SymmetricSignatureImpl



com.licel.jcardsim.crypto
Class SymmetricSignatureImpl

java.lang.Object
  extended by javacard.security.Signature
      extended by com.licel.jcardsim.crypto.SymmetricSignatureImpl

public class SymmetricSignatureImpl
extends Signature

Implementation Signature with symmetric keys based on BouncyCastle CryptoAPI

See Also:
Signature

Field Summary
 
Fields inherited from class javacard.security.Signature
ALG_AES_MAC_128_NOPAD, ALG_DES_MAC4_ISO9797_1_M2_ALG3, ALG_DES_MAC4_ISO9797_M1, ALG_DES_MAC4_ISO9797_M2, ALG_DES_MAC4_NOPAD, ALG_DES_MAC4_PKCS5, ALG_DES_MAC8_ISO9797_1_M2_ALG3, ALG_DES_MAC8_ISO9797_M1, ALG_DES_MAC8_ISO9797_M2, ALG_DES_MAC8_NOPAD, ALG_DES_MAC8_PKCS5, ALG_DSA_SHA, ALG_ECDSA_SHA, ALG_RSA_MD5_PKCS1, ALG_RSA_MD5_PKCS1_PSS, ALG_RSA_MD5_RFC2409, ALG_RSA_RIPEMD160_ISO9796, ALG_RSA_RIPEMD160_PKCS1, ALG_RSA_RIPEMD160_PKCS1_PSS, ALG_RSA_SHA_ISO9796, ALG_RSA_SHA_PKCS1, ALG_RSA_SHA_PKCS1_PSS, ALG_RSA_SHA_RFC2409, MODE_SIGN, MODE_VERIFY
 
Constructor Summary
SymmetricSignatureImpl(byte algorithm)
           
 
Method Summary
 byte getAlgorithm()
          Gets the Signature algorithm.
 short getLength()
          Returns the byte length of the signature data.
 void init(Key theKey, byte theMode)
          Initializes the Signature object with the appropriate Key.
 void init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen)
          Initializes the Signature object with the appropriate Key and algorithm specific parameters.
 short sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset)
          Generates the signature of all/last input data.
 void update(byte[] inBuff, short inOffset, short inLength)
          Accumulates a signature of the input data.
 boolean verify(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset, short sigLength)
          Verifies the signature of all/last input data against the passed in signature.
 
Methods inherited from class javacard.security.Signature
getInstance
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SymmetricSignatureImpl

public SymmetricSignatureImpl(byte algorithm)
Method Detail

init

public void init(Key theKey,
                 byte theMode)
          throws CryptoException
Description copied from class: Signature
Initializes the Signature object with the appropriate Key. This method should be used for algorithms which do not need initialization parameters or use default parameter values.

init() must be used to update the Signature object with a new key. If the Key object is modified after invoking the init() method, the behavior of the update(), sign(), and verify() methods is unspecified.

Note:

  • AES, DES, and triple DES algorithms in CBC mode will use 0 for initial vector(IV) if this method is used.

Specified by:
init in class Signature
Parameters:
theKey - the key object to use for signing or verifying
theMode - one of MODE_SIGN or MODE_VERIFY
Throws:
CryptoException - with the following reason codes:
  • CryptoException.ILLEGAL_VALUE if theMode option is an undefined value or if the Key is inconsistent with theMode or with the Signature implementation.
  • CryptoException.UNINITIALIZED_KEY if theKey instance is uninitialized.

init

public void init(Key theKey,
                 byte theMode,
                 byte[] bArray,
                 short bOff,
                 short bLen)
          throws CryptoException
Description copied from class: Signature
Initializes the Signature object with the appropriate Key and algorithm specific parameters.

init() must be used to update the Signature object with a new key. If the Key object is modified after invoking the init() method, the behavior of the update(), sign(), and verify() methods is unspecified.

Note:

  • DES and triple DES algorithms in CBC mode expect an 8-byte parameter value for the initial vector(IV) in bArray.
  • AES algorithms in CBC mode expect a 16-byte parameter value for the initial vector(IV) in bArray.
  • ECDSA, RSA, and DSA algorithms throw CryptoException.ILLEGAL_VALUE.

Specified by:
init in class Signature
Parameters:
theKey - the key object to use for signing
theMode - one of MODE_SIGN or MODE_VERIFY
bArray - byte array containing algorithm specific initialization information
bOff - offset within bArray where the algorithm specific data begins
bLen - byte length of algorithm specific parameter data
Throws:
CryptoException - with the following reason codes:
  • CryptoException.ILLEGAL_VALUE if theMode option is an undefined value or if a byte array parameter option is not supported by the algorithm or if the bLen is an incorrect byte length for the algorithm specific data or if the Key is inconsistent with theMode or with the Signature implementation.
  • CryptoException.UNINITIALIZED_KEY if theKey instance is uninitialized.

getLength

public short getLength()
                throws CryptoException
Description copied from class: Signature
Returns the byte length of the signature data.

