Produced by Araxis Merge on 9/25/2018 2:13:23 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\ec | ECDSASignature.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\ec | ECDSASignature.java | Wed Sep 12 17:51:28 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 904 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 9, 2017, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .ec; | |
27 | ||
28 | import jav a.io.IOExc eption; | |
29 | import jav a.nio.Byte Buffer; | |
30 | import jav a.math.Big Integer; | |
31 | ||
32 | import jav a.security .*; | |
33 | import jav a.security .interface s.*; | |
34 | import jav a.security .spec.*; | |
35 | ||
36 | import sun .security. jca.JCAUti l; | |
37 | import sun .security. util.*; | |
38 | ||
39 | /** | |
40 | * ECDSA s ignature i mplementat ion. This class curr ently supp orts the | |
41 | * followi ng algorit hm names: | |
42 | * | |
43 | * . "NO NEwithECDS A" | |
44 | * . "SH A1withECDS A" | |
45 | * . "SH A224withEC DSA" | |
46 | * . "SH A256withEC DSA" | |
47 | * . "SH A384withEC DSA" | |
48 | * . "SH A512withEC DSA" | |
49 | * | |
50 | * @since 1.7 | |
51 | */ | |
52 | abstract c lass ECDSA Signature extends Si gnatureSpi { | |
53 | ||
54 | // mes sage diges t implemen tation we use | |
55 | privat e final Me ssageDiges t messageD igest; | |
56 | ||
57 | // sup plied entr opy | |
58 | privat e SecureRa ndom rando m; | |
59 | ||
60 | // fla g indicati ng whether the diges t has been reset | |
61 | privat e boolean needsReset ; | |
62 | ||
63 | // pri vate key, if initial ized for s igning | |
64 | privat e ECPrivat eKey priva teKey; | |
65 | ||
66 | // pub lic key, i f initiali zed for ve rifying | |
67 | privat e ECPublic Key public Key; | |
68 | ||
69 | /** | |
70 | * Con structs a new ECDSAS ignature. Used by Ra w subclass . | |
71 | * | |
72 | * @ex ception Pr oviderExce ption if t he native ECC librar y is unava ilable. | |
73 | */ | |
74 | ECDSAS ignature() { | |
75 | me ssageDiges t = null; | |
76 | } | |
77 | ||
78 | /** | |
79 | * Con structs a new ECDSAS ignature. Used by su bclasses. | |
80 | */ | |
81 | ECDSAS ignature(S tring dige stName) { | |
82 | tr y { | |
83 | messageD igest = Me ssageDiges t.getInsta nce(digest Name); | |
84 | } catch (NoS uchAlgorit hmExceptio n e) { | |
85 | throw ne w Provider Exception( e); | |
86 | } | |
87 | ne edsReset = false; | |
88 | } | |
89 | ||
90 | // Nes ted class for NONEwi thECDSA si gnatures | |
91 | public static fi nal class Raw extend s ECDSASig nature { | |
92 | ||
93 | // the longe st support ed digest is 512 bit s (SHA-512 ) | |
94 | pr ivate stat ic final i nt RAW_ECD SA_MAX = 6 4; | |
95 | ||
96 | pr ivate fina l byte[] p recomputed Digest; | |
97 | pr ivate int offset = 0 ; | |
98 | ||
99 | pu blic Raw() { | |
100 | precompu tedDigest = new byte [RAW_ECDSA _MAX]; | |
101 | } | |
102 | ||
103 | // Stores th e precompu ted messag e digest v alue. | |
104 | @O verride | |
105 | pr otected vo id engineU pdate(byte b) throws Signature Exception { | |
106 | if (offs et >= prec omputedDig est.length ) { | |
107 | offs et = RAW_E CDSA_MAX + 1; | |
108 | retu rn; | |
109 | } | |
110 | precompu tedDigest[ offset++] = b; | |
111 | } | |
112 | ||
113 | // Stores th e precompu ted messag e digest v alue. | |
