Top Description Fields Constructors Methods
sun.security.rsa

public final Class RSAPadding

extends Object
Class Inheritance
Imports
java.util.*, java.security.*, java.security.spec.*, javax.crypto.spec.PSource, .OAEPParameterSpec, sun.security.jca.JCAUtil
RSA padding and unpadding. The various PKCS#1 versions can be found in the IETF RFCs tracking the corresponding PKCS#1 standards. RFC 2313: PKCS#1 v1.5 RFC 2437: PKCS#1 v2.0 RFC 3447: PKCS#1 v2.1 RFC 8017: PKCS#1 v2.2 The format of PKCS#1 v1.5 padding is: 0x00 | BT | PS...PS | 0x00 | data...data where BT is the blocktype (1 or 2). The length of the entire string must be the same as the size of the modulus (i.e. 128 byte for a 1024-bit key). Per spec, the padding string must be at least 8 bytes long. That leaves up to (length of key in bytes) - 11 bytes for the data. OAEP padding was introduced in PKCS#1 v2.0 and is a bit more complicated and has a number of options. We support: . arbitrary hash functions ('Hash' in the specification), MessageDigest implementation must be available . MGF1 as the mask generation function . the empty string as the default value for label L and whatever specified in javax.crypto.spec.OAEPParameterSpec The algorithms (representations) are forwards-compatible: that is, the algorithm described in previous releases are in later releases. However, additional comments/checks/clarifications were added to the latter versions based on real-world experience (e.g. stricter v1.5 format checking.)

Note

RSA keys should be at least 512 bits long

Author
Andreas Sterbenz
Since
1.5

Field Summary

Modifier and TypeField and Description
private static final Map<String, byte[]>
emptyHashes

private byte[]
lHash

private final int
maxDataSize

private MGF1
mgf

public static final int
PAD_BLOCKTYPE_1

public static final int
PAD_BLOCKTYPE_2

public static final int
PAD_NONE

public static final int
PAD_OAEP_MGF1

private final int
paddedSize

private SecureRandom
random

private final int
type

Constructor Summary

AccessConstructor and Description
private
RSAPadding(int type, int paddedSize, SecureRandom random, OAEPParameterSpec spec)

Method Summary

Modifier and TypeMethod and Description
private static byte[]
getInitialHash(MessageDigest md, byte[] digestInput)

Return the value of the digest using the specified message digest md and the digest input digestInput.

public static RSAPadding
getInstance(int type, int paddedSize)

Get a RSAPadding instance of the specified type.

public static RSAPadding
getInstance(int type, int paddedSize, SecureRandom random)

Get a RSAPadding instance of the specified type.

public static RSAPadding
getInstance(int type, int paddedSize, SecureRandom random, OAEPParameterSpec spec)

Get a RSAPadding instance of the specified type, which must be OAEP.

public int
getMaxDataSize()

Return the maximum size of the plaintext data that can be processed using this object.

public byte[]
pad(byte[] data)

Pad the data and return the result or null if error occurred.

public byte[]
pad(byte[] data, int ofs, int len)

Pad the data and return the result or null if error occurred.

private byte[]
padOAEP(byte[] M, int ofs, int len)

PKCS#1 v2.0 OAEP padding (MGF1).

private byte[]
padV15(byte[] data, int ofs, int len)

PKCS#1 v1.5 padding (blocktype 1 and 2).

public byte[]
unpad(byte[] padded)

Unpad the padded block and return the result or null if error occurred.

private byte[]
unpadOAEP(byte[] padded)

PKCS#1 v2.1 OAEP unpadding (MGF1).

private byte[]
unpadV15(byte[] padded)

PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)).

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

emptyHashesback to summary
private static final Map<String, byte[]> emptyHashes
lHashback to summary
private byte[] lHash
maxDataSizeback to summary
private final int maxDataSize
mgfback to summary
private MGF1 mgf
PAD_BLOCKTYPE_1back to summary
public static final int PAD_BLOCKTYPE_1
PAD_BLOCKTYPE_2back to summary
public static final int PAD_BLOCKTYPE_2
PAD_NONEback to summary
public static final int PAD_NONE
PAD_OAEP_MGF1back to summary
public static final int PAD_OAEP_MGF1
paddedSizeback to summary
private final int paddedSize
randomback to summary
private SecureRandom random
typeback to summary
private final int type

Constructor Detail

RSAPaddingback to summary
private RSAPadding(int type, int paddedSize, SecureRandom random, OAEPParameterSpec spec) throws InvalidKeyException, InvalidAlgorithmParameterException

Method Detail

getInitialHashback to summary
private static byte[] getInitialHash(MessageDigest md, byte[] digestInput)

Return the value of the digest using the specified message digest md and the digest input digestInput. if digestInput is null or 0-length, zero length is used to generate the initial digest.

Note

the md object must be in reset state

getInstanceback to summary
public static RSAPadding getInstance(int type, int paddedSize) throws InvalidKeyException, InvalidAlgorithmParameterException

Get a RSAPadding instance of the specified type. Keys used with this padding must be paddedSize bytes long.

getInstanceback to summary
public static RSAPadding getInstance(int type, int paddedSize, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException

Get a RSAPadding instance of the specified type. Keys used with this padding must be paddedSize bytes long.

getInstanceback to summary
public static RSAPadding getInstance(int type, int paddedSize, SecureRandom random, OAEPParameterSpec spec) throws InvalidKeyException, InvalidAlgorithmParameterException

Get a RSAPadding instance of the specified type, which must be OAEP. Keys used with this padding must be paddedSize bytes long.

getMaxDataSizeback to summary
public int getMaxDataSize()

Return the maximum size of the plaintext data that can be processed using this object.

padback to summary
public byte[] pad(byte[] data)

Pad the data and return the result or null if error occurred.

padback to summary
public byte[] pad(byte[] data, int ofs, int len)

Pad the data and return the result or null if error occurred.

padOAEPback to summary
private byte[] padOAEP(byte[] M, int ofs, int len)

PKCS#1 v2.0 OAEP padding (MGF1). Paragraph references refer to PKCS#1 v2.1 (June 14, 2002) Return the result or null if error occurred.

padV15back to summary
private byte[] padV15(byte[] data, int ofs, int len)

PKCS#1 v1.5 padding (blocktype 1 and 2).

unpadback to summary
public byte[] unpad(byte[] padded)

Unpad the padded block and return the result or null if error occurred.

unpadOAEPback to summary
private byte[] unpadOAEP(byte[] padded)

PKCS#1 v2.1 OAEP unpadding (MGF1). Return the result or null if error occurred.

unpadV15back to summary
private byte[] unpadV15(byte[] padded)

PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)). Return the result or null if error occurred. Note that we want to make it a constant-time operation