iaik.security.ecc.ecdsa
Class RawECDSA

java.lang.Object
  java.security.SignatureSpi
      java.security.Signature
          iaik.security.ecc.ecdsa.RawECDSA

public class RawECDSA

extends java.security.Signature

This class implements the "Raw" ECDSA signature algorithm. That is, it expects its input to be already hashed with eg. SHA-1, SHA-256, etc.

Use it like any other signature algorithm, but supply the hashed data to the update() methods instead of the original data to be signed. You can call all of the update methods in any combination. You have to ensure that the length of the hashed bytes in the update methods fits the parameters of the curve.

If you are going to sign some yet not hashed data (respectively verify the corresponding signature), you can use the ECDSA implemetation which automatically hashes the supplied data according the SHA algorithm before processing it with the RawDSA algorithm.

See Also:

ECDSASignature, Signature

Field Summary

protected java.io.ByteArrayOutputStream	dataBuffer_ Data buffer to which the DigestInfo is written when supplied via an update method.
protected ECPrivateKey	privateKey_ The private key, used for signing.
protected ECPublicKey	publicKey_ The public key used for verification.
protected java.security.SecureRandom	secureRandom_ Source of randomness.

Fields inherited from class java.security.Signature

SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

RawECDSA()
The default constructor.

Method Summary

protected java.lang.Object	engineGetParameter(java.lang.String param) Method not implemented.
protected void	engineInitSign(java.security.PrivateKey privateKey) Initializes the engine for signature creation.
protected void	engineInitSign(java.security.PrivateKey privateKey, java.security.SecureRandom random) SPI: Initializes this Signature object with the given ECDSA private key and the given SecureRandom generator for going to sign some data.
protected void	engineInitVerify(java.security.PublicKey publicKey) Initializes the engine for signature verification.
protected void	engineSetParameter(java.lang.String param, java.lang.Object value) Method not implemented.
protected byte[]	engineSign() Implements the sign algorithm according to the rules: k = random([1,n-1]) kP = (x1,y1) r = x1 mod n e = H(M) s = k1(e+dr) mod n Signature: (r,s)
protected void	engineUpdate(byte b) SPI: Updates the data to be signed or verified with the specified byte.
protected void	engineUpdate(byte[] b, int off, int len) SPI: Updates the data to be signed or verified with the specified number of hashed bytes, beginning at the specified offset within the given byte array.
protected boolean	engineVerify(byte[] sigBytes) Verifies a given signature according to the following rules: extract r and s from the given byte[] if r is not an integer in the interval [1, n-1] reject sig.

Methods inherited from class java.security.Signature

clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, verify, verify

Methods inherited from class java.security.SignatureSpi

engineGetParameters, engineSetParameter, engineSign, engineVerify

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

dataBuffer_

protected java.io.ByteArrayOutputStream dataBuffer_

Data buffer to which the DigestInfo is written when supplied via an update method.

privateKey_

protected ECPrivateKey privateKey_

The private key, used for signing.

publicKey_

protected ECPublicKey publicKey_

The public key used for verification.

secureRandom_

protected java.security.SecureRandom secureRandom_

Source of randomness.

Constructor Detail

RawECDSA

public RawECDSA()

The default constructor. Creates a new RawECDSA signature object.

Applications use Signature.getInstance("RawECDSA"); for creating a RawECDSA Signature object.

See Also:

Signature.getInstance(java.lang.String)

Method Detail

engineGetParameter

protected java.lang.Object engineGetParameter(java.lang.String param)
                                       throws java.security.InvalidParameterException

Method not implemented. Just throws an InvalidParameterException.

Throws:

java.security.InvalidParameterException

engineInitSign

protected void engineInitSign(java.security.PrivateKey privateKey)
                       throws java.security.InvalidKeyException

Initializes the engine for signature creation.

Parameters:

privateKey - the ECDSA private key used for signing.

Throws:

java.security.InvalidKeyException - if a key encoding error occurs.

engineInitSign

protected void engineInitSign(java.security.PrivateKey privateKey,
                              java.security.SecureRandom random)
                       throws java.security.InvalidKeyException

SPI: Initializes this Signature object with the given ECDSA private key and the given SecureRandom generator for going to sign some data.

Note that this method is not available for JDK versions prior JDK 1.2. When using JDK 1.1 a SecureRandom object may be supplied as by calling method setParameter. If a SecureRandom never has been supplied by the application, the signature engine will use a default SecureRandom, if required.

Parameters:

privateKey - the ECDSDSA private key to be used for signing.

random - the random number generator

Throws:

java.security.InvalidKeyException - if a key decoding error occurs

engineInitVerify

protected void engineInitVerify(java.security.PublicKey publicKey)
                         throws java.security.InvalidKeyException

Initializes the engine for signature verification.

Parameters:

publicKey - the ECDSA public key used for the signature verification.

Throws:

java.security.InvalidKeyException - if a key encoding error occurs.

engineSetParameter

protected void engineSetParameter(java.lang.String param,
                                  java.lang.Object value)
                           throws java.security.InvalidParameterException

Method not implemented. Just throws an InvalidParameterException.

Throws:

java.security.InvalidParameterException

engineSign

protected byte[] engineSign()
                     throws java.security.SignatureException

Implements the sign algorithm according to the rules:

1. k = random([1,n-1])
2. kP = (x1,y1)
3. r = x1 mod n
4. e = H(M)
5. s = k¹(e+dr) mod n
6. Signature: (r,s)

Returns:

(r,s) as byte array

Throws:

java.security.SignatureException

engineUpdate

protected void engineUpdate(byte b)

SPI: Updates the data to be signed or verified with the specified byte.

Parameters:

b - the hash byte to be used for updating.

Throws:

java.security.SignatureException - if the engine has not been properly initialized

engineUpdate

protected void engineUpdate(byte[] b,
                            int off,
                            int len)

SPI: Updates the data to be signed or verified with the specified number of hashed bytes, beginning at the specified offset within the given byte array.

Parameters:

b - the byte array holding the already hashed data to be used for this update operation.

off - the offset, indicating the start position within the given byte array.

len - the number of bytes to be obtained from the given byte array, starting at the given position.

Throws:

java.security.SignatureException - if the engine has not been properly initialized.

engineVerify

protected boolean engineVerify(byte[] sigBytes)
                        throws java.security.SignatureException

Verifies a given signature according to the following rules:

1. extract r and s from the given byte[]
2. if r is not an integer in the interval [1, n-1] reject sig.
3. if s is not an integer in the interval [1, n-1] reject sig.
4. compute digest e = SHA-1(M)
5. c = s^(-1) mod n
6. u1 = e*c mod n
7. u2 = r*c mod n
8. (x1, y1) = u1*G + u2*Q
9. if (x1, y1) is the point at infinity, then reject sig.
10. convert x1 to integer x
11. v = x mod n
12. if r = v then accept sig.
13. if r != v then reject sig.

Parameters:

sigBytes - the encoded r and s values of the signature.

Returns:

true if the signature is valid.

Throws:

java.security.SignatureException - if an error occurs when verifying the signature.