Intel

Developer Zone

RsaAlg


com.intel.crypto
Class RsaAlg

java.lang.Object
  extended by com.intel.crypto.RsaAlg
All Implemented Interfaces:
Cipher, Signature

public abstract class RsaAlg
extends java.lang.Object
implements Cipher, Signature

This abstract class represents RSA encryption and signing algorithms. This class implements both the cipher and signature interfaces and allows to instantiate an RSA implementation class through the create method. All methods in this class are independent. No state is maintained between calling one method and another.

The following encryption and signing algorithms are supported by this class:

  • Raw RSA encryption with 1024, 2048 and 4096 bit keys
  • RSA encryption with 1024, 2048 and 4096 bit keys and PKCS1 padding scheme
  • RSA encryption with 1024, 2048 and 4096 bit keys and OAEP padding scheme
  • RSA signing with 1024, 2048 and 4096 bit keys, SHA1 and SHA256 hashing algorithms and PKCS1 padding scheme.
Note that key generation is supported only for 1024 and 2048 bit keys. Before using the functional methods of this class for encryption or signing, the class must be configured with the following parameters:
  • Keys (using setKey or generateKeys methods): public key for encryption or signature verification or private key for decryption or signing.
  • Padding scheme (using setPadding method).
  • Hash algorithm (using setHashAlg method) for signing or signature verification.


Field Summary
static short HASH_TYPE_SHA1
SHA1 hash algorithm.
static short HASH_TYPE_SHA256
SHA256 hash algorithm.
static short PAD_TYPE_NONE
No padding.
static short PAD_TYPE_OAEP
OAEP padding scheme.
static short PAD_TYPE_PKCS1
PKCS1 padding scheme.
Method Summary
static RsaAlg create()
Factory method for creating a concrete instance.
abstract short decryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
Decrypts the provided input data using the key currently stored by the instance.
abstract short encryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
Encrypts the provided input data using the key currently stored by the instance.
abstract void generateKeys(short modulusSize)
Generates RSA public and private keys for the provided modulus size and stores them internally in the instance.
abstract short getHashAlg()
Obtains the hash algorithm which is currently used by this instance during signing operations.
abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex)
Obtains the RSA public key which is stored in this instance.
abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex, byte[] d, short dIndex)
Obtains the RSA public and private keys which is stored in this instance.
abstract short getModulusSize()
Returns the RSA key modulus (N) size currently used by this instance.
abstract short getPaddingScheme()
Obtains the padding scheme which is currently used by this instance during encrypt, decrypt, sign and verify operations.
abstract short getPrivateExponentSize()
Returns the RSA key private exponent (D) size currently used by this instance.
abstract short getPublicExponentSize()
Returns the RSA key public exponent (E) size currently used by this instance.
abstract void setHashAlg(short hashAlgType)
Sets the hash algorithm to be used by this instance during signing operations.
abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength)
Sets the RSA public key to be used by this instance.
abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength, byte[] d, short dIndex, short dLength)
Sets the RSA public and private keys to be used by this instance.
abstract void setPaddingScheme(short paddingType)
Sets the padding scheme to be used by this instance during subsequent encrypt, decrypt, sign and verify operations.
abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex)
Signs the provided input data using the key currently stored by the instance.
abstract short signHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex)
Signs the provided already hashed data using the key currently stored in the instance.
abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength)
Verifies the signature on the provided input data using the key currently stored by the instance.
abstract boolean verifyHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex, short signatureLength)
Verifies the signature on the provided already hashed input data using the key currently stored in the instance.
Methods inherited from class java.lang.Object
equals, hashCode, toString
Methods inherited from interface com.intel.crypto.Signature
getSignatureLength

Field Detail

PAD_TYPE_NONE

public static final short PAD_TYPE_NONE
No padding. If this type of padding is configured, all input data for encryption/signing must be aligned with the key size.

See Also:
Constant Field Values

PAD_TYPE_PKCS1

public static final short PAD_TYPE_PKCS1
PKCS1 padding scheme.

See Also:
Constant Field Values

PAD_TYPE_OAEP

public static final short PAD_TYPE_OAEP
OAEP padding scheme.

See Also:
Constant Field Values

HASH_TYPE_SHA1

public static final short HASH_TYPE_SHA1
SHA1 hash algorithm.

See Also:
Constant Field Values

HASH_TYPE_SHA256

public static final short HASH_TYPE_SHA256
SHA256 hash algorithm.

See Also:
Constant Field Values
Method Detail

getModulusSize

public abstract short getModulusSize()
                              throws CryptoException
Returns the RSA key modulus (N) size currently used by this instance.

Returns:
Modulus size in bytes.
Throws:
NotInitializedException - if the key was not set yet using setKey or generateKeys methods.
CryptoException

getPublicExponentSize

public abstract short getPublicExponentSize()
                                     throws CryptoException
Returns the RSA key public exponent (E) size currently used by this instance.

