iaik.pkcs.pkcs11.provider.signatures.ecdsa

Class UnwrappedEcdsaSignature

java.lang.Object

java.security.SignatureSpi

iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

iaik.pkcs.pkcs11.provider.signatures.PKCS11BufferingSignature

iaik.pkcs.pkcs11.provider.signatures.ecdsa.UnwrappedEcdsaSignature

All Implemented Interfaces:

PKCS11EngineClass

Direct Known Subclasses:

EcdsaSignature

public class UnwrappedEcdsaSignature
extends PKCS11BufferingSignature

This is an implementation of a Signature class that uses the IAIK PKCS#11 wrapper to access the token. It only works with IAIKPKCS11PrivateKey and IAIKPKCS11PublicKey. This version uses the CKM_ECDSA mechanism to create the signature; i.e. it calculates a raw ECDSA without hashing. The application must already provide the hash as input data to this algorithm, e.g.:

 byte[] data = ...;
 IAIKPKCS11PrivateKey privateKey = ...;
 IAIKPkcs11 pkcs11Prov = ...;
 // calculate the hash outside the Signature engine:
 MessageDigest md = MessageDigest.getInstance("SHA-256");
 md.update(data);
 byte[] digest = md.digest();
 // calculate the signature
 Signature ecdsa = Signature.getInstance("RawECDSAUnwrapped", pkcs11Prov);
 ecdsa.initSign(privKey);
 ecdsa.update(digest);
 byte[] sigVal = signature = ecdsa.sign();
 

Unlike the EcdsaSignature engine, the signature value calculated by this class is encoded as (r || s) and not wrapped into an ASN.1 SEQUENCE as done by ANSI X9.62. Thus the signature represents an ECDSA signature as returned by the token and specified by PKCS#11.

Please note that this does NOT represent a plain ECDSA signature as specified by BSI TR-03111! TR-03111 does not wrap the signature value (r || s) into an ASN.1 SEQUENCE, too, however, TR-03111 does not truncate the hash value if it is larger than the domain parameter length; rather TR-03111 reduces it modulo the order of the base point.

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	SIGNATURE_ALGORITHM_NAME The JCA standard name of this signature algorithm.

Fields inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11BufferingSignature

buffer_

Fields inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

currentKeyIsSoftwareKey_, initialized_, operationState_, pkcs11OperationInitialized_, privateKey_, publicKey_, session_, SIGN, softwareDelegate_, tokenManager_, usedMechanismInfos_, usedMechanisms_, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors

Constructor and Description
UnwrappedEcdsaSignature() Public default constructor to enable instantiation via Class.forName(String).

Method Summary

Modifier and Type	Method and Description
protected java.lang.String	getAlgorithmName() Get the JCA standard name of this signautre algorithm.
protected iaik.pkcs.pkcs11.Mechanism	getMechanism() Get the mechanism of this signature object.
protected byte[]	pkcs11Sign() Create the signature value (r || s).
protected boolean	pkcs11Verify(byte[] signature) Verifies the given signature (r || s).

Methods inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11BufferingSignature

pkcs11InitSign, pkcs11InitVerify, pkcs11Update

Methods inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

engineGetParameter, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineUpdate, engineUpdate, engineVerify, finalize, finalizePkcs11Operation, getUsedMechanismFeatures, getUsedMechanisms, initializePkcs11Operation, initializeSession, initializeSoftwareDelegate, isSupportedBy, pkcs11GetParameter, pkcs11SetParameter, pkcs11SetParameter, pkcs11Update

Methods inherited from class java.security.SignatureSpi

clone, engineGetParameters, engineInitSign, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SIGNATURE_ALGORITHM_NAME

protected static java.lang.String SIGNATURE_ALGORITHM_NAME

The JCA standard name of this signature algorithm.

Constructor Detail

UnwrappedEcdsaSignature

public UnwrappedEcdsaSignature()

Public default constructor to enable instantiation via Class.forName(String).

Method Detail

getAlgorithmName

protected java.lang.String getAlgorithmName()

Get the JCA standard name of this signautre algorithm.

Specified by:

getAlgorithmName in class PKCS11Signature

Returns:

The JCA standard name of this signautre algorithm.

Postconditions:

(result <> null)

getMechanism

protected iaik.pkcs.pkcs11.Mechanism getMechanism()

Get the mechanism of this signature object. This implementation returns a mechanism with CKM_ECDSA as ID.

Specified by:

getMechanism in class PKCS11BufferingSignature

Returns:

The mechanism this object uses for signing and verification.

Postconditions:

(result <> null)

pkcs11Sign

protected byte[] pkcs11Sign()
                     throws java.security.SignatureException

Create the signature value (r || s).

Overrides:

pkcs11Sign in class PKCS11BufferingSignature

Returns:

A byte array holding the signature.

Throws:

java.security.SignatureException - If an error occurs when creating the signature.

Preconditions:

(operationState_ == SIGN) and (initialized_ == true)

pkcs11Verify

protected boolean pkcs11Verify(byte[] signature)
                        throws java.security.SignatureException

Verifies the given signature (r || s).

Overrides:

pkcs11Verify in class PKCS11BufferingSignature

Parameters:

signature - The signature bytes to be verified.

Returns:

true if signature is OK, false otherwise.

Throws:

java.security.SignatureException - If an error occurs when verifying the signature.

Preconditions:

(operationState_ == VERIFY) and (initialized_ == true)