Subversion Repositories openrisc

/* UMacGenerator.java --

   Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.

This file is a part of GNU Classpath.

GNU Classpath is free software; you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation; either version 2 of the License, or (at

your option) any later version.

GNU Classpath is distributed in the hope that it will be useful, but

WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

General Public License for more details.

You should have received a copy of the GNU General Public License

along with GNU Classpath; if not, write to the Free Software

Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301

USA

Linking this library statically or dynamically with other modules is

making a combined work based on this library.  Thus, the terms and

conditions of the GNU General Public License cover the whole

combination.

As a special exception, the copyright holders of this library give you

permission to link this library with independent modules to produce an

executable, regardless of the license terms of these independent

modules, and to copy and distribute the resulting executable under

terms of your choice, provided that you also meet, for each linked

independent module, the terms and conditions of the license of that

module.  An independent module is a module which is not derived from

or based on this library.  If you modify this library, you may extend

this exception to your version of the library, but you are not

obligated to do so.  If you do not wish to do so, delete this

exception statement from your version.  */

package gnu.javax.crypto.prng;

import gnu.java.security.Registry;

import gnu.java.security.prng.BasePRNG;

import gnu.java.security.prng.LimitReachedException;

import gnu.javax.crypto.cipher.CipherFactory;

import gnu.javax.crypto.cipher.IBlockCipher;

import java.util.HashMap;

import java.util.Iterator;

import java.util.Map;

import java.security.InvalidKeyException;

/**

 * <i>KDF</i>s (Key Derivation Functions) are used to stretch user-supplied key

 * material to specific size(s) required by high level cryptographic primitives.

 * Described in the <A

 * HREF="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">UMAC</A>

 * paper, this function basically operates an underlying <em>symmetric key block

 * cipher</em> instance in output feedback mode (OFB), as a <b>strong</b>

 * pseudo-random number generator.

 * <p>

 * <code>UMacGenerator</code> requires an <em>index</em> parameter

 * (initialisation parameter <code>gnu.crypto.prng.umac.kdf.index</code> taken

 * to be an instance of {@link Integer} with a value between <code>0</code> and

 * <code>255</code>). Using the same key, but different indices, generates

 * different pseudorandom outputs.

 * <p>

 * This implementation generalises the definition of the

 * <code>UmacGenerator</code> algorithm to allow for other than the AES

 * symetric key block cipher algorithm (initialisation parameter

 * <code>gnu.crypto.prng.umac.cipher.name</code> taken to be an instance of

 * {@link String}). If such a parameter is not defined/included in the

 * initialisation <code>Map</code>, then the "Rijndael" algorithm is used.

 * Furthermore, if the initialisation parameter

 * <code>gnu.crypto.cipher.block.size</code> (taken to be a instance of

 * {@link Integer}) is missing or undefined in the initialisation

 * <code>Map</code>, then the cipher's <em>default</em> block size is used.

 * <p>

 * <b>NOTE</b>: Rijndael is used as the default symmetric key block cipher

 * algorithm because, with its default block and key sizes, it is the AES. Yet

 * being Rijndael, the algorithm offers more versatile block and key sizes which

 * may prove to be useful for generating "longer" key streams.

 * <p>

 * References:

 * <ol>

 * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">

 * UMAC</a>: Message Authentication Code using Universal Hashing.<br>

 * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li>

 * </ol>

 */

public class UMacGenerator

    extends BasePRNG

    implements Cloneable

{

  /**

   * Property name of the KDF <code>index</code> value to use in this

   * instance. The value is taken to be an {@link Integer} less than

   * <code>256</code>.

   */

  public static final String INDEX = "gnu.crypto.prng.umac.index";

  /** The name of the underlying symmetric key block cipher algorithm. */

  public static final String CIPHER = "gnu.crypto.prng.umac.cipher.name";

  /** The generator's underlying block cipher. */

  private IBlockCipher cipher;

  /** Trivial 0-arguments constructor. */

  public UMacGenerator()

  {

    super(Registry.UMAC_PRNG);

  }

  public void setup(Map attributes)

  {

    boolean newCipher = true;

    String cipherName = (String) attributes.get(CIPHER);

    if (cipherName == null)

      if (cipher == null) // happy birthday

        cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER);

      else // we already have one. use it as is

        newCipher = false;

    else

      cipher = CipherFactory.getInstance(cipherName);

    // find out what block size we should use it in

    int cipherBlockSize = 0;

    Integer bs = (Integer) attributes.get(IBlockCipher.CIPHER_BLOCK_SIZE);

    if (bs != null)

      cipherBlockSize = bs.intValue();

    else

      {

        if (newCipher) // assume we'll use its default block size

          cipherBlockSize = cipher.defaultBlockSize();

        // else use as is

      }

    // get the key material

    byte[] key = (byte[]) attributes.get(IBlockCipher.KEY_MATERIAL);

    if (key == null)

      throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);

    int keyLength = key.length;

    // ensure that keyLength is valid for the chosen underlying cipher

    boolean ok = false;

    for (Iterator it = cipher.keySizes(); it.hasNext();)

      {

        ok = (keyLength == ((Integer) it.next()).intValue());

        if (ok)

          break;

      }

    if (! ok)

      throw new IllegalArgumentException("key length");

    // ensure that remaining params make sense

    int index = -1;

    Integer i = (Integer) attributes.get(INDEX);

    if (i != null)

      {

        index = i.intValue();

        if (index < 0 || index > 255)

          throw new IllegalArgumentException(INDEX);

      }

    // now initialise the underlying cipher

    Map map = new HashMap();

    if (cipherBlockSize != 0) // only needed if new or changed

      map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize));

    map.put(IBlockCipher.KEY_MATERIAL, key);

    try

      {

        cipher.init(map);

      }

    catch (InvalidKeyException x)

      {

        throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);

      }

    buffer = new byte[cipher.currentBlockSize()];

    buffer[cipher.currentBlockSize() - 1] = (byte) index;

    try

      {

        fillBlock();

      }

    catch (LimitReachedException impossible)

      {

      }

  }

  public void fillBlock() throws LimitReachedException

  {

    cipher.encryptBlock(buffer, 0, buffer, 0);

  }

}