|
6.0 (c) 2002 IAIK, (c) 2003 - 2022 SIC |
|
public class RawISO9796P2S2S3ParameterSpec extends ISO9796P2S2S3ParameterSpec
S2S3
Signature engine operates in "raw" mode (where the hash value is
calculated outside the engine).
As accustomed from all other IAIK Signature engines, it is also possible to
use ISO 9796-2 Signature engines in "raw" mode. "Raw" mode means that the
hash value is calculated outside the Signature engine and then set by using
an update method of the Signature engine. However, in contrast
to the other IAIK Signature engines, there do not exist special "raw" engines
for the ISO 9796-2 Signature schemes. In raw mode the hash value (but not the
data to be signed) is specified by calling the update method of
the engine. However, ISO 9796-2 also needs to know the length of the message
and the recoverable part of the message. For an
S2S3 Signature engine this information can be
provided by using a RawISO9796P2S2S3ParameterSpec; for signature
scheme S1 a RawISO9796P2ParameterSpec has
to be used. When specifying a raw parameter spec the ISO 9796-2 Signature
engine automatically switches into the raw mode.
To be able to specify the recoverable part of the message an application must
know how many bytes of the message do belong to its recoverable part. The
number of bytes that are required for the recoverable part are determined by
the capacity of the signature scheme. Depending on if the length of
the message is shorter than the capacity, the recovery may be either total or
partial. The capacity specifies the maximum length of the recoverable part of
the message. Thus an application first will have to
calculate the capacity and then check if the length of the message is
shorter than the capacity value. If yes (total recovery), the whole message
can be supplied as recoverable part. If no, capacity bytes of
the message can be supplied as RawISO9796P2S2S3ParameterSpec.
Note that the actual length of the recoverable part of the message will be
calculated by subtracting a
"cMinus" value from
the capacity. By the default cMinus is set to 0 to give the
maximum possible recovery length. If you have set a different cMinus value, you also must
subtract it from the
calculated capacity value! In contrast to signature scheme S1 (where the
hash is calculated over the whole message), raw S2 and S3 engines only need
the hash value from the non-recoverable part as input to the
update method. For that reason it is required to specify the
exact number of recoverable bytes as
RawISO9796P2S2S3ParameterSpec.
For signature schemes S2, S3 the capacity depends on the modulus length of
the private/public key in use, the length of the underlying hash algorithm,
the salt length, and whether the hash id is (to be) included in the trailer
field (two octets) or not (one octet). Since the capacity has to be
calculated in bits, you will have to specify the required modulus length,
hash length and salt length as number of bits, e.g. (see also sample source
of demo.TestSignature):
// the private RSA signing key:
RSAPrivateKey privateKey = ...;
int modLen = privateKey.getModulus().bitLength();
// hash algorithm is SHA-1
int hashLength = 160;
// salt length equal to hash length
int saltLength = 160;
// we do not include hash id (implicit trailer)
boolean explicit = false;
// calculate capacity
int capacity = ISO9796P2S2S3Signature.calculateCapacity(modLen,
hashLength,
saltLength,
explicit);
// the message to be signed:
byte[] message = ...;
int msgLen = message.length;
// create recoverable message part
int len = Math.min(msgLen, capacity/8);
byte[] m1 = new byte[len];
System.arraycopy(message, 0, m1, 0, len);
// create raw parameters
RawISO9796P2S2S3ParameterSpec rawParamSpec = new RawISO9796P2S2S3ParameterSpec("SHA-1",
hashLength/8,
m1,
msgLen);
When now setting the RawISO9796P2S2S3ParameterSpec as parameter
for the ISO 9796-2 Signature engine, the engine automatically operates in raw
mode. This makes it necessary to calculate the hash value from the message
outside the Signature engine, and provide the hash value when calling the
update method of the engine (note that for signature schemes 2,3
the hash has to be calculated on the non-recoverable part of the message
only!):
