iaik.pkcs.pkcs1

Class RSAPssParameterSpec

java.lang.Object

iaik.pkcs.pkcs1.PKCS1AlgorithmParameterSpec

iaik.pkcs.pkcs1.RSAPssSaltParameterSpec

iaik.pkcs.pkcs1.RSAPssParameterSpec

All Implemented Interfaces:

java.lang.Cloneable, java.security.spec.AlgorithmParameterSpec

public class RSAPssParameterSpec
extends RSAPssSaltParameterSpec
implements java.lang.Cloneable

Algorithm parameter specification for the PKCS#1 RSASSA-PSS signature scheme.

PKCS#1v2.1 defines the following parameters for the PSS signature scheme:

 RSASSA-PSS-params :: = SEQUENCE {
      hashAlgorithm            [0] HashAlgorithm     DEFAULT sha1,
      maskGenerationAlgorithm  [1] MaskGenAlgorithm  DEFAULT mgf1SHA1,
      saltLength               [2] INTEGER           DEFAULT 20,
      trailerField             [3] TrailerField      DEFAULT trailerFieldBC
 }
 
 HashAlgorithm ::= Algorithmidentifier { {OAEP-PSSDigestAlgorithms} }
 
 MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
 
 TrailerField ::= INTEGER { trailerFieldBC(1) }
 

By default PSS uses SHA-1 as hash function, MGF1 (with SHA-1 as hash function parameter) as mask generation algorithm, 20 as salt length, and 1 as trailer field indicating a trailer value of 0xBC.

Hash algorithm, mask generation function, and salt length value have to be supplied when creating a creating a RSAPssParameterSpec object. Trailer field, may be set later. Optionally also hash engine and MGF engine may be set by the application, e.g.:

 // hash and mgf algorithm ids
 AlgorithmID hashID = (AlgorithmID) AlgorithmID.sha1.clone();
 AlgorithmID mgfID = (AlgorithmID) AlgorithmID.mgf1.clone();
 mgfID.setParameter(hashID.toASN1Object());
 // hash and mgf engines
 MessageDigest hashEngine = hashID.getMessageDigestInstance();
 MaskGenerationAlgorithm mgfEngine = mgfID.getMaskGenerationAlgorithmInstance();
 MGF1ParameterSpec mgf1ParamSpec = new MGF1ParameterSpec(hashID);
 mgf1ParamSpec.setHashEngine(hashEngine);
 mgfEngine.setParameters(mgf1ParamSpec);
 // salt length
 int saltLength = 20;
 // create the RSAPssParameterSpec
 RSAPssParameterSpec pssParamSpec = new RSAPssParameterSpec(hashID, mgfID,
     saltLength);
 // set engines
 pssParamSpec.setHashEngine(hashEngine);
 pssParamSpec.setMGFEngine(mgfEngine);
 

Version:

File Revision 21

See Also:

RSAPssParameters, MaskGenerationAlgorithm, MGF1, MGF1ParameterSpec, AlgorithmID, RSAPssSignature

Field Summary

Fields

Modifier and Type	Field and Description
static AlgorithmID	DEFAULT_HASH_ALGORITHM Default hash algorithm (SHA-1).
static AlgorithmID	DEFAULT_MASK_GEN_ALGORITHM Default mask generation algorithm (MGF1 with SHA1 as hash algorithm)
static int	DEFAULT_TRAILER_FIELD Default trailer field number (1 indicating a trailer field byte of 0xBC).

