ostore.security
Class NativeRSASignature_PKCS1_SHA1

java.lang.Object
  |
  +--java.security.SignatureSpi
        |
        +--ostore.security.NativeRSASignature_PKCS1_SHA1

public class NativeRSASignature_PKCS1_SHA1
extends SignatureSpi

This is totally copied from Cryptix. I would _LOVE_ to just extend the class RSASignature_PKCS1_SHA1 and overload only the engineSign and engineVerify methods, but the makePKCS1 function is private, so I have to copy the entire class. I'm talking with the Cryptix folks about having that remedied if possible.

Version:
$Id: NativeRSASignature_PKCS1_SHA1.java,v 1.2 2003/11/17 23:52:43 emilong Exp $
Author:
Sean C. Rhea

Field Summary
 
Fields inherited from class java.security.SignatureSpi
appRandom
 
Constructor Summary
NativeRSASignature_PKCS1_SHA1()
          Constructor for an Any_RSA_PKCS1Signature.
 
Method Summary
protected  Object engineGetParameter(String param)
           
protected  void engineInitSign(PrivateKey key)
          Initializes this signature object for signing, using the given private key.
protected  void engineInitSign(PrivateKey privateKey, SecureRandom random)
           
protected  void engineInitVerify(PublicKey key)
          Initializes this signature object for verification, using the given public key.
protected  void engineSetParameter(AlgorithmParameterSpec params)
           
protected  void engineSetParameter(String param, Object value)
           
protected  byte[] engineSign()
          Terminates the update process and returns the signature bytes of all the data signed so far.
protected  void engineUpdate(byte b)
          Updates the data to be signed or verified, using one byte.
protected  void engineUpdate(byte[] in, int offset, int length)
          Updates the data to be signed or verified, using the specified sub-array of bytes, starting at the specified offset.
protected  boolean engineVerify(byte[] signature)
          Terminates the update process and verifies that the passed signature equals that of a generated one based on the updated data so far.
protected  byte[] getAlgorithmEncoding()
           
 
Methods inherited from class java.security.SignatureSpi
clone, engineGetParameters, engineSign, engineVerify
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

NativeRSASignature_PKCS1_SHA1

public NativeRSASignature_PKCS1_SHA1()
Constructor for an Any_RSA_PKCS1Signature.

Method Detail

getAlgorithmEncoding

protected byte[] getAlgorithmEncoding()

engineInitVerify

protected void engineInitVerify(PublicKey key)
                         throws InvalidKeyException
Initializes this signature object for verification, using the given public key.

Specified by:
engineInitVerify in class SignatureSpi
Parameters:
key - the public key this signature is assumed to have been generated with.
Throws:
InvalidKeyException - If the key class does not implement java.security.interfaces.RSAPrivateKey or if the size of the minimal PKCS#1 frame generated by the engineSign() method will be larger than the public key modulus.

engineInitSign

protected void engineInitSign(PrivateKey key)
                       throws InvalidKeyException
Initializes this signature object for signing, using the given private key.

Specified by:
engineInitSign in class SignatureSpi
Parameters:
key - the private key to be used to generate signatures.
Throws:
InvalidKeyException - If the key class does not implement java.security.interfaces.RSAPrivateKey or If the size of the minimal PKCS#1 frame generated by the engineSign() method will be larger than the public key modulus.

engineInitSign

protected void engineInitSign(PrivateKey privateKey,
                              SecureRandom random)
                       throws InvalidKeyException
Overrides:
engineInitSign in class SignatureSpi
InvalidKeyException

engineUpdate

protected void engineUpdate(byte b)
                     throws SignatureException
Updates the data to be signed or verified, using one byte.

Specified by:
engineUpdate in class SignatureSpi
Parameters:
b - the byte to use for the update process.
Throws:
SignatureException - if the engine is not initialised properly.

engineUpdate

protected void engineUpdate(byte[] in,
                            int offset,
                            int length)
                     throws SignatureException
Updates the data to be signed or verified, using the specified sub-array of bytes, starting at the specified offset.

Specified by:
engineUpdate in class SignatureSpi
Parameters:
in - the array of bytes.
offset - the offset to start from in in.
length - the number of bytes to use, starting at offset.
Throws:
SignatureException - if the engine is not initialised properly.

engineSign

protected byte[] engineSign()
                     throws SignatureException
Terminates the update process and returns the signature bytes of all the data signed so far.

NOTES: Sun's documentation talks about the bytes returned being X.509-encoded. For this RSA/PKCS#1 implementation, they conform to PKCS#1 section 10. Practically, the return value will be formed by concatenating a leading NULL byte, a block type BT, a padding block PS, another NULLbyte, and finally a data block D; ie:

     return = 0x00 || BT || PS || 0x00 || D.
 
For signing, PKCS#1 block type 01 encryption-block formatting scheme is employed. The block type BT is a single byte valued 0x01 and the padding block PS is enough 0xFF bytes to make the length of the complete RSA Multi Precision Integer equal to the length of the public modulus. The data block D consists of the MIC -- Message Integrity Check, or message digest value-- and the MIC algorithm ASN.1 encoded identifier. The formal syntax in ASN.1 notation is:
   SEQUENCE {
     digestAlgorithm  AlgorithmIdentifier,
     digest           OCTET STRING
   }

   AlgorithmIdentifier ::= SEQUENCE {
     algorithm        OBJECT IDENTIFIER,
     parameters       ANY DEFINED BY algorithm OPTIONAL
   }
 

Specified by:
engineSign in class SignatureSpi
Returns:
the signature bytes of the signing operation's result.
Throws:
SignatureException - if the engine is not initialised properly.

engineVerify

protected boolean engineVerify(byte[] signature)
                        throws SignatureException
Terminates the update process and verifies that the passed signature equals that of a generated one based on the updated data so far.

NOTES: Sun's documentation talks about the bytes received being X.509-encoded. For this RSA/PKCS#1 implementation, the bytes received are assumed to conform to PKCS#1 section 10, or have been generated by a previous invocation of the engineSign method.

Specified by:
engineVerify in class SignatureSpi
Parameters:
signature - the signature bytes to be verified.
Returns:
true if the signature was verified successfully, false otherwise.
Throws:
SignatureException - if the engine is not initialised properly, the received signature data is improperly encoded or of the wrong type, etc.

engineSetParameter

protected void engineSetParameter(String param,
                                  Object value)
                           throws InvalidParameterException
Specified by:
engineSetParameter in class SignatureSpi
InvalidParameterException

engineSetParameter

protected void engineSetParameter(AlgorithmParameterSpec params)
                           throws InvalidAlgorithmParameterException
Overrides:
engineSetParameter in class SignatureSpi
InvalidAlgorithmParameterException

engineGetParameter

protected Object engineGetParameter(String param)
                             throws InvalidParameterException
Specified by:
engineGetParameter in class SignatureSpi
InvalidParameterException