gnu.crypto.sig.rsa

Class EMSA_PSS

public class EMSA_PSS extends Object implements Cloneable

An implementation of the EMSA-PSS encoding/decoding scheme.

EMSA-PSS coincides with EMSA4 in IEEE P1363a D5 except that EMSA-PSS acts on octet strings and not on bit strings. In particular, the bit lengths of the hash and the salt must be multiples of 8 in EMSA-PSS. Moreover, EMSA4 outputs an integer of a desired bit length rather than an octet string.

EMSA-PSS is parameterized by the choice of hash function Hash and mask generation function MGF. In this submission, MGF is based on a Hash definition that coincides with the corresponding definitions in IEEE Std 1363-2000, PKCS #1 v2.0, and the draft ANSI X9.44. In PKCS #1 v2.0 and the draft ANSI X9.44, the recommended hash function is SHA-1, while IEEE Std 1363-2000 recommends SHA-1 and RIPEMD-160.

References:

  1. RSA-PSS Signature Scheme with Appendix, part B.
    Primitive specification and supporting documentation.
    Jakob Jonsson and Burt Kaliski.

Version: $Revision: 1.8 $

Method Summary
Objectclone()
booleandecode(byte[] mHash, byte[] EM, int emBits, int sLen)

The decoding operation EMSA-PSS-Decode recovers the message hash from an encoded message EM and compares it to the hash of M.

byte[]encode(byte[] mHash, int emBits, byte[] salt)

The encoding operation EMSA-PSS-Encode computes the hash of a message M using a hash function and maps the result to an encoded message EM of a specified length using a mask generation function.

static EMSA_PSSgetInstance(String mdName)

Returns an instance of this object given a designated name of a hash function.

Method Detail

clone

public Object clone()

decode

public boolean decode(byte[] mHash, byte[] EM, int emBits, int sLen)

The decoding operation EMSA-PSS-Decode recovers the message hash from an encoded message EM and compares it to the hash of M.

Parameters: mHash the byte sequence resulting from applying the message digest algorithm Hash to the message M. EM the encoded message, an octet string of length emLen = CEILING(emBits/8). emBits the maximal bit length of the integer OS2IP(EM), at least 8.hLen + 8.sLen + 9. sLen the length, in octets, of the expected salt.

Returns: true if the result of the verification was consistent with the expected reseult; and false if the result was inconsistent.

Throws: IllegalArgumentException if an exception occurs.

encode

public byte[] encode(byte[] mHash, int emBits, byte[] salt)

The encoding operation EMSA-PSS-Encode computes the hash of a message M using a hash function and maps the result to an encoded message EM of a specified length using a mask generation function.

Parameters: mHash the byte sequence resulting from applying the message digest algorithm Hash to the message M. emBits the maximal bit length of the integer OS2IP(EM), at least 8.hLen + 8.sLen + 9. salt the salt to use when encoding the output.

Returns: the encoded message EM, an octet string of length emLen = CEILING(emBits / 8).

Throws: IllegalArgumentException if an exception occurs.

getInstance

public static EMSA_PSS getInstance(String mdName)

Returns an instance of this object given a designated name of a hash function.

Parameters: mdName the canonical name of a hash function.

Returns: an instance of this object configured for use with the designated options.

Copyright © 2001, 2002, 2003 Free Software Foundation, Inc. All Rights Reserved.