// calculate hash value (on the non-recoverable part!):
MessageDigest hashEngine = MessageDigest.getInstance("SHA-1", "IAIK");
len = msgLen - m1.length;
byte[] m2 = new byte[len];
System.arraycopy(message, m1.length, m2, 0, len);
byte[] rawHash = hashEngine.digest(m2);
// create the Signature engine:
Signature signatureEngine = Signature.getInstance(
"SHAandMGF1/RSA-ISO9796-2-2-3", "IAIK");
// init Signature engine with private key for signing
signatureEngine.initSign(privateKey);
// set parameter
signatureEngine.setParameter(rawParamSpec);
// update engine with raw hash
signatureEngine.update(rawHash);
// finally calculate the signature
byte[] signature = signatureEngine.sign();
On the verification side the proceeding for operating in raw mode is quite
similar, except for that you have to use the public verification key and
finally use method verify to verify the signature:
// the public RSA verification key:
RSAPublicKey publicKey = ...;
int modLen = publicKey.getModulus().bitLength();
// hash algorithm is SHA-1
int hashLength = 160;
// salt length equal to hash length
int saltLength = 160;
// we do not include hash id (implicit trailer)
boolean explicit = false;
// calculate capacity
int capacity = ISO9796P2S2S3Signature.calculateCapacity(modLen,
hashLength,
saltLength,
explicit);
// the message to be signed:
byte[] message = ...;
int msgLen = message.length;
// create recoverable message part
int len = Math.min(msgLen, capacity/8);
byte[] m1 = new byte[len];
System.arraycopy(message, 0, m1, 0, len);
// create raw parameters
RawISO9796P2S2S3ParameterSpec rawParamSpec = new RawISO9796P2S2S3ParameterSpec("SHA-1",
hashLength/8,
m1,
msgLen);
// calculate hash value (on the non-recoverable part!):
MessageDigest hashEngine = MessageDigest.getInstance("SHA-1", "IAIK");
len = msgLen - m1.length;
byte[] m2 = new byte[len];
System.arraycopy(message, m1.length, m2, 0, len);
byte[] rawHash = hashEngine.digest(m2);
// create the Signature engine:
Signature signatureEngine = Signature.getInstance("SHAandMGF1/RSA-ISO9796-2-2-3", "IAIK");
// init Signature engine with public key for verification
signatureEngine.initVerify(publicKey);
// set parameter
signatureEngine.setParameter(rawParamSpec);
// update engine with raw hash
signatureEngine.update(rawHash);
// finally verify the signature
boolean ok = signatureEngine.verify(signature);
RawISO9796P2ParameterSpec,
ISO9796P2S2S3Signature,
RecoveredMessage,
RSAISO9796P2S2S3Signature,
SHAwithRSAISO9796P2S2S3andMGF1Signature,
SHA256withRSAISO9796P2S2S3andMGF1Signature,
SHA384withRSAISO9796P2S2S3andMGF1Signature,
SHA512withRSAISO9796P2S2S3andMGF1Signature,
RIPEMD128withRSAISO9796P2S2S3andMGF1Signature,
RIPEMD160withRSAISO9796P2S2S3andMGF1Signature| Constructor and Description |
|---|
RawISO9796P2S2S3ParameterSpec(java.lang.String hashAlgorithm,
int hashLen,
byte[] Mr,
int msgLen)
Creates a RawISO9796P2ParameterSpec from given hash algorithm name, hash
len, recoverable message bytes and message length.
|
| Modifier and Type | Method and Description |
|---|---|
byte[] |
getMr()
Gets the recoverable message bytes.
|
int |
getMsgLen()
Gets the total length of the message to be signed.
|
java.lang.String |
toString()
Returns a String representation of this ParameterSpec.
|
getCMinus, getMGFEngine, getSalt, getSaltLength, setCMinus, setMGFEngine, setSalt, setSaltLengthgetHashEngine, getHashID, getHashLen, getSecureRandom, getUseAlternativeSignatureFunction, getUseExplicitTrailer, setHashEngine, setHashID, setSecureRandom, setUseAlternativeSignatureFunction, setUseExplicitTrailerpublic RawISO9796P2S2S3ParameterSpec(java.lang.String hashAlgorithm,
int hashLen,
byte[] Mr,
int msgLen)
hashAlgorithm - the name of hash algorithm to be used (e.g. SHA-1)hashLen - the length (in bytes) of the output value of the hash algorithm in
use (e.g. 20)Mr - any bytes that may contribute to the recoverable part of the
messagemsgLen - the total length of the message to be signedjava.lang.NullPointerException - if Mr is nulljava.lang.IllegalArgumentException - if the supplied hashLen value is negativejava.lang.IllegalArgumentException - if the supplied msgLen value is negativepublic byte[] getMr()
public int getMsgLen()
public java.lang.String toString()
toString in class ISO9796P2S2S3ParameterSpec