1 |
769 |
jeremybenn |
/* UMacGenerator.java --
|
2 |
|
|
Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
|
3 |
|
|
|
4 |
|
|
This file is a part of GNU Classpath.
|
5 |
|
|
|
6 |
|
|
GNU Classpath is free software; you can redistribute it and/or modify
|
7 |
|
|
it under the terms of the GNU General Public License as published by
|
8 |
|
|
the Free Software Foundation; either version 2 of the License, or (at
|
9 |
|
|
your option) any later version.
|
10 |
|
|
|
11 |
|
|
GNU Classpath is distributed in the hope that it will be useful, but
|
12 |
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 |
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
14 |
|
|
General Public License for more details.
|
15 |
|
|
|
16 |
|
|
You should have received a copy of the GNU General Public License
|
17 |
|
|
along with GNU Classpath; if not, write to the Free Software
|
18 |
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
|
19 |
|
|
USA
|
20 |
|
|
|
21 |
|
|
Linking this library statically or dynamically with other modules is
|
22 |
|
|
making a combined work based on this library. Thus, the terms and
|
23 |
|
|
conditions of the GNU General Public License cover the whole
|
24 |
|
|
combination.
|
25 |
|
|
|
26 |
|
|
As a special exception, the copyright holders of this library give you
|
27 |
|
|
permission to link this library with independent modules to produce an
|
28 |
|
|
executable, regardless of the license terms of these independent
|
29 |
|
|
modules, and to copy and distribute the resulting executable under
|
30 |
|
|
terms of your choice, provided that you also meet, for each linked
|
31 |
|
|
independent module, the terms and conditions of the license of that
|
32 |
|
|
module. An independent module is a module which is not derived from
|
33 |
|
|
or based on this library. If you modify this library, you may extend
|
34 |
|
|
this exception to your version of the library, but you are not
|
35 |
|
|
obligated to do so. If you do not wish to do so, delete this
|
36 |
|
|
exception statement from your version. */
|
37 |
|
|
|
38 |
|
|
|
39 |
|
|
package gnu.javax.crypto.prng;
|
40 |
|
|
|
41 |
|
|
import gnu.java.security.Registry;
|
42 |
|
|
import gnu.java.security.prng.BasePRNG;
|
43 |
|
|
import gnu.java.security.prng.LimitReachedException;
|
44 |
|
|
import gnu.javax.crypto.cipher.CipherFactory;
|
45 |
|
|
import gnu.javax.crypto.cipher.IBlockCipher;
|
46 |
|
|
|
47 |
|
|
import java.util.HashMap;
|
48 |
|
|
import java.util.Iterator;
|
49 |
|
|
import java.util.Map;
|
50 |
|
|
import java.security.InvalidKeyException;
|
51 |
|
|
|
52 |
|
|
/**
|
53 |
|
|
* <i>KDF</i>s (Key Derivation Functions) are used to stretch user-supplied key
|
54 |
|
|
* material to specific size(s) required by high level cryptographic primitives.
|
55 |
|
|
* Described in the <A
|
56 |
|
|
* HREF="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">UMAC</A>
|
57 |
|
|
* paper, this function basically operates an underlying <em>symmetric key block
|
58 |
|
|
* cipher</em> instance in output feedback mode (OFB), as a <b>strong</b>
|
59 |
|
|
* pseudo-random number generator.
|
60 |
|
|
* <p>
|
61 |
|
|
* <code>UMacGenerator</code> requires an <em>index</em> parameter
|
62 |
|
|
* (initialisation parameter <code>gnu.crypto.prng.umac.kdf.index</code> taken
|
63 |
|
|
* to be an instance of {@link Integer} with a value between <code>0</code> and
|
64 |
|
|
* <code>255</code>). Using the same key, but different indices, generates
|
65 |
|
|
* different pseudorandom outputs.
|
66 |
|
|
* <p>
|
67 |
|
|
* This implementation generalises the definition of the
|
68 |
|
|
* <code>UmacGenerator</code> algorithm to allow for other than the AES
|
69 |
|
|
* symetric key block cipher algorithm (initialisation parameter
|
70 |
|
|
* <code>gnu.crypto.prng.umac.cipher.name</code> taken to be an instance of
|
71 |
|
|
* {@link String}). If such a parameter is not defined/included in the
|
72 |
|
|
* initialisation <code>Map</code>, then the "Rijndael" algorithm is used.
|
73 |
|
|
* Furthermore, if the initialisation parameter
|
74 |
|
|
* <code>gnu.crypto.cipher.block.size</code> (taken to be a instance of
|
75 |
|
|
* {@link Integer}) is missing or undefined in the initialisation
|
76 |
|
|
* <code>Map</code>, then the cipher's <em>default</em> block size is used.
|
77 |
|
|
* <p>
|
78 |
|
|
* <b>NOTE</b>: Rijndael is used as the default symmetric key block cipher
|
79 |
|
|
* algorithm because, with its default block and key sizes, it is the AES. Yet
|
80 |
|
|
* being Rijndael, the algorithm offers more versatile block and key sizes which
|
81 |
|
|
* may prove to be useful for generating "longer" key streams.
