/* UMacGenerator.java --
   Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.

This file is a part of GNU Classpath.

GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.

GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with GNU Classpath; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA

Linking this library statically or dynamically with other modules is
making a combined work based on this library.  Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.

As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module.  An independent module is a module which is not derived from
or based on this library.  If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so.  If you do not wish to do so, delete this
exception statement from your version.  */


package gnu.javax.crypto.prng;

import gnu.java.security.Registry;
import gnu.java.security.prng.BasePRNG;
import gnu.java.security.prng.LimitReachedException;
import gnu.javax.crypto.cipher.CipherFactory;
import gnu.javax.crypto.cipher.IBlockCipher;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.security.InvalidKeyException;

/**
 * <i>KDF</i>s (Key Derivation Functions) are used to stretch user-supplied key
 * material to specific size(s) required by high level cryptographic primitives.
 * Described in the <A
 * HREF="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">UMAC</A>
 * paper, this function basically operates an underlying <em>symmetric key block
 * cipher</em> instance in output feedback mode (OFB), as a <b>strong</b>
 * pseudo-random number generator.
 * <p>
 * <code>UMacGenerator</code> requires an <em>index</em> parameter
 * (initialisation parameter <code>gnu.crypto.prng.umac.kdf.index</code> taken
 * to be an instance of {@link Integer} with a value between <code>0</code> and
 * <code>255</code>). Using the same key, but different indices, generates
 * different pseudorandom outputs.
 * <p>
 * This implementation generalises the definition of the
 * <code>UmacGenerator</code> algorithm to allow for other than the AES
 * symetric key block cipher algorithm (initialisation parameter
 * <code>gnu.crypto.prng.umac.cipher.name</code> taken to be an instance of
 * {@link String}). If such a parameter is not defined/included in the
 * initialisation <code>Map</code>, then the "Rijndael" algorithm is used.
 * Furthermore, if the initialisation parameter
 * <code>gnu.crypto.cipher.block.size</code> (taken to be a instance of
 * {@link Integer}) is missing or undefined in the initialisation
 * <code>Map</code>, then the cipher's <em>default</em> block size is used.
 * <p>
 * <b>NOTE</b>: Rijndael is used as the default symmetric key block cipher
 * algorithm because, with its default block and key sizes, it is the AES. Yet
 * being Rijndael, the algorithm offers more versatile block and key sizes which
 * may prove to be useful for generating "longer" key streams.
 * <p>
 * References:
 * <ol>
 * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">
 * UMAC</a>: Message Authentication Code using Universal Hashing.<br>
 * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li>
 * </ol>
 */
public class UMacGenerator
    extends BasePRNG
    implements Cloneable
{
  /**
   * Property name of the KDF <code>index</code> value to use in this
   * instance. The value is taken to be an {@link Integer} less than
   * <code>256</code>.
   */
  public static final String INDEX = "gnu.crypto.prng.umac.index";
  /** The name of the underlying symmetric key block cipher algorithm. */
  public static final String CIPHER = "gnu.crypto.prng.umac.cipher.name";
  /** The generator's underlying block cipher. */
  private IBlockCipher cipher;

  /** Trivial 0-arguments constructor. */
  public UMacGenerator()
  {
    super(Registry.UMAC_PRNG);
  }

  public void setup(Map attributes)
  {
    boolean newCipher = true;
    String cipherName = (String) attributes.get(CIPHER);
    if (cipherName == null)
      if (cipher == null) // happy birthday
        cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER);
      else // we already have one. use it as is
        newCipher = false;
    else
      cipher = CipherFactory.getInstance(cipherName);
    // find out what block size we should use it in
    int cipherBlockSize = 0;
    Integer bs = (Integer) attributes.get(IBlockCipher.CIPHER_BLOCK_SIZE);
    if (bs != null)
      cipherBlockSize = bs.intValue();
    else
      {
        if (newCipher) // assume we'll use its default block size
          cipherBlockSize = cipher.defaultBlockSize();
        // else use as is
      }
    // get the key material
    byte[] key = (byte[]) attributes.get(IBlockCipher.KEY_MATERIAL);
    if (key == null)
      throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);

    int keyLength = key.length;
    // ensure that keyLength is valid for the chosen underlying cipher
    boolean ok = false;
    for (Iterator it = cipher.keySizes(); it.hasNext();)
      {
        ok = (keyLength == ((Integer) it.next()).intValue());
        if (ok)
          break;
      }
    if (! ok)
      throw new IllegalArgumentException("key length");
    // ensure that remaining params make sense
    int index = -1;
    Integer i = (Integer) attributes.get(INDEX);
    if (i != null)
      {
        index = i.intValue();
        if (index < 0 || index > 255)
          throw new IllegalArgumentException(INDEX);
      }
    // now initialise the underlying cipher
    Map map = new HashMap();
    if (cipherBlockSize != 0) // only needed if new or changed
      map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize));
    map.put(IBlockCipher.KEY_MATERIAL, key);
    try
      {
        cipher.init(map);
      }
    catch (InvalidKeyException x)
      {
        throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL);
      }
    buffer = new byte[cipher.currentBlockSize()];
    buffer[cipher.currentBlockSize() - 1] = (byte) index;
    try
      {
        fillBlock();
      }
    catch (LimitReachedException impossible)
      {
      }
  }

  public void fillBlock() throws LimitReachedException
  {
    cipher.encryptBlock(buffer, 0, buffer, 0);
  }
}