Returns:
Public exponent size in bytes.
Throws:
NotInitializedException - if the key was not set yet using setKey or generateKeys methods.
CryptoException

getPrivateExponentSize

public abstract short getPrivateExponentSize()
                                      throws CryptoException
Returns the RSA key private exponent (D) size currently used by this instance.

Returns:
Private exponent size in bytes.
Throws:
NotInitializedException - if the private key was not set yet using setKey or generateKeys methods.
CryptoException

generateKeys

public abstract void generateKeys(short modulusSize)
                           throws CryptoException
Generates RSA public and private keys for the provided modulus size and stores them internally in the instance. Calling this method will override any other key (public or private) previously stored by this instance.

Parameters:
modulusSize - the size of the key to generate in bytes
Throws:
NotSupportedException - if the provided key size is not supported.
CryptoException

setKey

public abstract void setKey(byte[] mod,
                            short modIndex,
                            short modLength,
                            byte[] e,
                            short eIndex,
                            short eLength)
                     throws CryptoException
Sets the RSA public key to be used by this instance. Calling this method will override any other key (public or private) previously stored by this instance. The only public exponent supported is 65537.

Parameters:
mod - RSA key modulus (N)
modIndex - index in the modulus array
modLength - modulus length in bytes
e - RSA key public exponent (E)
eIndex - index in the public exponent array
eLength - public exponent length in bytes
Throws:
NotSupportedException - if the provided key size is not supported, or if the public exponent is not 65537.
CryptoException

setKey

public abstract void setKey(byte[] mod,
                            short modIndex,
                            short modLength,
                            byte[] e,
                            short eIndex,
                            short eLength,
                            byte[] d,
                            short dIndex,
                            short dLength)
                     throws CryptoException
Sets the RSA public and private keys to be used by this instance. Calling this method will override any other key (public or private) previously stored by this instance. The only public exponent supported is 65537.

Parameters:
mod - RSA key modulus (N)
modIndex - index in the modulus array
modLength - modulus length in bytes
e - RSA key public exponent (E)
eIndex - index in the public exponent array
eLength - public exponent length in bytes
d - RSA key private exponent (D)
dIndex - index in the private exponent array
dLength - private exponent length in bytes
Throws:
NotSupportedException - if the provided key size is not supported, or if the public exponent is not 65537.
IllegalParameterException - if the private exponent length is different than the modulus length.
CryptoException

getKey

public abstract void getKey(byte[] mod,
                            short modIndex,
                            byte[] e,
                            short eIndex)
                     throws CryptoException
Obtains the RSA public key which is stored in this instance. The getModulusSize and getPublicExponentSize methods can be used to retrieve the required size of the output arrays.

Parameters:
mod - an array to hold the RSA key modulus (N)
modIndex - index in the modulus array
e - an array to hold the RSA key public exponent (E)
eIndex - index in the public exponent array
Throws:
NotInitializedException - if the key was not set yet using setKey or generateKeys methods.
CryptoException

getKey

public abstract void getKey(byte[] mod,
                            short modIndex,
                            byte[] e,
                            short eIndex,
                            byte[] d,
                            short dIndex)
                     throws CryptoException
Obtains the RSA public and private keys which is stored in this instance. getModulusSize, getPublicExponentSize and getPrivateExponentSize methods can be used to retrieve the required size of the output arrays.

Parameters:
mod - an array to hold the RSA key modulus (N)
modIndex - index in the modulus array
e - an array to hold the RSA key public exponent (E)
eIndex - index in the public exponent array
d - an array to hold the RSA key private exponent (D)
dIndex - index in the private exponent array
Throws:
NotInitializedException - if the private key was not set yet using setKey or generateKeys methods.
CryptoException

setPaddingScheme

public abstract void setPaddingScheme(short paddingType)
                               throws CryptoException
Sets the padding scheme to be used by this instance during subsequent encrypt, decrypt, sign and verify operations. For encryption the following padding schemes are supported:
  • PAD_TYPE_NONE
  • PAD_TYPE_PKCS1
  • PAD_TYPE_OAEP
For signing the following padding schemes are supported:
  • PAD_TYPE_PKCS1

Parameters:
paddingType - the padding scheme that will be used during subsequent operations
Throws:
NotSupportedException - if the provided padding scheme is not supported.
CryptoException

getPaddingScheme

public abstract short getPaddingScheme()
                                throws CryptoException
Obtains the padding scheme which is currently used by this instance during encrypt, decrypt, sign and verify operations.

Returns:
the padding scheme that is used during encryption and signing operations, see PAD_TYPE_... definitions above for possible values
Throws:
NotInitializedException - if the padding scheme was not set yet using the setPaddingScheme method.
CryptoException

setHashAlg

public abstract void setHashAlg(short hashAlgType)
                         throws CryptoException
Sets the hash algorithm to be used by this instance during signing operations.

Parameters:
hashAlgType - the hash algorithm that will be used during signing operations, see HASH_TYPE_... definitions above for possible values
Throws:
NotSupportedException - if the provided hashing algorithm is not supported.
CryptoException

getHashAlg

public abstract short getHashAlg()
                          throws CryptoException
Obtains the hash algorithm which is currently used by this instance during signing operations.

