gnu.crypto.mac

Interface IMac

public interface IMac

The basic visible methods of any MAC (Message Authentication Code) algorithm.

A MAC provides a way to check the integrity of information transmitted over, or stored in, an unreliable medium, based on a secret key. Typically, MACs are used between two parties, that share a common secret key, in order to validate information transmitted between them.

When a MAC algorithm is based on a cryptographic hash function, it is then called to a HMAC (Hashed Message Authentication Code) --see RFC-2104.

Another type of MAC algorithms exist: UMAC or Universal Message Authentication Code, described in draft-krovetz-umac-01.txt.

With UMACs, the sender and receiver share a common secret key (the MAC key) which determines:

References:

  1. RFC 2104HMAC: Keyed-Hashing for Message Authentication.
    H. Krawczyk, M. Bellare, and R. Canetti.
  2. UMAC: Message Authentication Code using Universal Hashing.
    T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.

Version: $Revision: 1.4 $

Field Summary
StringMAC_KEY_MATERIAL
Property name of the user-supplied key material.
StringTRUNCATED_SIZE

Property name of the desired truncated output size in bytes.

Method Summary
Objectclone()

Returns a clone copy of this instance.

byte[]digest()

Completes the MAC by performing final operations such as padding and resetting the instance.

voidinit(Map attributes)

Initialises the algorithm with designated attributes.

intmacSize()

Returns the output length in bytes of this MAC algorithm.

Stringname()

Returns the canonical name of this algorithm.

voidreset()

Resets the algorithm instance for re-initialisation and use with other characteristics.

booleanselfTest()

A basic test.

voidupdate(byte b)

Continues a MAC operation using the input byte.

voidupdate(byte[] in, int offset, int length)

Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation.

Field Detail

MAC_KEY_MATERIAL

public String MAC_KEY_MATERIAL
Property name of the user-supplied key material. The value associated to this property name is taken to be a byte array.

TRUNCATED_SIZE

public String TRUNCATED_SIZE

Property name of the desired truncated output size in bytes. The value associated to this property name is taken to be an integer. If no value is specified in the attributes map at initialisation time, then all bytes of the underlying hash algorithm's output are emitted.

This implementation, follows the recommendation of the RFC 2104 authors; specifically:

    We recommend that the output length t be not less than half the
    length of the hash output (to match the birthday attack bound)
    and not less than 80 bits (a suitable lower bound on the number
    of bits that need to be predicted by an attacker).
 

Method Detail

clone

public Object clone()

Returns a clone copy of this instance.

Returns: a clone copy of this instance.

digest

public byte[] digest()

Completes the MAC by performing final operations such as padding and resetting the instance.

Returns: the array of bytes representing the MAC value.

init

public void init(Map attributes)

Initialises the algorithm with designated attributes. Permissible names and values are described in the class documentation above.

Parameters: attributes a set of name-value pairs that describe the desired future instance behaviour.

Throws: InvalidKeyException if the key data is invalid. IllegalStateException if the instance is already initialised.

See Also: MAC_KEY_MATERIAL

macSize

public int macSize()

Returns the output length in bytes of this MAC algorithm.

Returns: the output length in bytes of this MAC algorithm.

name

public String name()

Returns the canonical name of this algorithm.

Returns: the canonical name of this algorithm.

reset

public void reset()

Resets the algorithm instance for re-initialisation and use with other characteristics. This method always succeeds.

selfTest

public boolean selfTest()

A basic test. Ensures that the MAC of a pre-determined message is equal to a known pre-computed value.

Returns: true if the implementation passes a basic self-test. Returns false otherwise.

update

public void update(byte b)

Continues a MAC operation using the input byte.

Parameters: b the input byte to digest.

update

public void update(byte[] in, int offset, int length)

Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation.

Parameters: in the input block. offset start of meaningful bytes in input block. length number of bytes, in input block, to consider.

Copyright © 2001, 2002, 2003 Free Software Foundation, Inc. All Rights Reserved.