Intel

Developer Zone

RsaAlg

com.intel.crypto

Class RsaAlg

  • java.lang.Object
    • com.intel.crypto.RsaAlg
  • All Implemented Interfaces:
    Cipher, Signature


    public abstract class RsaAlg
    extends java.lang.Object
    implements Cipher, Signature

    This abstract class represents RSA encryption and signing algorithms. This class implements both the cipher and signature interfaces and allows to instantiate an RSA implementation class through the create method. All methods in this class are independent. No state is maintained between calling one method and another.

    supported key sizes: all the keys in the range [96, 512] bytes which are divisible by 8. The following encryption and signing algorithms are supported by this class:

    • Raw RSA encryption with keys in the range [96, 512] bytes which are divisible by 8.
    • RSA encryption with keys in the range [96, 512] bytes which are divisible by 8 and PKCS1 padding scheme
    • RSA encryption with keys in the range [96, 512] bytes which are divisible by 8 and OAEP padding scheme
    • RSA signing with keys in the range [96, 512] bytes which are divisible by 8, SHA1, SHA256 and SHA512 hashing algorithms and PKCS1 padding scheme.
    Note that key generation is supported only for keys in the range [96, 256] bytes which are divisible by 8. Before using the functional methods of this class for encryption or signing, the class must be configured with the following parameters:
    • Keys (using setKey or generateKeys methods): public key for encryption or signature verification or private key for decryption or signing.
    • Padding scheme (using setPadding method).
    • Hash algorithm (using setHashAlg method) for signing or signature verification.
    • Method Summary

      Methods
      Modifier and Type Method and Description
      static RsaAlg create()
      Factory method for creating a concrete instance.
      abstract short decryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
      Decrypts the provided input data using the key currently stored by the instance.
      abstract short encryptComplete(byte[] input, short inputIndex, short inputLength, byte[] output, short outputIndex)
      Encrypts the provided input data using the key currently stored by the instance.
      abstract void generateKeys(short modulusSize)
      Generates RSA public and private keys for the provided modulus size and stores them internally in the instance.
      abstract short getHashAlg()
      Obtains the hash algorithm which is currently used by this instance during signing operations.
      abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex)
      Obtains the RSA public key which is stored in this instance.
      abstract void getKey(byte[] mod, short modIndex, byte[] e, short eIndex, byte[] d, short dIndex)
      Obtains the RSA public and private keys which is stored in this instance.
      abstract short getModulusSize()
      Returns the RSA key modulus (N) size currently used by this instance.
      abstract short getPaddingScheme()
      Obtains the padding scheme which is currently used by this instance during encrypt, decrypt, sign and verify operations.
      abstract short getPrivateExponentSize()
      Returns the RSA key private exponent (D) size currently used by this instance.
      abstract void getPrivateKeyComponents(byte[] p, short pIndex, byte[] q, short qIndex, byte[] dP, short dPIndex, byte[] dQ, short dQIndex, byte[] coefficient, short coefficientIndex)
      Get the private key components created during key generation
      abstract short getPrivateKeyComponentSize(short type)
      Returns the RSA private key component size according to the type (one of PRIVATE_KEY_COMPONENT_X)
      abstract short getPublicExponentSize()
      Returns the RSA key public exponent (E) size currently used by this instance.
      abstract void setHashAlg(short hashAlgType)
      Sets the hash algorithm to be used by this instance during signing operations.
      abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength)
      Sets the RSA public key to be used by this instance.
      abstract void setKey(byte[] mod, short modIndex, short modLength, byte[] e, short eIndex, short eLength, byte[] d, short dIndex, short dLength)
      Sets the RSA public and private keys to be used by this instance.
      abstract void setPaddingScheme(short paddingType)
      Sets the padding scheme to be used by this instance during subsequent encrypt, decrypt, sign and verify operations.
      abstract short signComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex)
      Signs the provided input data using the key currently stored by the instance.
      abstract short signHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex)
      Signs the provided already hashed data using the key currently stored in the instance.
      abstract boolean verifyComplete(byte[] data, short dataIndex, short dataLength, byte[] signature, short signatureIndex, short signatureLength)
      Verifies the signature on the provided input data using the key currently stored by the instance.
      abstract boolean verifyHash(byte[] hash, short hashIndex, short hashLength, byte[] signature, short signatureIndex, short signatureLength)
      Verifies the signature on the provided already hashed input data using the key currently stored in the instance.
      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, toString
    • Field Detail

