gnu.crypto.mac
Interface IMac

All Superinterfaces:

java.lang.Cloneable

All Known Implementing Classes:

BaseMac

public interface IMac

extends java.lang.Cloneable

The basic visible methods of any MAC (Message Authentication Code) algorithm.

A MAC provides a way to check the integrity of information transmitted over, or stored in, an unreliable medium, based on a secret key. Typically, MACs are used between two parties, that share a common secret key, in order to validate information transmitted between them.

When a MAC algorithm is based on a cryptographic hash function, it is then called to a HMAC (Hashed Message Authentication Code) --see RFC-2104.

Another type of MAC algorithms exist: UMAC or Universal Message Authentication Code, described in draft-krovetz-umac-01.txt.

With UMACs, the sender and receiver share a common secret key (the MAC key) which determines:

• The key for a universal hash function. This hash function is non-cryptographic, in the sense that it does not need to have any cryptographic hardness property. Rather, it needs to satisfy some combinatorial property, which can be proven to hold without relying on unproven hardness assumptions.
• The key for a pseudorandom function. This is where one needs a cryptographic hardness assumption. The pseudorandom function may be obtained from a block cipher or a cryptographic hash function.

References:

1. RFC 2104HMAC: Keyed-Hashing for Message Authentication.
   H. Krawczyk, M. Bellare, and R. Canetti.
2. UMAC: Message Authentication Code using Universal Hashing.
   T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.

Version:

$Revision: 1.2 $

Field Summary

static java.lang.String	MAC_KEY_MATERIAL Property name of the user-supplied key material.
static java.lang.String	TRUNCATED_SIZE Property name of the desired truncated output size in bytes.

Method Summary

java.lang.Object	clone() Returns a clone copy of this instance.
byte[]	digest() Completes the MAC by performing final operations such as padding and resetting the instance.
void	init(java.util.Map attributes) Initialises the algorithm with designated attributes.
int	macSize() Returns the output length in bytes of this MAC algorithm.
java.lang.String	name() Returns the canonical name of this algorithm.
void	reset() Resets the algorithm instance for re-initialisation and use with other characteristics.
boolean	selfTest() A basic test.
void	update(byte b) Continues a MAC operation using the input byte.
void	update(byte[] in, int offset, int length) Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation.

Field Detail

MAC_KEY_MATERIAL

public static final java.lang.String MAC_KEY_MATERIAL

Property name of the user-supplied key material. The value associated to this property name is taken to be a byte array.

See Also:

Constant Field Values

TRUNCATED_SIZE

public static final java.lang.String TRUNCATED_SIZE

Property name of the desired truncated output size in bytes. The value associated to this property name is taken to be an integer. If no value is specified in the attributes map at initialisation time, then all bytes of the underlying hash algorithm's output are emitted.

This implementation, follows the recommendation of the RFC 2104 authors; specifically:

    We recommend that the output length t be not less than half the
    length of the hash output (to match the birthday attack bound)
    and not less than 80 bits (a suitable lower bound on the number
    of bits that need to be predicted by an attacker).
 

See Also:

Constant Field Values

Method Detail

name

public java.lang.String name()

Returns the canonical name of this algorithm.

Returns:

the canonical name of this algorithm.

macSize

public int macSize()

Returns the output length in bytes of this MAC algorithm.

Returns:

the output length in bytes of this MAC algorithm.

init

public void init(java.util.Map attributes)
          throws java.security.InvalidKeyException,
                 java.lang.IllegalStateException

Initialises the algorithm with designated attributes. Permissible names and values are described in the class documentation above.

Parameters:

attributes - a set of name-value pairs that describe the desired future instance behaviour.

Throws:

java.security.InvalidKeyException - if the key data is invalid.

java.lang.IllegalStateException - if the instance is already initialised.

See Also:

MAC_KEY_MATERIAL

update

public void update(byte b)

Continues a MAC operation using the input byte.

Parameters:

b - the input byte to digest.

update

public void update(byte[] in,
                   int offset,
                   int length)

Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation.

Parameters:

in - the input block.

offset - start of meaningful bytes in input block.

length - number of bytes, in input block, to consider.

digest

public byte[] digest()

Completes the MAC by performing final operations such as padding and resetting the instance.

Returns:

the array of bytes representing the MAC value.

reset

public void reset()

Resets the algorithm instance for re-initialisation and use with other characteristics. This method always succeeds.

selfTest

public boolean selfTest()

A basic test. Ensures that the MAC of a pre-determined message is equal to a known pre-computed value.

Returns:

true if the implementation passes a basic self-test. Returns false otherwise.

clone

public java.lang.Object clone()

Returns a clone copy of this instance.

Returns:

a clone copy of this instance.