Class RSAPadding
java.lang.Object
es.gob.jmulticard.jse.provider.rsacipher.RSAPadding
Utilidad para la aplicación y la retirada de rellenos RSA.
The various PKCS#1 versions can be found in the EMC/RSA Labs
web site, which is currently:
http://www.emc.com/emc-plus/rsa-labs/index.htm
or in the IETF RFCs derived from the above PKCS#1 standards.
RFC 2313: v1.5
RFC 2437: v2.0
RFC 3447: v2.1
The format of PKCS#1 v1.5 padding is:
0x00 | BT | PS...PS | 0x00 | data...data
where BT is the blocktype (1 or 2). The length of the entire string
must be the same as the size of the modulus (i.e. 128 byte for a 1024 bit
key). Per spec, the padding string must be at least 8 bytes long. That
leaves up to (length of key in bytes) - 11 bytes for the data.
OAEP padding was introduced in PKCS#1 v2.0 and is a bit more complicated
and has a number of options. We support:
. arbitrary hash functions ('Hash' in the specification), MessageDigest
implementation must be available
. MGF1 as the mask generation function
. the empty string as the default value for label L and whatever
specified in javax.crypto.spec.OAEPParameterSpec
The algorithms (representations) are forwards-compatible: that is,
the algorithm described in previous releases are in later releases.
However, additional comments/checks/clarifications were added to the
later versions based on real-world experience (e.g. stricter v1.5
format checking.)
Note: RSA keys should be at least 512 bits long
- Since:
- 1.5
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate byte[]
private final int
Tamaño máximo de los datos.private MessageDigest
private MessageDigest
(package private) static final int
Relleno PKCS#1 v1.5, blocktype 1 (firma).(package private) static final int
Relleno PKCS#1 v1.5, blocktype 2 (cifrado).(package private) static final int
Sin relleno.(package private) static final int
Relleno PKCS#1 v2.1 OAEP.private final int
private SecureRandom
private final int
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprivate
RSAPadding
(int paddingType, int sizeAfterPadding, SecureRandom randomSrc, OAEPParameterSpec spec) Constructor interno. -
Method Summary
Modifier and TypeMethodDescription(package private) static RSAPadding
createInstance
(int type, int paddedSize, SecureRandom random) Get a RSAPadding instance of the specified type.(package private) static RSAPadding
createInstance
(int type, int paddedSize, SecureRandom random, OAEPParameterSpec spec) Get a RSAPadding instance of the specified type, which must be OAEP.private static byte[]
getInitialHash
(MessageDigest md, byte[] digestInput) Return the value of the digest using the specified message digestmd
and the digest inputdigestInput
.(package private) int
Return the maximum size of the plaintext data that can be processed using this object.private void
mgf1
(byte[] seed, int seedOfs, int seedLen, byte[] out, int outOffset, int maskLength) Compute MGF1 using mgfMD as the message digest.(package private) byte[]
pad
(byte[] data) Pad the data and return the padded block.(package private) byte[]
pad
(byte[] data, int ofs, int len) Rellena los datos.private byte[]
padOaep
(byte[] message) PKCS#1 v2.0 OAEP padding (MGF1).private byte[]
padV15
(byte[] data) PKCS#1 v1.5 padding (blocktype 1 and 2).(package private) byte[]
unpad
(byte[] padded) Unpad the padded block and return the data.private byte[]
unpadOAEP
(byte[] padded) PKCS#1 v2.1 OAEP unpadding (MGF1).private byte[]
unpadV15
(byte[] padded) PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)).
-
Field Details
-
PAD_BLOCKTYPE_1
static final int PAD_BLOCKTYPE_1Relleno PKCS#1 v1.5, blocktype 1 (firma).- See Also:
-
PAD_BLOCKTYPE_2
static final int PAD_BLOCKTYPE_2Relleno PKCS#1 v1.5, blocktype 2 (cifrado).- See Also:
-
PAD_NONE
static final int PAD_NONESin relleno. Con este tipo la clase no hace nada.- See Also:
-
PAD_OAEP_MGF1
static final int PAD_OAEP_MGF1Relleno PKCS#1 v2.1 OAEP.- See Also:
-
type
private final int type -
paddedSize
private final int paddedSize -
random
-
maxDataSize
private final int maxDataSizeTamaño máximo de los datos. -
md
-
mgfMd
-
lHash
private byte[] lHash -
EMPTY_HASHES
-
-
Constructor Details
-
RSAPadding
private RSAPadding(int paddingType, int sizeAfterPadding, SecureRandom randomSrc, OAEPParameterSpec spec) throws InvalidKeyException, InvalidAlgorithmParameterException Constructor interno.
-
-
Method Details
-
createInstance
static RSAPadding createInstance(int type, int paddedSize, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException Get a RSAPadding instance of the specified type. Keys used with this padding must be paddedSize bytes long. -
createInstance
static RSAPadding createInstance(int type, int paddedSize, SecureRandom random, OAEPParameterSpec spec) throws InvalidKeyException, InvalidAlgorithmParameterException Get a RSAPadding instance of the specified type, which must be OAEP. Keys used with this padding must be paddedSize bytes long. -
getInitialHash
Return the value of the digest using the specified message digestmd
and the digest inputdigestInput
. ifdigestInput
is null or 0-length, zero length is used to generate the initial digest. Note: the md object must be in reset state -
getMaxDataSize
int getMaxDataSize()Return the maximum size of the plaintext data that can be processed using this object. -
pad
Rellena los datos. Pad the data and return the padded block.- Throws:
BadPaddingException
-
pad
Pad the data and return the padded block.- Throws:
BadPaddingException
-
unpad
Unpad the padded block and return the data.- Throws:
BadPaddingException
-
padV15
private byte[] padV15(byte[] data) PKCS#1 v1.5 padding (blocktype 1 and 2). -
unpadV15
PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)). Note that we want to make it a constant-time operation- Throws:
BadPaddingException
-
padOaep
PKCS#1 v2.0 OAEP padding (MGF1). Paragraph references refer to PKCS#1 v2.1 (June 14, 2002)- Throws:
BadPaddingException
-
unpadOAEP
PKCS#1 v2.1 OAEP unpadding (MGF1).- Throws:
BadPaddingException
-
mgf1
private void mgf1(byte[] seed, int seedOfs, int seedLen, byte[] out, int outOffset, int maskLength) throws BadPaddingException Compute MGF1 using mgfMD as the message digest. Note that we combine MGF1 with the XOR operation to reduce data copying. We generate maskLen bytes of MGF1 from the seed and XOR it into out[] starting at outOfs;- Throws:
BadPaddingException
-