001: /*
002: * @(#)Signature.java 1.9 02/07/24 @(#)
003: *
004: * Copyright (c) 2000-2001 Sun Microsystems, Inc. All rights reserved.
005: * PROPRIETARY/CONFIDENTIAL
006: * Use is subject to license terms.
007: */
008:
009: package com.sun.portal.kssl;
010:
011: import com.sun.portal.ksecurity.CryptoException;
012: import com.sun.portal.ksecurity.Key;
013:
014: /**
015: * Implements an abstract class that generalizes all signature algorithms.
016: * This version of the implementation only supports ALG_RSA_MD5_PKCS1 and
017: * ALG_RSA_SHA_PKCS1.
018: */
019: public abstract class Signature {
020: // These are from the standard classes
021: /**
022: * Signature algorithm ALG_RSA_MD5_PKCS1 encrypts the 16-byte
023: * MD5 digest using RSA. The digest is padded according to the
024: * PKCS#1 (v1.5) scheme.
025: */
026: public static final byte ALG_RSA_MD5_PKCS1 = 1;
027: /**
028: * Signature algorithm ALG_RSA_SHA_PKCS1 encrypts the 20-byte
029: * SHA digest using RSA. The digest is padded according to the
030: * PKCS#1 (v1.5) scheme.
031: */
032: public static final byte ALG_RSA_SHA_PKCS1 = 2;
033: /** Unknown mode place holder. */
034: protected static final byte MODE_UNKNOWN = 0;
035: /** Used in init() methods to indicate signature sign mode. */
036: public static final byte MODE_SIGN = 1;
037: /** Used in init() methods to indicate signature verify mode. */
038: public static final byte MODE_VERIFY = 2;
039:
040: /**
041: * Protected constructor.
042: */
043: protected Signature() {
044: }
045:
046: /**
047: * Creates a <CODE>Signature</CODE> object instance of the selected
048: * algorithm.
049: * <P />
050: * @param alg desired signature algorithm
051: * @param ext this parameter is here only for compatibility with
052: * <CODE>javacard.security.Signature</CODE>, it is ignored
053: * @return a <CODE>Signature</CODE> object instance of the requested
054: * algorithm
055: * @exception CryptoException with reason code
056: * <CODE>NO_SUCH_ALGORITHM</CODE> if the requested algorithm is not
057: * supported
058: */
059: public static Signature getInstance(byte alg, boolean ext)
060: throws CryptoException {
061: switch (alg) {
062: case ALG_RSA_MD5_PKCS1:
063: case ALG_RSA_SHA_PKCS1:
064: return new RSASig(alg);
065: default:
066: throw new CryptoException(CryptoException.NO_SUCH_ALGORITHM);
067: }
068: }
069:
070: /**
071: * Gets the signature algorithm.
072: *
073: * @return the algorithm code defined above
074: */
075: public abstract byte getAlgorithm();
076:
077: /**
078: * Gets the byte length of the signature data.
079: *
080: * @return the byte length of signature data
081: */
082: public abstract short getLength();
083:
084: /**
085: * Initializes the <CODE>Signature</CODE> object with the appropriate
086: * <CODE>Key</CODE> for signature creation or verification.
087: * <P />
088: * @param theKey the key object to use for signing or verification
089: * @param theMode one of <CODE>MODE_SIGN</CODE> or
090: * <CODE>MODE_VERIFY</CODE>
091: * @exception CryptoException with reason code <CODE>ILLEGAL_VALUE</CODE>
092: * if an invalid mode is specified or if the key type is inconsistent
093: * with the mode or signature implementation.
094: */
095: public abstract void init(Key theKey, byte theMode)
096: throws CryptoException;
097:
098: /**
099: * Initializes the <CODE>Signature</CODE> object with the appropriate
100: * <CODE>Key</CODE> and algorithm specific parameters for signature
101: * creation or verification.
