/* * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.rsa; import java.math.BigInteger; import java.security.*; import java.security.interfaces.*; import java.security.spec.*; import sun.security.action.GetPropertyAction; /** * KeyFactory for RSA keys. Keys must be instances of PublicKey or PrivateKey * and getAlgorithm() must return "RSA". For such keys, it supports conversion * between the following: * * For public keys: * . PublicKey with an X.509 encoding * . RSAPublicKey * . RSAPublicKeySpec * . X509EncodedKeySpec * * For private keys: * . PrivateKey with a PKCS#8 encoding * . RSAPrivateKey * . RSAPrivateCrtKey * . RSAPrivateKeySpec * . RSAPrivateCrtKeySpec * . PKCS8EncodedKeySpec * (of course, CRT variants only for CRT keys) * * Note: as always, RSA keys should be at least 512 bits long * * @since 1.5 * @author Andreas Sterbenz */ public final class RSAKeyFactory extends KeyFactorySpi { private final static Class rsaPublicKeySpecClass = RSAPublicKeySpec.class; private final static Class rsaPrivateKeySpecClass = RSAPrivateKeySpec.class; private final static Class rsaPrivateCrtKeySpecClass = RSAPrivateCrtKeySpec.class; private final static Class x509KeySpecClass = X509EncodedKeySpec.class; private final static Class pkcs8KeySpecClass = PKCS8EncodedKeySpec.class; public final static int MIN_MODLEN = 512; public final static int MAX_MODLEN = 16384; /* * If the modulus length is above this value, restrict the size of * the exponent to something that can be reasonably computed. We * could simply hardcode the exp len to something like 64 bits, but * this approach allows flexibility in case impls would like to use * larger module and exponent values. */ public final static int MAX_MODLEN_RESTRICT_EXP = 3072; public final static int MAX_RESTRICTED_EXPLEN = 64; private static final boolean restrictExpLen = "true".equalsIgnoreCase(AccessController.doPrivileged( new GetPropertyAction( "sun.security.rsa.restrictRSAExponent", "true"))); // instance used for static translateKey(); private final static RSAKeyFactory INSTANCE = new RSAKeyFactory(); public RSAKeyFactory() { // empty } /** * Static method to convert Key into an instance of RSAPublicKeyImpl * or RSAPrivate(Crt)KeyImpl. If the key is not an RSA key or cannot be * used, throw an InvalidKeyException. * * Used by RSASignature and RSACipher. */ public static RSAKey toRSAKey(Key key) throws InvalidKeyException { if ((key instanceof RSAPrivateKeyImpl) || (key instanceof RSAPrivateCrtKeyImpl) || (key instanceof RSAPublicKeyImpl)) { return (RSAKey)key; } else { return (RSAKey)INSTANCE.engineTranslateKey(key); } } /* * Single test entry point for all of the mechanisms in the SunRsaSign * provider (RSA*KeyImpls). All of the tests are the same. * * For compatibility, we round up to the nearest byte here: * some Key impls might pass in a value within a byte of the * real value. */ static void checkRSAProviderKeyLengths(int modulusLen, BigInteger exponent) throws InvalidKeyException { checkKeyLengths(((modulusLen + 7) & ~7), exponent, RSAKeyFactory.MIN_MODLEN, Integer.MAX_VALUE); } /** * Check the length of an RSA key modulus/exponent to make sure it * is not too short or long. Some impls have their own min and * max key sizes that may or may not match with a system defined value. * * @param modulusLen the bit length of the RSA modulus. * @param exponent the RSA exponent * @param minModulusLen if > 0, check to see if modulusLen is at * least this long, otherwise unused. * @param maxModulusLen caller will allow this max number of bits. * Allow the smaller of the system-defined maximum and this param. * * @throws InvalidKeyException if any of the values are unacceptable. */ public static void checkKeyLengths(int modulusLen, BigInteger exponent, int minModulusLen, int