1 /* |
1 /* |
2 * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
100 return crypt(msg, key.getModulus(), key.getPublicExponent()); |
100 return crypt(msg, key.getModulus(), key.getPublicExponent()); |
101 } |
101 } |
102 |
102 |
103 /** |
103 /** |
104 * Perform an RSA private key operation. Uses CRT if the key is a |
104 * Perform an RSA private key operation. Uses CRT if the key is a |
105 * CRT key. |
105 * CRT key with additional verification check after the signature |
106 */ |
106 * is computed. |
|
107 */ |
|
108 @Deprecated |
107 public static byte[] rsa(byte[] msg, RSAPrivateKey key) |
109 public static byte[] rsa(byte[] msg, RSAPrivateKey key) |
108 throws BadPaddingException { |
110 throws BadPaddingException { |
|
111 return rsa(msg, key, true); |
|
112 } |
|
113 |
|
114 /** |
|
115 * Perform an RSA private key operation. Uses CRT if the key is a |
|
116 * CRT key. Set 'verify' to true if this function is used for |
|
117 * generating a signature. |
|
118 */ |
|
119 public static byte[] rsa(byte[] msg, RSAPrivateKey key, boolean verify) |
|
120 throws BadPaddingException { |
109 if (key instanceof RSAPrivateCrtKey) { |
121 if (key instanceof RSAPrivateCrtKey) { |
110 return crtCrypt(msg, (RSAPrivateCrtKey)key); |
122 return crtCrypt(msg, (RSAPrivateCrtKey)key, verify); |
111 } else { |
123 } else { |
112 return priCrypt(msg, key.getModulus(), key.getPrivateExponent()); |
124 return priCrypt(msg, key.getModulus(), key.getPrivateExponent()); |
113 } |
125 } |
114 } |
126 } |
115 |
127 |
146 |
158 |
147 /** |
159 /** |
148 * RSA private key operations with CRT. Algorithm and variable naming |
160 * RSA private key operations with CRT. Algorithm and variable naming |
149 * are taken from PKCS#1 v2.1, section 5.1.2. |
161 * are taken from PKCS#1 v2.1, section 5.1.2. |
150 */ |
162 */ |
151 private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key) |
163 private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key, |
152 throws BadPaddingException { |
164 boolean verify) throws BadPaddingException { |
|
165 long start = System.nanoTime(); |
153 BigInteger n = key.getModulus(); |
166 BigInteger n = key.getModulus(); |
154 BigInteger c = parseMsg(msg, n); |
167 BigInteger c0 = parseMsg(msg, n); |
|
168 BigInteger c = c0; |
155 BigInteger p = key.getPrimeP(); |
169 BigInteger p = key.getPrimeP(); |
156 BigInteger q = key.getPrimeQ(); |
170 BigInteger q = key.getPrimeQ(); |
157 BigInteger dP = key.getPrimeExponentP(); |
171 BigInteger dP = key.getPrimeExponentP(); |
158 BigInteger dQ = key.getPrimeExponentQ(); |
172 BigInteger dQ = key.getPrimeExponentQ(); |
159 BigInteger qInv = key.getCrtCoefficient(); |
173 BigInteger qInv = key.getCrtCoefficient(); |
181 // m = m2 + q * h |
195 // m = m2 + q * h |
182 BigInteger m = h.multiply(q).add(m2); |
196 BigInteger m = h.multiply(q).add(m2); |
183 |
197 |
184 if (ENABLE_BLINDING) { |
198 if (ENABLE_BLINDING) { |
185 m = m.multiply(brp.v).mod(n); |
199 m = m.multiply(brp.v).mod(n); |
|
200 } |
|
201 if (verify && !c0.equals(m.modPow(e, n))) { |
|
202 throw new BadPaddingException("RSA private key operation failed"); |
186 } |
203 } |
187 |
204 |
188 return toByteArray(m, getByteLength(n)); |
205 return toByteArray(m, getByteLength(n)); |
189 } |
206 } |
190 |
207 |