diff options
Diffstat (limited to 'libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/engines/RSABlindingEngine.java')
-rw-r--r-- | libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/engines/RSABlindingEngine.java | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/engines/RSABlindingEngine.java b/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/engines/RSABlindingEngine.java new file mode 100644 index 000000000..1888916e5 --- /dev/null +++ b/libraries/spongycastle/core/src/main/java/org/spongycastle/crypto/engines/RSABlindingEngine.java @@ -0,0 +1,137 @@ +package org.spongycastle.crypto.engines; + +import org.spongycastle.crypto.AsymmetricBlockCipher; +import org.spongycastle.crypto.CipherParameters; +import org.spongycastle.crypto.DataLengthException; +import org.spongycastle.crypto.params.ParametersWithRandom; +import org.spongycastle.crypto.params.RSABlindingParameters; +import org.spongycastle.crypto.params.RSAKeyParameters; + +import java.math.BigInteger; + +/** + * This does your basic RSA Chaum's blinding and unblinding as outlined in + * "Handbook of Applied Cryptography", page 475. You need to use this if you are + * trying to get another party to generate signatures without them being aware + * of the message they are signing. + */ +public class RSABlindingEngine + implements AsymmetricBlockCipher +{ + private RSACoreEngine core = new RSACoreEngine(); + + private RSAKeyParameters key; + private BigInteger blindingFactor; + + private boolean forEncryption; + + /** + * Initialise the blinding engine. + * + * @param forEncryption true if we are encrypting (blinding), false otherwise. + * @param param the necessary RSA key parameters. + */ + public void init( + boolean forEncryption, + CipherParameters param) + { + RSABlindingParameters p; + + if (param instanceof ParametersWithRandom) + { + ParametersWithRandom rParam = (ParametersWithRandom)param; + + p = (RSABlindingParameters)rParam.getParameters(); + } + else + { + p = (RSABlindingParameters)param; + } + + core.init(forEncryption, p.getPublicKey()); + + this.forEncryption = forEncryption; + this.key = p.getPublicKey(); + this.blindingFactor = p.getBlindingFactor(); + } + + /** + * Return the maximum size for an input block to this engine. + * For RSA this is always one byte less than the key size on + * encryption, and the same length as the key size on decryption. + * + * @return maximum size for an input block. + */ + public int getInputBlockSize() + { + return core.getInputBlockSize(); + } + + /** + * Return the maximum size for an output block to this engine. + * For RSA this is always one byte less than the key size on + * decryption, and the same length as the key size on encryption. + * + * @return maximum size for an output block. + */ + public int getOutputBlockSize() + { + return core.getOutputBlockSize(); + } + + /** + * Process a single block using the RSA blinding algorithm. + * + * @param in the input array. + * @param inOff the offset into the input buffer where the data starts. + * @param inLen the length of the data to be processed. + * @return the result of the RSA process. + * @throws DataLengthException the input block is too large. + */ + public byte[] processBlock( + byte[] in, + int inOff, + int inLen) + { + BigInteger msg = core.convertInput(in, inOff, inLen); + + if (forEncryption) + { + msg = blindMessage(msg); + } + else + { + msg = unblindMessage(msg); + } + + return core.convertOutput(msg); + } + + /* + * Blind message with the blind factor. + */ + private BigInteger blindMessage( + BigInteger msg) + { + BigInteger blindMsg = blindingFactor; + blindMsg = msg.multiply(blindMsg.modPow(key.getExponent(), key.getModulus())); + blindMsg = blindMsg.mod(key.getModulus()); + + return blindMsg; + } + + /* + * Unblind the message blinded with the blind factor. + */ + private BigInteger unblindMessage( + BigInteger blindedMsg) + { + BigInteger m = key.getModulus(); + BigInteger msg = blindedMsg; + BigInteger blindFactorInverse = blindingFactor.modInverse(m); + msg = msg.multiply(blindFactorInverse); + msg = msg.mod(m); + + return msg; + } +} |