maxModulusLen) throws InvalidKeyException { if ((minModulusLen > 0) && (modulusLen < (minModulusLen))) { throw new InvalidKeyException( "RSA keys must be at least " + minModulusLen + " bits long"); } // Even though our policy file may allow this, we don't want // either value (mod/exp) to be too big. int maxLen = Math.min(maxModulusLen, MAX_MODLEN); // If a RSAPrivateKey/RSAPublicKey, make sure the // modulus len isn't too big. if (modulusLen > maxLen) { throw new InvalidKeyException( "RSA keys must be no longer than " + maxLen + " bits"); } // If a RSAPublicKey, make sure the exponent isn't too big. if (restrictExpLen && (exponent != null) && (modulusLen > MAX_MODLEN_RESTRICT_EXP) && (exponent.bitLength() > MAX_RESTRICTED_EXPLEN)) { throw new InvalidKeyException( "RSA exponents can be no longer than " + MAX_RESTRICTED_EXPLEN + " bits " + " if modulus is greater than " + MAX_MODLEN_RESTRICT_EXP + " bits"); } } /** * Translate an RSA key into a SunRsaSign RSA key. If conversion is * not possible, throw an InvalidKeyException. * See also JCA doc. */ protected Key engineTranslateKey(Key key) throws InvalidKeyException { if (key == null) { throw new InvalidKeyException("Key must not be null"); } String keyAlg = key.getAlgorithm(); if (keyAlg.equals("RSA") == false) { throw new InvalidKeyException("Not an RSA key: " + keyAlg); } if (key instanceof PublicKey) { return translatePublicKey((PublicKey)key); } else if (key instanceof PrivateKey) { return translatePrivateKey((PrivateKey)key); } else { throw new InvalidKeyException("Neither a public nor a private key"); } } // see JCA doc protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException { try { return generatePublic(keySpec); } catch (InvalidKeySpecException e) { throw e; } catch (GeneralSecurityException e) { throw new InvalidKeySpecException(e); } } // see JCA doc protected PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException { try { return generatePrivate(keySpec); } catch (InvalidKeySpecException e) { throw e; } catch (GeneralSecurityException e) { throw new InvalidKeySpecException(e); } } // internal implementation of translateKey() for public keys. See JCA doc private PublicKey translatePublicKey(PublicKey key) throws InvalidKeyException { if (key instanceof RSAPublicKey) { if (key instanceof RSAPublicKeyImpl) { return key; } RSAPublicKey rsaKey = (RSAPublicKey)key; try { return new RSAPublicKeyImpl( rsaKey.getModulus(), rsaKey.getPublicExponent() ); } catch (RuntimeException e) { // catch providers that incorrectly implement RSAPublicKey throw new InvalidKeyException("Invalid key", e); } } else if ("X.509".equals(key.getFormat())) { byte[] encoded = key.getEncoded(); return new RSAPublicKeyImpl(encoded); } else { throw new InvalidKeyException("Public keys must be instance " + "of RSAPublicKey or have X.509 encoding"); } } // internal implementation of translateKey() for private keys. See JCA doc private PrivateKey translatePrivateKey(PrivateKey key) throws InvalidKeyException { if (key instanceof RSAPrivateCrtKey) { if (key instanceof RSAPrivateCrtKeyImpl) { return key; } RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey)key; try { return new RSAPrivateCrtKeyImpl( rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient() ); } catch (RuntimeException e) { // catch providers that incorrectly implement RSAPrivateCrtKey throw new InvalidKeyException("Invalid key", e); } } else if (key instanceof RSAPrivateKey) { if (key instanceof RSAPrivateKeyImpl) { return key; } RSAPrivateKey rsaKey = (RSAPrivateKey)key; try { return new RSAPrivateKeyImpl( rsaKey.getModulus(), rsaKey.getPrivateExponent() ); } catch (RuntimeException e) { // catch providers that incorrectly implement RSAPrivateKey throw new InvalidKeyException("Invalid key", e); } } else if ("PKCS#8".equals(key.getFormat())) { byte[] encoded = key.getEncoded(); return RSAPrivateCrtKeyImpl.newKey(encoded); } else { throw new InvalidKeyException("Private keys must be instance " + "of RSAPrivate(Crt)Key or have PKCS#8 encoding"); } } // internal implementation of generatePublic. See JCA doc private PublicKey generatePublic(KeySpec keySpec) throws GeneralSecurityException { if (keySpec instanceof X509EncodedKeySpec) { X509EncodedKeySpec x509Spec = (X509EncodedKeySpec)keySpec; return new RSAPublicKeyImpl(x509Spec.getEncoded()); } else if (keySpec instanceof RSAPublicKeySpec) { RSAPublicKeySpec rsaSpec = (RSAPublicKeySpec)keySpec; return new RSAPublicKeyImpl( rsaSpec.getModulus(), rsaSpec.getPublicExponent() ); } else { throw new InvalidKeySpecException("Only RSAPublicKeySpec " + "and X509EncodedKeySpec supported for RSA public keys"); } } // internal implementation of generatePrivate. See JCA doc private PrivateKey generatePrivate(KeySpec keySpec) throws GeneralSecurityException { if (keySpec instanceof PKCS8EncodedKeySpec) { PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec)keySpec; return RSAPrivateCrtKeyImpl.newKey(pkcsSpec.getEncoded()); } else if (keySpec instanceof RSAPrivateCrtKeySpec) { RSAPrivateCrtKeySpec rsaSpec = (RSAPrivateCrtKeySpec)keySpec; return new RSAPrivateCrtKeyImpl( rsaSpec.getModulus(), rsaSpec.getPublicExponent(), rsaSpec.getPrivateExponent(), rsaSpec.getPrimeP(), rsaSpec.getPrimeQ(), rsaSpec.getPrimeExponentP(), rsaSpec.getPrimeExponentQ(), rsaSpec.getCrtCoefficient() ); } else if (keySpec instanceof RSAPrivateKeySpec) { RSAPrivateKeySpec rsaSpec = (RSAPrivateKeySpec)keySpec; return new RSAPrivateKeyImpl( rsaSpec.getModulus(), rsaSpec.getPrivateExponent() ); } else { throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec " + "and PKCS8EncodedKeySpec supported for RSA private keys"); } } protected T engineGetKeySpec(Key key, Class keySpec) throws InvalidKeySpecException { try { // convert key to one of our keys // this also verifies that the key is a valid RSA key and ensures // that the encoding is X.509/PKCS#8 for public/private keys key = engineTranslateKey(key); } catch (InvalidKeyException e) { throw new InvalidKeySpecException(e); } if (key instanceof RSAPublicKey) { RSAPublicKey rsaKey = (RSAPublicKey)key; if (rsaPublicKeySpecClass.isAssignableFrom(keySpec)) { return (T) new RSAPublicKeySpec( rsaKey.getModulus(), rsaKey.getPublicExponent() ); } else if (x509KeySpecClass.isAssignableFrom(keySpec)) { return (T) new X509EncodedKeySpec(key.getEncoded()); } else { throw new InvalidKeySpecException ("KeySpec must be RSAPublicKeySpec or " + "X509EncodedKeySpec for RSA public keys"); } } else if (key instanceof RSAPrivateKey) { if (pkcs8KeySpecClass.isAssignableFrom(keySpec)) { return (T) new PKCS8EncodedKeySpec(key.getEncoded()); } else if (rsaPrivateCrtKeySpecClass.isAssignableFrom(keySpec)) { if (key instanceof RSAPrivateCrtKey) { RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)key; return (T) new RSAPrivateCrtKeySpec( crtKey.getModulus(), crtKey.getPublicExponent(), crtKey.getPrivateExponent(), crtKey.getPrimeP(), crtKey.getPrimeQ(), crtKey.getPrimeExponentP(), crtKey.getPrimeExponentQ(), crtKey.getCrtCoefficient() ); } else { throw new InvalidKeySpecException ("RSAPrivateCrtKeySpec can only be used with CRT keys"); } } else if (rsaPrivateKeySpecClass.isAssignableFrom(keySpec)) { RSAPrivateKey rsaKey = (RSAPrivateKey)key; return (T) new RSAPrivateKeySpec( rsaKey.getModulus(), rsaKey.getPrivateExponent() ); } else { throw new InvalidKeySpecException ("KeySpec must be RSAPrivate(Crt)KeySpec or " + "PKCS8EncodedKeySpec for RSA private keys"); } } else { // should not occur, caught in engineTranslateKey() throw new InvalidKeySpecException("Neither public nor private key"); } } }