/* UMacGenerator.java -- Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ package gnu.javax.crypto.prng; import gnu.java.security.Registry; import gnu.java.security.prng.BasePRNG; import gnu.java.security.prng.LimitReachedException; import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.security.InvalidKeyException; /** * KDFs (Key Derivation Functions) are used to stretch user-supplied key * material to specific size(s) required by high level cryptographic primitives. * Described in the UMAC * paper, this function basically operates an underlying symmetric key block * cipher instance in output feedback mode (OFB), as a strong * pseudo-random number generator. *

* UMacGenerator requires an index parameter * (initialisation parameter gnu.crypto.prng.umac.kdf.index taken * to be an instance of {@link Integer} with a value between 0 and * 255). Using the same key, but different indices, generates * different pseudorandom outputs. *

* This implementation generalises the definition of the * UmacGenerator algorithm to allow for other than the AES * symetric key block cipher algorithm (initialisation parameter * gnu.crypto.prng.umac.cipher.name taken to be an instance of * {@link String}). If such a parameter is not defined/included in the * initialisation Map, then the "Rijndael" algorithm is used. * Furthermore, if the initialisation parameter * gnu.crypto.cipher.block.size (taken to be a instance of * {@link Integer}) is missing or undefined in the initialisation * Map, then the cipher's default block size is used. *

* NOTE: Rijndael is used as the default symmetric key block cipher * algorithm because, with its default block and key sizes, it is the AES. Yet * being Rijndael, the algorithm offers more versatile block and key sizes which * may prove to be useful for generating "longer" key streams. *

* References: *

    *
  1. * UMAC: Message Authentication Code using Universal Hashing.
    * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.
  2. *
*/ public class UMacGenerator extends BasePRNG implements Cloneable { /** * Property name of the KDF index value to use in this * instance. The value is taken to be an {@link Integer} less than * 256. */ public static final String INDEX = "gnu.crypto.prng.umac.index"; /** The name of the underlying symmetric key block cipher algorithm. */ public static final String CIPHER = "gnu.crypto.prng.umac.cipher.name"; /** The generator's underlying block cipher. */ private IBlockCipher cipher; /** Trivial 0-arguments constructor. */ public UMacGenerator() { super(Registry.UMAC_PRNG); } public void setup(Map attributes) { boolean newCipher = true; String cipherName = (String) attributes.get(CIPHER); if (cipherName == null) if (cipher == null) // happy birthday cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER); else // we already have one. use it as is newCipher = false; else cipher = CipherFactory.getInstance(cipherName); // find out what block size we should use it in int cipherBlockSize = 0; Integer bs = (Integer) attributes.get(IBlockCipher.CIPHER_BLOCK_SIZE); if (bs != null) cipherBlockSize = bs.intValue(); else { if (newCipher) // assume we'll use its default block size cipherBlockSize = cipher.defaultBlockSize(); // else use as is } // get the key material byte[] key = (byte[]) attributes.get(IBlockCipher.KEY_MATERIAL); if (key == null) throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); int keyLength = key.length; // ensure that keyLength is valid for the chosen underlying cipher boolean ok = false; for (Iterator it = cipher.keySizes(); it.hasNext();) { ok = (keyLength == ((Integer) it.next()).intValue()); if (ok) break; } if (! ok) throw new IllegalArgumentException("key length"); // ensure that remaining params make sense int index = -1; Integer i = (Integer) attributes.get(INDEX); if (i != null) { index = i.intValue(); if (index < 0 || index > 255) throw new IllegalArgumentException(INDEX); } // now initialise the underlying cipher Map map = new HashMap(); if (cipherBlockSize != 0) // only needed if new or changed map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize)); map.put(IBlockCipher.KEY_MATERIAL, key); try { cipher.init(map); } catch (InvalidKeyException x) { throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); } buffer = new byte[cipher.currentBlockSize()]; buffer[cipher.currentBlockSize() - 1] = (byte) index; try { fillBlock(); } catch (LimitReachedException impossible) { } } public void fillBlock() throws LimitReachedException { cipher.encryptBlock(buffer, 0, buffer, 0); } }