1 /* SSLRSASignatureImpl.java -- SSL/TLS RSA implementation.
2 Copyright (C) 2006 Free Software Foundation, Inc.
4 This file is a part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or (at
9 your option) any later version.
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
39 package gnu.javax.net.ssl.provider;
41 import gnu.classpath.debug.Component;
42 import gnu.classpath.debug.SystemLogger;
43 import gnu.java.security.sig.rsa.RSA;
45 import java.math.BigInteger;
46 import java.security.InvalidKeyException;
47 import java.security.InvalidParameterException;
48 import java.security.MessageDigest;
49 import java.security.NoSuchAlgorithmException;
50 import java.security.PrivateKey;
51 import java.security.PublicKey;
52 import java.security.SignatureException;
53 import java.security.SignatureSpi;
54 import java.security.interfaces.RSAPrivateKey;
55 import java.security.interfaces.RSAPublicKey;
56 import java.util.Arrays;
59 * An implementation of of the RSA signature algorithm; this is an RSA
60 * encrypted MD5 hash followed by a SHA-1 hash.
62 * @author Casey Marshall (csm@gnu.org)
64 public class SSLRSASignatureImpl extends SignatureSpi
66 private static final SystemLogger logger = SystemLogger.SYSTEM;
67 private RSAPublicKey pubkey;
68 private RSAPrivateKey privkey;
69 private final MessageDigest md5, sha;
70 private boolean initSign = false;
71 private boolean initVerify = false;
73 public SSLRSASignatureImpl() throws NoSuchAlgorithmException
75 md5 = MessageDigest.getInstance("MD5");
76 sha = MessageDigest.getInstance("SHA-1");
80 * @see java.security.SignatureSpi#engineInitVerify(java.security.PublicKey)
82 @Override protected void engineInitVerify(PublicKey publicKey)
83 throws InvalidKeyException
87 pubkey = (RSAPublicKey) publicKey;
92 catch (ClassCastException cce)
94 throw new InvalidKeyException(cce);
99 * @see java.security.SignatureSpi#engineInitSign(java.security.PrivateKey)
101 @Override protected void engineInitSign(PrivateKey privateKey)
102 throws InvalidKeyException
106 privkey = (RSAPrivateKey) privateKey;
111 catch (ClassCastException cce)
113 throw new InvalidKeyException(cce);
118 * @see java.security.SignatureSpi#engineUpdate(byte)
120 @Override protected void engineUpdate(byte b) throws SignatureException
122 if (!initSign && !initVerify)
123 throw new IllegalStateException("not initialized");
125 logger.log(Component.SSL_HANDSHAKE, "SSL/RSA update 0x{0}",
126 Util.formatInt(b & 0xFF, 16, 2));
132 * @see java.security.SignatureSpi#engineUpdate(byte[], int, int)
134 @Override protected void engineUpdate(byte[] b, int off, int len)
135 throws SignatureException
137 if (!initSign && !initVerify)
138 throw new IllegalStateException("not initialized");
140 logger.log(Component.SSL_HANDSHAKE, "SSL/RSA update\n{0}",
141 Util.hexDump(b, off, len, ">> "));
142 md5.update(b, off, len);
143 sha.update(b, off, len);
147 * @see java.security.SignatureSpi#engineSign()
149 @Override protected byte[] engineSign() throws SignatureException
151 // FIXME we need to add RSA blinding to this, somehow.
154 throw new SignatureException("not initialized for signing");
155 // Pad the hash results with RSA block type 1.
156 final int k = (privkey.getModulus().bitLength() + 7) >>> 3;
157 final byte[] d = Util.concat(md5.digest(), sha.digest());
158 if (k - 11 < d.length)
159 throw new SignatureException("message too long");
160 final byte[] eb = new byte[k];
163 for (int i = 2; i < k - d.length - 1; i++)
165 System.arraycopy(d, 0, eb, k - d.length, d.length);
166 BigInteger EB = new BigInteger(eb);
168 // Private-key encrypt the padded hashes.
169 BigInteger EM = RSA.sign(privkey, EB);
170 return Util.trim(EM);
174 * @see java.security.SignatureSpi#engineVerify(byte[])
176 @Override protected boolean engineVerify(byte[] sigBytes)
177 throws SignatureException
180 throw new SignatureException("not initialized for verifying");
182 // Public-key decrypt the signature representative.
183 BigInteger EM = new BigInteger(1, (byte[]) sigBytes);
184 BigInteger EB = RSA.verify(pubkey, EM);
186 // Unpad the decrypted message.
188 final byte[] eb = EB.toByteArray();
191 for (i = 0; i < eb.length && eb[i] == 0x00; i++)
194 else if (eb[0] == 0x01)
196 for (i = 1; i < eb.length && eb[i] != 0x00; i++)
198 if (eb[i] != (byte) 0xFF)
200 throw new SignatureException("bad padding");
207 throw new SignatureException("decryption failed");
209 byte[] d1 = Util.trim(eb, i, eb.length - i);
210 byte[] d2 = Util.concat(md5.digest(), sha.digest());
212 logger.logv(Component.SSL_HANDSHAKE, "SSL/RSA d1:{0} d2:{1}",
213 Util.toHexString(d1, ':'), Util.toHexString(d2, ':'));
214 return Arrays.equals(d1, d2);
218 * @see java.security.SignatureSpi#engineSetParameter(java.lang.String, java.lang.Object)
220 @Override protected void engineSetParameter(String param, Object value)
221 throws InvalidParameterException
223 throw new InvalidParameterException("parameters not supported");
227 * @see java.security.SignatureSpi#engineGetParameter(java.lang.String)
229 @Override protected Object engineGetParameter(String param)
230 throws InvalidParameterException
232 throw new InvalidParameterException("parameters not supported");