Module ibm.crypto.hdwrcca
Package com.ibm.crypto.hdwrCCA.provider

Class RSA

  • public final class RSA
extends javax.crypto.CipherSpi
    This class implements the RSA algorithm using hardware via the IBM CCA interface. Please note that the hardware has a limitation in the size that it will encrypt/ decrypt data that is smaller or the same size as the RSA key's modulus in bytes. The this limitation could be removed at any time and therefore this limitation is not enforced by this class. This is a limitation of the hardware only, not of this class. Also note that RSA-OAEP is only available with ICSF HCR7790 or later versions.

    • Constructor Summary

      Constructors 
      Constructor Description
      RSA()
      Creates an instance of RSA Verify the JCE framework in the constructor.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected byte[] engineDoFinal​(byte[] input, int inputOffset, int inputLen)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineDoFinal​(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineGetBlockSize()
      Returns the block size (in bytes).
      protected byte[] engineGetIV()
      Returns the initialization vector (IV) in a new buffer.
      protected int engineGetKeySize​(java.security.Key key)
      Returns the key size of the given key object.
      protected int engineGetOutputSize​(int inputLen)
      Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
      protected java.security.AlgorithmParameters engineGetParameters()
      Returns the parameters used with this cipher.
      protected void engineInit​(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
      Initializes this cipher with an opcode, a key, a set of algorithm parameters, and a source of randomness.
      protected void engineInit​(int opmode, java.security.Key key, java.security.SecureRandom random)
      Initializes this cipher with an opmode, a key and a source of randomness.
      protected void engineInit​(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
      Initializes this cipher with an opcode, a key, a set of algorithm parameters, and a source of randomness.
      protected void engineSetMode​(java.lang.String mode)
      Sets the mode of this cipher.
      protected void engineSetPadding​(java.lang.String paddingScheme)
      Sets the padding mechanism of this cipher.
      protected java.security.Key engineUnwrap​(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
      Unwrap a previously wrapped key.
      protected byte[] engineUpdate​(byte[] input, int inputOffset, int inputLen)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected int engineUpdate​(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected byte[] engineWrap​(java.security.Key key)
      Wrap a key.

      • Methods inherited from class javax.crypto.CipherSpi

        engineDoFinal, engineUpdate, engineUpdateAAD, engineUpdateAAD

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • RSA

        public RSA()
        Creates an instance of RSA Verify the JCE framework in the constructor.
        Throws:
        java.lang.SecurityException - if this constructor fails to authenticate the JCE framework.

    • Method Detail

      • engineSetMode

        protected void engineSetMode​(java.lang.String mode)
                      throws java.security.NoSuchAlgorithmException
        Sets the mode of this cipher.
        Specified by:
        engineSetMode in class javax.crypto.CipherSpi
        Parameters:
        mode - the cipher mode
        Throws:
        java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

      • engineSetPadding

        protected void engineSetPadding​(java.lang.String paddingScheme)
                         throws javax.crypto.NoSuchPaddingException
        Sets the padding mechanism of this cipher. We only except three types of padding, PKCS1, Zero, or OAEP padding.
        Specified by:
        engineSetPadding in class javax.crypto.CipherSpi
        Parameters:
        paddingScheme - the padding mechanism
        Throws:
        javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

      • engineGetBlockSize

        protected int engineGetBlockSize()
        Returns the block size (in bytes).
        Specified by:
        engineGetBlockSize in class javax.crypto.CipherSpi
        Returns:
        the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

      • engineGetOutputSize

        protected int engineGetOutputSize​(int inputLen)
        Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

        This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

        The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

        Specified by:
        engineGetOutputSize in class javax.crypto.CipherSpi
        Parameters:
        inputLen - the input length (in bytes)
        Returns:
        the required output buffer size (in bytes)

      • engineGetIV

        protected byte[] engineGetIV()
        Returns the initialization vector (IV) in a new buffer.

        This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-supplied password.

        Specified by:
        engineGetIV in class javax.crypto.CipherSpi
        Returns:
        the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

      • engineGetParameters

        protected java.security.AlgorithmParameters engineGetParameters()
        Returns the parameters used with this cipher.

        The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

        Specified by:
        engineGetParameters in class javax.crypto.CipherSpi
        Returns:
        the parameters used with this cipher, or null if this cipher does not use any parameters.

      • engineInit

        protected void engineInit​(int opmode,
                          java.security.Key key,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException
        Initializes this cipher with an opmode, a key and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

        This method also cleans existing buffer and other related state information.

        OAEP padding is only available with ICSF HCR7790 or later versions.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher. This is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE, or UNWRAP_MODE.
        key - the secret key
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
        java.security.InvalidParameterException - if the padding scheme used is OAEP and the ICSF version is earlier than HCR7790.

