| Frames | No Frames |
1: /* IMac.java -- 2: Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. 3: 4: This file is a part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2 of the License, or (at 9: your option) any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; if not, write to the Free Software 18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 19: USA 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package gnu.javax.crypto.mac; 40: 41: import java.security.InvalidKeyException; 42: import java.util.Map; 43: 44: /** 45: * The basic visible methods of any MAC (Message Authentication Code) algorithm. 46: * <p> 47: * A <i>MAC</i> provides a way to check the integrity of information 48: * transmitted over, or stored in, an unreliable medium, based on a secret key. 49: * Typically, <i>MAC</i>s are used between two parties, that share a common 50: * secret key, in order to validate information transmitted between them. 51: * <p> 52: * When a <i>MAC</i> algorithm is based on a cryptographic hash function, it is 53: * then called to a <i>HMAC</i> (Hashed Message Authentication Code) --see <a 54: * href="http://www.ietf.org/rfc/rfc-2104.txt">RFC-2104</a>. 55: * <p> 56: * Another type of <i>MAC</i> algorithms exist: UMAC or <i>Universal Message 57: * Authentication Code</i>, described in <a 58: * href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> 59: * draft-krovetz-umac-01.txt</a>. 60: * <p> 61: * With <i>UMAC</i>s, the sender and receiver share a common secret key (the 62: * <i>MAC</i> key) which determines: 63: * <ul> 64: * <li>The key for a <i>universal hash function</i>. This hash function is 65: * <i>non-cryptographic</i>, in the sense that it does not need to have any 66: * cryptographic <i>hardness</i> property. Rather, it needs to satisfy some 67: * combinatorial property, which can be proven to hold without relying on 68: * unproven hardness assumptions.</li> 69: * <li>The key for a <i>pseudorandom function</i>. This is where one needs a 70: * cryptographic hardness assumption. The pseudorandom function may be obtained 71: * from a <i>block cipher</i> or a <i>cryptographic hash function</i>. </li> 72: * </ul> 73: * <p> 74: * References: 75: * <ol> 76: * <li><a href="http://www.ietf.org/rfc/rfc-2104.txt">RFC 2104</a>HMAC: 77: * Keyed-Hashing for Message Authentication.<br> 78: * H. Krawczyk, M. Bellare, and R. Canetti.</li> 79: * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> 80: * UMAC</a>: Message Authentication Code using Universal Hashing.<br> 81: * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> 82: * </ol> 83: */ 84: public interface IMac 85: { 86: /** 87: * Property name of the user-supplied key material. The value associated to 88: * this property name is taken to be a byte array. 89: */ 90: String MAC_KEY_MATERIAL = "gnu.crypto.mac.key.material"; 91: /** 92: * Property name of the desired truncated output size in bytes. The value 93: * associated to this property name is taken to be an integer. If no value is 94: * specified in the attributes map at initialisation time, then all bytes of 95: * the underlying hash algorithm's output are emitted. 96: * <p> 97: * This implementation, follows the recommendation of the <i>RFC 2104</i> 98: * authors; specifically: 99: * <pre> 100: * We recommend that the output length t be not less than half the 101: * length of the hash output (to match the birthday attack bound) 102: * and not less than 80 bits (a suitable lower bound on the number 103: * of bits that need to be predicted by an attacker). 104: * </pre> 105: */ 106: String TRUNCATED_SIZE = "gnu.crypto.mac.truncated.size"; 107: 108: /** 109: * Returns the canonical name of this algorithm. 110: * 111: * @return the canonical name of this algorithm. 112: */ 113: String name(); 114: 115: /** 116: * Returns the output length in bytes of this <i>MAC</i> algorithm. 117: * 118: * @return the output length in bytes of this <i>MAC</i> algorithm. 119: */ 120: int macSize(); 121: 122: /** 123: * Initialises the algorithm with designated attributes. Permissible names and 124: * values are described in the class documentation above. 125: * 126: * @param attributes a set of name-value pairs that describe the desired 127: * future instance behaviour. 128: * @exception InvalidKeyException if the key data is invalid. 129: * @exception IllegalStateException if the instance is already initialised. 130: * @see #MAC_KEY_MATERIAL 131: */ 132: void init(Map attributes) throws InvalidKeyException, IllegalStateException; 133: 134: /** 135: * Continues a <i>MAC</i> operation using the input byte. 136: * 137: * @param b the input byte to digest. 138: */ 139: void update(byte b); 140: 141: /** 142: * Continues a <i>MAC</i> operation, by filling the buffer, processing data 143: * in the algorithm's MAC_SIZE-bit block(s), updating the context and count, 144: * and buffering the remaining bytes in buffer for the next operation. 145: * 146: * @param in the input block. 147: * @param offset start of meaningful bytes in input block. 148: * @param length number of bytes, in input block, to consider. 149: */ 150: void update(byte[] in, int offset, int length); 151: 152: /** 153: * Completes the <i>MAC</i> by performing final operations such as padding 154: * and resetting the instance. 155: * 156: * @return the array of bytes representing the <i>MAC</i> value. 157: */ 158: byte[] digest(); 159: 160: /** 161: * Resets the algorithm instance for re-initialisation and use with other 162: * characteristics. This method always succeeds. 163: */ 164: void reset(); 165: 166: /** 167: * A basic test. Ensures that the MAC of a pre-determined message is equal to 168: * a known pre-computed value. 169: * 170: * @return <code>true</code> if the implementation passes a basic self-test. 171: * Returns <code>false</code> otherwise. 172: */ 173: boolean selfTest(); 174: 175: /** 176: * Returns a clone copy of this instance. 177: * 178: * @return a clone copy of this instance. 179: */ 180: Object clone() throws CloneNotSupportedException; 181: }