/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.rsa;
import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import sun.security.util.*;
import sun.security.pkcs.PKCS8Key;
import sun.security.rsa.RSAUtil.KeyType;
RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in CRT form.
For non-CRT private keys, see RSAPrivateKeyImpl. We need separate classes
to ensure correct behavior in instanceof checks, etc.
Note: RSA keys must be at least 512 bits long
Author: Andreas Sterbenz See Also: - RSAPrivateKeyImpl
- RSAKeyFactory
Since: 1.5
/**
* RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in CRT form.
* For non-CRT private keys, see RSAPrivateKeyImpl. We need separate classes
* to ensure correct behavior in instanceof checks, etc.
*
* Note: RSA keys must be at least 512 bits long
*
* @see RSAPrivateKeyImpl
* @see RSAKeyFactory
*
* @since 1.5
* @author Andreas Sterbenz
*/
public final class RSAPrivateCrtKeyImpl
extends PKCS8Key implements RSAPrivateCrtKey {
@java.io.Serial
private static final long serialVersionUID = -1326088454257084918L;
private BigInteger n; // modulus
private BigInteger e; // public exponent
private BigInteger d; // private exponent
private BigInteger p; // prime p
private BigInteger q; // prime q
private BigInteger pe; // prime exponent p
private BigInteger qe; // prime exponent q
private BigInteger coeff; // CRT coeffcient
private transient KeyType type;
// Optional parameters associated with this RSA key
// specified in the encoding of its AlgorithmId.
// Must be null for "RSA" keys.
private transient AlgorithmParameterSpec keyParams;
Generate a new key from its encoding. Returns a CRT key if possible
and a non-CRT key otherwise. Used by RSAKeyFactory.
/**
* Generate a new key from its encoding. Returns a CRT key if possible
* and a non-CRT key otherwise. Used by RSAKeyFactory.
*/
public static RSAPrivateKey newKey(byte[] encoded)
throws InvalidKeyException {
if (encoded == null || encoded.length == 0) {
throw new InvalidKeyException("Missing key encoding");
}
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
// check all CRT-specific components are available, if any one
// missing, return a non-CRT key instead
if ((key.getPublicExponent().signum() == 0) ||
(key.getPrimeExponentP().signum() == 0) ||
(key.getPrimeExponentQ().signum() == 0) ||
(key.getPrimeP().signum() == 0) ||
(key.getPrimeQ().signum() == 0) ||
(key.getCrtCoefficient().signum() == 0)) {
return new RSAPrivateKeyImpl(
key.type, key.keyParams,
key.getModulus(),
key.getPrivateExponent()
);
} else {
return key;
}
}
Generate a new key from the specified type and components.
Returns a CRT key if possible and a non-CRT key otherwise.
Used by SunPKCS11 provider.
/**
* Generate a new key from the specified type and components.
* Returns a CRT key if possible and a non-CRT key otherwise.
* Used by SunPKCS11 provider.
*/
public static RSAPrivateKey newKey(KeyType type,
AlgorithmParameterSpec params,
BigInteger n, BigInteger e, BigInteger d,
BigInteger p, BigInteger q, BigInteger pe, BigInteger qe,
BigInteger coeff) throws InvalidKeyException {
RSAPrivateKey key;
if ((e.signum() == 0) || (p.signum() == 0) ||
(q.signum() == 0) || (pe.signum() == 0) ||
(qe.signum() == 0) || (coeff.signum() == 0)) {
// if any component is missing, return a non-CRT key
return new RSAPrivateKeyImpl(type, params, n, d);
} else {
return new RSAPrivateCrtKeyImpl(type, params, n, e, d,
p, q, pe, qe, coeff);
}
}
Construct a key from its encoding. Called from newKey above.
/**
* Construct a key from its encoding. Called from newKey above.