      • PAD_TYPE_NONE

        public static final short PAD_TYPE_NONE
        No padding. If this type of padding is configured, all input data for encryption/signing must be aligned with the key size.
        See Also:
        Constant Field Values
      • PAD_TYPE_PKCS1

        public static final short PAD_TYPE_PKCS1
        PKCS1 padding scheme.
        See Also:
        Constant Field Values
      • PAD_TYPE_OAEP

        public static final short PAD_TYPE_OAEP
        OAEP padding scheme.
        See Also:
        Constant Field Values
      • HASH_TYPE_SHA1

        public static final short HASH_TYPE_SHA1
        SHA1 hash algorithm.
        See Also:
        Constant Field Values
      • HASH_TYPE_SHA256

        public static final short HASH_TYPE_SHA256
        SHA256 hash algorithm.
        See Also:
        Constant Field Values
      • HASH_TYPE_SHA512

        public static final short HASH_TYPE_SHA512
        SHA512 hash algorithm.
        See Also:
        Constant Field Values
      • PRIVATE_KEY_COMPONENT_TYPE_P

        public static final short PRIVATE_KEY_COMPONENT_TYPE_P
        The private key component - prime p
        See Also:
        Constant Field Values
      • PRIVATE_KEY_COMPONENT_TYPE_Q

        public static final short PRIVATE_KEY_COMPONENT_TYPE_Q
        The private key component - prime q
        See Also:
        Constant Field Values
      • PRIVATE_KEY_COMPONENT_TYPE_DP

        public static final short PRIVATE_KEY_COMPONENT_TYPE_DP
        The private key component - dP
        See Also:
        Constant Field Values
      • PRIVATE_KEY_COMPONENT_TYPE_DQ

        public static final short PRIVATE_KEY_COMPONENT_TYPE_DQ
        The private key component - dQ
        See Also:
        Constant Field Values
      • PRIVATE_KEY_COMPONENT_TYPE_COEFFICIENT

        public static final short PRIVATE_KEY_COMPONENT_TYPE_COEFFICIENT
        The private key component - coefficient
        See Also:
        Constant Field Values
    • Method Detail

      • getModulusSize

        public abstract short getModulusSize()
                                      throws CryptoException
        Returns the RSA key modulus (N) size currently used by this instance.
        Returns:
        Modulus size in bytes.
        Throws:
        NotInitializedException - if the key was not set yet using setKey or generateKeys methods.
        CryptoException
      • getPublicExponentSize

        public abstract short getPublicExponentSize()
                                             throws CryptoException
        Returns the RSA key public exponent (E) size currently used by this instance.
        Returns:
        Public exponent size in bytes.
        Throws:
        NotInitializedException - if the key was not set yet using setKey or generateKeys methods.
        CryptoException
      • getPrivateExponentSize

        public abstract short getPrivateExponentSize()
                                              throws CryptoException
        Returns the RSA key private exponent (D) size currently used by this instance.
        Returns:
        Private exponent size in bytes.
        Throws:
        NotInitializedException - if the private key was not set yet using setKey or generateKeys methods.
        CryptoException
      • generateKeys

        public abstract void generateKeys(short modulusSize)
                                   throws CryptoException
        Generates RSA public and private keys for the provided modulus size and stores them internally in the instance. Calling this method will override any other key (public or private) previously stored by this instance.
        Parameters:
        modulusSize - the size of the key to generate in bytes
        Throws:
        NotSupportedException - if the provided key size is not supported. NOTE: supported key sizes: all the keys in the range [96, 256] bytes which are divisible by 8.
        CryptoException
      • setKey