Specified by:
getLength in class Signature
Returns:
the byte length of the signature data
Throws:
CryptoException - with the following reason codes:
  • CryptoException.INVALID_INIT if this Signature object is not initialized.
  • CryptoException.UNINITIALIZED_KEY if key not initialized.

getAlgorithm

public byte getAlgorithm()
Description copied from class: Signature
Gets the Signature algorithm.

Specified by:
getAlgorithm in class Signature
Returns:
the algorithm code defined above

update

public void update(byte[] inBuff,
                   short inOffset,
                   short inLength)
            throws CryptoException
Description copied from class: Signature
Accumulates a signature of the input data. This method requires temporary storage of intermediate results. In addition, if the input data length is not block aligned (multiple of block size) then additional internal storage may be allocated at this time to store a partial input data block. This may result in additional resource consumption and/or slow performance. This method should only be used if all the input data required for signing/verifying is not available in one byte array. If all of the input data required for signing/verifying is located in a single byte array, use of the sign() or verify() method is recommended. The sign() or verify() method must be called to complete processing of input data accumulated by one or more calls to the update() method.

Note:

  • If inLength is 0 this method does nothing.

Specified by:
update in class Signature
Parameters:
inBuff - the input buffer of data to be signed
inOffset - the offset into the input buffer at which to begin signature generation
inLength - the byte length to sign
Throws:
CryptoException - with the following reason codes:
  • CryptoException.UNINITIALIZED_KEY if key not initialized.
  • CryptoException.INVALID_INIT if this Signature object is not initialized.
See Also: Signature.sign(byte[], short, short, byte[], short)

sign

public short sign(byte[] inBuff,
                  short inOffset,
                  short inLength,
                  byte[] sigBuff,
                  short sigOffset)
           throws CryptoException
Description copied from class: Signature
Generates the signature of all/last input data.

A call to this method also resets this Signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to sign another message. In addition, note that the initial vector(IV) used in AES and DES algorithms in CBC mode will be reset to 0.

Note:

  • AES, DES, and triple DES algorithms in CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init(Key, byte, byte[], short, short) method.

The input and output buffer data may overlap.

Specified by:
sign in class Signature
Parameters:
inBuff - the input buffer of data to be signed
inOffset - the offset into the input buffer at which to begin signature generation
inLength - the byte length to sign
sigBuff - the output buffer to store signature data
sigOffset - the offset into sigBuff at which to begin signature data
Returns:
number of bytes of signature output in sigBuff
Throws:
CryptoException - with the following reason codes:
  • CryptoException.UNINITIALIZED_KEY if key not initialized.
  • CryptoException.INVALID_INIT if this Signature object is not initialized or initialized for signature verify mode.
  • CryptoException.ILLEGAL_USE if one of the following conditions is met:
    • if this Signature algorithm does not pad the message and the message is not block aligned.
    • if this Signature algorithm does not pad the message and no input data has been provided in inBuff or via the update() method.

verify

public boolean verify(byte[] inBuff,
                      short inOffset,
                      short inLength,
                      byte[] sigBuff,
                      short sigOffset,
                      short sigLength)
               throws CryptoException
Description copied from class: Signature
Verifies the signature of all/last input data against the passed in signature.

A call to this method also resets this Signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to verify another message. In addition, note that the initial vector(IV) used in AES and DES algorithms in CBC mode will be reset to 0.

Note:

  • AES, DES, and triple DES algorithms in CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init(Key, byte, byte[], short, short) method.

Specified by:
verify in class Signature
Parameters:
inBuff - the input buffer of data to be verified
inOffset - the offset into the input buffer at which to begin signature generation
inLength - the byte length to verify
sigBuff - the input buffer containing signature data
sigOffset - the offset into sigBuff where signature data begins
sigLength - the byte length of the signature data
Returns:
true if the signature verifies, false otherwise Note, if sigLength is inconsistent with this Signature algorithm, false is returned.
Throws:
CryptoException - with the following reason codes:
  • CryptoException.UNINITIALIZED_KEY if key not initialized.
  • CryptoException.INVALID_INIT if this Signature object is not initialized or initialized for signature sign mode.
  • CryptoException.ILLEGAL_USE if one of the following conditions is met:
    • if this Signature algorithm does not pad the message and the message is not block aligned.
    • if this Signature algorithm does not pad the message and no input data has been provided in inBuff or via the update() method.