com.entrust.toolkit.util

Class CryptoUtils

java.lang.Object

com.entrust.toolkit.util.CryptoUtils

public final class CryptoUtils
extends java.lang.Object

This class contains some simply utilities that are commonly used when doing cryptography.

Since:

7.0

Method Summary

Modifier and Type	Method and Description
static void	arraycopy(byte[] src, int srcPosition, byte[] dst, int dstPosition, int length) Copies the specified portion of one byte array into a given location in another byte array.
static int	bitLength(int i) Determines the bit length of an integer.
static boolean	checkExponentLength(java.security.interfaces.RSAPublicKey key) Method used as a hook to determine if the exponent length should be checked based on criteria that will be determined in a future release.
static int	countOneBits(byte b) Counts the number of bits that are set to 1 in a byte.
static java.math.BigInteger	enhancedMillerRabin(java.math.BigInteger w, int iterations, java.util.Random rnd) Performs the enhanced Miller_Rabin tests, and Returns a BigInteger as a result.
static byte[]	getMagnitude(java.math.BigInteger bi) Returns the big-endian binary representation of the magnitude of a BigInteger.
static int	getMagnitudeSize(java.math.BigInteger bi) Returns size (in bytes) of the big-endian binary representation of the magnitude of a BigInteger.
static boolean	isEqual(byte[] ba1, byte[] ba2) Compares two byte arrays for equality.
static boolean	isEqual(byte[] ba1, int offset1, byte[] ba2, int offset2, int length) Compares two byte array segments for equality.
static boolean	isOdd(java.math.BigInteger bi) Tests whether a given integer is odd.
static void	setDESKeyParity(byte[] key, int offset) Sets the parity bits of a DES key.
static void	setTripleDESKeyParity(byte[] key, int offset) Sets the parity bits of a DESede key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

arraycopy

public static void arraycopy(byte[] src,
                             int srcPosition,
                             byte[] dst,
                             int dstPosition,
                             int length)

Copies the specified portion of one byte array into a given location in another byte array.

This method is intended to give optimum performance during the array copy. When less than 10 elements are being copied, the elements are copied individually. When more that 10 elements are being copied the utility System.arraycopy() is used to do the copy. This is done because typically System.arraycopy() is only faster than manual array* copying when there are more than 10 elements are being copied.

Parameters:

src - the source byte array

srcPosition - the start position in the source byte array

dst - the destination byte array

dstPosition - the start position in the destination byte array

length - the number of bytes to be copied

getMagnitude

public static byte[] getMagnitude(java.math.BigInteger bi)

Returns the big-endian binary representation of the magnitude of a BigInteger.

Note that the big-endian representation of the integer 0 is 0x00.

Parameters:

bi - the BigInteger

Returns:

the magnitude

getMagnitudeSize

public static int getMagnitudeSize(java.math.BigInteger bi)

Returns size (in bytes) of the big-endian binary representation of the magnitude of a BigInteger.

Since the big-endian representation of the integer 0 is 0x00, the size of the magnitude in this case is 1.

Parameters:

bi - the BigInteger

Returns:

the size of the magnitude

countOneBits

public static int countOneBits(byte b)

Counts the number of bits that are set to 1 in a byte.

Parameters:

b - the byte

Returns:

the number of 1's in the byte

setDESKeyParity

public static void setDESKeyParity(byte[] key,
                                   int offset)

Sets the parity bits of a DES key.

A DES key contains 8 error detecting bits (bits 8, 16, ..., 64) that are set to make the parity of each byte of the key odd. Odd parity indicates that there is an odd number of 1's in each byte.

Parameters:

key - the byte array containing the DES key

offset - the location in the byte array where the key starts

setTripleDESKeyParity

public static void setTripleDESKeyParity(byte[] key,
                                         int offset)

Sets the parity bits of a DESede key.

