cryptix.provider.rsa
Class RawRSACipher

java.lang.Object
  |
  +--xjava.security.IJCE_Traceable
        |
        +--xjava.security.Cipher
              |
              +--cryptix.provider.rsa.RawRSACipher
All Implemented Interfaces:
AsymmetricCipher, java.lang.Cloneable, Parameterized

public class RawRSACipher
extends Cipher
implements AsymmetricCipher, java.lang.Cloneable

The raw RSA encryption algorithm, without any block framing.

If the number of bits in the modulus is bitlength, the plaintext and ciphertext block sizes will both be (int) ((bitlength+7)/8). When in ENCRYPT mode, if the value of any plaintext block, considered as a BigInteger with Big-Endian byte order, is greater than or equal to the modulus, a CryptixException will be thrown.

This class is designed to allow any input to the RSA encryption algorithm, in order to facilitate implementation of standards which use a block framing format not otherwise supported by Cryptix. Note that using raw RSA directly on application data is potentially insecure; wherever possible a higher level algorithm such as "RSA/PKCS#1" should be used.

(Note: RSA/PKCS#1 is not implemented in this version of Cryptix.)

References:

  1. Bruce Schneier, "Section 19.3 RSA," Applied Cryptography, 2nd edition, John Wiley & Sons, 1996.

Copyright © 1997 Systemics Ltd on behalf of the Cryptix Development Team.
All rights reserved.

$Revision: 1.11 $

Since:
Cryptix 2.2.2
Author:
Raif S. Naffah, David Hopwood

Fields inherited from class xjava.security.Cipher
DECRYPT, ENCRYPT, UNINITIALIZED
 
Fields inherited from class xjava.security.IJCE_Traceable
tracing
 
Constructor Summary
RawRSACipher()
          Constructs a RawRSA cipher object, in the UNINITIALIZED state.
 
Method Summary
protected  int engineCiphertextBlockSize()
          SPI: Returns the length of a ciphertext block, in bytes.
protected  void engineInitDecrypt(java.security.Key key)
          SPI: Initializes this cipher object for decryption, using the given private key.
protected  void engineInitEncrypt(java.security.Key key)
          SPI: Initializes this cipher object for encryption, using the given public key.
protected  int enginePlaintextBlockSize()
          SPI: Return the block size, in bytes.
protected  int engineUpdate(byte[] in, int inOffset, int inLen, byte[] out, int outOffset)
          SPI: This is the main engine method for updating data.
static void main(java.lang.String[] args)
          Entry point for very basic self_test.
static void self_test(java.io.PrintWriter out)
           
 
Methods inherited from class xjava.security.Cipher
blockSize, clone, crypt, crypt, crypt, doFinal, doFinal, doFinal, doFinal, engineBlockSize, engineCrypt, engineGetParameter, engineInBufferSize, engineOutBufferSize, engineSetPaddingScheme, engineSetParameter, getAlgorithm, getAlgorithms, getAlgorithms, getCiphertextBlockSize, getInputBlockSize, getInstance, getInstance, getInstance, getMode, getOutputBlockSize, getPadding, getPaddingScheme, getParameter, getPlaintextBlockSize, getProvider, getState, inBufferSize, inBufferSizeFinal, initDecrypt, initEncrypt, isPaddingBlockCipher, outBufferSize, outBufferSizeFinal, setParameter, toString, update, update, update, update
 
Methods inherited from class xjava.security.IJCE_Traceable
, disableTracing, enableTracing, traceMethod, traceResult, traceResult, traceVoidMethod
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

RawRSACipher

public RawRSACipher()
Constructs a RawRSA cipher object, in the UNINITIALIZED state. This calls the Cipher constructor with implBuffering false, implPadding false and the provider set to "Cryptix".
Method Detail

engineInitEncrypt

protected void engineInitEncrypt(java.security.Key key)
                          throws java.security.InvalidKeyException
SPI: Initializes this cipher object for encryption, using the given public key.
Overrides:
engineInitEncrypt in class Cipher
Parameters:
key - the public key to be used for encryption.
Throws:
java.security.InvalidKeyException - if the key class does not implement java.security.interfaces.RSAPublicKey.

engineInitDecrypt

protected void engineInitDecrypt(java.security.Key key)
                          throws java.security.InvalidKeyException
SPI: Initializes this cipher object for decryption, using the given private key.
Overrides:
engineInitDecrypt in class Cipher
Parameters:
key - the private key to be used for decryption.
Throws:
java.security.InvalidKeyException - if the key class does not implement java.security.interfaces.RSAPrivateKey.

enginePlaintextBlockSize

protected int enginePlaintextBlockSize()
SPI: Return the block size, in bytes. For RawRSA this is the number of bytes needed to represent the modulus, n.
Overrides:
enginePlaintextBlockSize in class Cipher
Returns:
the block size in bytes.
Throws:
CryptixException - if the cipher object is uninitialized.

engineCiphertextBlockSize

protected int engineCiphertextBlockSize()
Description copied from class: Cipher
SPI: Returns the length of a ciphertext block, in bytes. For byte-oriented stream ciphers, this method should return 1.

The value may change when initEncrypt or initDecrypt is called, but it should not change at other times.

The default implementation returns engineBlockSize().

Overrides:
engineCiphertextBlockSize in class Cipher
Following copied from class: xjava.security.Cipher
Returns:
the length in bytes of a ciphertext block for this cipher.

engineUpdate

protected int engineUpdate(byte[] in,
                           int inOffset,
                           int inLen,
                           byte[] out,
                           int outOffset)
Description copied from class: Cipher
SPI: This is the main engine method for updating data.

When implBuffering is true, this method will be called with the same data that is passed to update or crypt (i.e. there will be exactly one call to engineUpdate for each call to update or crypt).

When implBuffering is false, the Cipher superclass will ensure that when it calls this method, inLen is a non-negative multiple of getInputBlockSize().

in and out may be the same array, and the input and output regions may overlap. A cipher implementation should not use any part of in or out as working storage for intermediate steps of the algorithm. It should copy only the final result into the out array.

SECURITY: if array arguments are passed to native code, the implementation must ensure that a buffer overflow or illegal memory access cannot occur, regardless of the arguments passed to this method. I.e. the native library should not be called if:

   in == null || out == null || inLen < 0 || inLen % (block size) != 0 ||
   inOffset < 0 || (long)inOffset + inLen > in.length ||
   outOffset < 0 || (long)outOffset + (number of bytes to be written) > out.length
 

Note that the (long) casts are essential, because inOffset or outOffset could be close to Integer.MAX_VALUE. The native method being called should be private. This is important because untrusted code could subclass the cipher implementation, and call this method directly with any arguments.

Overrides:
engineUpdate in class Cipher
Following copied from class: xjava.security.Cipher
Parameters:
in - the input data.
inOffset - the offset into in specifying where the data starts.
inLen - the length of the subarray.
out - the output array.
outOffset - the offset indicating where to start writing into the out array.
Returns:
the number of bytes written.

main

public static final void main(java.lang.String[] args)
Entry point for very basic self_test.

self_test

public static void self_test(java.io.PrintWriter out)
                      throws java.lang.Exception