|
82 |
|
|
* <p>
|
83 |
|
|
* References:
|
84 |
|
|
* <ol>
|
85 |
|
|
* <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">
|
86 |
|
|
* UMAC</a>: Message Authentication Code using Universal Hashing.<br>
|
87 |
|
|
* T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li>
|
88 |
|
|
* </ol>
|
89 |
|
|
*/
|
90 |
|
|
public class UMacGenerator
|
91 |
|
|
extends BasePRNG
|
92 |
|
|
implements Cloneable
|
93 |
|
|
{
|
94 |
|
|
/**
|
95 |
|
|
* Property name of the KDF <code>index</code> value to use in this
|
96 |
|
|
* instance. The value is taken to be an {@link Integer} less than
|
97 |
|
|
* <code>256</code>.
|
98 |
|
|
*/
|
99 |
|
|
public static final String INDEX = "gnu.crypto.prng.umac.index";
|
100 |
|
|
/** The name of the underlying symmetric key block cipher algorithm. */
|
101 |
|
|
public static final String CIPHER = "gnu.crypto.prng.umac.cipher.name";
|
102 |
|
|
/** The generator's underlying block cipher. */
|
103 |
|
|
private IBlockCipher cipher;
|
104 |
|
|
|
105 |
|
|
/** Trivial 0-arguments constructor. */
|
106 |
|
|
public UMacGenerator()
|
107 |
|
|
{
|
108 |
|
|
super(Registry.UMAC_PRNG);
|
109 |
|
|
}
|
110 |
|
|
|
111 |
|
|
public void setup(Map attributes)
|
112 |
|
|
{
|
113 |
|
|
boolean newCipher = true;
|
114 |
|
|
String cipherName = (String) attributes.get(CIPHER);
|
115 |
|
|
if (cipherName == null)
|
116 |
|
|
if (cipher == null) // happy birthday
|
117 |
|
|
cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER);
|
118 |
|
|
else // we already have one. use it as is
|
119 |
|
|
newCipher = false;
|
120 |
|
|
else
|
121 |
|
|
cipher = CipherFactory.getInstance(cipherName);
|
122 |
|
|
// find out what block size we should use it in
|
123 |
|
|
int cipherBlockSize = 0;
|
124 |
|
|
Integer bs = (Integer) attributes.get(IBlockCipher.CIPHER_BLOCK_SIZE);
|
125 |
|
|
if (bs != null)
|
126 |
|
|
cipherBlockSize = bs.intValue();
|
127 |
|
|
else
|
128 |
|
|
{
|
129 |
|
|
if (newCipher) // assume we'll use its default block size
|
130 |
|
|
cipherBlockSize = cipher.defaultBlockSize();
|
131 |
|
|
// else use as is
|
132 |
|
|
}
|
133 |
|
|
// get the key material
|
134 |
|
|
byte[] key = (byte[]) attributes.get(IBlockCipher.KEY_MATERIAL);
|
135 |
|
|
if (key == null)
|
136 |
|
|
throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);
|
137 |
|
|
|
138 |
|
|
int keyLength = key.length;
|
139 |
|
|
// ensure that keyLength is valid for the chosen underlying cipher
|
140 |
|
|
boolean ok = false;
|
141 |
|
|
for (Iterator it = cipher.keySizes(); it.hasNext();)
|
142 |
|
|
{
|
143 |
|
|
ok = (keyLength == ((Integer) it.next()).intValue());
|
144 |
|
|
if (ok)
|
145 |
|
|
break;
|
146 |
|
|
}
|
147 |
|
|
if (! ok)
|
148 |
|
|
throw new IllegalArgumentException("key length");
|
149 |
|
|
// ensure that remaining params make sense
|
150 |
|
|
int index = -1;
|
151 |
|
|
Integer i = (Integer) attributes.get(INDEX);
|
152 |
|
|
if (i != null)
|
153 |
|
|
{
|
154 |
|
|
index = i.intValue();
|
155 |
|
|
if (index < 0 || index > 255)
|
156 |
|
|
throw new IllegalArgumentException(INDEX);
|
157 |
|
|
}
|
158 |
|
|
// now initialise the underlying cipher
|
159 |
|
|
Map map = new HashMap();
|
160 |
|
|
if (cipherBlockSize != 0) // only needed if new or changed
|
161 |
|
|
map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize));
|
162 |
|
|
map.put(IBlockCipher.KEY_MATERIAL, key);
|
163 |
|
|
try
|
164 |
|
|
{
|
165 |
|
|
cipher.init(map);
|
166 |
|
|
}
|
167 |
|
|
catch (InvalidKeyException x)
|
168 |
|
|
{
|
169 |
|
|
throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);
|
170 |
|
|
}
|
171 |
|
|
buffer = new byte[cipher.currentBlockSize()];
|
172 |
|
|
buffer[cipher.currentBlockSize() - 1] = (byte) index;
|
173 |
|
|
try
|
174 |
|
|
{
|
175 |
|
|
fillBlock();
|
176 |
|
|
}
|
177 |
|
|
catch (LimitReachedException impossible)
|
178 |
|
|
{
|
179 |
|
|
}
|
180 |
|
|
}
|
181 |
|
|
|
182 |
|
|
public void fillBlock() throws LimitReachedException
|
183 |
|
|
{
|
184 |
|
|
cipher.encryptBlock(buffer, 0, buffer, 0);
|
185 |
|
|
}
|
186 |
|
|
}
|