Examples of java.security.spec.PSSParameterSpec

• java.security.spec.PSSParameterSpec
  etf.org/rfc/rfc3447.txt">PKCS#1 v2.1 standard.

  Its ASN.1 definition in PKCS#1 standard is described below:

   RSASSA-PSS-params ::= SEQUENCE { hashAlgorithm      [0] OAEP-PSSDigestAlgorithms  DEFAULT sha1, maskGenAlgorithm   [1] PKCS1MGFAlgorithms  DEFAULT mgf1SHA1, saltLength         [2] INTEGER  DEFAULT 20, trailerField       [3] INTEGER  DEFAULT 1 } 

  where

   OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= { { OID id-sha1 PARAMETERS NULL   }| { OID id-sha256 PARAMETERS NULL }| { OID id-sha384 PARAMETERS NULL }| { OID id-sha512 PARAMETERS NULL }, ...  -- Allows for future expansion -- } PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= { { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms }, ...  -- Allows for future expansion -- } 

  Note: the PSSParameterSpec.DEFAULT uses the following: message digest -- "SHA-1" mask generation function (mgf) -- "MGF1" parameters for mgf -- MGF1ParameterSpec.SHA1 SaltLength -- 20 TrailerField -- 1 @see MGF1ParameterSpec @see AlgorithmParameterSpec @see java.security.Signature @author Valerie Peng @version 1.9 06/07/20 @since 1.4

    static public class SHA384withRSA
        extends JDKPSSSigner
    {
        public SHA384withRSA()
        {
            super(new RSABlindedEngine(), new PSSParameterSpec("SHA-384", "MGF1", new MGF1ParameterSpec("SHA-384"), 48, 1));
        }

    static public class SHA512withRSA
        extends JDKPSSSigner
    {
        public SHA512withRSA()
        {
            super(new RSABlindedEngine(), new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 64, 1));
        }

         * Return the PKCS#1 ASN.1 structure RSASSA-PSS-params.
         */
        protected byte[] engineGetEncoded()
            throws IOException
        {
            PSSParameterSpec    pssSpec = currentSpec;
            AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(
                                                JCEDigestUtil.getOID(pssSpec.getDigestAlgorithm()),
                                                new DERNull());
            MGF1ParameterSpec   mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters();
            AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier(
                                                PKCSObjectIdentifiers.id_mgf1,
                                                new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), new DERNull()));
            RSASSAPSSparams     pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new DERInteger(pssSpec.getSaltLength()), new DERInteger(pssSpec.getTrailerField()));

            return pssP.getEncoded("DER");
        }

        {
            try
            {
                RSASSAPSSparams pssP = new RSASSAPSSparams((ASN1Sequence)ASN1Object.fromByteArray(params));

                currentSpec = new PSSParameterSpec(
                                       pssP.getHashAlgorithm().getObjectId().getId(),
                                       pssP.getMaskGenAlgorithm().getObjectId().getId(),
                                       new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getObjectId().getId()),
                                       pssP.getSaltLength().getValue().intValue(),
                                       pssP.getTrailerField().getValue().intValue());

        if (engineParams == null)
        {
            try
            {
                engineParams = AlgorithmParameters.getInstance("PSS", "BC");
                engineParams.init(new PSSParameterSpec(saltLength));
            }
            catch (Exception e)
            {
                throw new RuntimeException(e.toString());
            }

         */
        protected byte[] engineGetEncoded()
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);
            PSSParameterSpec    pssSpec = (PSSParameterSpec)currentSpec;
            RSASSAPSSparams     pssP = new RSASSAPSSparams(RSASSAPSSparams.DEFAULT_HASH_ALGORITHM, RSASSAPSSparams.DEFAULT_MASK_GEN_FUNCTION, new DERInteger(pssSpec.getSaltLength()), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
            try
            {
                dOut.writeObject(pssP);
                dOut.close();
            }

            try
            {
                RSASSAPSSparams pssP = new RSASSAPSSparams((ASN1Sequence)aIn.readObject());

                currentSpec = new PSSParameterSpec(
                                       pssP.getSaltLength().getValue().intValue());
            }
            catch (ClassCastException e)
            {
                throw new IOException("Not a valid PSS Parameter encoding.");

    // The JCE crypto provider uses different alg names

    String internalAlgName;

    PSSParameterSpec pssSpec = null;

    if (alg.equals(JWSAlgorithm.RS256)) {

      internalAlgName = "SHA256withRSA";

    } else if (alg.equals(JWSAlgorithm.RS384)) {

      internalAlgName = "SHA384withRSA";

    } else if (alg.equals(JWSAlgorithm.RS512)) {

      internalAlgName = "SHA512withRSA";

    } else if (alg.equals(JWSAlgorithm.PS256)) {

      internalAlgName = "SHA256withRSAandMGF1";

      // JWA mandates salt length must equal hash
      pssSpec = new PSSParameterSpec("SHA256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);

    } else if (alg.equals(JWSAlgorithm.PS384)) {

      internalAlgName = "SHA384withRSAandMGF1";

      // JWA mandates salt length must equal hash
      pssSpec = new PSSParameterSpec("SHA384", "MGF1", MGF1ParameterSpec.SHA384, 48, 1);

    } else if (alg.equals(JWSAlgorithm.PS512)) {

      internalAlgName = "SHA512withRSAandMGF1";

      // JWA mandates salt length must equal hash
      pssSpec = new PSSParameterSpec("SHA512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1);

    } else {

      throw new JOSEException("Unsupported RSASSA algorithm, must be RS256, RS384, RS512, PS256, PS384 or PS512");
    }