*/
RSAPrivateCrtKeyImpl(byte[] encoded) throws InvalidKeyException {
super(encoded);
parseKeyBits();
RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
try {
// check the validity of oid and params
Object[] o = RSAUtil.getTypeAndParamSpec(algid);
this.type = (KeyType) o[0];
this.keyParams = (AlgorithmParameterSpec) o[1];
} catch (ProviderException e) {
throw new InvalidKeyException(e);
}
}
Construct a RSA key from its components. Used by the
RSAKeyFactory and the RSAKeyPairGenerator.
/**
* Construct a RSA key from its components. Used by the
* RSAKeyFactory and the RSAKeyPairGenerator.
*/
RSAPrivateCrtKeyImpl(KeyType type, AlgorithmParameterSpec keyParams,
BigInteger n, BigInteger e, BigInteger d,
BigInteger p, BigInteger q, BigInteger pe, BigInteger qe,
BigInteger coeff) throws InvalidKeyException {
RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
this.n = n;
this.e = e;
this.d = d;
this.p = p;
this.q = q;
this.pe = pe;
this.qe = qe;
this.coeff = coeff;
try {
// validate and generate the algid encoding
algid = RSAUtil.createAlgorithmId(type, keyParams);
} catch (ProviderException exc) {
throw new InvalidKeyException(exc);
}
this.type = type;
this.keyParams = keyParams;
try {
// generate the key encoding
DerOutputStream out = new DerOutputStream();
out.putInteger(0); // version must be 0
out.putInteger(n);
out.putInteger(e);
out.putInteger(d);
out.putInteger(p);
out.putInteger(q);
out.putInteger(pe);
out.putInteger(qe);
out.putInteger(coeff);
DerValue val =
new DerValue(DerValue.tag_Sequence, out.toByteArray());
key = val.toByteArray();
} catch (IOException exc) {
// should never occur
throw new InvalidKeyException(exc);
}
}
// see JCA doc
@Override
public String getAlgorithm() {
return type.keyAlgo;
}
// see JCA doc
@Override
public BigInteger getModulus() {
return n;
}
// see JCA doc
@Override
public BigInteger getPublicExponent() {
return e;
}
// see JCA doc
@Override
public BigInteger getPrivateExponent() {
return d;
}
// see JCA doc
@Override
public BigInteger getPrimeP() {
return p;
}
// see JCA doc
@Override
public BigInteger getPrimeQ() {
return q;
}
// see JCA doc
@Override
public BigInteger getPrimeExponentP() {
return pe;
}
// see JCA doc
@Override
public BigInteger getPrimeExponentQ() {
return qe;
}
// see JCA doc
@Override
public BigInteger getCrtCoefficient() {
return coeff;
}
// see JCA doc
@Override
public AlgorithmParameterSpec getParams() {
return keyParams;
}
// return a string representation of this key for debugging
@Override
public String toString() {
return "SunRsaSign " + type.keyAlgo + " private CRT key, "
+ n.bitLength() + " bits" + "\n params: " + keyParams
+ "\n modulus: " + n + "\n private exponent: " + d;
}
private void parseKeyBits() throws InvalidKeyException {
try {
DerInputStream in = new DerInputStream(key);
DerValue derValue = in.getDerValue();
if (derValue.tag != DerValue.tag_Sequence) {
throw new IOException("Not a SEQUENCE");
}
DerInputStream data = derValue.data;
int version = data.getInteger();
if (version != 0) {
throw new IOException("Version must be 0");
}
/*
* Some implementations do not correctly encode ASN.1 INTEGER values
* in 2's complement format, resulting in a negative integer when
* decoded. Correct the error by converting it to a positive integer.
*
* See CR 6255949
*/
n = data.getPositiveBigInteger();
e = data.getPositiveBigInteger();
d = data.getPositiveBigInteger();
p = data.getPositiveBigInteger();
q = data.getPositiveBigInteger();
pe = data.getPositiveBigInteger();
qe = data.getPositiveBigInteger();
coeff = data.getPositiveBigInteger();
if (derValue.data.available() != 0) {
throw new IOException("Extra data available");
}
} catch (IOException e) {
throw new InvalidKeyException("Invalid RSA private key", e);
}
}
}