gnu.crypto.mac
public interface IMac
The basic visible methods of any MAC (Message Authentication Code) algorithm.
A MAC provides a way to check the integrity of information transmitted over, or stored in, an unreliable medium, based on a secret key. Typically, MACs are used between two parties, that share a common secret key, in order to validate information transmitted between them.
When a MAC algorithm is based on a cryptographic hash function, it is then called to a HMAC (Hashed Message Authentication Code) --see RFC-2104.
Another type of MAC algorithms exist: UMAC or Universal Message Authentication Code, described in draft-krovetz-umac-01.txt.With UMACs, the sender and receiver share a common secret key (the MAC key) which determines:
References:
Version: $Revision: 1.4 $
Field Summary | |
---|---|
String | MAC_KEY_MATERIAL
Property name of the user-supplied key material. |
String | TRUNCATED_SIZE Property name of the desired truncated output size in bytes. |
Method Summary | |
---|---|
Object | clone() Returns a clone copy of this instance. |
byte[] | digest() Completes the MAC by performing final operations such as padding and resetting the instance. |
void | init(Map attributes) Initialises the algorithm with designated attributes. |
int | macSize() Returns the output length in bytes of this MAC algorithm. |
String | name() Returns the canonical name of this algorithm. |
void | reset() Resets the algorithm instance for re-initialisation and use with other characteristics. |
boolean | selfTest() A basic test. |
void | update(byte b) Continues a MAC operation using the input byte. |
void | update(byte[] in, int offset, int length) Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation. |
Property name of the desired truncated output size in bytes. The value associated to this property name is taken to be an integer. If no value is specified in the attributes map at initialisation time, then all bytes of the underlying hash algorithm's output are emitted.
This implementation, follows the recommendation of the RFC 2104 authors; specifically:
We recommend that the output length t be not less than half the length of the hash output (to match the birthday attack bound) and not less than 80 bits (a suitable lower bound on the number of bits that need to be predicted by an attacker).
Returns a clone copy of this instance.
Returns: a clone copy of this instance.
Completes the MAC by performing final operations such as padding and resetting the instance.
Returns: the array of bytes representing the MAC value.
Initialises the algorithm with designated attributes. Permissible names and values are described in the class documentation above.
Parameters: attributes a set of name-value pairs that describe the desired future instance behaviour.
Throws: InvalidKeyException if the key data is invalid. IllegalStateException if the instance is already initialised.
See Also: MAC_KEY_MATERIAL
Returns the output length in bytes of this MAC algorithm.
Returns: the output length in bytes of this MAC algorithm.
Returns the canonical name of this algorithm.
Returns: the canonical name of this algorithm.
Resets the algorithm instance for re-initialisation and use with other characteristics. This method always succeeds.
A basic test. Ensures that the MAC of a pre-determined message is equal to a known pre-computed value.
Returns: true
if the implementation passes a basic self-test.
Returns false
otherwise.
Continues a MAC operation using the input byte.
Parameters: b the input byte to digest.
Continues a MAC operation, by filling the buffer, processing data in the algorithm's MAC_SIZE-bit block(s), updating the context and count, and buffering the remaining bytes in buffer for the next operation.
Parameters: in the input block. offset start of meaningful bytes in input block. length number of bytes, in input block, to consider.