1 /*
2  * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 package sun.security.rsa;
26 
27 import java.security.*;
28 
29 /**
30  * This class implements the MGF1 mask generation function defined in PKCS#1
31  * v2.2 B.2.1 (https://tools.ietf.org/html/rfc8017#appendix-B.2.1). A mask
32  * generation function takes an octet string of variable length and a
33  * desired output length as input and outputs an octet string of the
34  * desired length. MGF1 is a mask generation function based on a hash
35  * function, i.e. message digest algorithm.
36  *
37  * @since   11
38  */
39 public final class MGF1 {
40 
41     private final MessageDigest md;
42 
43     /**
44      * Construct an instance of MGF1 based on the specified digest algorithm.
45      */
MGF1(String mdAlgo)46     MGF1(String mdAlgo) throws NoSuchAlgorithmException {
47         this.md = MessageDigest.getInstance(mdAlgo);
48     }
49 
50     /**
51      * Using the specified seed bytes, generate the mask, xor the mask
52      * with the specified output buffer and store the result into the
53      * output buffer (essentially replaced in place).
54      *
55      * @param seed the buffer holding the seed bytes
56      * @param seedOfs the index of the seed bytes
57      * @param seedLen the length of the seed bytes to be used by MGF1
58      * @param maskLen the intended length of the generated mask
59      * @param out the output buffer holding the mask
60      * @param outOfs the index of the output buffer for the mask
61      */
generateAndXor(byte[] seed, int seedOfs, int seedLen, int maskLen, byte[] out, int outOfs)62     void generateAndXor(byte[] seed, int seedOfs, int seedLen, int maskLen,
63             byte[] out, int outOfs) throws RuntimeException {
64         byte[] C = new byte[4]; // 32 bit counter
65         byte[] digest = new byte[md.getDigestLength()];
66         while (maskLen > 0) {
67             md.update(seed, seedOfs, seedLen);
68             md.update(C);
69             try {
70                 md.digest(digest, 0, digest.length);
71             } catch (DigestException e) {
72                 // should never happen
73                 throw new RuntimeException(e.toString());
74             }
75             for (int i = 0; (i < digest.length) && (maskLen > 0); maskLen--) {
76                 out[outOfs++] ^= digest[i++];
77             }
78             if (maskLen > 0) {
79                 // increment counter
80                 for (int i = C.length - 1; (++C[i] == 0) && (i > 0); i--) {
81                     // empty
82                 }
83             }
84         }
85     }
86 
87     /**
88      * Returns the name of this MGF1 instance, i.e. "MGF1" followed by the
89      * digest algorithm it based on.
90      */
getName()91     String getName() {
92         return "MGF1" + md.getAlgorithm();
93     }
94 }
95