an array to hold the output datasignatureIndex
- index in the output array- Returns:
- The number of bytes written into the signature array.
- Throws:
IllegalParameterException
- if the input data length is 0.NotSupportedException
- if the padding scheme is notPAD_TYPE_PKCS1
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineNotInitializedException
- if this instance is not configured correctly in order to generate a signature. For example, the key required for signing the data is not set.CryptoException
- if some unexpected error has occurred
-
verifyComplete
public abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength) throws CryptoException
Verifies the signature on the provided input data using the key currently stored by the instance.- Specified by:
verifyComplete
in interfaceSignature
- Parameters:
data
- the input data that was signeddataIndex
- index in the input arraydataLength
- input data lengthsignature
- the signature to verifysignatureIndex
- index in the signature arraysignatureLength
- signature length- Returns:
true
if the signature verified successfully,false
otherwise.- Throws:
IllegalParameterException
- if the input data length is 0.NotSupportedException
- if the padding scheme is notPAD_TYPE_PKCS1
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding)NotInitializedException
- if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.CryptoException
- if some unexpected error has occurred
-
encryptComplete
public abstract short encryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex) throws CryptoException
Encrypts the provided input data using the key currently stored by the instance.- Specified by:
encryptComplete
in interfaceCipher
- Parameters:
input
- the input data to encryptinputIndex
- index in the input arrayinputLength
- input data lengthoutput
- an array to hold the output dataoutputIndex
- index in the output array- Returns:
- The number of bytes returned in output array.
- Throws:
IllegalParameterException
- in the following cases:- If the input data length is 0.
- If the input data length is bigger than the configured key modulus size.
- If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineNotInitializedException
- if a required encryption parameter is not configured (for example, the key to be used for encryption)CryptoException
- if an internal error occurred
-
decryptComplete
public abstract short decryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex) throws CryptoException
Decrypts the provided input data using the key currently stored by the instance.- Specified by:
decryptComplete
in interfaceCipher
- Parameters:
input
- the input data to decryptinputIndex
- index in the input arrayinputLength
- input data lengthoutput
- an array to hold the decrypted dataoutputIndex
- index in the output array- Returns:
- The number of bytes returned in output array.
- Throws:
IllegalParameterException
- in the following cases:- If the input data length is 0.
- If the input data length is bigger than the configured key modulus size.
- If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding)NotInitializedException
- if a required decryption parameter is not configured (for example, the key to be used for decryption)CryptoException
- if an internal error occurred
-
getPrivateKeyComponents
public abstract void getPrivateKeyComponents(byte[] p, short pIndex, byte[] q, short qIndex, byte[] dP, short dPIndex, byte[] dQ, short dQIndex, byte[] coefficient, short coefficientIndex) throws CryptoException
Get the private key components created during key generation- Parameters:
p
- the first prime. Must not be null.pIndex
- index of the first primeq
- the second prime. Must not be null.qIndex
- index of the second primedP
- the first private exponent (d mod p-1). Must not be null.dPIndex
- the first private exponent indexdQ
- the second private exponent (d mod q-1). Must not be null.dQIndex
- the second private exponent indexcoefficient
- the coefficient (q-1 mod p). Must not be null.coefficientIndex
- the coefficient index- Throws:
IllegalUseException
- if used when no key was generated, or key was replaced duringsetKey()
CryptoException
- for any other error
-
getPrivateKeyComponentSize
public abstract short getPrivateKeyComponentSize(short type) throws CryptoException
Returns the RSA private key component size according to the type (one of PRIVATE_KEY_COMPONENT_X)- Parameters:
type
- the type of the private key component whose size it returned- Returns:
- the RSA private key component according to type
- Throws:
IllegalParameterException
- if the type is illegalNotInitializedException
- if the private key components were not generatedCryptoException
- for any other error
-
create
public static final RsaAlg create()
Factory method for creating a concrete instance.- Returns:
RsaAlg
instance.
-
-