        public abstract void setKey(byte[] mod,
                  short modIndex,
                  short modLength,
                  byte[] e,
                  short eIndex,
                  short eLength)
                             throws CryptoException
        Sets the RSA public key to be used by this instance. Calling this method will override any other key (public or private) previously stored by this instance.public exponent supported is up to length of 4 bytes.
        Parameters:
        mod - RSA key modulus (N)
        modIndex - index in the modulus array
        modLength - modulus length in bytes
        e - RSA key public exponent (E)
        eIndex - index in the public exponent array
        eLength - public exponent length in bytes
        Throws:
        NotSupportedException - if the provided key size is not supported. NOTE: - supported key sizes: all the keys in the range [96, 512] bytes which are divisible by 8. - modulus and E should be big endian.
        CryptoException
      • setKey

        public abstract void setKey(byte[] mod,
                  short modIndex,
                  short modLength,
                  byte[] e,
                  short eIndex,
                  short eLength,
                  byte[] d,
                  short dIndex,
                  short dLength)
                             throws CryptoException
        Sets the RSA public and private keys to be used by this instance. Calling this method will override any other key (public or private) previously stored by this instance. public exponent supported is up to length of 4 bytes.
        Parameters:
        mod - RSA key modulus (N)
        modIndex - index in the modulus array
        modLength - modulus length in bytes
        e - RSA key public exponent (E)
        eIndex - index in the public exponent array
        eLength - public exponent length in bytes
        d - RSA key private exponent (D)
        dIndex - index in the private exponent array
        dLength - private exponent length in bytes
        Throws:
        NotSupportedException - if the provided key size is not supported.
        IllegalParameterException - if the private exponent length is different than the modulus length. NOTE: - supported key sizes: all the keys in the range [96, 512] bytes which are divisible by 8. - modulus, E and D should be big endian.
        CryptoException
      • getKey

        public abstract void getKey(byte[] mod,
                  short modIndex,
                  byte[] e,
                  short eIndex)
                             throws CryptoException
        Obtains the RSA public key which is stored in this instance. The getModulusSize and getPublicExponentSize methods can be used to retrieve the required size of the output arrays.
        Parameters:
        mod - an array to hold the RSA key modulus (N)
        modIndex - index in the modulus array
        e - an array to hold the RSA key public exponent (E)
        eIndex - index in the public exponent array
        Throws:
        NotInitializedException - if the key was not set yet using setKey or generateKeys methods.
        CryptoException
      • getKey

        public abstract void getKey(byte[] mod,
                  short modIndex,
                  byte[] e,
                  short eIndex,
                  byte[] d,
                  short dIndex)
                             throws CryptoException
        Obtains the RSA public and private keys which is stored in this instance. getModulusSize, getPublicExponentSize and getPrivateExponentSize methods can be used to retrieve the required size of the output arrays.
        Parameters:
        mod - an array to hold the RSA key modulus (N)
        modIndex - index in the modulus array
        e - an array to hold the RSA key public exponent (E)
        eIndex - index in the public exponent array
        d - an array to hold the RSA key private exponent (D)
        dIndex - index in the private exponent array
        Throws:
        NotInitializedException - if the private key was not set yet using setKey or generateKeys methods.
        CryptoException
      • setPaddingScheme

        public abstract void setPaddingScheme(short paddingType)
                                       throws CryptoException
        Sets the padding scheme to be used by this instance during subsequent encrypt, decrypt, sign and verify operations. For encryption the following padding schemes are supported:
        • PAD_TYPE_NONE
        • PAD_TYPE_PKCS1
        • PAD_TYPE_OAEP
        For signing the following padding schemes are supported:
        • PAD_TYPE_PKCS1
        Parameters:
        paddingType - the padding scheme that will be used during subsequent operations
        Throws:
        NotSupportedException - if the provided padding scheme is not supported.
        CryptoException
      • getPaddingScheme

