gnu.crypto.sig.rsa
Class EMSA_PSS

java.lang.Object
  gnu.crypto.sig.rsa.EMSA_PSS

All Implemented Interfaces:

java.lang.Cloneable

public class EMSA_PSS

extends java.lang.Object

implements java.lang.Cloneable

An implementation of the EMSA-PSS encoding/decoding scheme.

EMSA-PSS coincides with EMSA4 in IEEE P1363a D5 except that EMSA-PSS acts on octet strings and not on bit strings. In particular, the bit lengths of the hash and the salt must be multiples of 8 in EMSA-PSS. Moreover, EMSA4 outputs an integer of a desired bit length rather than an octet string.

EMSA-PSS is parameterized by the choice of hash function Hash and mask generation function MGF. In this submission, MGF is based on a Hash definition that coincides with the corresponding definitions in IEEE Std 1363-2000, PKCS #1 v2.0, and the draft ANSI X9.44. In PKCS #1 v2.0 and the draft ANSI X9.44, the recommended hash function is SHA-1, while IEEE Std 1363-2000 recommends SHA-1 and RIPEMD-160.

References:

1. RSA-PSS Signature Scheme with Appendix, part B.
   Primitive specification and supporting documentation.
   Jakob Jonsson and Burt Kaliski.

Version:

$Revision: 1.2 $

Method Summary

java.lang.Object	clone()
boolean	decode(byte[] mHash, byte[] EM, int emBits, int sLen) The decoding operation EMSA-PSS-Decode recovers the message hash from an encoded message EM and compares it to the hash of M.
byte[]	encode(byte[] mHash, int emBits, byte[] salt) The encoding operation EMSA-PSS-Encode computes the hash of a message M using a hash function and maps the result to an encoded message EM of a specified length using a mask generation function.
static EMSA_PSS	getInstance(java.lang.String mdName) Returns an instance of this object given a designated name of a hash function.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static EMSA_PSS getInstance(java.lang.String mdName)

Returns an instance of this object given a designated name of a hash function.

Parameters:

mdName - the canonical name of a hash function.

Returns:

an instance of this object configured for use with the designated options.

clone

public java.lang.Object clone()

encode

public byte[] encode(byte[] mHash,
                     int emBits,
                     byte[] salt)

The encoding operation EMSA-PSS-Encode computes the hash of a message M using a hash function and maps the result to an encoded message EM of a specified length using a mask generation function.

Parameters:

mHash - the byte sequence resulting from applying the message digest algorithm Hash to the message M.

emBits - the maximal bit length of the integer OS2IP(EM), at least 8.hLen + 8.sLen + 9.

salt - the salt to use when encoding the output.

Returns:

the encoded message EM, an octet string of length emLen = CEILING(emBits / 8).

Throws:

java.lang.IllegalArgumentException - if an exception occurs.

decode

public boolean decode(byte[] mHash,
                      byte[] EM,
                      int emBits,
                      int sLen)

The decoding operation EMSA-PSS-Decode recovers the message hash from an encoded message EM and compares it to the hash of M.

Parameters:

mHash - the byte sequence resulting from applying the message digest algorithm Hash to the message M.

EM - the encoded message, an octet string of length emLen = CEILING(emBits/8).

emBits - the maximal bit length of the integer OS2IP(EM), at least 8.hLen + 8.sLen + 9.

sLen - the length, in octets, of the expected salt.

Returns:

true if the result of the verification was consistent with the expected reseult; and false if the result was inconsistent.

Throws:

java.lang.IllegalArgumentException - if an exception occurs.