      • engineInit

        protected void engineInit​(int opmode,
                          java.security.Key key,
                          java.security.spec.AlgorithmParameterSpec params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
        Initializes this cipher with an opcode, a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        OAEP padding is only available with ICSF HCR7790 or later versions.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE, or UNWRAP_MODE.
        key - the encryption key
        params - the algorithm parameter spec
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
        java.security.InvalidAlgorithmParameterException -
        • if the given algorithm parameters are inappropriate for this cipher or
        • if the given algorithm parameters contains an OAEPParameterSpec and either of the following is true:
          • OAEP has already been defined in this cipher
          • ICSF version is earlier than HCR7790

      • engineInit

        protected void engineInit​(int opmode,
                          java.security.Key key,
                          java.security.AlgorithmParameters params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
        Initializes this cipher with an opcode, a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        OAEP padding is only available with ICSF HCR7790 or later versions.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE, or UNWRAP_MODE.
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
        java.security.InvalidAlgorithmParameterException -
        • if the given algorithm parameters are inappropriate for this cipher or
        • if the padding scheme used is OAEP and ICSF version is earlier than HCR7790.

      • engineUpdate

        protected byte[] engineUpdate​(byte[] input,
                              int inputOffset,
                              int inputLen)
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

      • engineUpdate

        protected int engineUpdate​(byte[] input,
                           int inputOffset,
                           int inputLen,
                           byte[] output,
                           int outputOffset)
                    throws javax.crypto.ShortBufferException
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

      • engineDoFinal

        protected byte[] engineDoFinal​(byte[] input,
                               int inputOffset,
                               int inputLen)
                        throws javax.crypto.IllegalBlockSizeException,
                               javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

        The cipher is reset to its initial state (uninitialized) after this call.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
        javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

      • engineDoFinal

        protected int engineDoFinal​(byte[] input,
                            int inputOffset,
                            int inputLen,
                            byte[] output,
                            int outputOffset)
                     throws javax.crypto.IllegalBlockSizeException,
                            javax.crypto.ShortBufferException,
                            javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

        The cipher is reset to its initial state (uninitialized) after this call.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
        javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
        javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

      • engineGetKeySize

        protected int engineGetKeySize​(java.security.Key key)
        Returns the key size of the given key object.

        This method is called by the JCE framework to ensure that the size of the key to be used does not exceed the maximum allowable key size specified in the Java restricted policy files.

        Since cryptographic operations using RSA ciphers are always done at the cryptographic hardware level, and the hardware itself enforces the US export restrictions relating to cryptographic keys, we should always return a key size that will pass the restricted policy files check done by the JCE framework.

        Overrides:
        engineGetKeySize in class javax.crypto.CipherSpi
        Parameters:
        key - the key object.
        Returns:
        a key size that will pass the restricted policy files check done by the JCE framework.

      • engineWrap

        protected byte[] engineWrap​(java.security.Key key)
                     throws javax.crypto.IllegalBlockSizeException,
                            java.security.InvalidKeyException
        Wrap a key.

        This function is supported for DES, DESede, AES, and Key symmetric keys derived from both ICSF tokens or values that are in the clear.

        If the supplied key to be wrapped is an ICSF hardware DES or DESede key, it must be a DATA key. If the supplied key to be wrapped is a variable length ICSF hardware AES key, it must be wrapped using the RSA OAEP wrapping method.

        Overrides:
        engineWrap in class javax.crypto.CipherSpi
        Parameters:
        key - the key to be wrapped.
        Throws:
        java.security.InvalidKeyException - is thrown if key is not a com.ibm.crypto.hdwrCCA.provider.AES, com.ibm.crypto.hdwrCCA.provider.DES, com.ibm.crypto.hdwrCCA.provider.DESede, or java.security.Key key. An InvalidKeyException can also be thrown if there was an error wrapping a clear RAW key, attempting to wrap an AES ICSFToken (encrypted key), or attempting to wrap an AES key referenced by CKDS label.
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
        java.lang.RuntimeException - if OAEP padding has been requested but the key to be wrapped is a clear key.

      • engineUnwrap

        protected java.security.Key engineUnwrap​(byte[] wrappedKey,
                                         java.lang.String wrappedKeyAlgorithm,
                                         int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException
        Unwrap a previously wrapped key. This function is supported only for "AES", "DES", "DESede", "TripleDES", or "TlsRsaPremasterSecret" keys.

        If the RSA cipher was initialized with the CCAAlgorithmParameterSpec the key will be unwrapped to the type specified in the CCAAlgorithmParameterSpec, by default this is an ICSFToken encrypted key type. If the specified type is CKDS the CKDS entry will have the label specified in the CCAAlgorithmParameterSpec, with alphabetic characters converted to capital letters. If no label is specified in the CCAAlgorithmParameterSpec, one will be generated for it. If the CCAAlgorithmParameterSpec is not used for initialization or the Cipher, the key will be unwrapped to a RAW (clear) key type.

        Overrides:
        engineUnwrap in class javax.crypto.CipherSpi
        Parameters:
        wrappedKey - the key to be unwrapped.
        wrappedKeyAlgorithm - the algorithm the wrapped key is for. This must be "AES", "DES", "DESede", "TripleDES", or "TlsRsaPremasterSecret".
        wrappedKeyType - the type of the wrapped key. This must be Cipher.SECRET_KEY.
        Returns:
        the unwrapped key in a key object. The format of the key returned could be RAW (clear key), ICSFToken (encrypted), or CKDS (an ICSF Token stored in the CKDS).
        Throws:
        java.security.InvalidKeyException - is thrown if the algorithm is not DES, DESede or TripleDES. An InvalidKeyException can also be thrown if there was an error when unwrapping to a clear RAW key.
        java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist
        java.lang.RuntimeException - if OAEP padding has been requested but the default or requested returned type for an unwrapped key is CLEAR.