com.intel.crypto
Class RsaAlg
java.lang.Objectcom.intel.crypto.RsaAlg
This abstract class represents RSA encryption and signing algorithms.
This class implements both the cipher and signature interfaces and allows
to instantiate an RSA implementation class through the create
method. All methods in this class are independent. No state is maintained
between calling one method and another.
The following encryption and signing algorithms are supported by this class:
- Raw RSA encryption with 1024, 2048 and 4096 bit keys
- RSA encryption with 1024, 2048 and 4096 bit keys and PKCS1 padding scheme
- RSA encryption with 1024, 2048 and 4096 bit keys and OAEP padding scheme
- RSA signing with 1024, 2048 and 4096 bit keys, SHA1 and SHA256 hashing algorithms and PKCS1 padding scheme.
- Keys (using
setKey
orgenerateKeys
methods): public key for encryption or signature verification or private key for decryption or signing. - Padding scheme (using
setPadding
method). - Hash algorithm (using
setHashAlg
method) for signing or signature verification.
Field Summary | |
---|---|
static short |
HASH_TYPE_SHA1
SHA1 hash algorithm. |
static short |
HASH_TYPE_SHA256
SHA256 hash algorithm. |
static short |
PAD_TYPE_NONE
No padding. |
static short |
PAD_TYPE_OAEP
OAEP padding scheme. |
static short |
PAD_TYPE_PKCS1
PKCS1 padding scheme. |
Method Summary | |
---|---|
static RsaAlg |
create()
Factory method for creating a concrete instance. |
abstract short |
decryptComplete(byte[] input,
short inputIndex,
short inputLength,
byte[] output,
short outputIndex)
Decrypts the provided input data using the key currently stored by the instance. |
abstract short |
encryptComplete(byte[] input,
short inputIndex,
short inputLength,
byte[] output,
short outputIndex)
Encrypts the provided input data using the key currently stored by the instance. |
abstract void |
generateKeys(short modulusSize)
Generates RSA public and private keys for the provided modulus size and stores them internally in the instance. |
abstract short |
getHashAlg()
Obtains the hash algorithm which is currently used by this instance during signing operations. |
abstract void |
getKey(byte[] mod,
short modIndex,
byte[] e,
short eIndex)
Obtains the RSA public key which is stored in this instance. |
abstract void |
getKey(byte[] mod,
short modIndex,
byte[] e,
short eIndex,
byte[] d,
short dIndex)
Obtains the RSA public and private keys which is stored in this instance. |
abstract short |
getModulusSize()
Returns the RSA key modulus (N) size currently used by this instance. |
abstract short |
getPaddingScheme()
Obtains the padding scheme which is currently used by this instance during encrypt, decrypt, sign and verify operations. |
abstract short |
getPrivateExponentSize()
Returns the RSA key private exponent (D) size currently used by this instance. |
abstract short |
getPublicExponentSize()
Returns the RSA key public exponent (E) size currently used by this instance. |
abstract void |
setHashAlg(short hashAlgType)
Sets the hash algorithm to be used by this instance during signing operations. |
abstract void |
setKey(byte[] mod,
short modIndex,
short modLength,
byte[] e,
short eIndex,
short eLength)
Sets the RSA public key to be used by this instance. |
abstract void |
setKey(byte[] mod,
short modIndex,
short modLength,
byte[] e,
short eIndex,
short eLength,
byte[] d,
short dIndex,
short dLength)
Sets the RSA public and private keys to be used by this instance. |
abstract void |
setPaddingScheme(short paddingType)
Sets the padding scheme to be used by this instance during subsequent encrypt, decrypt, sign and verify operations. |
abstract short |
signComplete(byte[] data,
short dataIndex,
short dataLength,
byte[] signature,
short signatureIndex)
Signs the provided input data using the key currently stored by the instance. |
abstract short |
signHash(byte[] hash,
short hashIndex,
short hashLength,
byte[] signature,
short signatureIndex)
Signs the provided already hashed data using the key currently stored in the instance. |
abstract boolean |
verifyComplete(byte[] data,
short dataIndex,
short dataLength,
byte[] signature,
short signatureIndex,
short signatureLength)
Verifies the signature on the provided input data using the key currently stored by the instance. |
abstract boolean |
verifyHash(byte[] hash,
short hashIndex,
short hashLength,
byte[] signature,
short signatureIndex,
short signatureLength)
Verifies the signature on the provided already hashed input data using the key currently stored in the instance. |
Methods inherited from class java.lang.Object |
---|
equals, hashCode, toString |
Methods inherited from interface com.intel.crypto.Signature |
---|
getSignatureLength |
Field Detail |
---|
PAD_TYPE_NONE
public static final short PAD_TYPE_NONE
- No padding.
If this type of padding is configured, all input data for encryption/signing
must be aligned with the key size.
- See Also:
- Constant Field Values
PAD_TYPE_PKCS1
public static final short PAD_TYPE_PKCS1
- PKCS1 padding scheme.