102: * <P />
103: * @param theKey the key object to use for signing or verification
104: * @param theMode one of <CODE>MODE_SIGN</CODE> or
105: * <CODE>MODE_VERIFY</CODE>
106: * @param b byte array containing algorithm specific parameters
107: * @param off starting offset of parameter data within the byte array
108: * @param len byte length of parameter data
109: * @exception CryptoException with reason code <CODE>ILLEGAL_VALUE</CODE>
110: * if an invalid mode is specified or if the key type is inconsistent
111: * with the mode or signature implementation or if this initialization mode
112: * is not supported by the signature algorithm
113: */
114: public abstract void init(Key theKey, byte theMode, byte[] b,
115: int off, int len) throws CryptoException;
116:
117: /**
118: * Accumulates a signature of the input data. When this method is used,
119: * temporary storage of intermediate results is required. This method
120: * should only be used if all the input data required for the signature
121: * is not available in one byte array. The sign() or verify() method is
122: * recommended whenever possible.
123: * <P />
124: * @param inBuf the input buffer of data to be signed
125: * @param inOff starting offset within the input buffer for data to
126: * be signed
127: * @param inLen the byte length of data to be signed
128: * @exception CryptoException with <CODE>UNINITIALIZED_KEY</CODE>
129: * or <CODE>INVALID_INIT</CODE> if the signature object
130: * is not properly initialized
131: * @see #sign(byte[], int, int, byte[], int)
132: * @see #verify(byte[], int, int, byte[], int, short)
133: */
134: public abstract void update(byte[] inBuf, int inOff, int inLen)
135: throws CryptoException;
136:
137: /**
138: * Generates the signature of all/last input data. A call to this
139: * method also resets this signature object to the state it was in
140: * when previously initialized via a call to init(). That is, the
141: * object is reset and available to sign another message.
142: * <P />
143: * @param inBuf the input buffer of data to be signed
144: * @param inOff starting offset within the input buffer for data to
145: * be signed
146: * @param inLen the byte length of data to be signed
147: * @param sigBuf the output buffer to store signature data
148: * @param sigOff starting offset within the output buffer at which
149: * to begin signature data
150: * @return number of bytes of signature output in sigBuf
151: * @exception CryptoException with the following reason codes: (i)
152: * <CODE>UNINITIALIZED_KEY</CODE> if key is not initialized, (ii)
153: * <CODE>INVALID_INIT</CODE> if signature object wasn not
154: * properly initialized, for signing (iii) <CODE>ILLEGAL_USE</CODE>
155: * if the signature algorithm does not pad the message and the
156: * message is not block aligned
157: */
158: public abstract short sign(byte[] inBuf, int inOff, int inLen,
159: byte[] sigBuf, int sigOff) throws CryptoException;
160:
161: /**
162: * Verifies the signature of all/last input data against the passed
163: * in signature. A call to this method also resets this signature
164: * object to the state it was in when previously initialized via a
165: * call to init(). That is, the object is reset and available to
166: * verify another message.
167: * <P />
168: * @param inBuf the input buffer of data to be verified
169: * @param inOff starting offset within the input buffer for data to
170: * be verified
171: * @param inLen the byte length of data to be verified
172: * @param sigBuf the input buffer containing signature data
173: * @param sigOff starting offset within the sigBuf where signature
174: * data begins
175: * @param sigLen byte length of signature data
176: * @return true if signature verifies, false otherwise
177: * @exception CryptoException with the following reason codes: (i)
178: * <CODE>UNINITIALIZED_KEY</CODE> if key is not initialized, (ii)
179: * <CODE>INVALID_INIT</CODE> if signature object wasn not
180: * properly initialized, for verification (iii) <CODE>ILLEGAL_USE</CODE>
181: * if the signature algorithm does not pad the message and the
182: * message is not block aligned
183: */
184: public abstract boolean verify(byte[] inBuf, int inOff, int inLen,
185: byte[] sigBuf, int sigOff, short sigLen)
186: throws CryptoException;
187: }
|