com.ibm.crypto.fips.provider
Class RSA

java.lang.Object
  |
  +--javax.crypto.CipherSpi
        |
        +--com.ibm.crypto.fips.provider.RSA
All Implemented Interfaces:
AlgorithmStatus

public final class RSA
extends javax.crypto.CipherSpi
implements AlgorithmStatus

This class implements the RSA algorithm. This algorithm is implemented in two padding schemes: PKCS1Padding.

Version:
1.00 05/19/03
Author:
John Peck

Constructor Summary
RSA()
          Creates an instance of RSA
 
Method Summary
protected  byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int engineGetBlockSize()
          Returns the block size (in bytes).
protected  byte[] engineGetIV()
          Returns the initialization vector (IV) in a new buffer.
protected  int engineGetKeySize(java.security.Key key)
          Returns the key size of the given key object.
protected  int engineGetOutputSize(int inputLen)
          Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
protected  java.security.AlgorithmParameters engineGetParameters()
          Returns the parameters used with this cipher.
protected  void engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)
          Initializes this cipher with a key and a source of randomness.
protected  void engineSetMode(java.lang.String mode)
          Sets the mode of this cipher.
protected  void engineSetPadding(java.lang.String paddingScheme)
          Sets the padding mechanism of this cipher.
protected  java.security.Key engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
          Unwrap a previously wrapped key.
protected  byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  byte[] engineWrap(java.security.Key key)
          Wrap a key.
protected  byte[] internalDoFinal(byte[] input, int inputOffset, int inputLen)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int internalDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int internalGetBlockSize()
          Returns the block size (in bytes).
protected  int internalGetKeySize(java.security.Key key)
          Returns the key size of the given key object.
protected  int internalGetOutputSize(int inputLen)
          Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
protected  void internalInit(int opmode, java.security.Key key, java.security.SecureRandom random)
          Initializes this cipher with a key and a source of randomness.
protected  void internalSetMode(java.lang.String mode)
          Sets the mode of this cipher.
protected  void internalSetPadding(java.lang.String paddingScheme)
          Sets the padding mechanism of this cipher.
protected  java.security.Key internalUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
          Unwrap a previously wrapped key.
protected  byte[] internalUpdate(byte[] input, int inputOffset, int inputLen)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  int internalUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  byte[] internalWrap(java.security.Key key)
          Wrap a key.
 boolean isFipsApproved()
          This function allows an application to verify the the algorithm is FIPS approved.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RSA

public RSA()
Creates an instance of RSA
Method Detail

isFipsApproved

public boolean isFipsApproved()
This function allows an application to verify the the algorithm is FIPS approved.
Specified by:
isFipsApproved in interface AlgorithmStatus
See Also:
AlgorithmStatus.isFipsApproved()

engineSetMode

protected void engineSetMode(java.lang.String mode)
                      throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher.
Overrides:
engineSetMode in class javax.crypto.CipherSpi
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

internalSetMode

protected void internalSetMode(java.lang.String mode)
                        throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher.
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

engineSetPadding

protected void engineSetPadding(java.lang.String paddingScheme)
                         throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher.
Overrides:
engineSetPadding in class javax.crypto.CipherSpi
Parameters:
padding - the padding mechanism
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

internalSetPadding

protected void internalSetPadding(java.lang.String paddingScheme)
                           throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher.
Parameters:
padding - the padding mechanism
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

engineGetBlockSize

protected int engineGetBlockSize()
Returns the block size (in bytes).
Overrides:
engineGetBlockSize in class javax.crypto.CipherSpi
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

internalGetBlockSize

protected int internalGetBlockSize()
Returns the block size (in bytes).
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

engineGetOutputSize

protected int engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Overrides:
engineGetOutputSize in class javax.crypto.CipherSpi
Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)

internalGetOutputSize

protected int internalGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)

engineGetIV

protected byte[] engineGetIV()
Returns the initialization vector (IV) in a new buffer.

This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-supplied password.

Overrides:
engineGetIV in class javax.crypto.CipherSpi
Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

engineGetParameters

protected java.security.AlgorithmParameters engineGetParameters()
Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

Overrides:
engineGetParameters in class javax.crypto.CipherSpi
Returns:
the parameters used with this cipher, or null if this cipher does not use any parameters.

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

internalInit

protected void internalInit(int opmode,
                            java.security.Key key,
                            java.security.SecureRandom random)
                     throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.spec.AlgorithmParameterSpec params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.AlgorithmParameters params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

engineUpdate

protected byte[] engineUpdate(byte[] input,
                              int inputOffset,
                              int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Overrides:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

internalUpdate

protected byte[] internalUpdate(byte[] input,
                                int inputOffset,
                                int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

engineUpdate

protected int engineUpdate(byte[] input,
                           int inputOffset,
                           int inputLen,
                           byte[] output,
                           int outputOffset)
                    throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Overrides:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

internalUpdate

protected int internalUpdate(byte[] input,
                             int inputOffset,
                             int inputLen,
                             byte[] output,
                             int outputOffset)
                      throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

engineDoFinal

protected byte[] engineDoFinal(byte[] input,
                               int inputOffset,
                               int inputLen)
                        throws javax.crypto.IllegalBlockSizeException,
                               javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

The cipher is reset to its initial state (uninitialized) after this call.

Overrides:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

internalDoFinal

protected byte[] internalDoFinal(byte[] input,
                                 int inputOffset,
                                 int inputLen)
                          throws javax.crypto.IllegalBlockSizeException,
                                 javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

The cipher is reset to its initial state (uninitialized) after this call.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineDoFinal

protected int engineDoFinal(byte[] input,
                            int inputOffset,
                            int inputLen,
                            byte[] output,
                            int outputOffset)
                     throws javax.crypto.IllegalBlockSizeException,
                            javax.crypto.ShortBufferException,
                            javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

The cipher is reset to its initial state (uninitialized) after this call.

Overrides:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

internalDoFinal

protected int internalDoFinal(byte[] input,
                              int inputOffset,
                              int inputLen,
                              byte[] output,
                              int outputOffset)
                       throws javax.crypto.IllegalBlockSizeException,
                              javax.crypto.ShortBufferException,
                              javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

The cipher is reset to its initial state (uninitialized) after this call.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineGetKeySize

protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException
Returns the key size of the given key object.
Overrides:
engineGetKeySize in class javax.crypto.CipherSpi
Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key<.code> is invalid.

internalGetKeySize

protected int internalGetKeySize(java.security.Key key)
                          throws java.security.InvalidKeyException
Returns the key size of the given key object.
Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key<.code> is invalid.

engineWrap

protected byte[] engineWrap(java.security.Key key)
                     throws javax.crypto.IllegalBlockSizeException,
                            java.security.InvalidKeyException
Wrap a key.
Overrides:
engineWrap in class javax.crypto.CipherSpi
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

internalWrap

protected byte[] internalWrap(java.security.Key key)
                       throws javax.crypto.IllegalBlockSizeException,
                              java.security.InvalidKeyException
Wrap a key.
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

engineUnwrap

protected java.security.Key engineUnwrap(byte[] wrappedKey,
                                         java.lang.String wrappedKeyAlgorithm,
                                         int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.
Overrides:
engineUnwrap in class javax.crypto.CipherSpi
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.

internalUnwrap

protected java.security.Key internalUnwrap(byte[] wrappedKey,
                                           java.lang.String wrappedKeyAlgorithm,
                                           int wrappedKeyType)
                                    throws java.security.InvalidKeyException,
                                           java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.