- See Also:
- Constant Field Values
PAD_TYPE_OAEP
public static final short PAD_TYPE_OAEP
- OAEP padding scheme.
- See Also:
- Constant Field Values
HASH_TYPE_SHA1
public static final short HASH_TYPE_SHA1
- SHA1 hash algorithm.
- See Also:
- Constant Field Values
HASH_TYPE_SHA256
public static final short HASH_TYPE_SHA256
- SHA256 hash algorithm.
- See Also:
- Constant Field Values
Method Detail |
---|
getModulusSize
public abstract short getModulusSize() throws CryptoException
- Returns the RSA key modulus (N) size currently used by this instance.
- Returns:
- Modulus size in bytes.
- Throws:
NotInitializedException
- if the key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
getPublicExponentSize
public abstract short getPublicExponentSize() throws CryptoException
- Returns the RSA key public exponent (E) size currently used by this instance.
- Returns:
- Public exponent size in bytes.
- Throws:
NotInitializedException
- if the key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
getPrivateExponentSize
public abstract short getPrivateExponentSize() throws CryptoException
- Returns the RSA key private exponent (D) size currently used by this instance.
- Returns:
- Private exponent size in bytes.
- Throws:
NotInitializedException
- if the private key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
generateKeys
public abstract void generateKeys(short modulusSize) throws CryptoException
- Generates RSA public and private keys for the provided modulus size
and stores them internally in the instance.
Calling this method will override any other key (public or private)
previously stored by this instance.
- Parameters:
modulusSize
- the size of the key to generate in bytes- Throws:
NotSupportedException
- if the provided key size is not supported.CryptoException
setKey
public abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength) throws CryptoException
- Sets the RSA public key to be used by this instance.
Calling this method will override any other key (public or private)
previously stored by this instance. The only public exponent supported
is 65537.
- Parameters:
mod
- RSA key modulus (N)modIndex
- index in the modulus arraymodLength
- modulus length in bytese
- RSA key public exponent (E)eIndex
- index in the public exponent arrayeLength
- public exponent length in bytes- Throws:
NotSupportedException
- if the provided key size is not supported, or if the public exponent is not 65537.CryptoException
setKey
public abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength, byte[] d, short dIndex, short dLength) throws CryptoException
- Sets the RSA public and private keys to be used by this instance.
Calling this method will override any other key (public or private)
previously stored by this instance. The only public exponent supported
is 65537.
- Parameters:
mod
- RSA key modulus (N)modIndex
- index in the modulus arraymodLength
- modulus length in bytese
- RSA key public exponent (E)eIndex
- index in the public exponent arrayeLength
- public exponent length in bytesd
- RSA key private exponent (D)dIndex
- index in the private exponent arraydLength
- private exponent length in bytes- Throws:
NotSupportedException
- if the provided key size is not supported, or if the public exponent is not 65537.IllegalParameterException
- if the private exponent length is different than the modulus length.CryptoException
getKey
public abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex) throws CryptoException
- Obtains the RSA public key which is stored in this instance.
The
getModulusSize
andgetPublicExponentSize
methods can be used to retrieve the required size of the output arrays.- Parameters:
mod
- an array to hold the RSA key modulus (N)modIndex
- index in the modulus arraye
- an array to hold the RSA key public exponent (E)eIndex
- index in the public exponent array- Throws:
NotInitializedException
- if the key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
getKey
public abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex, byte[] d, short dIndex) throws CryptoException
- Obtains the RSA public and private keys which is stored in this instance.
getModulusSize
,getPublicExponentSize
andgetPrivateExponentSize
methods can be used to retrieve the required size of the output arrays.- Parameters:
mod
- an array to hold the RSA key modulus (N)modIndex
- index in the modulus arraye
- an array to hold the RSA key public exponent (E)eIndex
- index in the public exponent arrayd
- an array to hold the RSA key private exponent (D)dIndex
- index in the private exponent array- Throws:
NotInitializedException
- if the private key was not set yet usingsetKey
orgenerateKeys
methods.CryptoException
setPaddingScheme
public abstract void setPaddingScheme(short paddingType) throws CryptoException
- Sets the padding scheme to be used by this instance during subsequent
encrypt, decrypt, sign and verify operations.
For encryption the following padding schemes are supported:
-
PAD_TYPE_NONE
-
PAD_TYPE_PKCS1
-
PAD_TYPE_OAEP
-
PAD_TYPE_PKCS1
- Parameters:
paddingType
- the padding scheme that will be used during subsequent operations- Throws:
NotSupportedException
- if the provided padding scheme is not supported.CryptoException
-
getPaddingScheme
public abstract short getPaddingScheme() throws CryptoException
- Obtains the padding scheme which is currently used by this instance during
encrypt, decrypt, sign and verify operations.