Fields inherited from class iaik.pkcs.pkcs1.RSAPssSaltParameterSpec

DEFAULT_SALT_LENGTH, salt_, saltLength_

Constructor Summary

Constructors

Constructor and Description
RSAPssParameterSpec() Creates default RSASSA-PSS parameters.
RSAPssParameterSpec(AlgorithmID hashAlgorithm, AlgorithmID maskGenAlgorithm, byte[] salt) Creates a RSAPssParameterSpec for the given hash algorithm, mask generation function, salt value.
RSAPssParameterSpec(AlgorithmID hashAlgorithm, AlgorithmID maskGenAlgorithm, int saltLength) Creates a RSAPssParameterSpec for the given hash algorithm, mask generation function, salt length.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.Object	clone() Returns a clone of this Object.
boolean	equals(java.lang.Object obj) Compares this RSAPssParameterSpec object with the supplied object.
java.lang.Boolean	getEncodeDefaultValues() This method shows if parameter values should be encoded even if they have the default values; e.g.
AlgorithmID	getHashAlgorithm() Returns the hash algorithm.
java.security.MessageDigest	getHashEngine() Gets the JCA MessageDigest engine used for data hashing.
AlgorithmID	getMaskGenAlgorithm() Gets the mask generation algorithm.
MaskGenerationAlgorithm	getMGFEngine() Gets the MaskGenerationAlgorithm engine.
int	getTrailerField() Gets the trailer field.
int	hashCode() Gets a hash code for this object.
void	setEncodeDefaultValues(java.lang.Boolean encode) With this method, the application can define that parameter values should be encoded even if they have the default values; e.g.
void	setHashEngine(java.security.MessageDigest hashEngine) Sets the JCA MessageDigest engine to be used for data hashing.
void	setMGFEngine(MaskGenerationAlgorithm mgfEngine) Sets the MaskGenerationAlgorithm engine to be used.
void	setTrailerField(int trailerField) Sets the trailer field.
java.lang.String	toString() Returns a string representation of this RSAPssParameterSpec.

Methods inherited from class iaik.pkcs.pkcs1.RSAPssSaltParameterSpec

getSalt, getSaltLength

Methods inherited from class iaik.pkcs.pkcs1.PKCS1AlgorithmParameterSpec

getSecureRandom, setSecureRandom

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_HASH_ALGORITHM

public static final AlgorithmID DEFAULT_HASH_ALGORITHM

Default hash algorithm (SHA-1).

DEFAULT_MASK_GEN_ALGORITHM

public static final AlgorithmID DEFAULT_MASK_GEN_ALGORITHM

Default mask generation algorithm (MGF1 with SHA1 as hash algorithm)

DEFAULT_TRAILER_FIELD

public static final int DEFAULT_TRAILER_FIELD

Default trailer field number (1 indicating a trailer field byte of 0xBC).

Constructor Detail

RSAPssParameterSpec

public RSAPssParameterSpec()

Creates default RSASSA-PSS parameters.

By default PSS uses SHA-1 as hash function, MGF1 (with SHA-1 as hash function parameter) as mask generation algorithm, 20 as salt length, and 1 as trailer field indicating a trailer value of 0xBC, see (see PKCS#1v2.1:

 rsaSSA-PSS-Default-Identifier    RSASSA-AlgorithmIdentifier ::= {
   algorithm   id-RSASSA-PSS,
   parameters  RSASSA-PSS-params : {
      hashAlgorithm            sha1,
      maskGenerationAlgorithm  mgf1SHA1,
      saltLength               20,
      trailerField             trailerFieldBC
   }
 }
 
 TrailerField ::= INTEGER { trailerFieldBC(1) }
 

RSAPssParameterSpec

public RSAPssParameterSpec(AlgorithmID hashAlgorithm,
                   AlgorithmID maskGenAlgorithm,
                   int saltLength)

Creates a RSAPssParameterSpec for the given hash algorithm, mask generation function, salt length.

Parameters:

hashAlgorithm - the hash algorithm to be used

maskGenAlgorithm - the mask generation function to be used

saltLength - the length of the salt value to be generated and used

Throws:

java.lang.IllegalArgumentException - if saltLength < 0, or hashAlgorithm or maskGenAlgorithm are null

RSAPssParameterSpec

public RSAPssParameterSpec(AlgorithmID hashAlgorithm,
                   AlgorithmID maskGenAlgorithm,
                   byte[] salt)

Creates a RSAPssParameterSpec for the given hash algorithm, mask generation function, salt value. This constructor maybe used by an application for supplying its own salt value.

Parameters:

hashAlgorithm - the hash algorithm to be used

maskGenAlgorithm - the mask generation function to be used

salt - the salt value to be used

Throws:

java.lang.IllegalArgumentException - if saltLength < 0, or hashAlgorithm or maskGenAlgorithm are null

Method Detail

setTrailerField

public void setTrailerField(int trailerField)

Sets the trailer field.

Parameters:

trailerField - the trailer field number as used for the parameter encoding

getTrailerField

public int getTrailerField()

Gets the trailer field.

