gnu.crypto.sig.rsa

Class EMSA_PSS

Implemented Interfaces:
Cloneable

public class EMSA_PSS
extends java.lang.Object
implements Cloneable

An implementation of the EMSA-PSS encoding/decoding scheme.

EMSA-PSS coincides with EMSA4 in IEEE P1363a D5 except that EMSA-PSS acts on octet strings and not on bit strings. In particular, the bit lengths of the hash and the salt must be multiples of 8 in EMSA-PSS. Moreover, EMSA4 outputs an integer of a desired bit length rather than an octet string.

EMSA-PSS is parameterized by the choice of hash function Hash and mask generation function MGF. In this submission, MGF is based on a Hash definition that coincides with the corresponding definitions in IEEE Std 1363-2000, PKCS #1 v2.0, and the draft ANSI X9.44. In PKCS #1 v2.0 and the draft ANSI X9.44, the recommended hash function is SHA-1, while IEEE Std 1363-2000 recommends SHA-1 and RIPEMD-160.

References:

  1. RSA-PSS Signature Scheme with Appendix, part B.
    Primitive specification and supporting documentation.
    Jakob Jonsson and Burt Kaliski.

Version:
$Revision: 1.7 $

Method Summary

Object
clone()
boolean
decode(byte[] mHash, byte[] EM, int emBits, int sLen)
The decoding operation EMSA-PSS-Decode recovers the message hash from an encoded message EM and compares it to the hash of M.
byte[]
encode(byte[] mHash, int emBits, byte[] salt)
The encoding operation EMSA-PSS-Encode computes the hash of a message M using a hash function and maps the result to an encoded message EM of a specified length using a mask generation function.
static EMSA_PSS
getInstance(String mdName)
Returns an instance of this object given a designated name of a hash function.

Method Details

clone

public Object clone()


decode

public boolean decode(byte[] mHash,
                      byte[] EM,
                      int emBits,
                      int sLen)
The decoding operation EMSA-PSS-Decode recovers the message hash from an encoded message EM and compares it to the hash of M.

Parameters:
mHash - the byte sequence resulting from applying the message digest algorithm Hash to the message M.
EM - the encoded message, an octet string of length emLen = CEILING(emBits/8).
emBits - the maximal bit length of the integer OS2IP(EM), at least 8.hLen + 8.sLen + 9.
sLen - the length, in octets, of the expected salt.

Returns:
true if the result of the verification was consistent with the expected reseult; and false if the result was inconsistent.


encode

public byte[] encode(byte[] mHash,
                     int emBits,
                     byte[] salt)
The encoding operation EMSA-PSS-Encode computes the hash of a message M using a hash function and maps the result to an encoded message EM of a specified length using a mask generation function.

Parameters:
mHash - the byte sequence resulting from applying the message digest algorithm Hash to the message M.
emBits - the maximal bit length of the integer OS2IP(EM), at least 8.hLen + 8.sLen + 9.
salt - the salt to use when encoding the output.

Returns:
the encoded message EM, an octet string of length emLen = CEILING(emBits / 8).


getInstance

public static EMSA_PSS getInstance(String mdName)
Returns an instance of this object given a designated name of a hash function.

Parameters:
mdName - the canonical name of a hash function.

Returns:
an instance of this object configured for use with the designated options.


Copyright © 2001, 2002, 2003 Free Software Foundation, Inc. All Rights Reserved.