1 package org.bouncycastle.crypto.engines;
3 import java.math.BigInteger;
5 import org.bouncycastle.crypto.CipherParameters;
6 import org.bouncycastle.crypto.DataLengthException;
7 import org.bouncycastle.crypto.AsymmetricBlockCipher;
8 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
9 import org.bouncycastle.crypto.params.RSAKeyParameters;
10 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
13 * this does your basic RSA algorithm.
15 public class RSAEngine
16 implements AsymmetricBlockCipher
18 private RSAKeyParameters key;
19 private boolean forEncryption;
22 * initialise the RSA engine.
24 * @param forEncryption treu if we are encrypting, false otherwise.
25 * @param param the necessary RSA key parameters.
28 boolean forEncryption,
29 CipherParameters param)
31 this.key = (RSAKeyParameters)param;
32 this.forEncryption = forEncryption;
36 * Return the maximum size for an input block to this engine.
37 * For RSA this is always one byte less than the key size on
38 * encryption, and the same length as the key size on decryption.
40 * @return maximum size for an input block.
42 public int getInputBlockSize()
44 int bitSize = key.getModulus().bitLength();
48 if ((bitSize % 8) == 0)
50 return bitSize / 8 - 1;
57 return (bitSize + 7) / 8;
62 * Return the maximum size for an output block to this engine.
63 * For RSA this is always one byte less than the key size on
64 * decryption, and the same length as the key size on encryption.
66 * @return maximum size for an input block.
68 public int getOutputBlockSize()
70 int bitSize = key.getModulus().bitLength();
74 return ((bitSize - 1) + 7) / 8;
78 return (bitSize - 7) / 8;
83 * Process a single block using the basic RSA algorithm.
85 * @param in the input array.
86 * @param inOff the offset into the input buffer where the data starts.
87 * @param inLen the length of the data to be processed.
88 * @return the result of the RSA process.
89 * @exception DataLengthException the input block is too large.
91 public byte[] processBlock(
96 if (inLen > (getInputBlockSize() + 1))
98 throw new DataLengthException("input too large for RSA cipher.\n");
100 else if (inLen == (getInputBlockSize() + 1) && (in[inOff] & 0x80) != 0)
102 throw new DataLengthException("input too large for RSA cipher.\n");
107 if (inOff != 0 || inLen != in.length)
109 block = new byte[inLen];
111 System.arraycopy(in, inOff, block, 0, inLen);
118 BigInteger input = new BigInteger(1, block);
121 if (key instanceof RSAPrivateCrtKeyParameters)
124 // we have the extra factors, use the Chinese Remainder Theorem - the author
125 // wishes to express his thanks to Dirk Bonekaemper at rtsffm.com for
126 // advice regarding the expression of this.
128 RSAPrivateCrtKeyParameters crtKey = (RSAPrivateCrtKeyParameters)key;
130 BigInteger d = crtKey.getExponent();
131 BigInteger p = crtKey.getP();
132 BigInteger q = crtKey.getQ();
133 BigInteger dP = crtKey.getDP();
134 BigInteger dQ = crtKey.getDQ();
135 BigInteger qInv = crtKey.getQInv();
137 BigInteger mP, mQ, h, m;
139 // mP = ((input mod p) ^ dP)) mod p
140 mP = (input.remainder(p)).modPow(dP, p);
142 // mQ = ((input mod q) ^ dQ)) mod q
143 mQ = (input.remainder(q)).modPow(dQ, q);
145 // h = qInv * (mP - mQ) mod p
147 h = h.multiply(qInv);
148 h = h.mod(p); // mod (in Java) returns the positive residual
154 output = m.toByteArray();
158 output = input.modPow(
159 key.getExponent(), key.getModulus()).toByteArray();
164 if (output[0] == 0 && output.length > getOutputBlockSize()) // have ended up with an extra zero byte, copy down.
166 byte[] tmp = new byte[output.length - 1];
168 System.arraycopy(output, 1, tmp, 0, tmp.length);
173 if (output.length < getOutputBlockSize()) // have ended up with less bytes than normal, lengthen
175 byte[] tmp = new byte[getOutputBlockSize()];
177 System.arraycopy(output, 0, tmp, tmp.length - output.length, output.length);
184 if (output[0] == 0) // have ended up with an extra zero byte, copy down.
186 byte[] tmp = new byte[output.length - 1];
188 System.arraycopy(output, 1, tmp, 0, tmp.length);