com.joyent.http.signature.crypto.NativeRSABlindedEngine Maven / Gradle / Ivy
/*
* Copyright (c) 2000 - 2016 The Legion of the Bouncy Castle Inc. (https://www.bouncycastle.org)
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
package com.joyent.http.signature.crypto;
import com.squareup.jnagmp.Gmp;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.util.BigIntegers;
import java.math.BigInteger;
import java.security.SecureRandom;
/**
* This is a copy of {@link RSABlindedEngine} with the RSA core engine
* replace with a native implementation. We copied the library code here
* because there is no better way to for us to inherit the properties.
*
* Note: changes from the original are only using libgmp to do modpow.
*
* Relevant copyright belongs to:
* Copyright (c) 2000 - 2015 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org)
*
*
* @see org.bouncycastle.crypto.engines.RSABlindedEngine
*/
public class NativeRSABlindedEngine extends RSABlindedEngine {
/**
* The constant value of 1 as a {@link BigInteger}.
*/
private static final BigInteger ONE = BigInteger.valueOf(1);
/**
* Reference to the native implementation of a {@link org.bouncycastle.crypto.engines.RSACoreEngine}.
*/
private MantaNativeRSACoreEngine core = new MantaNativeRSACoreEngine();
/**
* RSA Key parameters.
*/
private RSAKeyParameters key;
/**
* Source of randomness.
*/
private SecureRandom random;
/**
* initialise the RSA engine.
*
* @param forEncryption true if we are encrypting, false otherwise.
* @param param the necessary RSA key parameters.
*/
@Override
public void init(final boolean forEncryption, final CipherParameters param) {
core.init(forEncryption, param);
if (param instanceof ParametersWithRandom) {
ParametersWithRandom rParam = (ParametersWithRandom)param;
key = (RSAKeyParameters)rParam.getParameters();
random = rParam.getRandom();
} else {
key = (RSAKeyParameters)param;
random = new SecureRandom();
}
}
/**
* Return the maximum size for an input block to this engine.
* For RSA this is always one byte less than the key size on
* encryption, and the same length as the key size on decryption.
*
* @return maximum size for an input block.
*/
@Override
public int getInputBlockSize() {
return core.getInputBlockSize();
}
/**
* Return the maximum size for an output block to this engine.
* For RSA this is always one byte less than the key size on
* decryption, and the same length as the key size on encryption.
*
* @return maximum size for an output block.
*/
@Override
public int getOutputBlockSize() {
return core.getOutputBlockSize();
}
/**
* Process a single block using the basic RSA algorithm.
*
* @param in the input array.
* @param inOff the offset into the input buffer where the data starts.
* @param inLen the length of the data to be processed.
* @return the result of the RSA process.
* @exception DataLengthException the input block is too large.
*/
@Override
public byte[] processBlock(final byte[] in, final int inOff, final int inLen) {
if (key == null) {
throw new IllegalStateException("RSA engine not initialised");
}
BigInteger input = core.convertInput(in, inOff, inLen);
BigInteger result;
if (key instanceof RSAPrivateCrtKeyParameters) {
RSAPrivateCrtKeyParameters k = (RSAPrivateCrtKeyParameters)key;
BigInteger e = k.getPublicExponent();
// can't do blinding without a public exponent
if (e != null) {
BigInteger m = k.getModulus();
BigInteger r = BigIntegers.createRandomInRange(ONE, m.subtract(ONE), random);
// This is a modification to use the GMP native library method
BigInteger blindedModPow = Gmp.modPowSecure(r, e, m);
BigInteger blindedInput = blindedModPow.multiply(input).mod(m);
BigInteger blindedResult = core.processBlock(blindedInput);
// This is a modification to use the GMP native library method
BigInteger rInv = Gmp.modInverse(r, m);
result = blindedResult.multiply(rInv).mod(m);
// defence against Arjen Lenstra’s CRT attack
// This is a modification to use the GMP native library method
if (!input.equals(Gmp.modPowInsecure(result, e, m))) {
throw new IllegalStateException("RSA engine faulty decryption/signing detected");
}
} else {
result = core.processBlock(input);
}
} else {
result = core.processBlock(input);
}
return core.convertOutput(result);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy