com.entrust.toolkit.security.crypto.rsa

Class RsaPssParameterSpec

java.lang.Object

com.entrust.toolkit.security.crypto.rsa.RsaPssParameterSpec

All Implemented Interfaces:

ASN1Type, java.security.spec.AlgorithmParameterSpec

public class RsaPssParameterSpec
extends java.lang.Object
implements java.security.spec.AlgorithmParameterSpec, ASN1Type

A transparent representation of the algorithm parameters required by Entrust's RSA-PSS digital signature algorithm implementation.

The RSA-PSS algorithm is parameterized by choice of hash function, mask generation function, and salt length. These options should be fixed for a given RSA key, except that the salt length can be variable.

This class is designed for use specifically with Entrust's RSA-PSS signature algorithm implementation; it will not work with other vendors RSASAA-PSS algorithm implementations.

  --
  -- AlgorithmIdentifier.parameters for id-RSASSA-PSS.
  -- Note that the tags in this Sequence are explicit.
  --
  RSASSA-PSS-params ::= SEQUENCE {
      hashAlgorithm       [0] HashAlgorithm       DEFAULT sha1,
      maskGenAlgorithm    [1] MaskGenAlgorithm    DEFAULT mgf1SHA1,
      saltLength          [2] INTEGER             DEFAULT 20,
      trailerField        [3] TrailerField        DEFAULT trailerFieldBC
  }
         
  HashAlgorithm ::= AlgorithmIdentifier { {OAEP-PSSDigestAlgorithms} }
     
  --
  -- Allowed EME-OAEP and EMSA-PSS digest algorithms.
  --
  OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
      { OID id-sha1 PARAMETERS NULL }|
      { OID id-sha256 PARAMETERS NULL }|
      { OID id-sha384 PARAMETERS NULL }|
      { OID id-sha512 PARAMETERS NULL },
      ... -- Allows for future expansion --
  }
     
  MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
     
  --
  -- Allowed mask generation function algorithms.
  -- If the identifier is id-mgf1, the parameters are a HashAlgorithm.
  --
  PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
      { OID id-mgf1 PARAMETERS HashAlgorithm },
      ... -- Allows for future expansion --
  }
     
  TrailerField ::= INTEGER { trailerFieldBC(1) }
     
  sha1 HashAlgorithm ::= {
      algorithm id-sha1,
      parameters SHA1Parameters : NULL
  }
     
  --
  -- Default AlgorithmIdentifier for id-RSAES-OAEP.maskGenAlgorithm and
  -- id-RSASSA-PSS.maskGenAlgorithm.
  --
  mgf1SHA1 MaskGenAlgorithm ::= {
      algorithm id-mgf1,
      parameters HashAlgorithm : sha1
  }
 

Since:

7.2

See Also:

RsaPssSignature, RsaPssParameters

Constructor Summary

Constructors

Constructor and Description
RsaPssParameterSpec() Creates a new instance of RSAPSSParameterSpec that contains all null parameter values.
RsaPssParameterSpec(AlgorithmID hashAlgorithm) Creates a new instance of RSAPSSParameterSpec using the provided algorithm parameter values.
RsaPssParameterSpec(AlgorithmID hashAlgorithm, AlgorithmID maskGenAlgorithm, java.lang.Integer saltLength, java.lang.Integer trailerField) Creates a new instance of RSAPSSParameterSpec using the provided algorithm parameter values.
RsaPssParameterSpec(ASN1Object obj) Creates an RSAPSSParameterSpec object from an ASN1Object.

Method Summary

Methods

Modifier and Type	Method and Description
void	decode(ASN1Object obj) Decodes an RSAPSSParameterSpec object from an ASN1Object.
AlgorithmID	getHashAlgorithm() Returns the hash algorithm identifier.
AlgorithmID	getMaskGenAlgorithm() Returns the mask generation function algorithm identifier.
int	getSaltLength() Gets the octet length (length in bytes) of the salt.
int	getTrailerField() Gets the trailer field number.
ASN1Object	toASN1Object() Encodes this RSAPSSParameterSpec object as an ASN1Object.
java.lang.String	toString() Creates a text representation of the ASN.1 structure of this RSAPSSParameterSpec object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

RsaPssParameterSpec

public RsaPssParameterSpec()

Creates a new instance of RSAPSSParameterSpec that contains all null parameter values.

This indicates default algorithm parameter values are to be used; the following are the default for each parameter value:

• hashAlgorithm: sha1: {OID id-sha1 PARAMETERS NULL}
• maskGenAlgorithm: mgf1SHA1: {OID id-mgf1 PARAMETERS sha1}
• saltLength: 20
• trailerField: 1

RsaPssParameterSpec

public RsaPssParameterSpec(AlgorithmID hashAlgorithm)

Creates a new instance of RSAPSSParameterSpec using the provided algorithm parameter values.

The following algorithm parameter values are used:

• hashAlgorithm: provided by caller
• maskGenAlgorithm: {OID id-mgf1 PARAMETERS hashAlgorithm}
• saltLength: the byte length of the hash value, 20 if hash algorithm not provided
• trailerField: 1

If a hash algorithm is not provided, the following default value is to be used sha1: {OID id-sha1 PARAMETERS NULL}.

Parameters:

hashAlgorithm - the hash algorithm identifier (OPTIONAL)

Throws:

java.lang.IllegalArgumentException - if the provided hash algorithm parameter value is not supported

RsaPssParameterSpec

public RsaPssParameterSpec(AlgorithmID hashAlgorithm,
                   AlgorithmID maskGenAlgorithm,
                   java.lang.Integer saltLength,
                   java.lang.Integer trailerField)

Creates a new instance of RSAPSSParameterSpec using the provided algorithm parameter values.

All the algorithm parameters are optional, and if missing default value are to be used; the following are the default for each parameter value:

• hashAlgorithm: sha1: {OID id-sha1 PARAMETERS NULL}
• maskGenAlgorithm: mgf1SHA1: {OID id-mgf1 PARAMETERS sha1}
• saltLength: the byte length of the hash value, 20 if hash algorithm not provided
• trailerField: 1

Parameters:

hashAlgorithm - the hash algorithm identifier (OPTIONAL)

maskGenAlgorithm - the mask generation function algorithm identifier (OPTIONAL)

saltLength - the salt length (OPTIONAL)

trailerField - the trailer field (OPTIONAL)

Throws:

java.lang.IllegalArgumentException - if any of the provided algorithm parameter values are not supported

RsaPssParameterSpec

public RsaPssParameterSpec(ASN1Object obj)
                    throws CodingException

Creates an RSAPSSParameterSpec object from an ASN1Object.

The ASN1Object must be a RSASS-PSS-params structure.

Parameters:

obj - an ASN.1 representation of an RSASS-PSS-params structure

Throws:

CodingException - thrown if an errors occurs while decoding the ANS1Object

Method Detail

getHashAlgorithm

public AlgorithmID getHashAlgorithm()

Returns the hash algorithm identifier.

If the hash algorithm has not been set, the default hash algorithm sha1: {OID id-sha1 PARAMETERS NULL} is returned instead. The following hash algorithms are supported:

 OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
     { OID id-sha1 PARAMETERS NULL }|
     { OID id-sha256 PARAMETERS NULL }|
     { OID id-sha384 PARAMETERS NULL }|
     { OID id-sha512 PARAMETERS NULL },
     ... -- Allows for future expansion --
 }
 

Returns:

the hash algorithm identifier

getMaskGenAlgorithm

public AlgorithmID getMaskGenAlgorithm()

Returns the mask generation function algorithm identifier.

If the mask generation function algorithm has not been set, the default mask generation function algorithm mgf1SHA1: {OID id-mgf1 PARAMETERS sha1} is returned instead. The following mask generation function algorithms are supported:

 PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
     { OID id-mgf1 PARAMETERS HashAlgorithm },
     ... -- Allows for future expansion --
 }
 
 HashAlgorithm ::= AlgorithmIdentifier { {OAEP-PSSDigestAlgorithms} }
  
 OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
     { OID id-sha1 PARAMETERS NULL }|
     { OID id-sha256 PARAMETERS NULL }|
     { OID id-sha384 PARAMETERS NULL }|
     { OID id-sha512 PARAMETERS NULL },
     ... -- Allows for future expansion --
 }
 

Returns:

the mask generation function algorithm identifier

getSaltLength

public int getSaltLength()

Gets the octet length (length in bytes) of the salt.

If the salt length has not been set, the default salt length 20 is returned instead.

Returns:

the salt length

getTrailerField

public int getTrailerField()

Gets the trailer field number.

If the trailer field number has not been set, the default trailer field number 1 is returned instead.

Returns:

the trailer field

toASN1Object

public ASN1Object toASN1Object()

Encodes this RSAPSSParameterSpec object as an ASN1Object.

Specified by:

toASN1Object in interface ASN1Type

Returns:

an ASN.1 representation of the RSASS-PSS-params structure

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes an RSAPSSParameterSpec object from an ASN1Object.

The ASN1Object must be a RSASS-PSS-params structure.

Specified by:

decode in interface ASN1Type

Parameters:

obj - an ASN.1 representation of an RSASS-PSS-params structure

Throws:

CodingException - thrown if an errors occurs while decoding the ANS1Object

toString

public java.lang.String toString()

Creates a text representation of the ASN.1 structure of this RSAPSSParameterSpec object.

Overrides:

toString in class java.lang.Object

Returns:

a text representation of the ASN.1 structure of this object