Returns:
The hash algorithm that is used during signing operations, see HASH_TYPE_... definitions above for possible values
Throws:
NotInitializedException - if the hash algorithm was not set yet using the setHashAlg method.
CryptoException

signHash

public abstract short signHash(byte[] hash,
                               short hashIndex,
                               short hashLength,
                               byte[] signature,
                               short signatureIndex)
                        throws CryptoException
Signs the provided already hashed data using the key currently stored in the instance.

Parameters:
hash - the input data to sign
hashIndex - index in the input array
hashLength - input data length
signature - an array to hold the output data
signatureIndex - index in the output array
Returns:
The length of the signature in bytes.
Throws:
NotInitializedException - if this instance is not configured correctly in order to generate a signature. For example, the private key, the padding scheme or the hash algorithm are not set.
IllegalParameterException - if the provided hash length does not match the hash algorithm set through setHashAlg method.
ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
CryptoException

verifyHash

public abstract boolean verifyHash(byte[] hash,
                                   short hashIndex,
                                   short hashLength,
                                   byte[] signature,
                                   short signatureIndex,
                                   short signatureLength)
                            throws CryptoException
Verifies the signature on the provided already hashed input data using the key currently stored in the instance.

Parameters:
hash - the hash that was signed
hashIndex - index in the hash array
hashLength - hash data length
signature - the signature to verify
signatureIndex - index in the signature array
signatureLength - signature length in bytes
Returns:
true if the signature verified successfully, false otherwise.
Throws:
NotInitializedException - if this instance is not configured correctly in order to verify the signature. For example, the public key, the padding scheme or the hash algorithm are not set.
IllegalParameterException - if the provided hash length does not match the hash algorithm set through setHashAlg method.
ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
CryptoException

signComplete

public abstract short signComplete(byte[] data,
                                   short dataIndex,
                                   short dataLength,
                                   byte[] signature,
                                   short signatureIndex)
                            throws CryptoException
Signs the provided input data using the key currently stored by the instance.

Specified by:
signComplete in interface Signature
Parameters:
data - the input data to sign
dataIndex - index in the input array
dataLength - input data length
signature - an array to hold the output data
signatureIndex - index in the output array
Returns:
The number of bytes written into the signature array.
Throws:
IllegalParameterException - if the input data length is 0.
NotSupportedException - if the padding scheme is not PAD_TYPE_PKCS1
ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
NotInitializedException - if this instance is not configured correctly in order to generate a signature. For example, the key required for signing the data is not set.
CryptoException

verifyComplete

public abstract boolean verifyComplete(byte[] data,
                                       short dataIndex,
                                       short dataLength,
                                       byte[] signature,
                                       short signatureIndex,
                                       short signatureLength)
                                throws CryptoException
Verifies the signature on the provided input data using the key currently stored by the instance.

Specified by:
verifyComplete in interface Signature
Parameters:
data - the input data that was signed
dataIndex - index in the input array
dataLength - input data length
signature - the signature to verify
signatureIndex - index in the signature array
signatureLength - signature length
Returns:
true if the signature verified successfully, false otherwise.
Throws:
IllegalParameterException - if the input data length is 0.
NotSupportedException - if the padding scheme is not PAD_TYPE_PKCS1
ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding)
NotInitializedException - if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.
CryptoException

encryptComplete

public abstract short encryptComplete(byte[] input,
                                      short inputIndex,
                                      short inputLength,
                                      byte[] output,
                                      short outputIndex)
                               throws CryptoException
Encrypts the provided input data using the key currently stored by the instance.

Specified by:
encryptComplete in interface Cipher
Parameters:
input - the input data to encrypt
inputIndex - index in the input array
inputLength - input data length
output - an array to hold the output data
outputIndex - index in the output array
Returns:
The number of bytes returned in output array.
Throws:
IllegalParameterException - in the following cases:
  • If the input data length is 0.
  • If the input data length is bigger than the configured key modulus size.
  • If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
NotInitializedException - if a required encryption parameter is not configured (for example, the key to be used for encryption)
CryptoException - if an internal error occurred

decryptComplete

public abstract short decryptComplete(byte[] input,
                                      short inputIndex,
                                      short inputLength,
                                      byte[] output,
                                      short outputIndex)
                               throws CryptoException
Decrypts the provided input data using the key currently stored by the instance.

Specified by:
decryptComplete in interface Cipher
Parameters:
input - the input data to decrypt
inputIndex - index in the input array
inputLength - input data length
output - an array to hold the decrypted data
outputIndex - index in the output array
Returns:
The number of bytes returned in output array.
Throws:
IllegalParameterException - in the following cases:
  • If the input data length is 0.
  • If the input data length is bigger than the configured key modulus size.
  • If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding)
NotInitializedException - if a required decryption parameter is not configured (for example, the key to be used for decryption)
CryptoException - if an internal error occurred

create

public static final RsaAlg create()
Factory method for creating a concrete instance.

Returns:
RsaAlg instance.