        public abstract short getPaddingScheme()
                                        throws CryptoException
        Obtains the padding scheme which is currently used by this instance during encrypt, decrypt, sign and verify operations.
        Returns:
        the padding scheme that is used during encryption and signing operations, see PAD_TYPE_... definitions above for possible values
        Throws:
        NotInitializedException - if the padding scheme was not set yet using the setPaddingScheme method.
        CryptoException
      • setHashAlg

        public abstract void setHashAlg(short hashAlgType)
                                 throws CryptoException
        Sets the hash algorithm to be used by this instance during signing operations.
        Parameters:
        hashAlgType - the hash algorithm that will be used during signing operations, see HASH_TYPE_... definitions above for supported values
        Throws:
        NotSupportedException - if the provided hashing algorithm is not supported.
        CryptoException
      • getHashAlg

        public abstract short getHashAlg()
                                  throws CryptoException
        Obtains the hash algorithm which is currently used by this instance during signing operations.
        Returns:
        The hash algorithm that is used during signing operations, see HASH_TYPE_... definitions above for supported values
        Throws:
        NotInitializedException - if the hash algorithm was not set yet using the setHashAlg method.
        CryptoException
      • signHash

        public abstract short signHash(byte[] hash,
                     short hashIndex,
                     short hashLength,
                     byte[] signature,
                     short signatureIndex)
                                throws CryptoException
        Signs the provided already hashed data using the key currently stored in the instance.
        Parameters:
        hash - the input data to sign
        hashIndex - index in the input array
        hashLength - input data length
        signature - an array to hold the output data
        signatureIndex - index in the output array
        Returns:
        The length of the signature in bytes.
        Throws:
        NotInitializedException - if this instance is not configured correctly in order to generate a signature. For example, the private key, the padding scheme or the hash algorithm are not set.
        IllegalParameterException - if the provided hash length does not match the hash algorithm set through setHashAlg method.
        ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
        CryptoException
      • verifyHash

        public abstract boolean verifyHash(byte[] hash,
                         short hashIndex,
                         short hashLength,
                         byte[] signature,
                         short signatureIndex,
                         short signatureLength)
                                    throws CryptoException
        Verifies the signature on the provided already hashed input data using the key currently stored in the instance.
        Parameters:
        hash - the hash that was signed
        hashIndex - index in the hash array
        hashLength - hash data length
        signature - the signature to verify
        signatureIndex - index in the signature array
        signatureLength - signature length in bytes
        Returns:
        true if the signature verified successfully, false otherwise.
        Throws:
        NotInitializedException - if this instance is not configured correctly in order to verify the signature. For example, the public key, the padding scheme or the hash algorithm are not set.
        IllegalParameterException - if the provided hash length does not match the hash algorithm set through setHashAlg method.
        ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
        CryptoException
      • signComplete

        public abstract short signComplete(byte[] data,
                         short dataIndex,
                         short dataLength,
                         byte[] signature,
                         short signatureIndex)
                                    throws CryptoException
        Signs the provided input data using the key currently stored by the instance.
        Specified by:
        signComplete in interface Signature
        Parameters:
        data - the input data to sign
        dataIndex - index in the input array
        dataLength - input data length
        signature - an array to hold the output data
        signatureIndex - index in the output array
        Returns:
        The number of bytes written into the signature array.
        Throws:
        IllegalParameterException - if the input data length is 0.
        NotSupportedException - if the padding scheme is not PAD_TYPE_PKCS1
        ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
        NotInitializedException - if this instance is not configured correctly in order to generate a signature. For example, the key required for signing the data is not set.
        CryptoException - if some unexpected error has occurred
      • verifyComplete

        public abstract boolean verifyComplete(byte[] data,
                             short dataIndex,
                             short dataLength,
                             byte[] signature,
                             short signatureIndex,
                             short signatureLength)
                                        throws CryptoException
        Verifies the signature on the provided input data using the key currently stored by the instance.
        Specified by:
        verifyComplete in interface Signature
        Parameters:
        data - the input data that was signed
        dataIndex - index in the input array
        dataLength - input data length
        signature - the signature to verify
        signatureIndex - index in the signature array
        signatureLength - signature length
        Returns:
        true if the signature verified successfully, false otherwise.
        Throws:
        IllegalParameterException - if the input data length is 0.
        NotSupportedException - if the padding scheme is not PAD_TYPE_PKCS1
        ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding)
        NotInitializedException - if this instance is not configured correctly in order to verify the signature. For example, the key required for verifying the signature is not set.
        CryptoException - if some unexpected error has occurred
      • encryptComplete

