|
|||||||||
| Home >> All >> gnu >> javax >> crypto >> [ mac overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
gnu.javax.crypto.mac
Class UMac32
java.lang.Objectgnu.javax.crypto.mac.BaseMac
- All Implemented Interfaces:
- IMac
- public class UMac32
- extends BaseMac
The implementation of the UMAC (Universal Message Authentication Code).
The UMAC algorithms described are parameterized. This means that various low-level choices, like the endian convention and the underlying cryptographic primitive, have not been fixed. One must choose values for these parameters before the authentication tag generated by UMAC (for a given message, key, and nonce) becomes fully-defined. In this document we provide two collections of parameter settings, and have named the sets UMAC16 and UMAC32. The parameter sets have been chosen based on experimentation and provide good performance on a wide variety of processors. UMAC16 is designed to excel on processors which provide small-scale SIMD parallelism of the type found in Intel's MMX and Motorola's AltiVec instruction sets, while UMAC32 is designed to do well on processors with good 32- and 64- bit support. UMAC32 may take advantage of SIMD parallelism in future processors.
UMAC has been designed to allow implementations which accommodate on-line authentication. This means that pieces of the message may be presented to UMAC at different times (but in correct order) and an on-line implementation will be able to process the message correctly without the need to buffer more than a few dozen bytes of the message. For simplicity, the algorithms in this specification are presented as if the entire message being authenticated were available at once.
To authenticate a message, Msg, one first applies the
universal hash function, resulting in a string which is typically much
shorter than the original message. The pseudorandom function is applied to a
nonce, and the result is used in the manner of a Vernam cipher: the
authentication tag is the xor of the output from the hash function and the
output from the pseudorandom function. Thus, an authentication tag is
generated as
AuthTag = f(Nonce) xor h(Msg)
Here f is the pseudorandom function shared between the sender
and the receiver, and h is a universal hash function shared by the sender and
the receiver. In UMAC, a shared key is used to key the pseudorandom
function f, and then f is used for both tag
generation and internally to generate all of the bits needed by the universal
hash function.
The universal hash function that we use is called UHASH. It
combines several software-optimized algorithms into a multi-layered
structure. The algorithm is moderately complex. Some of this complexity comes
from extensive speed optimizations.
For the pseudorandom function we use the block cipher of the Advanced Encryption Standard (AES).
The UMAC32 parameters, considered in this implementation are:
UMAC32
------
WORD-LEN 4
UMAC-OUTPUT-LEN 8
L1-KEY-LEN 1024
UMAC-KEY-LEN 16
ENDIAN-FAVORITE BIG *
L1-OPERATIONS-SIGN UNSIGNED
Please note that this UMAC32 differs from the one described in the paper by the ENDIAN-FAVORITE value.
References:
-
UMAC: Message Authentication Code using Universal Hashing.
T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.
| Field Summary | |
private byte[] |
K
The authentication key for this instance. |
(package private) static int |
KEY_LEN
|
(package private) static int |
L1_KEY_LEN
|
private static java.math.BigInteger |
MAX_NONCE_ITERATIONS
|
private byte[] |
nonce
|
static java.lang.String |
NONCE_MATERIAL
Property name of the user-supplied Nonce. |
private java.math.BigInteger |
nonceReuseCount
|
(package private) static int |
OUTPUT_LEN
|
private static java.lang.String |
TV1
Known test vector. |
private UHash32 |
uhash32
|
private static java.lang.Boolean |
valid
caches the result of the correctness test, once executed. |
| Fields inherited from class gnu.javax.crypto.mac.BaseMac |
name, truncatedSize, underlyingHash |
| Fields inherited from interface gnu.javax.crypto.mac.IMac |
MAC_KEY_MATERIAL, TRUNCATED_SIZE |
| Constructor Summary | |
|
UMac32()
Trivial 0-arguments constructor. |
private |
UMac32(UMac32 that)
Private constructor for cloning purposes. |
| Method Summary | |
java.lang.Object |
clone()
Returns a clone copy of this instance. |
byte[] |
digest()
Completes the MAC by performing final operations such as padding and resetting the instance. |
void |
init(java.util.Map attributes)
Initialising a UMAC instance consists of defining values for the following parameters: |
int |
macSize()
Returns the output length in bytes of this MAC algorithm. |
private byte[] |
pdf()
|
void |
reset()
Resets the algorithm instance for re-initialisation and use with other characteristics. |
boolean |
selfTest()
A basic test. |
void |
update(byte b)
Continues a MAC operation using the input byte. |
void |
update(byte[] b,
int offset,
int len)
Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation. |
| Methods inherited from class gnu.javax.crypto.mac.BaseMac |
name |
| Methods inherited from class java.lang.Object |
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
NONCE_MATERIAL
public static final java.lang.String NONCE_MATERIAL
- Property name of the user-supplied Nonce. The value associated to
this property name is taken to be a byte array.
