|
|||||||||
| Home >> All >> gnu >> javax >> crypto >> [ mac overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
gnu.javax.crypto.mac
Interface IMac
- public interface IMac
The basic visible methods of any MAC (Message Authentication Code) algorithm.
A MAC provides a way to check the integrity of information transmitted over, or stored in, an unreliable medium, based on a secret key. Typically, MACs are used between two parties, that share a common secret key, in order to validate information transmitted between them.
When a MAC algorithm is based on a cryptographic hash function, it is then called to a HMAC (Hashed Message Authentication Code) --see RFC-2104.
Another type of MAC algorithms exist: UMAC or Universal Message Authentication Code, described in draft-krovetz-umac-01.txt.With UMACs, the sender and receiver share a common secret key (the MAC key) which determines:
- The key for a universal hash function. This hash function is non-cryptographic, in the sense that it does not need to have any cryptographic hardness property. Rather, it needs to satisfy some combinatorial property, which can be proven to hold without relying on unproven hardness assumptions.
- The key for a pseudorandom function. This is where one needs a cryptographic hardness assumption. The pseudorandom function may be obtained from a block cipher or a cryptographic hash function.
References:
- RFC 2104HMAC:
Keyed-Hashing for Message Authentication.
H. Krawczyk, M. Bellare, and R. Canetti. -
UMAC: Message Authentication Code using Universal Hashing.
T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.
| Field Summary | |
static java.lang.String |
MAC_KEY_MATERIAL
Property name of the user-supplied key material. |
static java.lang.String |
TRUNCATED_SIZE
Property name of the desired truncated output size in bytes. |
| Method Summary | |
java.lang.Object |
clone()
Returns a clone copy of this instance. |
byte[] |
digest()
Completes the MAC by performing final operations such as padding and resetting the instance. |
void |
init(java.util.Map attributes)
Initialises the algorithm with designated attributes. |
int |
macSize()
Returns the output length in bytes of this MAC algorithm. |
java.lang.String |
name()
Returns the canonical name of this algorithm. |
void |
reset()
Resets the algorithm instance for re-initialisation and use with other characteristics. |
boolean |
selfTest()
A basic test. |
void |
update(byte b)
Continues a MAC operation using the input byte. |
void |
update(byte[] in,
int offset,
int length)
Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation. |
| Field Detail |
MAC_KEY_MATERIAL
public static final java.lang.String MAC_KEY_MATERIAL
- Property name of the user-supplied key material. The value associated to
this property name is taken to be a byte array.
- See Also:
- Constant Field Values
TRUNCATED_SIZE
public static final java.lang.String TRUNCATED_SIZE
Property name of the desired truncated output size in bytes. The value associated to this property name is taken to be an integer. If no value is specified in the attributes map at initialisation time, then all bytes of the underlying hash algorithm's output are emitted.
This implementation, follows the recommendation of the RFC 2104 authors; specifically:
We recommend that the output length t be not less than half the length of the hash output (to match the birthday attack bound) and not less than 80 bits (a suitable lower bound on the number of bits that need to be predicted by an attacker).- See Also:
- Constant Field Values
| Method Detail |
name
public java.lang.String name()
Returns the canonical name of this algorithm.
macSize
public int macSize()
Returns the output length in bytes of this MAC algorithm.
init
public void init(java.util.Map attributes) throws java.security.InvalidKeyException, java.lang.IllegalStateException
Initialises the algorithm with designated attributes. Permissible names and values are described in the class documentation above.
update
public void update(byte b)
Continues a MAC operation using the input byte.
update
public void update(byte[] in,
int offset,
int length)
Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation.
digest
public byte[] digest()
Completes the MAC by performing final operations such as padding and resetting the instance.
reset
public void reset()
Resets the algorithm instance for re-initialisation and use with other characteristics. This method always succeeds.
selfTest
public boolean selfTest()
A basic test. Ensures that the MAC of a pre-determined message is equal to a known pre-computed value.
clone
public java.lang.Object clone() throws java.lang.CloneNotSupportedException
Returns a clone copy of this instance.
|
|||||||||
| Home >> All >> gnu >> javax >> crypto >> [ mac overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||