Class RSAPadding


  • final class RSAPadding
    extends java.lang.Object
    Utilidad para la aplicación y la retirada de rellenos RSA. The various PKCS#1 versions can be found in the EMC/RSA Labs web site, which is currently: http://www.emc.com/emc-plus/rsa-labs/index.htm or in the IETF RFCs derived from the above PKCS#1 standards. RFC 2313: v1.5 RFC 2437: v2.0 RFC 3447: v2.1 The format of PKCS#1 v1.5 padding is: 0x00 | BT | PS...PS | 0x00 | data...data where BT is the blocktype (1 or 2). The length of the entire string must be the same as the size of the modulus (i.e. 128 byte for a 1024 bit key). Per spec, the padding string must be at least 8 bytes long. That leaves up to (length of key in bytes) - 11 bytes for the data. OAEP padding was introduced in PKCS#1 v2.0 and is a bit more complicated and has a number of options. We support: . arbitrary hash functions ('Hash' in the specification), MessageDigest implementation must be available . MGF1 as the mask generation function . the empty string as the default value for label L and whatever specified in javax.crypto.spec.OAEPParameterSpec The algorithms (representations) are forwards-compatible: that is, the algorithm described in previous releases are in later releases. However, additional comments/checks/clarifications were added to the later versions based on real-world experience (e.g. stricter v1.5 format checking.) Note: RSA keys should be at least 512 bits long
    Since:
    1.5
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static java.util.Map<java.lang.String,​byte[]> EMPTY_HASHES  
      private byte[] lHash  
      private int maxDataSize
      Tamaño máximo de los datos.
      private java.security.MessageDigest md  
      private java.security.MessageDigest mgfMd  
      (package private) static int PAD_BLOCKTYPE_1
      Relleno PKCS#1 v1.5, blocktype 1 (firma).
      (package private) static int PAD_BLOCKTYPE_2
      Relleno PKCS#1 v1.5, blocktype 2 (cifrado).
      (package private) static int PAD_NONE
      Sin relleno.
      (package private) static int PAD_OAEP_MGF1
      Relleno PKCS#1 v2.1 OAEP.
      private int paddedSize  
      private java.security.SecureRandom random  
      private int type  
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private RSAPadding​(int paddingType, int sizeAfterPadding, java.security.SecureRandom randomSrc, javax.crypto.spec.OAEPParameterSpec spec)
      Constructor interno.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      (package private) static RSAPadding createInstance​(int type, int paddedSize, java.security.SecureRandom random)
      Get a RSAPadding instance of the specified type.
      (package private) static RSAPadding createInstance​(int type, int paddedSize, java.security.SecureRandom random, javax.crypto.spec.OAEPParameterSpec spec)
      Get a RSAPadding instance of the specified type, which must be OAEP.
      private static byte[] getInitialHash​(java.security.MessageDigest md, byte[] digestInput)
      Return the value of the digest using the specified message digest md and the digest input digestInput.
      (package private) int getMaxDataSize()
      Return the maximum size of the plaintext data that can be processed using this object.
      private void mgf1​(byte[] seed, int seedOfs, int seedLen, byte[] out, int outOffset, int maskLength)
      Compute MGF1 using mgfMD as the message digest.
      (package private) byte[] pad​(byte[] data)
      Pad the data and return the padded block.
      (package private) byte[] pad​(byte[] data, int ofs, int len)
      Rellena los datos.
      private byte[] padOaep​(byte[] message)
      PKCS#1 v2.0 OAEP padding (MGF1).
      private byte[] padV15​(byte[] data)
      PKCS#1 v1.5 padding (blocktype 1 and 2).
      (package private) byte[] unpad​(byte[] padded)
      Unpad the padded block and return the data.
      private byte[] unpadOAEP​(byte[] padded)
      PKCS#1 v2.1 OAEP unpadding (MGF1).
      private byte[] unpadV15​(byte[] padded)
      PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)).
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • PAD_BLOCKTYPE_1

        static final int PAD_BLOCKTYPE_1
        Relleno PKCS#1 v1.5, blocktype 1 (firma).
        See Also:
        Constant Field Values
      • PAD_BLOCKTYPE_2

        static final int PAD_BLOCKTYPE_2
        Relleno PKCS#1 v1.5, blocktype 2 (cifrado).
        See Also:
        Constant Field Values
      • PAD_NONE

