Java tutorial
package org.bouncycastle.crypto.signers; import java.io.IOException; import java.util.Hashtable; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DigestInfo; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.CryptoException; import org.bouncycastle.crypto.DataLengthException; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Signer; import org.bouncycastle.crypto.encodings.PKCS1Encoding; import org.bouncycastle.crypto.engines.RSABlindedEngine; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.params.ParametersWithRandom; import org.bouncycastle.util.Arrays; public class RSADigestSigner implements Signer { private final AsymmetricBlockCipher rsaEngine = new PKCS1Encoding(new RSABlindedEngine()); private final AlgorithmIdentifier algId; private final Digest digest; private boolean forSigning; private static final Hashtable oidMap = new Hashtable(); /* * Load OID table. */ static { // Null-digester is intentionally NOT on this mapping. oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1); oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256); oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384); oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512); oidMap.put("SHA-512/224", NISTObjectIdentifiers.id_sha512_224); oidMap.put("SHA-512/256", NISTObjectIdentifiers.id_sha512_256); oidMap.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224); oidMap.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256); oidMap.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384); oidMap.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512); oidMap.put("MD2", PKCSObjectIdentifiers.md2); oidMap.put("MD4", PKCSObjectIdentifiers.md4); oidMap.put("MD5", PKCSObjectIdentifiers.md5); } public RSADigestSigner(Digest digest) { this(digest, (ASN1ObjectIdentifier) oidMap.get(digest.getAlgorithmName())); } public RSADigestSigner(Digest digest, ASN1ObjectIdentifier digestOid) { this.digest = digest; if (digestOid != null) { this.algId = new AlgorithmIdentifier(digestOid, DERNull.INSTANCE); } else { // NULL digester, match behaviour with DigestSignatureSpi this.algId = null; } } /** * @deprecated */ public String getAlgorithmName() { return digest.getAlgorithmName() + "withRSA"; } /** * Initialize the signer for signing or verification. * * @param forSigning * true if for signing, false otherwise * @param parameters * necessary parameters. */ public void init(boolean forSigning, CipherParameters parameters) { this.forSigning = forSigning; AsymmetricKeyParameter k; if (parameters instanceof ParametersWithRandom) { k = (AsymmetricKeyParameter) ((ParametersWithRandom) parameters).getParameters(); } else { k = (AsymmetricKeyParameter) parameters; } if (forSigning && !k.isPrivate()) { throw new IllegalArgumentException("signing requires private key"); } if (!forSigning && k.isPrivate()) { throw new IllegalArgumentException("verification requires public key"); } reset(); rsaEngine.init(forSigning, parameters); } /** * update the internal digest with the byte b */ public void update(byte input) { digest.update(input); } /** * update the internal digest with the byte array in */ public void update(byte[] input, int inOff, int length) { digest.update(input, inOff, length); } /** * Generate a signature for the message we've been loaded with using the key * we were initialised with. */ public byte[] generateSignature() throws CryptoException, DataLengthException { if (!forSigning) { throw new IllegalStateException("RSADigestSigner not initialised for signature generation."); } byte[] hash = new byte[digest.getDigestSize()]; digest.doFinal(hash, 0); try { byte[] data = derEncode(hash); return rsaEngine.processBlock(data, 0, data.length); } catch (IOException e) { throw new CryptoException("unable to encode signature: " + e.getMessage(), e); } } /** * return true if the internal state represents the signature described in * the passed in array. */ public boolean verifySignature(byte[] signature) { if (forSigning) { throw new IllegalStateException("RSADigestSigner not initialised for verification"); } byte[] hash = new byte[digest.getDigestSize()]; digest.doFinal(hash, 0); byte[] sig; byte[] expected; try { sig = rsaEngine.processBlock(signature, 0, signature.length); expected = derEncode(hash); } catch (Exception e) { return false; } if (sig.length == expected.length) { return Arrays.constantTimeAreEqual(sig, expected); } else if (sig.length == expected.length - 2) // NULL left out { int sigOffset = sig.length - hash.length - 2; int expectedOffset = expected.length - hash.length - 2; expected[1] -= 2; // adjust lengths expected[3] -= 2; int nonEqual = 0; for (int i = 0; i < hash.length; i++) { nonEqual |= (sig[sigOffset + i] ^ expected[expectedOffset + i]); } for (int i = 0; i < sigOffset; i++) { nonEqual |= (sig[i] ^ expected[i]); // check header less NULL } return nonEqual == 0; } else { Arrays.constantTimeAreEqual(expected, expected); // keep time "steady". return false; } } public void reset() { digest.reset(); } private byte[] derEncode(byte[] hash) throws IOException { if (algId == null) { try { // check hash is at least right format DigestInfo.getInstance(hash); return hash; } catch (IllegalArgumentException e) { throw new IOException("malformed DigestInfo for NONEwithRSA hash: " + e.getMessage()); } } DigestInfo dInfo = new DigestInfo(algId, hash); return dInfo.getEncoded(ASN1Encoding.DER); } }