gnu.crypto.mac
Interface IMac
- Cloneable
- BaseMac, HMac, TMMH16, UHash32, UMac32
public interface IMac
extends Cloneable
The basic visible methods of any MAC (Message Authentication Code)
algorithm.
A
MAC provides a way to check the integrity of information
transmitted over, or stored in, an unreliable medium, based on a secret key.
Typically,
MACs are used between two parties, that share a common
secret key, in order to validate information transmitted between them.
When a
MAC algorithm is based on a cryptographic hash function, it
is then called to a
HMAC (Hashed Message Authentication Code) --see
RFC-2104.
Another type of
MAC algorithms exist: UMAC or
Universal Message
Authentication Code, described in
draft-krovetz-umac-01.txt.
With
UMACs, the sender and receiver share a common secret key (the
MAC key) which determines:
- The key for a universal hash function. This hash function is
non-cryptographic, in the sense that it does not need to have any
cryptographic hardness property. Rather, it needs to satisfy some
combinatorial property, which can be proven to hold without relying on
unproven hardness assumptions.
- The key for a pseudorandom function. This is where one needs a
cryptographic hardness assumption. The pseudorandom function may be
obtained from a block cipher or a cryptographic hash function.
References:
- RFC 2104HMAC:
Keyed-Hashing for Message Authentication.
H. Krawczyk, M. Bellare, and R. Canetti.
-
UMAC: Message Authentication Code using Universal Hashing.
T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.
Version:
static String | MAC_KEY_MATERIAL - Property name of the user-supplied key material.
|
static String | TRUNCATED_SIZE - Property name of the desired truncated output size in bytes.
|
Object | clone() - Returns a clone copy of this instance.
|
byte[] | digest() - Completes the MAC by performing final operations such as
padding and resetting the instance.
|
void | init(Map attributes) - Initialises the algorithm with designated attributes.
|
int | macSize() - Returns the output length in bytes of this MAC algorithm.
|
String | name() - Returns the canonical name of this algorithm.
|
void | reset() - Resets the algorithm instance for re-initialisation and use with other
characteristics.
|
boolean | selfTest() - A basic test.
|
void | update(byte b) - Continues a MAC operation using the input byte.
|
void | update(byte[] in, int offset, int length) - Continues a MAC operation, by filling the buffer, processing
data in the algorithm's MAC_SIZE-bit block(s), updating the context and
count, and buffering the remaining bytes in buffer for the next
operation.
|
MAC_KEY_MATERIAL
public static final String MAC_KEY_MATERIAL
Property name of the user-supplied key material. The value associated to
this property name is taken to be a byte array.
TRUNCATED_SIZE
public static final String TRUNCATED_SIZE
Property name of the desired truncated output size in bytes. The value
associated to this property name is taken to be an integer. If no value
is specified in the attributes map at initialisation time, then all bytes
of the underlying hash algorithm's output are emitted.
This implementation, follows the recommendation of the
RFC 2104
authors; specifically:
We recommend that the output length t be not less than half the
length of the hash output (to match the birthday attack bound)
and not less than 80 bits (a suitable lower bound on the number
of bits that need to be predicted by an attacker).
clone
public Object clone()
Returns a clone copy of this instance.
- a clone copy of this instance.
digest
public byte[] digest()
Completes the MAC by performing final operations such as
padding and resetting the instance.
- the array of bytes representing the MAC value.
init
public void init(Map attributes)
throws InvalidKeyException,
IllegalStateException
Initialises the algorithm with designated attributes. Permissible names
and values are described in the class documentation above.
attributes
- a set of name-value pairs that describe the desired
future instance behaviour.
MAC_KEY_MATERIAL
macSize
public int macSize()
Returns the output length in bytes of this MAC algorithm.
- the output length in bytes of this MAC algorithm.
name
public String name()
Returns the canonical name of this algorithm.
- the canonical name of this algorithm.
reset
public void reset()
Resets the algorithm instance for re-initialisation and use with other
characteristics. This method always succeeds.
selfTest
public boolean selfTest()
A basic test. Ensures that the MAC of a pre-determined message is equal
to a known pre-computed value.
true
if the implementation passes a basic self-test.
Returns false
otherwise.
update
public void update(byte b)
Continues a MAC operation using the input byte.
b
- the input byte to digest.
update
public void update(byte[] in,
int offset,
int length)
Continues a MAC operation, by filling the buffer, processing
data in the algorithm's MAC_SIZE-bit block(s), updating the context and
count, and buffering the remaining bytes in buffer for the next
operation.
in
- the input block.offset
- start of meaningful bytes in input block.length
- number of bytes, in input block, to consider.
Copyright © 2001, 2002, 2003
Free Software Foundation,
Inc. All Rights Reserved.