        static final int PAD_NONE
        Sin relleno. Con este tipo la clase no hace nada.
        See Also:
        Constant Field Values
      • PAD_OAEP_MGF1

        static final int PAD_OAEP_MGF1
        Relleno PKCS#1 v2.1 OAEP.
        See Also:
        Constant Field Values
      • type

        private final int type
      • paddedSize

        private final int paddedSize
      • random

        private java.security.SecureRandom random
      • maxDataSize

        private final int maxDataSize
        Tamaño máximo de los datos.
      • md

        private java.security.MessageDigest md
      • mgfMd

        private java.security.MessageDigest mgfMd
      • lHash

        private byte[] lHash
      • EMPTY_HASHES

        private static final java.util.Map<java.lang.String,​byte[]> EMPTY_HASHES
    • Constructor Detail

      • RSAPadding

        private RSAPadding​(int paddingType,
                           int sizeAfterPadding,
                           java.security.SecureRandom randomSrc,
                           javax.crypto.spec.OAEPParameterSpec spec)
                    throws java.security.InvalidKeyException,
                           java.security.InvalidAlgorithmParameterException
        Constructor interno.
        Throws:
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException
    • Method Detail

      • createInstance

        static RSAPadding createInstance​(int type,
                                         int paddedSize,
                                         java.security.SecureRandom random)
                                  throws java.security.InvalidKeyException,
                                         java.security.InvalidAlgorithmParameterException
        Get a RSAPadding instance of the specified type. Keys used with this padding must be paddedSize bytes long.
        Throws:
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException
      • createInstance

        static RSAPadding createInstance​(int type,
                                         int paddedSize,
                                         java.security.SecureRandom random,
                                         javax.crypto.spec.OAEPParameterSpec spec)
                                  throws java.security.InvalidKeyException,
                                         java.security.InvalidAlgorithmParameterException
        Get a RSAPadding instance of the specified type, which must be OAEP. Keys used with this padding must be paddedSize bytes long.
        Throws:
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException
      • getInitialHash

        private static byte[] getInitialHash​(java.security.MessageDigest md,
                                             byte[] digestInput)
        Return the value of the digest using the specified message digest md and the digest input digestInput. if digestInput is null or 0-length, zero length is used to generate the initial digest. Note: the md object must be in reset state
      • getMaxDataSize

        int getMaxDataSize()
        Return the maximum size of the plaintext data that can be processed using this object.
      • pad

        byte[] pad​(byte[] data,
                   int ofs,
                   int len)
            throws javax.crypto.BadPaddingException
        Rellena los datos. Pad the data and return the padded block.
        Throws:
        javax.crypto.BadPaddingException
      • pad

        byte[] pad​(byte[] data)
            throws javax.crypto.BadPaddingException
        Pad the data and return the padded block.
        Throws:
        javax.crypto.BadPaddingException
      • unpad

        byte[] unpad​(byte[] padded)
              throws javax.crypto.BadPaddingException
        Unpad the padded block and return the data.
        Throws:
        javax.crypto.BadPaddingException
      • padV15

        private byte[] padV15​(byte[] data)
        PKCS#1 v1.5 padding (blocktype 1 and 2).
      • unpadV15

        private byte[] unpadV15​(byte[] padded)
                         throws javax.crypto.BadPaddingException
        PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)). Note that we want to make it a constant-time operation
        Throws:
        javax.crypto.BadPaddingException
      • padOaep

        private byte[] padOaep​(byte[] message)
                        throws javax.crypto.BadPaddingException
        PKCS#1 v2.0 OAEP padding (MGF1). Paragraph references refer to PKCS#1 v2.1 (June 14, 2002)
        Throws:
        javax.crypto.BadPaddingException
      • unpadOAEP

        private byte[] unpadOAEP​(byte[] padded)
                          throws javax.crypto.BadPaddingException
        PKCS#1 v2.1 OAEP unpadding (MGF1).
        Throws:
        javax.crypto.BadPaddingException
      • mgf1

        private void mgf1​(byte[] seed,
                          int seedOfs,
                          int seedLen,
                          byte[] out,
                          int outOffset,
                          int maskLength)
                   throws javax.crypto.BadPaddingException
        Compute MGF1 using mgfMD as the message digest. Note that we combine MGF1 with the XOR operation to reduce data copying. We generate maskLen bytes of MGF1 from the seed and XOR it into out[] starting at outOfs;
        Throws:
        javax.crypto.BadPaddingException