gnu.crypto.sig.rsa
public class EMSA_PSS extends Object implements Cloneable
An implementation of the EMSA-PSS encoding/decoding scheme.
EMSA-PSS coincides with EMSA4 in IEEE P1363a D5 except that EMSA-PSS acts on octet strings and not on bit strings. In particular, the bit lengths of the hash and the salt must be multiples of 8 in EMSA-PSS. Moreover, EMSA4 outputs an integer of a desired bit length rather than an octet string.
EMSA-PSS is parameterized by the choice of hash function Hash and mask generation function MGF. In this submission, MGF is based on a Hash definition that coincides with the corresponding definitions in IEEE Std 1363-2000, PKCS #1 v2.0, and the draft ANSI X9.44. In PKCS #1 v2.0 and the draft ANSI X9.44, the recommended hash function is SHA-1, while IEEE Std 1363-2000 recommends SHA-1 and RIPEMD-160.
References:
Version: $Revision: 1.8 $
Method Summary | |
---|---|
Object | clone() |
boolean | decode(byte[] mHash, byte[] EM, int emBits, int sLen) The decoding operation EMSA-PSS-Decode recovers the message hash from
an encoded message |
byte[] | encode(byte[] mHash, int emBits, byte[] salt) The encoding operation EMSA-PSS-Encode computes the hash of a message
|
static EMSA_PSS | getInstance(String mdName) Returns an instance of this object given a designated name of a hash function. |
The decoding operation EMSA-PSS-Decode recovers the message hash from
an encoded message EM
and compares it to the hash of
M
.
Parameters: mHash the byte sequence resulting from applying the message digest
algorithm Hash to the message M. EM the encoded message, an octet string of length
emLen = CEILING(emBits/8).
emBits the maximal bit length of the integer OS2IP(EM), at least
8.hLen + 8.sLen + 9
. sLen the length, in octets, of the expected salt.
Returns: true
if the result of the verification was
consistent with the expected reseult; and false
if the
result was inconsistent.
Throws: IllegalArgumentException if an exception occurs.
The encoding operation EMSA-PSS-Encode computes the hash of a message
M
using a hash function and maps the result to an encoded
message EM
of a specified length using a mask generation
function.
Parameters: mHash the byte sequence resulting from applying the message digest
algorithm Hash to the message M. emBits the maximal bit length of the integer OS2IP(EM), at least
8.hLen + 8.sLen + 9
. salt the salt to use when encoding the output.
Returns: the encoded message EM
, an octet string of length
emLen = CEILING(emBits / 8)
.
Throws: IllegalArgumentException if an exception occurs.
Returns an instance of this object given a designated name of a hash function.
Parameters: mdName the canonical name of a hash function.
Returns: an instance of this object configured for use with the designated options.