1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 package sun.security.rsa; 26 27 import java.security.*; 28 29 /** 30 * This class implements the MGF1 mask generation function defined in PKCS#1 31 * v2.2 B.2.1 (https://tools.ietf.org/html/rfc8017#appendix-B.2.1). A mask 32 * generation function takes an octet string of variable length and a 33 * desired output length as input and outputs an octet string of the 34 * desired length. MGF1 is a mask generation function based on a hash 35 * function, i.e. message digest algorithm. 36 * 37 * @since 11 38 */ 39 public final class MGF1 { 40 41 private final MessageDigest md; 42 43 /** 44 * Construct an instance of MGF1 based on the specified digest algorithm. 45 */ MGF1(String mdAlgo)46 MGF1(String mdAlgo) throws NoSuchAlgorithmException { 47 this.md = MessageDigest.getInstance(mdAlgo); 48 } 49 50 /** 51 * Using the specified seed bytes, generate the mask, xor the mask 52 * with the specified output buffer and store the result into the 53 * output buffer (essentially replaced in place). 54 * 55 * @param seed the buffer holding the seed bytes 56 * @param seedOfs the index of the seed bytes 57 * @param seedLen the length of the seed bytes to be used by MGF1 58 * @param maskLen the intended length of the generated mask 59 * @param out the output buffer holding the mask 60 * @param outOfs the index of the output buffer for the mask 61 */ generateAndXor(byte[] seed, int seedOfs, int seedLen, int maskLen, byte[] out, int outOfs)62 void generateAndXor(byte[] seed, int seedOfs, int seedLen, int maskLen, 63 byte[] out, int outOfs) throws RuntimeException { 64 byte[] C = new byte[4]; // 32 bit counter 65 byte[] digest = new byte[md.getDigestLength()]; 66 while (maskLen > 0) { 67 md.update(seed, seedOfs, seedLen); 68 md.update(C); 69 try { 70 md.digest(digest, 0, digest.length); 71 } catch (DigestException e) { 72 // should never happen 73 throw new RuntimeException(e.toString()); 74 } 75 for (int i = 0; (i < digest.length) && (maskLen > 0); maskLen--) { 76 out[outOfs++] ^= digest[i++]; 77 } 78 if (maskLen > 0) { 79 // increment counter 80 for (int i = C.length - 1; (++C[i] == 0) && (i > 0); i--) { 81 // empty 82 } 83 } 84 } 85 } 86 87 /** 88 * Returns the name of this MGF1 instance, i.e. "MGF1" followed by the 89 * digest algorithm it based on. 90 */ getName()91 String getName() { 92 return "MGF1" + md.getAlgorithm(); 93 } 94 } 95