Logo Search packages:      
Sourcecode: libgnucrypto-java version File versions  Download package

EMSA_PKCS1_V1_5.java

package gnu.crypto.sig.rsa;

// ----------------------------------------------------------------------------
// $Id: EMSA_PKCS1_V1_5.java,v 1.4 2005/10/06 04:24:18 rsdio Exp $
//
// Copyright (C) 2003 Free Software Foundation, Inc.
//
// This file is part of GNU Crypto.
//
// GNU Crypto is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2, or (at your option)
// any later version.
//
// GNU Crypto is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; see the file COPYING.  If not, write to the
//
//    Free Software Foundation Inc.,
//    51 Franklin Street, Fifth Floor,
//    Boston, MA 02110-1301
//    USA
//
// Linking this library statically or dynamically with other modules is
// making a combined work based on this library.  Thus, the terms and
// conditions of the GNU General Public License cover the whole
// combination.
//
// As a special exception, the copyright holders of this library give
// you permission to link this library with independent modules to
// produce an executable, regardless of the license terms of these
// independent modules, and to copy and distribute the resulting
// executable under terms of your choice, provided that you also meet,
// for each linked independent module, the terms and conditions of the
// license of that module.  An independent module is a module which is
// not derived from or based on this library.  If you modify this
// library, you may extend this exception to your version of the
// library, but you are not obligated to do so.  If you do not wish to
// do so, delete this exception statement from your version.
// ----------------------------------------------------------------------------

import gnu.crypto.Registry;
import gnu.crypto.hash.HashFactory;
import gnu.crypto.hash.IMessageDigest;

import java.io.ByteArrayOutputStream;

/**
 * <p>An implementation of the EMSA-PKCS1-V1.5 encoding scheme.</p>
 *
 * <p>EMSA-PKCS1-V1.5 is parameterised by the choice of hash function Hash and
 * hLen which denotes the length in octets of the hash function output.</p>
 *
 * <p>References:</p>
 * <ol>
 *    <li><a href="http://www.ietf.org/rfc/rfc3447.txt">Public-Key Cryptography
 *    Standards (PKCS) #1:</a><br>
 *    RSA Cryptography Specifications Version 2.1.<br>
 *    Jakob Jonsson and Burt Kaliski.</li>
 * </ol>
 *
 * @version $Revision: 1.4 $
 */
00068 public class EMSA_PKCS1_V1_5 implements Cloneable {

   // Constants and variables
   // -------------------------------------------------------------------------

   /* Notes.
      1. For the six hash functions mentioned in Appendix B.1, the DER encoding
         T of the DigestInfo value is equal to the following:

      MD2:     (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 02 05 00 04 10 || H
      MD5:     (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 || H
      SHA-1:   (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 || H
      SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 || H
      SHA-384: (0x)30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05 00 04 30 || H
      SHA-512: (0x)30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 04 40 || H
   */
   private static final byte[] MD2_PREFIX = {
      (byte) 0x30, (byte) 0x20, (byte) 0x30, (byte) 0x0c,
      (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86,
      (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d,
      (byte) 0x02, (byte) 0x02, (byte) 0x05, (byte) 0x00,
      (byte) 0x04, (byte) 0x10
   };

   private static final byte[] MD5_PREFIX = {
      (byte) 0x30, (byte) 0x20, (byte) 0x30, (byte) 0x0c,
      (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86,
      (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d,
      (byte) 0x02, (byte) 0x05, (byte) 0x05, (byte) 0x00,
      (byte) 0x04, (byte) 0x10
   };

   private static final byte[] SHA160_PREFIX = {
      (byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09,
      (byte) 0x06, (byte) 0x05, (byte) 0x2b, (byte) 0x0e,
      (byte) 0x03, (byte) 0x02, (byte) 0x1a, (byte) 0x05,
      (byte) 0x00, (byte) 0x04, (byte) 0x14
   };

   private static final byte[] SHA256_PREFIX = {
      (byte) 0x30, (byte) 0x31, (byte) 0x30, (byte) 0x0d,
      (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86,
      (byte) 0x48, (byte) 0x01, (byte) 0x65, (byte) 0x03,
      (byte) 0x04, (byte) 0x02, (byte) 0x01, (byte) 0x05,
      (byte) 0x00, (byte) 0x04, (byte) 0x20
   };

   private static final byte[] SHA384_PREFIX = {
      (byte) 0x30, (byte) 0x41, (byte) 0x30, (byte) 0x0d,
      (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86,
      (byte) 0x48, (byte) 0x01, (byte) 0x65, (byte) 0x03,
      (byte) 0x04, (byte) 0x02, (byte) 0x02, (byte) 0x05,
      (byte) 0x00, (byte) 0x04, (byte) 0x30
   };

   private static final byte[] SHA512_PREFIX = {
      (byte) 0x30, (byte) 0x51, (byte) 0x30, (byte) 0x0d,
      (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86,
      (byte) 0x48, (byte) 0x01, (byte) 0x65, (byte) 0x03,
      (byte) 0x04, (byte) 0x02, (byte) 0x03, (byte) 0x05,
      (byte) 0x00, (byte) 0x04, (byte) 0x40
   };

   /** The underlying hash function to use with this instance. */
00132    private IMessageDigest hash;

   /** The output size of the hash function in octets. */
00135    private int hLen; // TODO: field not used!!!  investigate