114 | @O verride | |
115 | pr otected vo id engineU pdate(byte [] b, int off, int l en) | |
116 | thro ws Signatu reExceptio n { | |
117 | if (offs et >= prec omputedDig est.length ) { | |
118 | offs et = RAW_E CDSA_MAX + 1; | |
119 | retu rn; | |
120 | } | |
121 | System.a rraycopy(b , off, pre computedDi gest, offs et, len); | |
122 | offset + = len; | |
123 | } | |
124 | ||
125 | // Stores th e precompu ted messag e digest v alue. | |
126 | @O verride | |
127 | pr otected vo id engineU pdate(Byte Buffer byt eBuffer) { | |
128 | int len = byteBuff er.remaini ng(); | |
129 | if (len <= 0) { | |
130 | retu rn; | |
131 | } | |
132 | if (offs et + len > = precompu tedDigest. length) { | |
133 | offs et = RAW_E CDSA_MAX + 1; | |
134 | retu rn; | |
135 | } | |
136 | byteBuff er.get(pre computedDi gest, offs et, len); | |
137 | offset + = len; | |
138 | } | |
139 | ||
140 | @O verride | |
141 | pr otected vo id resetDi gest(){ | |
142 | offset = 0; | |
143 | } | |
144 | ||
145 | // Returns t he precomp uted messa ge digest value. | |
146 | @O verride | |
147 | pr otected by te[] getDi gestValue( ) throws S ignatureEx ception { | |
148 | if (offs et > RAW_E CDSA_MAX) { | |
149 | thro w new Sign atureExcep tion("Mess age digest is too lo ng"); | |
150 | ||
151 | } | |
152 | byte[] r esult = ne w byte[off set]; | |
153 | System.a rraycopy(p recomputed Digest, 0, result, 0 , offset); | |
154 | offset = 0; | |
155 | ||
156 | return r esult; | |
157 | } | |
158 | } | |
159 | ||
160 | // Nes ted class for SHA1wi thECDSA si gnatures | |
161 | public static fi nal class SHA1 exten ds ECDSASi gnature { | |
162 | pu blic SHA1( ) { | |
163 | super("S HA1"); | |
164 | } | |
165 | } | |
166 | ||
167 | // Nes ted class for SHA224 withECDSA signatures | |
168 | public static fi nal class SHA224 ext ends ECDSA Signature { | |
169 | pu blic SHA22 4() { | |
170 | super("SH A-224"); | |
171 | } | |
172 | } | |
173 | ||
174 | // Nes ted class for SHA256 withECDSA signatures | |
175 | public static fi nal class SHA256 ext ends ECDSA Signature { | |
176 | pu blic SHA25 6() { | |
177 | super("S HA-256"); | |
178 | } | |
179 | } | |
180 | ||
181 | // Nes ted class for SHA384 withECDSA signatures | |
182 | public static fi nal class SHA384 ext ends ECDSA Signature { | |
183 | pu blic SHA38 4() { | |
184 | super("S HA-384"); | |
185 | } | |
186 | } | |
187 | ||
188 | // Nes ted class for SHA512 withECDSA signatures | |
189 | public static fi nal class SHA512 ext ends ECDSA Signature { | |
190 | pu blic SHA51 2() { | |
191 | super("S HA-512"); | |
192 | } | |
193 | } | |
194 | ||
195 | // ini tialize fo r verifica tion. See JCA doc | |
196 | @Overr ide | |
197 | protec ted void e ngineInitV erify(Publ icKey publ icKey) | |
198 | throws I nvalidKeyE xception { | |
199 | th is.publicK ey = (ECPu blicKey) E CKeyFactor y.toECKey( publicKey) ; | |
200 | ||
201 | // Should ch eck that t he supplie d key is a ppropriate for signa ture | |
202 | // algorithm (e.g. P-2 56 for SHA 256withECD SA) | |
203 | th is.private Key = null ; | |
204 | re setDigest( ); | |
205 | } | |
206 | ||
207 | // ini tialize fo r signing. See JCA d oc | |
208 | @Overr ide | |
209 | protec ted void e ngineInitS ign(Privat eKey priva teKey) | |
210 | throws I nvalidKeyE xception { | |
