any_rsa_pkcs1signature.java

jpeg2000编解码

// $Id: Any_RSA_PKCS1Signature.java,v 1.1.1.1 2002/08/27 12:32:12 grosbois Exp $
//
// $Log: Any_RSA_PKCS1Signature.java,v $
// Revision 1.1.1.1  2002/08/27 12:32:12  grosbois
// Add cryptix 3.2
//
// Revision 1.9  2000/08/17 11:40:59  edwin
// java.* -> xjava.*
//
// Revision 1.8  2000/07/02 21:32:25  edwin
// Improving interoperability with other implementations that not
// always put a leading zero in a signature. Fix for bug #14
// Submitted-by: Eric Rescorla <ekr@rtfm.com>
//
// Revision 1.7  1999/07/12 20:34:21  edwin
// renaming java.security.interfaces.RSAPrivateKey and RSAPublicKey to CryptixRSAPrivateKey and CryptixRSAPublicKey. This is one more step to JDK1.2 compatibility.
//
// Revision 1.6  1998/03/20 06:13:28  hopwood
// + Committed changes below.
//
// Revision 1.5.1  1998/03/20  hopwood
// + 'Recipient' in exception detail messages changed to 'Signer'.
//
// Revision 1.5  1998/03/19 20:07:54  raif
// *** empty log message ***
//
// Revision 1.4.1  1998/03/20  raif
// + added documentation and test/assertion code for cases when the PKCS#1
//   frame [to be] built by the makePKCS1() method is larger than the public
//   key modulus --corrections prompted by tests/results reported by
//   Istofani Api Diany <diany94@PUSPA.CS.UI.AC.ID>
//
// Revision 1.4  1997/12/08 10:02:06  raif
// *** empty log message ***
//
// 1997.12.08 --RSN
// + modified the semantics of the makePKCS1() method by moving 2
//   bytes of the ASN.1 data into the subclasses.
// + documentation changes.
//
// Revision 1.3  1997/12/07 07:31:50  hopwood
// + I've forgotten what the change was - something minor.
//
// Revision 1.2  1997/11/23 03:09:18  hopwood
// + Mostly documentation changes.
//
// Revision 1.1.1  1997/11/23  hopwood
// + engineGetParameter now throws InvalidParameterException.
// + Merge with Ra&iuml;f's code:
//   - Added debugging display of actual and computed values if/when
//     engineVerify() fails. Fixed security bug in Ra&iuml;f's version: now it
//     only does this for debuglevel >= 7.
//   - Added timing computation. Will print if debuglevel >= 7.
//
// Revision 1.1  1997/11/23 02:24:59  hopwood
// + Changed the naming convention for signature classes.
//   "PKCS1" is used instead of "PEM", because PKCS#1 is a signature
//   (and encryption) formatting standard, whereas PEM is a complete secure
//   mail standard.
//
// Revision 1.3.1  1997/11/22  hopwood
// + Renamed this class to Any_RSA_PKCS1Signature from
//   RSA_PEMSignatureWithDigest.
//
// Revision 1.3  1997/11/20 19:46:57  hopwood
// + cryptix.util.* name changes.
//
// Revision 1.2.1  1997/11/18  David Hopwood
// + Restored use of RSAFactors interface.
//
// Revision 1.2  1997/11/05 16:48:03  raif
// *** empty log message ***
//
// Revision 1.1.1.1  1997/11/03 22:36:56  hopwood
// + Imported to CVS (tagged as 'start').
//
// Revision 0.1.0.4  1997/09/27  David Hopwood
// + Misc. fixes.
//
// Revision 0.1.0.3  1997/08/23  David Hopwood
// + Moved the RSA implementation to a separate RSAAlgorithm class.
// + Use new debugging conventions.
//
// Revision 0.1.0.2  1997/08/18  David Hopwood
// + Changed to use the RSA interfaces from java.security.*, rather
//   than requiring a particular key class.
// + Handle the case where the factors p and q are not known, for
//   RSA encryption (signing).
// + Now u = q^-1 (mod p), not p^-1 (mod q). Apart from PGP, this is
//   more commonly used (e.g. see the P1363 draft).
//
// Revision 0.1.0.1  1997/07/30  David Hopwood
// + Renamed this class to RSA_PEMSignatureWithDigest
//   (from RSAWithMdSignature).
// + Changed to extend java.security.SignatureWithDigest.
// + No longer abstract.
//
// Revision 0.1.0.0  1997/07/24  R. Naffah
// + Original version.
//
// $Endlog$
/*
 * Copyright (c) 1997 Systemics Ltd
 * on behalf of the Cryptix Development Team.  All rights reserved.
 */
package cryptix.provider.rsa;

import cryptix.util.core.Debug;
import cryptix.CryptixException;
import cryptix.util.core.BI;
import cryptix.util.core.Hex;

import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import xjava.security.interfaces.CryptixRSAPublicKey;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.interfaces.RSAFactors;

