equal
deleted
inserted
replaced
70 private ECPrivateKey privateKey; |
70 private ECPrivateKey privateKey; |
71 |
71 |
72 // public key, if initialized for verifying |
72 // public key, if initialized for verifying |
73 private ECPublicKey publicKey; |
73 private ECPublicKey publicKey; |
74 |
74 |
|
75 // signature parameters |
|
76 private ECParameterSpec sigParams = null; |
|
77 |
75 // The format. true for the IEEE P1363 format. false (default) for ASN.1 |
78 // The format. true for the IEEE P1363 format. false (default) for ASN.1 |
76 private final boolean p1363Format; |
79 private final boolean p1363Format; |
77 |
80 |
78 /** |
81 /** |
79 * Constructs a new ECDSASignature. |
82 * Constructs a new ECDSASignature. |
277 |
280 |
278 // initialize for verification. See JCA doc |
281 // initialize for verification. See JCA doc |
279 @Override |
282 @Override |
280 protected void engineInitVerify(PublicKey publicKey) |
283 protected void engineInitVerify(PublicKey publicKey) |
281 throws InvalidKeyException { |
284 throws InvalidKeyException { |
282 this.publicKey = (ECPublicKey) ECKeyFactory.toECKey(publicKey); |
285 ECPublicKey key = (ECPublicKey) ECKeyFactory.toECKey(publicKey); |
|
286 if (!isCompatible(this.sigParams, key.getParams())) { |
|
287 throw new InvalidKeyException("Key params does not match signature params"); |
|
288 } |
283 |
289 |
284 // Should check that the supplied key is appropriate for signature |
290 // Should check that the supplied key is appropriate for signature |
285 // algorithm (e.g. P-256 for SHA256withECDSA) |
291 // algorithm (e.g. P-256 for SHA256withECDSA) |
|
292 this.publicKey = key; |
286 this.privateKey = null; |
293 this.privateKey = null; |
287 resetDigest(); |
294 resetDigest(); |
288 } |
295 } |
289 |
296 |
290 // initialize for signing. See JCA doc |
297 // initialize for signing. See JCA doc |
296 |
303 |
297 // initialize for signing. See JCA doc |
304 // initialize for signing. See JCA doc |
298 @Override |
305 @Override |
299 protected void engineInitSign(PrivateKey privateKey, SecureRandom random) |
306 protected void engineInitSign(PrivateKey privateKey, SecureRandom random) |
300 throws InvalidKeyException { |
307 throws InvalidKeyException { |
301 this.privateKey = (ECPrivateKey) ECKeyFactory.toECKey(privateKey); |
308 ECPrivateKey key = (ECPrivateKey) ECKeyFactory.toECKey(privateKey); |
|
309 if (!isCompatible(this.sigParams, key.getParams())) { |
|
310 throw new InvalidKeyException("Key params does not match signature params"); |
|
311 } |
302 |
312 |
303 // Should check that the supplied key is appropriate for signature |
313 // Should check that the supplied key is appropriate for signature |
304 // algorithm (e.g. P-256 for SHA256withECDSA) |
314 // algorithm (e.g. P-256 for SHA256withECDSA) |
|
315 this.privateKey = key; |
305 this.publicKey = null; |
316 this.publicKey = null; |
306 this.random = random; |
317 this.random = random; |
307 resetDigest(); |
318 resetDigest(); |
308 } |
319 } |
309 |
320 |
351 } |
362 } |
352 |
363 |
353 messageDigest.update(byteBuffer); |
364 messageDigest.update(byteBuffer); |
354 needsReset = true; |
365 needsReset = true; |
355 } |
366 } |
|
367 |
|
368 private static boolean isCompatible(ECParameterSpec sigParams, |
|
369 ECParameterSpec keyParams) { |
|
370 if (sigParams == null) { |
|
371 // no restriction on key param |
|
372 return true; |
|
373 } |
|
374 return ECUtil.equals(sigParams, keyParams); |
|
375 } |
|
376 |
356 |
377 |
357 private byte[] signDigestImpl(ECDSAOperations ops, int seedBits, |
378 private byte[] signDigestImpl(ECDSAOperations ops, int seedBits, |
358 byte[] digest, ECPrivateKeyImpl privImpl, SecureRandom random) |
379 byte[] digest, ECPrivateKeyImpl privImpl, SecureRandom random) |
359 throws SignatureException { |
380 throws SignatureException { |
360 |
381 |
493 } |
514 } |
494 |
515 |
495 @Override |
516 @Override |
496 protected void engineSetParameter(AlgorithmParameterSpec params) |
517 protected void engineSetParameter(AlgorithmParameterSpec params) |
497 throws InvalidAlgorithmParameterException { |
518 throws InvalidAlgorithmParameterException { |
498 if (params != null) { |
519 if (params != null && !(params instanceof ECParameterSpec)) { |
499 throw new InvalidAlgorithmParameterException("No parameter accepted"); |
520 throw new InvalidAlgorithmParameterException("No parameter accepted"); |
500 } |
521 } |
|
522 ECKey key = (this.privateKey == null? this.publicKey : this.privateKey); |
|
523 if ((key != null) && !isCompatible((ECParameterSpec)params, key.getParams())) { |
|
524 throw new InvalidAlgorithmParameterException |
|
525 ("Signature params does not match key params"); |
|
526 } |
|
527 |
|
528 sigParams = (ECParameterSpec) params; |
501 } |
529 } |
502 |
530 |
503 // get parameter, not supported. See JCA doc |
531 // get parameter, not supported. See JCA doc |
504 @Override |
532 @Override |
505 @Deprecated |
533 @Deprecated |
508 throw new UnsupportedOperationException("getParameter() not supported"); |
536 throw new UnsupportedOperationException("getParameter() not supported"); |
509 } |
537 } |
510 |
538 |
511 @Override |
539 @Override |
512 protected AlgorithmParameters engineGetParameters() { |
540 protected AlgorithmParameters engineGetParameters() { |
513 return null; |
541 if (sigParams == null) { |
|
542 return null; |
|
543 } |
|
544 try { |
|
545 AlgorithmParameters ap = AlgorithmParameters.getInstance("EC"); |
|
546 ap.init(sigParams); |
|
547 return ap; |
|
548 } catch (Exception e) { |
|
549 // should never happen |
|
550 throw new ProviderException("Error retrieving EC parameters", e); |
|
551 } |
514 } |
552 } |
515 |
553 |
516 /** |
554 /** |
517 * Signs the digest using the private key. |
555 * Signs the digest using the private key. |
518 * |
556 * |