211 | en gineInitSi gn(private Key, null) ; | |
212 | } | |
213 | ||
214 | // ini tialize fo r signing. See JCA d oc | |
215 | @Overr ide | |
216 | protec ted void e ngineInitS ign(Privat eKey priva teKey, Sec ureRandom random) | |
217 | throws I nvalidKeyE xception { | |
218 | th is.private Key = (ECP rivateKey) ECKeyFact ory.toECKe y(privateK ey); | |
219 | ||
220 | // Should ch eck that t he supplie d key is a ppropriate for signa ture | |
221 | // algorithm (e.g. P-2 56 for SHA 256withECD SA) | |
222 | th is.publicK ey = null; | |
223 | th is.random = random; | |
224 | re setDigest( ); | |
225 | } | |
226 | ||
227 | /** | |
228 | * Res ets the me ssage dige st if need ed. | |
229 | */ | |
230 | protec ted void r esetDigest () { | |
231 | if (needsRes et) { | |
232 | if (mess ageDigest != null) { | |
233 | mess ageDigest. reset(); | |
234 | } | |
235 | needsRes et = false ; | |
236 | } | |
237 | } | |
238 | ||
239 | /** | |
240 | * Ret urns the m essage dig est value. | |
241 | */ | |
242 | protec ted byte[] getDigest Value() th rows Signa tureExcept ion { | |
243 | ne edsReset = false; | |
244 | re turn messa geDigest.d igest(); | |
245 | } | |
246 | ||
247 | // upd ate the si gnature wi th the pla intext dat a. See JCA doc | |
248 | @Overr ide | |
249 | protec ted void e ngineUpdat e(byte b) throws Sig natureExce ption { | |
250 | me ssageDiges t.update(b ); | |
251 | ne edsReset = true; | |
252 | } | |
253 | ||
254 | // upd ate the si gnature wi th the pla intext dat a. See JCA doc | |
255 | @Overr ide | |
256 | protec ted void e ngineUpdat e(byte[] b , int off, int len) | |
257 | throws S ignatureEx ception { | |
258 | me ssageDiges t.update(b , off, len ); | |
259 | ne edsReset = true; | |
260 | } | |
261 | ||
262 | // upd ate the si gnature wi th the pla intext dat a. See JCA doc | |
263 | @Overr ide | |
264 | protec ted void e ngineUpdat e(ByteBuff er byteBuf fer) { | |
265 | in t len = by teBuffer.r emaining() ; | |
266 | if (len <= 0 ) { | |
267 | return; | |
268 | } | |
269 | ||
270 | me ssageDiges t.update(b yteBuffer) ; | |
271 | ne edsReset = true; | |
272 | } | |
273 | ||
274 | // sig n the data and retur n the sign ature. See JCA doc | |
275 | @Overr ide | |
276 | protec ted byte[] engineSig n() throws Signature Exception { | |
277 | by te[] s = p rivateKey. getS().toB yteArray() ; | |
278 | EC ParameterS pec params = private Key.getPar ams(); | |
279 | // DER OID | |
280 | by te[] encod edParams = ECUtil.en codeECPara meterSpec( null, para ms); | |
281 | in t keySize = params.g etCurve(). getField() .getFieldS ize(); | |
282 | ||
283 | // seed is t wice the k ey size (i n bytes) p lus 1 | |
284 | by te[] seed = new byte [(((keySiz e + 7) >> 3) + 1) * 2]; | |
285 | if (random = = null) { | |
286 | random = JCAUtil.g etSecureRa ndom(); | |
287 | } | |
288 | ra ndom.nextB ytes(seed) ; | |
289 | ||
290 | // random bi ts needed for timing counterme asures | |
291 | in t timingAr gument = r andom.next Int(); | |
292 | // values mu st be non- zero to en able count ermeasures | |
293 | ti mingArgume nt |= 1; | |
294 | ||
295 | tr y { | |
296 | return e ncodeSigna ture( | |
297 | sign Digest(get DigestValu e(), s, en codedParam s, seed, | |
298 | timingArgu ment)); | |
299 | } catch (Gen eralSecuri tyExceptio n e) { | |
