Class RSAPadding
- java.lang.Object
-
- es.gob.jmulticard.jse.provider.rsacipher.RSAPadding
-
final class RSAPadding extends java.lang.Object
Utilidad para la aplicación y la retirada de rellenos RSA. The various PKCS#1 versions can be found in the EMC/RSA Labs web site, which is currently: http://www.emc.com/emc-plus/rsa-labs/index.htm or in the IETF RFCs derived from the above PKCS#1 standards. RFC 2313: v1.5 RFC 2437: v2.0 RFC 3447: v2.1 The format of PKCS#1 v1.5 padding is: 0x00 | BT | PS...PS | 0x00 | data...data where BT is the blocktype (1 or 2). The length of the entire string must be the same as the size of the modulus (i.e. 128 byte for a 1024 bit key). Per spec, the padding string must be at least 8 bytes long. That leaves up to (length of key in bytes) - 11 bytes for the data. OAEP padding was introduced in PKCS#1 v2.0 and is a bit more complicated and has a number of options. We support: . arbitrary hash functions ('Hash' in the specification), MessageDigest implementation must be available . MGF1 as the mask generation function . the empty string as the default value for label L and whatever specified in javax.crypto.spec.OAEPParameterSpec The algorithms (representations) are forwards-compatible: that is, the algorithm described in previous releases are in later releases. However, additional comments/checks/clarifications were added to the later versions based on real-world experience (e.g. stricter v1.5 format checking.) Note: RSA keys should be at least 512 bits long- Since:
- 1.5
-
-
Field Summary
Fields Modifier and Type Field Description private static java.util.Map<java.lang.String,byte[]>
EMPTY_HASHES
private byte[]
lHash
private int
maxDataSize
Tamaño máximo de los datos.private java.security.MessageDigest
md
private java.security.MessageDigest
mgfMd
(package private) static int
PAD_BLOCKTYPE_1
Relleno PKCS#1 v1.5, blocktype 1 (firma).(package private) static int
PAD_BLOCKTYPE_2
Relleno PKCS#1 v1.5, blocktype 2 (cifrado).(package private) static int
PAD_NONE
Sin relleno.(package private) static int
PAD_OAEP_MGF1
Relleno PKCS#1 v2.1 OAEP.private int
paddedSize
private java.security.SecureRandom
random
private int
type
-
Constructor Summary
Constructors Modifier Constructor Description private
RSAPadding(int paddingType, int sizeAfterPadding, java.security.SecureRandom randomSrc, javax.crypto.spec.OAEPParameterSpec spec)
Constructor interno.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description (package private) static RSAPadding
createInstance(int type, int paddedSize, java.security.SecureRandom random)
Get a RSAPadding instance of the specified type.(package private) static RSAPadding
createInstance(int type, int paddedSize, java.security.SecureRandom random, javax.crypto.spec.OAEPParameterSpec spec)
Get a RSAPadding instance of the specified type, which must be OAEP.private static byte[]
getInitialHash(java.security.MessageDigest md, byte[] digestInput)
Return the value of the digest using the specified message digestmd
and the digest inputdigestInput
.(package private) int
getMaxDataSize()
Return the maximum size of the plaintext data that can be processed using this object.private void
mgf1(byte[] seed, int seedOfs, int seedLen, byte[] out, int outOffset, int maskLength)
Compute MGF1 using mgfMD as the message digest.(package private) byte[]
pad(byte[] data)
Pad the data and return the padded block.(package private) byte[]
pad(byte[] data, int ofs, int len)
Rellena los datos.private byte[]
padOaep(byte[] message)
PKCS#1 v2.0 OAEP padding (MGF1).private byte[]
padV15(byte[] data)
PKCS#1 v1.5 padding (blocktype 1 and 2).(package private) byte[]
unpad(byte[] padded)
Unpad the padded block and return the data.private byte[]
unpadOAEP(byte[] padded)
PKCS#1 v2.1 OAEP unpadding (MGF1).private byte[]
unpadV15(byte[] padded)
PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)).