   /** The DER part of DigestInfo not containing the hash value itself. */
00138    private byte[] prefix;

   // Constructor(s)
   // -------------------------------------------------------------------------

   /**
    * <p>Trivial private constructor to enforce use through Factory method.</p>
    *
    * @param hash the message digest instance to use with this scheme instance.
    */
00148    private EMSA_PKCS1_V1_5(final IMessageDigest hash) {
      super();

      this.hash = hash;
      hLen = hash.hashSize();
      final String name = hash.name();
      if (name.equals(Registry.MD2_HASH)) {
         prefix = MD2_PREFIX;
      } else if (name.equals(Registry.MD5_HASH)) {
         prefix = MD5_PREFIX;
      } else if (name.equals(Registry.SHA160_HASH)) {
         prefix = SHA160_PREFIX;
      } else if (name.equals(Registry.SHA256_HASH)) {
         prefix = SHA256_PREFIX;
      } else if (name.equals(Registry.SHA384_HASH)) {
         prefix = SHA384_PREFIX;
      } else if (name.equals(Registry.SHA512_HASH)) {
         prefix = SHA512_PREFIX;
      } else {
         throw new UnsupportedOperationException(); // should not happen
      }
   }

   // Class methods
   // -------------------------------------------------------------------------

   /**
    * <p>Returns an instance of this object given a designated name of a hash
    * function.</p>
    *
    * @param mdName the canonical name of a hash function.
    * @return an instance of this object configured for use with the designated
    * options.
    * @throws UnsupportedOperationException if the hash function is not
    * implemented or does not have an ID listed in RFC-3447.
    */
00184    public static final EMSA_PKCS1_V1_5 getInstance(final String mdName) {
      final IMessageDigest hash = HashFactory.getInstance(mdName);
      final String name = hash.name();
      if (!(name.equals(Registry.MD2_HASH)
            || name.equals(Registry.MD5_HASH)
            || name.equals(Registry.SHA160_HASH)
            || name.equals(Registry.SHA256_HASH)
            || name.equals(Registry.SHA384_HASH)
            || name.equals(Registry.SHA512_HASH))) {
         throw new UnsupportedOperationException("hash with no ID");
      }
      return new EMSA_PKCS1_V1_5(hash);
   }

   // Instance methods
   // -------------------------------------------------------------------------

   // Cloneable interface implementation --------------------------------------

   public Object clone() {
      return getInstance(hash.name());
   }

   // own methods -------------------------------------------------------------

   /**
    * <p>Frames the hash of a message, along with an ID of the hash function in
    * a DER sequence according to the specifications of EMSA-PKCS1-V1.5 as
    * described in RFC-3447 (see class documentation).</p>
    *
    * @param mHash the byte sequence resulting from applying the message digest
    * algorithm Hash to the message <i>M</i>.
    * @param emLen intended length in octets of the encoded message, at least
    * <code>tLen + 11</code>, where <code>tLen</code> is the octet length of the
    * DER encoding <code>T</code> of a certain value computed during the
    * encoding operation.
    * @return encoded message, an octet string of length <code>emLen</code>.
    * @throws IllegalArgumentException if the message is too long, or if the
    * intended encoded message length is too short.
    */
00224    public byte[] encode(final byte[] mHash, final int emLen) {
      // 1. Apply the hash function to the message M to produce a hash value
      //    H: H = Hash(M).
      //    If the hash function outputs "message too long," output "message
      //    too long" and stop.
      // 2. Encode the algorithm ID for the hash function and the hash value
      //    into an ASN.1 value of type DigestInfo (see Appendix A.2.4) with
      //    the Distinguished Encoding Rules (DER), where the type DigestInfo
      //    has the syntax
      //       DigestInfo ::= SEQUENCE {
      //          digestAlgorithm AlgorithmIdentifier,
      //          digest OCTET STRING
      //       }
      //   The first field identifies the hash function and the second contains
      //   the hash value.  Let T be the DER encoding of the DigestInfo value
      //   (see the notes below) and let tLen be the length in octets of T.
      final ByteArrayOutputStream baos = new ByteArrayOutputStream();
      baos.write(prefix, 0, prefix.length);
      baos.write(mHash, 0, mHash.length);
      final byte[] T = baos.toByteArray();
      final int tLen = T.length;
      // 3. If emLen < tLen + 11, output "intended encoded message length too
      //    short" and stop.
      if (emLen < tLen + 11) {
         throw new IllegalArgumentException("emLen too short");
      }
      // 4. Generate an octet string PS consisting of emLen - tLen - 3 octets
      //    with hexadecimal value 0xff.  The length of PS will be at least 8
      //    octets.
      final byte[] PS = new byte[emLen - tLen - 3];
      for (int i = 0; i < PS.length; i++) {
         PS[i] = (byte) 0xFF;
      }
      // 5. Concatenate PS, the DER encoding T, and other padding to form the
      //    encoded message EM as: EM = 0x00 || 0x01 || PS || 0x00 || T.
      baos.reset();
      baos.write(0x00);
      baos.write(0x01);
      baos.write(PS, 0, PS.length);
      baos.write(0x00);
      baos.write(T, 0, tLen);
      final byte[] result = baos.toByteArray();
      baos.reset();
      // 6. Output EM.
      return result;
   }
}

Generated by  Doxygen 1.6.0   Back to index