300 | throw ne w Signatur eException ("Could no t sign dat a", e); | |
301 | } | |
302 | } | |
303 | ||
304 | // ver ify the da ta and ret urn the re sult. See JCA doc | |
305 | @Overr ide | |
306 | protec ted boolea n engineVe rify(byte[ ] signatur e) throws SignatureE xception { | |
307 | ||
308 | by te[] w; | |
309 | EC ParameterS pec params = publicK ey.getPara ms(); | |
310 | // DER OID | |
311 | by te[] encod edParams = ECUtil.en codeECPara meterSpec( null, para ms); | |
312 | ||
313 | if (publicKe y instance of ECPubli cKeyImpl) { | |
314 | w = ((EC PublicKeyI mpl)public Key).getEn codedPubli cValue(); | |
315 | } else { // instanceof ECPublicK ey | |
316 | w = ECUt il.encodeP oint(publi cKey.getW( ), params. getCurve() ); | |
317 | } | |
318 | ||
319 | tr y { | |
320 | ||
321 | return v erifySigne dDigest( | |
322 | deco deSignatur e(signatur e), getDig estValue() , w, encod edParams); | |
323 | ||
324 | } catch (Gen eralSecuri tyExceptio n e) { | |
325 | throw ne w Signatur eException ("Could no t verify s ignature", e); | |
326 | } | |
327 | } | |
328 | ||
329 | // set parameter , not supp orted. See JCA doc | |
330 | @Overr ide | |
331 | @Depre cated | |
332 | protec ted void e ngineSetPa rameter(St ring param , Object v alue) | |
333 | throws I nvalidPara meterExcep tion { | |
334 | th row new Un supportedO perationEx ception("s etParamete r() not su pported"); | |
335 | } | |
336 | ||
337 | // get parameter , not supp orted. See JCA doc | |
338 | @Overr ide | |
339 | @Depre cated | |
340 | protec ted Object engineGet Parameter( String par am) | |
341 | throws I nvalidPara meterExcep tion { | |
342 | th row new Un supportedO perationEx ception("g etParamete r() not su pported"); | |
343 | } | |
344 | ||
345 | // Con vert the c oncatenati on of R an d S into t heir DER e ncoding | |
346 | privat e byte[] e ncodeSigna ture(byte[ ] signatur e) throws SignatureE xception { | |
347 | ||
348 | tr y { | |
349 | ||
350 | int n = signature. length >> 1; | |
351 | byte[] b ytes = new byte[n]; | |
352 | System.a rraycopy(s ignature, 0, bytes, 0, n); | |
353 | BigInteg er r = new BigIntege r(1, bytes ); | |
354 | System.a rraycopy(s ignature, n, bytes, 0, n); | |
355 | BigInteg er s = new BigIntege r(1, bytes ); | |
356 | ||
357 | DerOutpu tStream ou t = new De rOutputStr eam(signat ure.length + 10); | |
358 | out.putI nteger(r); | |
359 | out.putI nteger(s); | |
360 | DerValue result = | |
361 | new DerValue(D erValue.ta g_Sequence , out.toBy teArray()) ; | |
362 | ||
363 | return r esult.toBy teArray(); | |
364 | ||
365 | } catch (Exc eption e) { | |
366 | throw ne w Signatur eException ("Could no t encode s ignature", e); | |
367 | } | |
368 | } | |
369 | ||
370 | // Con vert the D ER encodin g of R and S into a concatenat ion of R a nd S | |
371 | privat e byte[] d ecodeSigna ture(byte[ ] sig) thr ows Signat ureExcepti on { | |
372 | ||
373 | tr y { | |
374 | // Enfor ce strict DER checki ng for sig natures | |
375 | DerInput Stream in = new DerI nputStream (sig, 0, s ig.length, false); | |
376 | DerValue [] values = in.getSe quence(2); | |
377 | ||
378 | // check number of component s in the r ead sequen ce | |
379 | // and t railing da ta | |
380 | if ((val ues.length != 2) || (in.availa ble() != 0 )) { | |