/**
 * An abstract class to digest a message and sign/verify the resulting
 * hash value, using any JCA MessageDigest algorithm with the RSA
 * digital signature scheme, and the formatting and padding conventions
 * defined by PKCS#1. These conventions are compatible with PEM (RFC-1423).
 * <p>
 * <b>References:</b>
 * <ol>
 *   <li> <a href="mailto:schneier@counterpane.com">Bruce Schneier</a>,
 *        "Section 19.3 RSA,"
 *        <cite>Applied Cryptography, 2nd edition</cite>,
 *        John Wiley &amp; Sons, 1996.
 *        <p>
 *   <li> PKCS#1 [need reference]
 *        <p>
 *   <li> RFC-1423 [need reference]
 * </ol>
 * <p>
 * <b>Copyright</b> &copy; 1997
 * <a href="http://www.systemics.com/">Systemics Ltd</a> on behalf of the
 * <a href="http://www.systemics.com/docs/cryptix/">Cryptix Development Team</a>.
 * <br>All rights reserved.
 * <p>
 * <b>$Revision: 1.1.1.1 $</b>
 * @author  David Hopwood
 * @author  Ra&iuml;f S. Naffah
 * @since   Cryptix 2.2.2
 */
public abstract class Any_RSA_PKCS1Signature
extends Signature
{
// Debugging methods and vars.
//...........................................................................

    private static final boolean DEBUG = Debug.GLOBAL_DEBUG;
    private static final int debuglevel =
        DEBUG ? Debug.getLevel("RSA", "Any_RSA_PKCS1Signature") : 0;
    private static final PrintWriter err = DEBUG ? Debug.getOutput() : null;
    private static void debug(String s) { err.println("Any_RSA_PKCS1Signature: " + s); }


// Constants and variables
//...........................................................................

    private static final int POSITIVE = 1;
    private static final BigInteger ZERO = BigInteger.valueOf(0L);
    private static final BigInteger ONE =  BigInteger.valueOf(1L);

    private BigInteger n;
    private BigInteger exp; // e if state is ENCRYPT, d if DECRYPT.
    private BigInteger p;   // null if the factors of n are unknown.
    private BigInteger q;
    private BigInteger u;

    private MessageDigest md;


// Constructor
//...........................................................................

    /**
     * Constructor for an Any_RSA_PKCS1Signature.
     *
     * @param  mdAlgorithm  the standard JCA algorithm name of the message
     *                      digest to be used.
     */
    protected Any_RSA_PKCS1Signature (String mdAlgorithm) {
        super(mdAlgorithm + "/RSA/PKCS#1");
        try { md = MessageDigest.getInstance(mdAlgorithm); }
        catch (Exception e) {
            throw new CryptixException(getAlgorithm() +
                ": Unable to instantiate the " + mdAlgorithm +
                " MessageDigest\n" + e);
        }
    }


// Signature abstract methods implementation
//...........................................................................

    /**
     * <b>SPI:</b> Initializes this signature object for signing, using the
     * given private key.
     *
     * @param  key  the private key to be used to generate signatures.
     * @exception InvalidKeyException
     *      If the key class does not implement
     *      java.security.interfaces.RSAPrivateKey or
     *      If the size of the minimal PKCS#1 frame generated by the
     *      engineSign() method will be larger than the public key modulus.
     */
    protected void engineInitSign (PrivateKey key) throws InvalidKeyException {
        if (!(key instanceof CryptixRSAPrivateKey))
            throw new InvalidKeyException(getAlgorithm() +
                ": Not an RSA private key");

        CryptixRSAPrivateKey rsa = (CryptixRSAPrivateKey) key;
        n = rsa.getModulus();
        exp = rsa.getExponent();
        
        if (key instanceof RSAFactors) {
            RSAFactors factors = (RSAFactors) key;
            p = factors.getP();
            q = factors.getQ();
            u = factors.getInverseOfQModP();
        }
        md.reset();

        // result will have as many bytes as the public modulus n
        int mdl = md.digest().length;
        int length = (n.bitLength() + 7) / 8;
        int aidl = getAlgorithmEncoding().length;
        int padLen = length - 3 - aidl - mdl;
        if (padLen < 0) throw new
            InvalidKeyException("Signer's public key modulus too short.");
    }

    /**
     * <b>SPI:</b> Initializes this signature object for verification, using
     * the given public key.
     *
     * @param  key  the public key this signature is assumed to have