Returns:

the trailer field (as used for the parameter encoding)

getHashAlgorithm

public AlgorithmID getHashAlgorithm()

Returns the hash algorithm.

Returns:

the hash algorithm

getMaskGenAlgorithm

public AlgorithmID getMaskGenAlgorithm()

Gets the mask generation algorithm.

Returns:

the mask generation algorithm

setHashEngine

public void setHashEngine(java.security.MessageDigest hashEngine)

Sets the JCA MessageDigest engine to be used for data hashing.

This method may be used to set a JCA MessageDigest engine to be used for doing the any required hashing operations. If not set by this method, getHashEngine will try to create a MessageDigest engine from the hash algorithm id.

Parameters:

hashEngine - the JCA MessageDigest engine to be used

getHashEngine

public java.security.MessageDigest getHashEngine()
                                          throws java.security.NoSuchAlgorithmException

Gets the JCA MessageDigest engine used for data hashing.

If method setHashEngine has been used to set a MessageDigest engine, this engine is returned; otherwise it is tried to create a MessageDigest engine from the hash algorithm id.

Returns:

the MessageDigest engine to be used

Throws:

java.security.NoSuchAlgorithmException

setMGFEngine

public void setMGFEngine(MaskGenerationAlgorithm mgfEngine)

Sets the MaskGenerationAlgorithm engine to be used.

This method may be used to set a MaskGenerationAlgorithm engine. If not set by this method, getMGFEngine will try to create a MaskGenerationAlgorithm engine from the mask generation algorithm id.

Parameters:

mgfEngine - the MaskGenerationAlgorithm engine to be used

getMGFEngine

public MaskGenerationAlgorithm getMGFEngine()
                                     throws java.security.NoSuchAlgorithmException

Gets the MaskGenerationAlgorithm engine.

If method setMGFEngine has been used to set a MGF engine, this engine is returned; otherwise it is tried to create a MGF engine from the Mask generation algorithm id.

Returns:

the MGF engine to be used

Throws:

java.security.NoSuchAlgorithmException

setEncodeDefaultValues

public void setEncodeDefaultValues(java.lang.Boolean encode)

With this method, the application can define that parameter values should be encoded even if they have the default values; e.g. if the hashAlgorithm is sha1.

Note that these settings have higher priority than those given by the RSAPssParameters.getEncodeDefaultValues().

Note that only a value of false results in a fully correct DER encoding, because DER encoding required default values to be omitted.

Parameters:

encode - Boolean.TRUE to encode default values, Boolean.False to omit default values in the encoding. Set to null to use the current setting of RSAPssParameters.getEncodeDefaultValues()

See Also:

RSAPssParameters.setEncodeDefaultValues(boolean), RSAPssParameters.getEncodeDefaultValues()

getEncodeDefaultValues

public java.lang.Boolean getEncodeDefaultValues()

This method shows if parameter values should be encoded even if they have the default values; e.g. if the hashAlgorithm is sha1.

Note that these settings have higher priority than those given by the RSAPssParameters.getEncodeDefaultValues().

Note that only a value of false results in a fully correct DER encoding, because DER encoding required default values to be omitted.

Returns:

true if default values are encoded, false if they are omitted in the encoding.

See Also:

setEncodeDefaultValues(Boolean), RSAPssParameters.setEncodeDefaultValues(boolean), RSAPssParameters.getEncodeDefaultValues()

clone

public java.lang.Object clone()

Returns a clone of this Object.

Overrides:

clone in class java.lang.Object

Returns:

a clone of this Object

hashCode

public int hashCode()

Gets a hash code for this object.

Overrides:

hashCode in class RSAPssSaltParameterSpec

Returns:

the hash code

equals

public boolean equals(java.lang.Object obj)

Compares this RSAPssParameterSpec object with the supplied object.

Overrides:

equals in class RSAPssSaltParameterSpec

Parameters:

obj - the object to be compared

Returns:

true if the two objects are RSAPssParameterSpec objects with same hash, mgf id, trailer fields and saltLength and -- if set -- salt values; false otherwise

toString

public java.lang.String toString()

Returns a string representation of this RSAPssParameterSpec.

Overrides:

toString in class RSAPssSaltParameterSpec

Returns:

a string representation