A DESede key consists of 3 DES keys. Each DES key contains 8 error detecting bits (bits 8, 16, ..., 64) that are set to make the parity of each byte of the key odd. Odd parity indicates that there is an odd number of 1's in each byte.

Parameters:

key - the byte array containing the DESede key

offset - the location in the byte array where the key starts

isOdd

public static boolean isOdd(java.math.BigInteger bi)

Tests whether a given integer is odd.

Parameters:

bi - the integer to be tested

Returns:

true if the integer is odd; false otherwise

Since:

7.2

isEqual

public static boolean isEqual(byte[] ba1,
                              byte[] ba2)

Compares two byte arrays for equality.

Uses a time constant comparison algorithm that is immune to timing based attacks. For example, when verifying a MAC, it is important to use a time constant comparison. Otherwise, it may be possible to mount an attack that would expose the MAC value. In such situations, to prevent this type of timing attack, this API should be used instead of any of the following (which are not time constant):

• java.util.Arrays.equals(byte[], byte[])
• iaik.utils.CryptoUtils.equalsBlock(byte[], byte[])

Parameters:

ba1 - one byte array being tested in the equality check

ba2 - the other byte array being tested in the equality check

Returns:

true if the two byte arrays are equal; false otherwise

Since:

7.2 SP1 Patch

isEqual

public static boolean isEqual(byte[] ba1,
                              int offset1,
                              byte[] ba2,
                              int offset2,
                              int length)

Compares two byte array segments for equality.

Uses a time constant comparison algorithm that is immune to timing based attacks. For example, when verifying a MAC, it is important to use a time constant comparison. Otherwise, it may be possible to mount an attack that would expose the MAC value. In such situations, to prevent this type of timing attack, this API should be used instead of the following (which is not time constant):

• iaik.utils.CryptoUtils.equalsBlock(byte[], int, byte[], int, int)

Parameters:

ba1 - one byte array from which a segment is being tested in the equality check

offset1 - the offset in ba1 where the byte array segment starts

ba2 - the other byte array from which a segment is being tested in the equality check

offset2 - the offset in ba2 where the byte array segment starts

length - the length of the byte array segments

Returns:

true if the two byte array segments are equal; false otherwise

Since:

7.2 SP1 Patch

bitLength

public static int bitLength(int i)

Determines the bit length of an integer.

The bit length is the number of bits in the minimal two's-complement representation of this integer. For positive integers, this is the equivalent of the number bits in the ordinary binary representation. For negative integers, this is always 32-bits.

This implementation is secure; it wipes all internal copies of the integer from memory upon completion. Thus, it is suitable for use with private or sensitive information.

Parameters:

i - an integer

Returns:

the bit length of the integer

Since:

8.0

enhancedMillerRabin

public static java.math.BigInteger enhancedMillerRabin(java.math.BigInteger w,
                                                       int iterations,
                                                       java.util.Random rnd)

Performs the enhanced Miller_Rabin tests, and Returns a BigInteger as a result. If the BigInteger returned is greater than 1, the result is PROVABLY COMPOSITE WITH FACTOR, and the value of the BigInteger returned in the factor.

If the BigInteger returned is 1, 1, the result is PROVABLY COMPOSITE AND NOT A POWER OF A PRIME.

If the BigInteger returned is 0, the result is probably prime. The following assumptions are made: This BigInteger is a positive, odd number greater than 2. iterations<=50.

Parameters:

w - the BigInteger to test

iterations - the number of Miller-Rabin Iterations

rnd - the Random number generator

checkExponentLength

public static boolean checkExponentLength(java.security.interfaces.RSAPublicKey key)

Method used as a hook to determine if the exponent length should be checked based on criteria that will be determined in a future release. Note This code will only be run when the toolkit is in FIPS mode and when the System property com.entrust.toolkit.security.crypto.rsa.enforceExponentLength is set to false. It will provide an alternate way to determine if the exponent Length should be checked for a given RSAPublicKey.

Returns:

true to indicate the exponent length should be checked, false if it should not be checked.