com.sun.squawk.security.signing
Class ECDSASignature

java.lang.Object
  com.sun.squawk.security.signing.ECDSASignature

public class ECDSASignature
extends Object

Signature algorithm ALG_ECDSA_SHA generates a 20-byte SHA digest and signs/verifies the digest using ECDSA. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order:
SEQUENCE ::= { r INTEGER, s INTEGER }

Constructor Summary

ECDSASignature()

Method Summary

int	getLength() Returns the byte length of the signature data.
void	init(ECPrivateKey privateKey) Initializes the Signature object with the appropriate privateKey in preparation for digital signing.
void	init(ECPublicKey publicKey) Initializes the Signature object with the appropriate publicKey in preparation for digital signature verification.
int	sign(byte[] inBuff, int inOffset, int inLength, byte[] sigBuff, int sigOffset) Generates the signature of all/last input data.
void	update(byte[] inBuff, int inOffset, int inLength) Accumulates a signature of the input data.
boolean	verify(byte[] inBuff, int inOffset, int inLength, byte[] sigBuff, int sigOffset, int sigLength) Verifies the signature of all/last input data against the passed in signature.
boolean	verifyMessageDigest(byte[] digestBuf, byte[] sigBuff, int sigOffset, int sigLength) Verifies the signature with an externally computed sha1 hash.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ECDSASignature

public ECDSASignature()
               throws CryptoException

Throws:

CryptoException

Method Detail

getLength

public int getLength()
              throws CryptoException

Returns the byte length of the signature data.

Returns:

the byte length of the signature data

Throws:

CryptoException - with the following reason codes:

• CryptoException.INVALID_INIT if this Signature object is not initialized.
• CryptoException.UNINITIALIZED_KEY if key not initialized.

init

public void init(ECPrivateKey privateKey)
          throws CryptoException

Initializes the Signature object with the appropriate privateKey in preparation for digital signing.

Parameters:

privateKey - the privateKey object to use for signing

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if privateKey instance is uninitialized.

init

public void init(ECPublicKey publicKey)
          throws CryptoException

Initializes the Signature object with the appropriate publicKey in preparation for digital signature verification.

Parameters:

publicKey - the publicKey object to use for verification

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if publicKey instance is uninitialized.

sign

public int sign(byte[] inBuff,
                int inOffset,
                int inLength,
                byte[] sigBuff,
                int sigOffset)
         throws CryptoException

Generates the signature of all/last input data.

A call to this method also resets this Signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to sign another message.

Note:

• The input and output buffer data may overlap.

Parameters:

inBuff - the input buffer of data to be signed

inOffset - the offset into the input buffer at which to begin signature generation

inLength - the byte length to sign

sigBuff - the output buffer to store signature data

sigOffset - the offset into sigBuff at which to begin signature data

Returns:

number of bytes of signature output in sigBuff

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if key not initialized.
• CryptoException.INVALID_INIT if this Signature object is not initialized or initialized for signature verify mode.

update

public void update(byte[] inBuff,
                   int inOffset,
                   int inLength)
            throws CryptoException

Accumulates a signature of the input data. This method requires temporary storage of intermediate results. In addition, if the input data length is not block aligned (multiple of block size) then additional internal storage may be allocated at this time to store a partial input data block. This may result in additional resource consumption and/or slow performance. This method should only be used if all the input data required for signing/verifying is not available in one byte array. If all of the input data required for signing/verifying is located in a single byte array, use of the sign() or verify() method is recommended. The sign() or verify() method must be called to complete processing of input data accumulated by one or more calls to the update() method.

Note:

• If inLength is 0 this method does nothing.

Parameters:

inBuff - the input buffer of data to be signed/verified

inOffset - the offset into the input buffer at which to begin signature generation/verification

inLength - the byte length to sign

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if key not initialized.
• CryptoException.INVALID_INIT if this Signature object is not initialized.

See Also:

sign(byte[], int, int, byte[], int), verify(byte[], int, int, byte[], int, int)

verify

public boolean verify(byte[] inBuff,
                      int inOffset,
                      int inLength,
                      byte[] sigBuff,
                      int sigOffset,
                      int sigLength)
               throws CryptoException

Verifies the signature of all/last input data against the passed in signature.

A call to this method also resets this Signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to verify another message. In addition, note that the initial vector(IV) used in AES and DES algorithms in CBC mode will be reset to 0.

Note:

• AES, DES, and triple DES algorithms in CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init(Key, byte, byte[], short, short) method.

Parameters:

inBuff - the input buffer of data to be verified

inOffset - the offset into the input buffer at which to begin signature generation

inLength - the byte length to sign

sigBuff - the input buffer containing signature data

sigOffset - the offset into sigBuff where signature data begins

sigLength - the byte length of the signature data

Returns:

true if the signature verifies, false otherwise. Note, if sigLength is inconsistent with this Signature algorithm, false is returned.

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if key not initialized.
• CryptoException.INVALID_INIT if this Signature object is not initialized or initialized for signature sign mode.
• CryptoException.ILLEGAL_USE if one of the following conditions is met:
  • if this Signature algorithm does not pad the message and the message is not block aligned.
  • if this Signature algorithm does not pad the message and no input data has been provided in inBuff or via the update() method.

verifyMessageDigest

public boolean verifyMessageDigest(byte[] digestBuf,
                                   byte[] sigBuff,
                                   int sigOffset,
                                   int sigLength)
                            throws CryptoException

Verifies the signature with an externally computed sha1 hash.

A call to this method also resets this Signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to verify another message. In addition, note that the initial vector(IV) used in AES and DES algorithms in CBC mode will be reset to 0.

To use this method Signature.init has to be called before to initialize the key, while calling Signature.update does not have any effect on the result.

Note:

• AES, DES, and triple DES algorithms in CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init(Key, byte, byte[], short, short) method.

Parameters:

digestBuf - The externally compute sha1 hash to be verified

sigBuff - the input buffer containing signature data

sigOffset - the offset into sigBuff where signature data begins

sigLength - the byte length of the signature data

Returns:

true if the signature verifies, false otherwise. Note, if sigLength is inconsistent with this Signature algorithm, false is returned.

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if key not initialized.
• CryptoException.INVALID_INIT if this Signature object is not initialized or initialized for signature sign mode.