-
-
-
Field Detail
-
PAD_BLOCKTYPE_1
static final int PAD_BLOCKTYPE_1
Relleno PKCS#1 v1.5, blocktype 1 (firma).- See Also:
- Constant Field Values
-
PAD_BLOCKTYPE_2
static final int PAD_BLOCKTYPE_2
Relleno PKCS#1 v1.5, blocktype 2 (cifrado).- See Also:
- Constant Field Values
-
PAD_NONE
static final int PAD_NONE
Sin relleno. Con este tipo la clase no hace nada.- See Also:
- Constant Field Values
-
PAD_OAEP_MGF1
static final int PAD_OAEP_MGF1
Relleno PKCS#1 v2.1 OAEP.- See Also:
- Constant Field Values
-
type
private final int type
-
paddedSize
private final int paddedSize
-
random
private java.security.SecureRandom random
-
maxDataSize
private final int maxDataSize
Tamaño máximo de los datos.
-
md
private java.security.MessageDigest md
-
mgfMd
private java.security.MessageDigest mgfMd
-
lHash
private byte[] lHash
-
EMPTY_HASHES
private static final java.util.Map<java.lang.String,byte[]> EMPTY_HASHES
-
-
Constructor Detail
-
RSAPadding
private RSAPadding(int paddingType, int sizeAfterPadding, java.security.SecureRandom randomSrc, javax.crypto.spec.OAEPParameterSpec spec) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Constructor interno.- Throws:
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
-
-
Method Detail
-
createInstance
static RSAPadding createInstance(int type, int paddedSize, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Get a RSAPadding instance of the specified type. Keys used with this padding must be paddedSize bytes long.- Throws:
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
-
createInstance
static RSAPadding createInstance(int type, int paddedSize, java.security.SecureRandom random, javax.crypto.spec.OAEPParameterSpec spec) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Get a RSAPadding instance of the specified type, which must be OAEP. Keys used with this padding must be paddedSize bytes long.- Throws:
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
-
getInitialHash
private static byte[] getInitialHash(java.security.MessageDigest md, byte[] digestInput)
Return the value of the digest using the specified message digestmd
and the digest inputdigestInput
. ifdigestInput
is null or 0-length, zero length is used to generate the initial digest. Note: the md object must be in reset state
-
getMaxDataSize
int getMaxDataSize()
Return the maximum size of the plaintext data that can be processed using this object.
-
pad
byte[] pad(byte[] data, int ofs, int len) throws javax.crypto.BadPaddingException
Rellena los datos. Pad the data and return the padded block.- Throws:
javax.crypto.BadPaddingException
-
pad
byte[] pad(byte[] data) throws javax.crypto.BadPaddingException
Pad the data and return the padded block.- Throws:
javax.crypto.BadPaddingException
-
unpad
byte[] unpad(byte[] padded) throws javax.crypto.BadPaddingException
Unpad the padded block and return the data.- Throws:
javax.crypto.BadPaddingException
-
padV15
private byte[] padV15(byte[] data)
PKCS#1 v1.5 padding (blocktype 1 and 2).
-
unpadV15
private byte[] unpadV15(byte[] padded) throws javax.crypto.BadPaddingException
PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)). Note that we want to make it a constant-time operation- Throws:
javax.crypto.BadPaddingException
-
padOaep
private byte[] padOaep(byte[] message) throws javax.crypto.BadPaddingException
PKCS#1 v2.0 OAEP padding (MGF1). Paragraph references refer to PKCS#1 v2.1 (June 14, 2002)- Throws:
javax.crypto.BadPaddingException
-
unpadOAEP
private byte[] unpadOAEP(byte[] padded) throws javax.crypto.BadPaddingException
PKCS#1 v2.1 OAEP unpadding (MGF1).- Throws:
javax.crypto.BadPaddingException
-
mgf1
private void mgf1(byte[] seed, int seedOfs, int seedLen, byte[] out, int outOffset, int maskLength) throws javax.crypto.BadPaddingException
Compute MGF1 using mgfMD as the message digest. Note that we combine MGF1 with the XOR operation to reduce data copying. We generate maskLen bytes of MGF1 from the seed and XOR it into out[] starting at outOfs;- Throws:
javax.crypto.BadPaddingException
-
-