cryptix.provider.rsa

Class Any_RSA_PKCS1Signature

java.lang.Object

java.security.SignatureSpi

java.security.Signature

cryptix.provider.rsa.Any_RSA_PKCS1Signature

Direct Known Subclasses:

MD2_RSA_PKCS1Signature, MD5_RSA_PKCS1Signature, RIPEMD160_RSA_PKCS1Signature, SHA1_RSA_PKCS1Signature

public abstract class Any_RSA_PKCS1Signature
extends java.security.Signature

An abstract class to digest a message and sign/verify the resulting hash value, using any JCA MessageDigest algorithm with the RSA digital signature scheme, and the formatting and padding conventions defined by PKCS#1. These conventions are compatible with PEM (RFC-1423).

References:

1. Bruce Schneier, "Section 19.3 RSA," Applied Cryptography, 2nd edition, John Wiley & Sons, 1996.

2. PKCS#1 [need reference]

3. RFC-1423 [need reference]

Copyright © 1997 Systemics Ltd on behalf of the Cryptix Development Team.
All rights reserved.

$Revision: 1.9 $

Since:

Cryptix 2.2.2

Author:

David Hopwood, Raïf S. Naffah

Field Summary

Fields inherited from class java.security.Signature

SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Any_RSA_PKCS1Signature(java.lang.String mdAlgorithm) Constructor for an Any_RSA_PKCS1Signature.

Method Summary

Methods

Modifier and Type	Method and Description
protected java.lang.Object	engineGetParameter(java.lang.String param)
protected void	engineInitSign(java.security.PrivateKey key) SPI: Initializes this signature object for signing, using the given private key.
protected void	engineInitVerify(java.security.PublicKey key) SPI: Initializes this signature object for verification, using the given public key.
protected void	engineSetParameter(java.lang.String param, java.lang.Object value)
protected byte[]	engineSign() Terminates the update process and returns the signature bytes of all the data signed so far.
protected void	engineUpdate(byte b) Updates the data to be signed or verified, using one byte.
protected void	engineUpdate(byte[] in, int offset, int length) Updates the data to be signed or verified, using the specified sub-array of bytes, starting at the specified offset.
protected boolean	engineVerify(byte[] signature) Terminates the update process and verifies that the passed signature equals that of a generated one based on the updated data so far.
protected abstract byte[]	getAlgorithmEncoding() Returns the ASN.1 bytes of the AlgorithmIdentifier token described in engineSign() method above.

Methods inherited from class java.security.Signature

clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify

Methods inherited from class java.security.SignatureSpi

engineGetParameters, engineInitSign, engineSetParameter, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

Any_RSA_PKCS1Signature

protected Any_RSA_PKCS1Signature(java.lang.String mdAlgorithm)

Constructor for an Any_RSA_PKCS1Signature.

Parameters:

mdAlgorithm - the standard JCA algorithm name of the message digest to be used.

Method Detail

engineInitSign

protected void engineInitSign(java.security.PrivateKey key)
                       throws java.security.InvalidKeyException

SPI: Initializes this signature object for signing, using the given private key.

Specified by:

engineInitSign in class java.security.SignatureSpi

Parameters:

key - the private key to be used to generate signatures.

Throws:

java.security.InvalidKeyException - If the key class does not implement java.security.interfaces.RSAPrivateKey or If the size of the minimal PKCS#1 frame generated by the engineSign() method will be larger than the public key modulus.

engineInitVerify

protected void engineInitVerify(java.security.PublicKey key)
                         throws java.security.InvalidKeyException

SPI: Initializes this signature object for verification, using the given public key.

Specified by:

engineInitVerify in class java.security.SignatureSpi

Parameters:

key - the public key this signature is assumed to have been generated with.

Throws:

java.security.InvalidKeyException - If the key class does not implement java.security.interfaces.RSAPrivateKey or If the size of the minimal PKCS#1 frame generated by the engineSign() method will be larger than the public key modulus.

engineUpdate

protected void engineUpdate(byte b)
                     throws java.security.SignatureException

Updates the data to be signed or verified, using one byte.

Specified by:

engineUpdate in class java.security.SignatureSpi

Parameters:

b - the byte to use for the update process.

Throws:

java.security.SignatureException - if the engine is not initialised properly.

engineUpdate

protected void engineUpdate(byte[] in,
                int offset,
                int length)
                     throws java.security.SignatureException

Updates the data to be signed or verified, using the specified sub-array of bytes, starting at the specified offset.

Specified by:

engineUpdate in class java.security.SignatureSpi

Parameters:

in - the array of bytes.

offset - the offset to start from in in.

length - the number of bytes to use, starting at offset.

Throws:

java.security.SignatureException - if the engine is not initialised properly.

engineSign

protected byte[] engineSign()
                     throws java.security.SignatureException

Terminates the update process and returns the signature bytes of all the data signed so far.

NOTES: Sun's documentation talks about the bytes returned being X.509-encoded. For this RSA/PKCS#1 implementation, they conform to PKCS#1 section 10. Practically, the return value will be formed by concatenating a leading NULL byte, a block type BT, a padding block PS, another NULLbyte, and finally a data block D; ie:

     return = 0x00 || BT || PS || 0x00 || D.
 

For signing, PKCS#1 block type 01 encryption-block formatting scheme is employed. The block type BT is a single byte valued 0x01 and the padding block PS is enough 0xFF bytes to make the length of the complete RSA Multi Precision Integer equal to the length of the public modulus. The data block D consists of the MIC -- Message Integrity Check, or message digest value-- and the MIC algorithm ASN.1 encoded identifier. The formal syntax in ASN.1 notation is:

   SEQUENCE {
     digestAlgorithm  AlgorithmIdentifier,
     digest           OCTET STRING
   }

   AlgorithmIdentifier ::= SEQUENCE {
     algorithm        OBJECT IDENTIFIER,
     parameters       ANY DEFINED BY algorithm OPTIONAL
   }
 

Specified by:

engineSign in class java.security.SignatureSpi

Returns:

the signature bytes of the signing operation's result.

Throws:

java.security.SignatureException - if the engine is not initialised properly.

engineVerify

protected boolean engineVerify(byte[] signature)
                        throws java.security.SignatureException

Terminates the update process and verifies that the passed signature equals that of a generated one based on the updated data so far.

NOTES: Sun's documentation talks about the bytes received being X.509-encoded. For this RSA/PKCS#1 implementation, the bytes received are assumed to conform to PKCS#1 section 10, or have been generated by a previous invocation of the engineSign method.

Specified by:

engineVerify in class java.security.SignatureSpi

Parameters:

signature - the signature bytes to be verified.

Returns:

true if the signature was verified successfully, false otherwise.

Throws:

java.security.SignatureException - if the engine is not initialised properly, the received signature data is improperly encoded or of the wrong type, etc.

engineSetParameter

protected void engineSetParameter(java.lang.String param,
                      java.lang.Object value)
                           throws java.security.InvalidParameterException

Specified by:

engineSetParameter in class java.security.SignatureSpi

Throws:

java.security.InvalidParameterException

engineGetParameter

protected java.lang.Object engineGetParameter(java.lang.String param)
                                       throws java.security.InvalidParameterException

Specified by:

engineGetParameter in class java.security.SignatureSpi

Throws:

java.security.InvalidParameterException

getAlgorithmEncoding

protected abstract byte[] getAlgorithmEncoding()

Returns the ASN.1 bytes of the AlgorithmIdentifier token described in engineSign() method above.

Returns:

the AlgorithmIdentifier bytes.