381 | thro w new IOEx ception("I nvalid enc oding for signature" ); | |
382 | } | |
383 | ||
384 | BigInteg er r = val ues[0].get PositiveBi gInteger() ; | |
385 | BigInteg er s = val ues[1].get PositiveBi gInteger() ; | |
386 | ||
387 | // trim leading ze roes | |
388 | byte[] r Bytes = tr imZeroes(r .toByteArr ay()); | |
389 | byte[] s Bytes = tr imZeroes(s .toByteArr ay()); | |
390 | int k = Math.max(r Bytes.leng th, sBytes .length); | |
391 | // r and s each oc cupy half the array | |
392 | byte[] r esult = ne w byte[k < < 1]; | |
393 | System.a rraycopy(r Bytes, 0, result, k - rBytes.l ength, | |
394 | rByt es.length) ; | |
395 | System.a rraycopy(s Bytes, 0, result, re sult.lengt h - sBytes .length, | |
396 | sByt es.length) ; | |
397 | return r esult; | |
398 | ||
399 | } catch (Exc eption e) { | |
400 | throw ne w Signatur eException ("Invalid encoding f or signatu re", e); | |
401 | } | |
402 | } | |
403 | ||
404 | // tri m leading (most sign ificant) z eroes from the resul t | |
405 | privat e static b yte[] trim Zeroes(byt e[] b) { | |
406 | in t i = 0; | |
407 | wh ile ((i < b.length - 1) && (b[ i] == 0)) { | |
408 | i++; | |
409 | } | |
410 | if (i == 0) { | |
411 | return b ; | |
412 | } | |
413 | by te[] t = n ew byte[b. length - i ]; | |
414 | Sy stem.array copy(b, i, t, 0, t.l ength); | |
415 | re turn t; | |
416 | } | |
417 | ||
418 | /** | |
419 | * Sig ns the dig est using the privat e key. | |
420 | * | |
421 | * @pa ram digest the diges t to be si gned. | |
422 | * @pa ram s the private ke y's S valu e. | |
423 | * @pa ram encode dParams th e curve's DER encode d object i dentifier. | |
424 | * @pa ram seed t he random seed. | |
425 | * @pa ram timing When non- zero, the implmentat ion will u se timing | |
426 | * countermea sures to h ide PW s from tim ing channe ls. The EC | |
427 | * implement ation will disable t he counter measures w hen this v alue is | |
428 | * zero, bec ause the u nderlying EC functio ns are sha red by sev eral | |
429 | * crypto op erations, some of wh ich do not use the c ountermeas ures. | |
430 | * The high- order 31 b its must b e uniforml y random. The entrop y from | |
431 | * these bit s is used by the cou ntermeasur es. | |
432 | * | |
433 | * @re turn byte[ ] the sign ature. | |
434 | */ | |
435 | privat e static n ative byte [] signDig est(byte[] digest, b yte[] s, | |
436 | by te[] encod edParams, byte[] see d, int tim ing) | |
437 | throws G eneralSecu rityExcept ion; | |
438 | ||
439 | /** | |
440 | * Ver ifies the signed dig est using the public key. | |
441 | * | |
442 | * @pa ram signed Digest the signature to be ver ified. It is encoded | |
443 | * as a c oncatenati on of the key's R an d S values . | |
444 | * @pa ram digest the diges t to be us ed. | |
445 | * @pa ram w the public key 's W point (in uncom pressed fo rm). | |
446 | * @pa ram encode dParams th e curve's DER encode d object i dentifier. | |
447 | * | |
448 | * @re turn boole an true if the signa ture is su ccessfully verified. | |
449 | */ | |
450 | privat e static n ative bool ean verify SignedDige st(byte[] signature, | |
451 | by te[] diges t, byte[] w, byte[] encodedPar ams) | |
452 | throws G eneralSecu rityExcept ion; | |
453 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.