- Returns:
- the padding scheme that is used during encryption and signing operations, see PAD_TYPE_... definitions above for possible values
- Throws:
NotInitializedException
- if the padding scheme was not set yet using thesetPaddingScheme
method.CryptoException
setHashAlg
public abstract void setHashAlg(short hashAlgType) throws CryptoException
- Sets the hash algorithm to be used by this instance during signing operations.
- Parameters:
hashAlgType
- the hash algorithm that will be used during signing operations, see HASH_TYPE_... definitions above for possible values- Throws:
NotSupportedException
- if the provided hashing algorithm is not supported.CryptoException
getHashAlg
public abstract short getHashAlg() throws CryptoException
- Obtains the hash algorithm which is currently used by this instance during signing operations.
- Returns:
- The hash algorithm that is used during signing operations, see HASH_TYPE_... definitions above for possible values
- Throws:
NotInitializedException
- if the hash algorithm was not set yet using thesetHashAlg
method.CryptoException
signHash
public abstract short signHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex) throws CryptoException
- Signs the provided already hashed data using the key currently stored in the instance.
- Parameters:
hash
- the input data to signhashIndex
- index in the input arrayhashLength
- input data lengthsignature
- an array to hold the output datasignatureIndex
- index in the output array- Returns:
- The length of the signature in bytes.
- Throws:
NotInitializedException
- if this instance is not configured correctly in order to generate a signature. For example, the private key, the padding scheme or the hash algorithm are not set.IllegalParameterException
- if the provided hash length does not match the hash algorithm set throughsetHashAlg
method.ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineCryptoException
verifyHash
public abstract boolean verifyHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex, short signatureLength) throws CryptoException
- Verifies the signature on the provided already hashed input data using the key currently stored in the instance.
- Parameters:
hash
- the hash that was signedhashIndex
- index in the hash arrayhashLength
- hash data lengthsignature
- the signature to verifysignatureIndex
- index in the signature arraysignatureLength
- signature length in bytes- Returns:
true
if the signature verified successfully,false
otherwise.- Throws:
NotInitializedException
- if this instance is not configured correctly in order to verify the signature. For example, the public key, the padding scheme or the hash algorithm are not set.IllegalParameterException
- if the provided hash length does not match the hash algorithm set throughsetHashAlg
method.ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineCryptoException
signComplete
public abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex) throws CryptoException
- Signs the provided input data using the key currently stored by the instance.
- Specified by:
signComplete
in interfaceSignature
- Parameters:
data
- the input data to signdataIndex
- index in the input arraydataLength
- input data lengthsignature
- an array to hold the output datasignatureIndex
- index in the output array- Returns:
- The number of bytes written into the signature array.
- Throws:
IllegalParameterException
- if the input data length is 0.NotSupportedException
- if the padding scheme is notPAD_TYPE_PKCS1
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineNotInitializedException
- if this instance is not configured correctly in order to generate a signature. For example, the key required for signing the data is not set.CryptoException
verifyComplete
public abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength) throws CryptoException
- Verifies the signature on the provided input data using the key currently stored by the instance.
- Specified by:
verifyComplete
in interfaceSignature
- Parameters:
data
- the input data that was signeddataIndex
- index in the input arraydataLength
- input data lengthsignature
- the signature to verifysignatureIndex
- index in the signature arraysignatureLength
- signature length- Returns:
true
if the signature verified successfully,false
otherwise.- Throws:
IllegalParameterException
- if the input data length is 0.NotSupportedException
- if the padding scheme is notPAD_TYPE_PKCS1
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding)NotInitializedException
- if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.CryptoException
encryptComplete
public abstract short encryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex) throws CryptoException
- Encrypts the provided input data using the key currently stored by the instance.
- Specified by:
encryptComplete
in interfaceCipher
- Parameters:
input
- the input data to encryptinputIndex
- index in the input arrayinputLength
- input data lengthoutput
- an array to hold the output dataoutputIndex
- index in the output array- Returns:
- The number of bytes returned in output array.
- Throws:
IllegalParameterException
- in the following cases:- If the input data length is 0.
- If the input data length is bigger than the configured key modulus size.
- If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engineNotInitializedException
- if a required encryption parameter is not configured (for example, the key to be used for encryption)CryptoException
- if an internal error occurred
decryptComplete
public abstract short decryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex) throws CryptoException
- Decrypts the provided input data using the key currently stored by the instance.
- Specified by:
decryptComplete
in interfaceCipher
- Parameters:
input
- the input data to decryptinputIndex
- index in the input arrayinputLength
- input data lengthoutput
- an array to hold the decrypted dataoutputIndex
- index in the output array- Returns:
- The number of bytes returned in output array.
- Throws:
IllegalParameterException
- in the following cases:- If the input data length is 0.
- If the input data length is bigger than the configured key modulus size.
- If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
ComputationException
- if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding)NotInitializedException
- if a required decryption parameter is not configured (for example, the key to be used for decryption)CryptoException
- if an internal error occurred
create
public static final RsaAlg create()
- Factory method for creating a concrete instance.
- Returns:
RsaAlg
instance.