mirror of git://gcc.gnu.org/git/gcc.git
187 lines
7.0 KiB
Java
187 lines
7.0 KiB
Java
/* UMacGenerator.java --
|
|
Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
|
|
|
|
This file is a part of GNU Classpath.
|
|
|
|
GNU Classpath is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or (at
|
|
your option) any later version.
|
|
|
|
GNU Classpath is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with GNU Classpath; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
|
|
USA
|
|
|
|
Linking this library statically or dynamically with other modules is
|
|
making a combined work based on this library. Thus, the terms and
|
|
conditions of the GNU General Public License cover the whole
|
|
combination.
|
|
|
|
As a special exception, the copyright holders of this library give you
|
|
permission to link this library with independent modules to produce an
|
|
executable, regardless of the license terms of these independent
|
|
modules, and to copy and distribute the resulting executable under
|
|
terms of your choice, provided that you also meet, for each linked
|
|
independent module, the terms and conditions of the license of that
|
|
module. An independent module is a module which is not derived from
|
|
or based on this library. If you modify this library, you may extend
|
|
this exception to your version of the library, but you are not
|
|
obligated to do so. If you do not wish to do so, delete this
|
|
exception statement from your version. */
|
|
|
|
|
|
package gnu.javax.crypto.prng;
|
|
|
|
import gnu.java.security.Registry;
|
|
import gnu.java.security.prng.BasePRNG;
|
|
import gnu.java.security.prng.LimitReachedException;
|
|
import gnu.javax.crypto.cipher.CipherFactory;
|
|
import gnu.javax.crypto.cipher.IBlockCipher;
|
|
|
|
import java.util.HashMap;
|
|
import java.util.Iterator;
|
|
import java.util.Map;
|
|
import java.security.InvalidKeyException;
|
|
|
|
/**
|
|
* <i>KDF</i>s (Key Derivation Functions) are used to stretch user-supplied key
|
|
* material to specific size(s) required by high level cryptographic primitives.
|
|
* Described in the <A
|
|
* HREF="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">UMAC</A>
|
|
* paper, this function basically operates an underlying <em>symmetric key block
|
|
* cipher</em> instance in output feedback mode (OFB), as a <b>strong</b>
|
|
* pseudo-random number generator.
|
|
* <p>
|
|
* <code>UMacGenerator</code> requires an <em>index</em> parameter
|
|
* (initialisation parameter <code>gnu.crypto.prng.umac.kdf.index</code> taken
|
|
* to be an instance of {@link Integer} with a value between <code>0</code> and
|
|
* <code>255</code>). Using the same key, but different indices, generates
|
|
* different pseudorandom outputs.
|
|
* <p>
|
|
* This implementation generalises the definition of the
|
|
* <code>UmacGenerator</code> algorithm to allow for other than the AES
|
|
* symetric key block cipher algorithm (initialisation parameter
|
|
* <code>gnu.crypto.prng.umac.cipher.name</code> taken to be an instance of
|
|
* {@link String}). If such a parameter is not defined/included in the
|
|
* initialisation <code>Map</code>, then the "Rijndael" algorithm is used.
|
|
* Furthermore, if the initialisation parameter
|
|
* <code>gnu.crypto.cipher.block.size</code> (taken to be a instance of
|
|
* {@link Integer}) is missing or undefined in the initialisation
|
|
* <code>Map</code>, then the cipher's <em>default</em> block size is used.
|
|
* <p>
|
|
* <b>NOTE</b>: Rijndael is used as the default symmetric key block cipher
|
|
* algorithm because, with its default block and key sizes, it is the AES. Yet
|
|
* being Rijndael, the algorithm offers more versatile block and key sizes which
|
|
* may prove to be useful for generating "longer" key streams.
|
|
* <p>
|
|
* References:
|
|
* <ol>
|
|
* <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">
|
|
* UMAC</a>: Message Authentication Code using Universal Hashing.<br>
|
|
* T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li>
|
|
* </ol>
|
|
*/
|
|
public class UMacGenerator
|
|
extends BasePRNG
|
|
implements Cloneable
|
|
{
|
|
/**
|
|
* Property name of the KDF <code>index</code> value to use in this
|
|
* instance. The value is taken to be an {@link Integer} less than
|
|
* <code>256</code>.
|
|
*/
|
|
public static final String INDEX = "gnu.crypto.prng.umac.index";
|
|
/** The name of the underlying symmetric key block cipher algorithm. */
|
|
public static final String CIPHER = "gnu.crypto.prng.umac.cipher.name";
|
|
/** The generator's underlying block cipher. */
|
|
private IBlockCipher cipher;
|
|
|
|
/** Trivial 0-arguments constructor. */
|
|
public UMacGenerator()
|
|
{
|
|
super(Registry.UMAC_PRNG);
|
|
}
|
|
|
|
public void setup(Map attributes)
|
|
{
|
|
boolean newCipher = true;
|
|
String cipherName = (String) attributes.get(CIPHER);
|
|
if (cipherName == null)
|
|
if (cipher == null) // happy birthday
|
|
cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER);
|
|
else // we already have one. use it as is
|
|
newCipher = false;
|
|
else
|
|
cipher = CipherFactory.getInstance(cipherName);
|
|
// find out what block size we should use it in
|
|
int cipherBlockSize = 0;
|
|
Integer bs = (Integer) attributes.get(IBlockCipher.CIPHER_BLOCK_SIZE);
|
|
if (bs != null)
|
|
cipherBlockSize = bs.intValue();
|
|
else
|
|
{
|
|
if (newCipher) // assume we'll use its default block size
|
|
cipherBlockSize = cipher.defaultBlockSize();
|
|
// else use as is
|
|
}
|
|
// get the key material
|
|
byte[] key = (byte[]) attributes.get(IBlockCipher.KEY_MATERIAL);
|
|
if (key == null)
|
|
throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);
|
|
|
|
int keyLength = key.length;
|
|
// ensure that keyLength is valid for the chosen underlying cipher
|
|
boolean ok = false;
|
|
for (Iterator it = cipher.keySizes(); it.hasNext();)
|
|
{
|
|
ok = (keyLength == ((Integer) it.next()).intValue());
|
|
if (ok)
|
|
break;
|
|
}
|
|
if (! ok)
|
|
throw new IllegalArgumentException("key length");
|
|
// ensure that remaining params make sense
|
|
int index = -1;
|
|
Integer i = (Integer) attributes.get(INDEX);
|
|
if (i != null)
|
|
{
|
|
index = i.intValue();
|
|
if (index < 0 || index > 255)
|
|
throw new IllegalArgumentException(INDEX);
|
|
}
|
|
// now initialise the underlying cipher
|
|
Map map = new HashMap();
|
|
if (cipherBlockSize != 0) // only needed if new or changed
|
|
map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize));
|
|
map.put(IBlockCipher.KEY_MATERIAL, key);
|
|
try
|
|
{
|
|
cipher.init(map);
|
|
}
|
|
catch (InvalidKeyException x)
|
|
{
|
|
throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);
|
|
}
|
|
buffer = new byte[cipher.currentBlockSize()];
|
|
buffer[cipher.currentBlockSize() - 1] = (byte) index;
|
|
try
|
|
{
|
|
fillBlock();
|
|
}
|
|
catch (LimitReachedException impossible)
|
|
{
|
|
}
|
|
}
|
|
|
|
public void fillBlock() throws LimitReachedException
|
|
{
|
|
cipher.encryptBlock(buffer, 0, buffer, 0);
|
|
}
|
|
}
|