        public abstract short encryptComplete(byte[] input,
                            short inputIndex,
                            short inputLength,
                            byte[] output,
                            short outputIndex)
                                       throws CryptoException
        Encrypts the provided input data using the key currently stored by the instance.
        Specified by:
        encryptComplete in interface Cipher
        Parameters:
        input - the input data to encrypt
        inputIndex - index in the input array
        inputLength - input data length
        output - an array to hold the output data
        outputIndex - index in the output array
        Returns:
        The number of bytes returned in output array.
        Throws:
        IllegalParameterException - in the following cases:
        • If the input data length is 0.
        • If the input data length is bigger than the configured key modulus size.
        • If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
        ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine
        NotInitializedException - if a required encryption parameter is not configured (for example, the key to be used for encryption)
        CryptoException - if an internal error occurred
      • decryptComplete

        public abstract short decryptComplete(byte[] input,
                            short inputIndex,
                            short inputLength,
                            byte[] output,
                            short outputIndex)
                                       throws CryptoException
        Decrypts the provided input data using the key currently stored by the instance.
        Specified by:
        decryptComplete in interface Cipher
        Parameters:
        input - the input data to decrypt
        inputIndex - index in the input array
        inputLength - input data length
        output - an array to hold the decrypted data
        outputIndex - index in the output array
        Returns:
        The number of bytes returned in output array.
        Throws:
        IllegalParameterException - in the following cases:
        • If the input data length is 0.
        • If the input data length is bigger than the configured key modulus size.
        • If the input data length is too big to support the requested padding scheme, i.e. the size of the data together with the size of the padding are bigger than the configured key modulus size.
        ComputationException - if the operation did not complete successfully due to errors returned from the crypto engine (for example, malformed padding) Note: in case the decrypted data size is smaller than the key size, output[] will contain zeros up to the key size. for example if the key size is 128 bytes (1024 bit) and the decrypted data size is 100 bytes, output will contain 28 zeros after the data.
        NotInitializedException - if a required decryption parameter is not configured (for example, the key to be used for decryption)
        CryptoException - if an internal error occurred
      • getPrivateKeyComponents

        public abstract void getPrivateKeyComponents(byte[] p,
                                   short pIndex,
                                   byte[] q,
                                   short qIndex,
                                   byte[] dP,
                                   short dPIndex,
                                   byte[] dQ,
                                   short dQIndex,
                                   byte[] coefficient,
                                   short coefficientIndex)
                                              throws CryptoException
        Get the private key components created during key generation
        Parameters:
        p - the first prime. Must not be null.
        pIndex - index of the first prime
        q - the second prime. Must not be null.
        qIndex - index of the second prime
        dP - the first private exponent (d mod p-1). Must not be null.
        dPIndex - the first private exponent index
        dQ - the second private exponent (d mod q-1). Must not be null.
        dQIndex - the second private exponent index
        coefficient - the coefficient (q-1 mod p). Must not be null.
        coefficientIndex - the coefficient index
        Throws:
        IllegalUseException - if used when no key was generated, or key was replaced during setKey()
        CryptoException - for any other error
      • getPrivateKeyComponentSize

        public abstract short getPrivateKeyComponentSize(short type)
                                                  throws CryptoException
        Returns the RSA private key component size according to the type (one of PRIVATE_KEY_COMPONENT_X)
        Parameters:
        type - the type of the private key component whose size it returned
        Returns:
        the RSA private key component according to type
        Throws:
        IllegalParameterException - if the type is illegal
        NotInitializedException - if the private key components were not generated
        CryptoException - for any other error
      • create

        public static final RsaAlg create()
        Factory method for creating a concrete instance.
        Returns:
        RsaAlg instance.