- See Also:
- Constant Field Values
TV1
private static final java.lang.String TV1
- Known test vector.
- See Also:
- Constant Field Values
MAX_NONCE_ITERATIONS
private static final java.math.BigInteger MAX_NONCE_ITERATIONS
OUTPUT_LEN
static final int OUTPUT_LEN
- See Also:
- Constant Field Values
L1_KEY_LEN
static final int L1_KEY_LEN
- See Also:
- Constant Field Values
KEY_LEN
static final int KEY_LEN
- See Also:
- Constant Field Values
valid
private static java.lang.Boolean valid
- caches the result of the correctness test, once executed.
nonce
private byte[] nonce
uhash32
private UHash32 uhash32
nonceReuseCount
private java.math.BigInteger nonceReuseCount
K
private transient byte[] K
- The authentication key for this instance.
| Constructor Detail |
UMac32
public UMac32()
- Trivial 0-arguments constructor.
UMac32
private UMac32(UMac32 that)
Private constructor for cloning purposes.
| Method Detail |
clone
public java.lang.Object clone()
- Description copied from interface:
IMac Returns a clone copy of this instance.
macSize
public int macSize()
- Description copied from interface:
IMac Returns the output length in bytes of this MAC algorithm.
init
public void init(java.util.Map attributes) throws java.security.InvalidKeyException, java.lang.IllegalStateException
Initialising a UMAC instance consists of defining values for the following parameters:
- Key Material: as the value of the attribute entry keyed by
IMac.MAC_KEY_MATERIAL55 . The value is taken to be a byte array containing the user-specified key material. The length of this array, if/when defined SHOULD be exactly equal toKEY_LEN55 . - Nonce Material: as the value of the attribute entry keyed by
NONCE_MATERIAL55 . The value is taken to be a byte array containing the user-specified nonce material. The length of this array, if/when defined SHOULD be (a) greater than zero, and (b) less or equal to 16 (the size of the AES block).
For convenience, this implementation accepts that not both parameters be always specified.
- If the Key Material is specified, but the Nonce Material is not, then this implementation, re-uses the previously set Nonce Material after (a) converting the bytes to an unsigned integer, (b) incrementing the number by one, and (c) converting it back to 16 bytes.
- If the Nonce Material is specified, but the Key Material is not, then this implementation re-uses the previously set Key Material.
This method throws an exception if no Key Material is specified in the input map, and there is no previously set/defined Key Material (from an earlier invocation of this method). If a Key Material can be used, but no Nonce Material is defined or previously set/defined, then a default value of all-zeroes shall be used.
- Key Material: as the value of the attribute entry keyed by
update
public void update(byte b)
- Description copied from interface:
IMac Continues a MAC operation using the input byte.
update
public void update(byte[] b,
int offset,
int len)
- Description copied from interface:
IMac Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation.
digest
public byte[] digest()
- Description copied from interface:
IMac Completes the MAC by performing final operations such as padding and resetting the instance.
reset
public void reset()
- Description copied from interface:
IMac Resets the algorithm instance for re-initialisation and use with other characteristics. This method always succeeds.
selfTest
public boolean selfTest()
- Description copied from interface:
IMac A basic test. Ensures that the MAC of a pre-determined message is equal to a known pre-computed value.
private byte[] pdf()
|
|||||||||
| Home >> All >> gnu >> javax >> crypto >> [ mac overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||