gnu.crypto.mac
public class UMac32 extends BaseMac
The implementation of the UMAC (Universal Message Authentication Code).
The UMAC algorithms described are parameterized. This means that various low-level choices, like the endian convention and the underlying cryptographic primitive, have not been fixed. One must choose values for these parameters before the authentication tag generated by UMAC (for a given message, key, and nonce) becomes fully-defined. In this document we provide two collections of parameter settings, and have named the sets UMAC16 and UMAC32. The parameter sets have been chosen based on experimentation and provide good performance on a wide variety of processors. UMAC16 is designed to excel on processors which provide small-scale SIMD parallelism of the type found in Intel's MMX and Motorola's AltiVec instruction sets, while UMAC32 is designed to do well on processors with good 32- and 64- bit support. UMAC32 may take advantage of SIMD parallelism in future processors.
UMAC has been designed to allow implementations which accommodate on-line authentication. This means that pieces of the message may be presented to UMAC at different times (but in correct order) and an on-line implementation will be able to process the message correctly without the need to buffer more than a few dozen bytes of the message. For simplicity, the algorithms in this specification are presented as if the entire message being authenticated were available at once.
To authenticate a message, Msg
, one first applies the
universal hash function, resulting in a string which is typically much
shorter than the original message. The pseudorandom function is applied to a
nonce, and the result is used in the manner of a Vernam cipher: the
authentication tag is the xor of the output from the hash function and the
output from the pseudorandom function. Thus, an authentication tag is
generated as
AuthTag = f(Nonce) xor h(Msg)
Here f
is the pseudorandom function shared between the sender
and the receiver, and h is a universal hash function shared by the sender and
the receiver. In UMAC, a shared key is used to key the pseudorandom
function f
, and then f
is used for both tag
generation and internally to generate all of the bits needed by the universal
hash function.
The universal hash function that we use is called UHASH
. It
combines several software-optimized algorithms into a multi-layered
structure. The algorithm is moderately complex. Some of this complexity comes
from extensive speed optimizations.
For the pseudorandom function we use the block cipher of the Advanced Encryption Standard (AES).
The UMAC32 parameters, considered in this implementation are:
UMAC32 ------ WORD-LEN 4 UMAC-OUTPUT-LEN 8 L1-KEY-LEN 1024 UMAC-KEY-LEN 16 ENDIAN-FAVORITE BIG * L1-OPERATIONS-SIGN UNSIGNED
Please note that this UMAC32 differs from the one described in the paper by the ENDIAN-FAVORITE value.
References:
Version: $Revision: 1.7 $
Field Summary | |
---|---|
static int | KEY_LEN |
static int | L1_KEY_LEN |
static String | NONCE_MATERIAL
Property name of the user-supplied Nonce. |
static int | OUTPUT_LEN |
Constructor Summary | |
---|---|
UMac32() Trivial 0-arguments constructor. |
Method Summary | |
---|---|
Object | clone() |
byte[] | digest() |
void | init(Map attributes) Initialising a UMAC instance consists of defining values for the following parameters:
|
int | macSize() |
void | reset() |
boolean | selfTest() |
void | update(byte b) |
void | update(byte[] b, int offset, int len) |
Initialising a UMAC instance consists of defining values for the following parameters:
For convenience, this implementation accepts that not both parameters be always specified.
This method throws an exception if no Key Material is specified in the input map, and there is no previously set/defined Key Material (from an earlier invocation of this method). If a Key Material can be used, but no Nonce Material is defined or previously set/defined, then a default value of all-zeroes shall be used.
Parameters: attributes one or both of required parameters.
Throws: InvalidKeyException the key material specified is not of the correct length.