|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.MessageDigestSpi | +--java.security.MessageDigest | +--cryptix.provider.mac.HMAC
A class to implement the HMAC message authentication code, as described in RFC 2104.
The definition of HMAC-X for a given message digest algorithm X depends
on that algorithm's internal block size, which is passed into the constructor
when this class is used directly. Normally, this class will be obtained
indirectly via the JCA API, e.g. MessageDigest.getInstance("HMAC-SHA-1")
if SHA-1 is to be used as the digest algorithm.
The key can be set as a byte array using the "key" parameter. It is not reset after the MAC has been returned (this enables successive MACs using the same key to be calculated efficiently). For example:
import java.security.Parameterized;
MessageDigest hmac = MessageDigest.getInstance("HMAC-SHA-1"); byte[] key = ..., input1 = ..., input2 = ...; ((Parameterized) mac).setParameter("key", key); byte[] mac1 = hmac.digest(input1); byte[] mac2 = hmac.digest(input2);
Parameters other than "key" are passed through to the MessageDigest object,
but this can only be done when the key is not set. An explicit call to
reset()
will 'unset' the key.
This implementation does not support truncation of the output MAC. If truncation is desired, the caller should use only the relevant initial bits of the output array.
Note that although this class implements Cloneable, its
clone()
method will throw a CloneNotSupportedException
if the underlying MessageDigest cannot be cloned. This should not be the
case for any of the Cryptix-supported digest algorithms.
HMAC is similar, but not identical to the MAC used by Secure Sockets Layer version 3. The JCA standard algorithm name of the variant used in SSL v3 is "SSL3MAC-X", for a message digest name X.
References:
Copyright © 1997
Systemics Ltd on behalf of the
Cryptix Development Team.
All rights reserved.
$Revision: 1.4 $
Inner classes inherited from class java.security.MessageDigest |
java.security.MessageDigest.Delegate |
Constructor Summary | |
HMAC(java.lang.String mdAlgorithm,
int mdBlockSize)
Constructs an HMAC object for the given MD algorithm name and block size. |
Method Summary | |
java.lang.Object |
clone()
Returns a copy of this HMAC object. |
protected byte[] |
engineDigest()
Calculates the final MAC. |
protected int |
engineGetDigestLength()
SPI: Returns the digest length in bytes. |
protected java.lang.Object |
engineGetParameter(java.lang.String param)
|
protected void |
engineReset()
Resets this object disregarding any temporary data present at the time of the invocation of this call. |
protected void |
engineSetParameter(java.lang.String param,
java.lang.Object value)
|
protected void |
engineUpdate(byte input)
Continues an HMAC digest using the input byte. |
protected void |
engineUpdate(byte[] input,
int offset,
int len)
Hashes a byte array from a given offset for a specified length. |
java.lang.Object |
getParameter(java.lang.String param)
Gets the value of the specified algorithm parameter. |
void |
setParameter(java.lang.String param,
java.lang.Object value)
Sets the specified algorithm parameter to the specified value. |
Methods inherited from class java.security.MessageDigest |
digest, digest, digest, getAlgorithm, getDigestLength, getInstance, getInstance, getProvider, isEqual, reset, toString, update, update, update |
Methods inherited from class java.security.MessageDigestSpi |
engineDigest |
Methods inherited from class java.lang.Object |
|
Constructor Detail |
public HMAC(java.lang.String mdAlgorithm, int mdBlockSize)
Do not rely on being able to use this constructor to obtain a subclass of MessageDigest; when Cryptix is changed to use the Java 1.2 provider architecture, it will be a subclass of MessageDigestSpi instead.
mdAlgorithm
- the standard JCA algorithm name of the message
digest to be used.mdBlockSize
- the internal block size of the digest algorithm.Method Detail |
public java.lang.Object clone() throws java.lang.CloneNotSupportedException
clone
in class java.security.MessageDigest
java.lang.CloneNotSupportedException
- if the underlying MessageDigest is not
cloneable.protected void engineReset()
engineReset
in class java.security.MessageDigestSpi
protected void engineUpdate(byte input)
engineUpdate
in class java.security.MessageDigestSpi
protected void engineUpdate(byte[] input, int offset, int len)
engineUpdate
in class java.security.MessageDigestSpi
input
- byte array from which data is to be hashed.offset
- start index of bytes to hash in input.len
- number of bytes to hash.protected byte[] engineDigest()
RFC 2104 describes HMAC as follows:
The definition of HMAC requires a cryptographic hash function, which we denote by H, and a secret key K. We assume H to be a cryptographic hash function where data is hashed by iterating a basic compression function on blocks of data. We denote by B the byte-length of such blocks (B=64 for all the above mentioned examples of hash functions), and by L the byte-length of hash outputs (L=16 for MD5, L=20 for SHA-1). The authentication key K can be of any length up to B, the block length of the hash function. Applications that use keys longer than B bytes will first hash the key using H and then use the resultant L byte string as the actual key to HMAC. In any case the minimal recommended length for K is L bytes (as the hash output length). See section 3 for more information on keys.
We define two fixed and different strings ipad and opad as follows (the 'i' and 'o' are mnemonics for inner and outer):
ipad = the byte 0x36 repeated B times
opad = the byte 0x5C repeated B times.
To compute HMAC over the data 'text' we perform
H(K XOR opad, H(K XOR ipad, text))
Namely,
engineDigest
in class java.security.MessageDigestSpi
protected int engineGetDigestLength()
engineGetDigestLength
in class java.security.MessageDigestSpi
public void setParameter(java.lang.String param, java.lang.Object value) throws java.security.InvalidParameterException
Parameterized
This method supplies a general-purpose mechanism through which it is possible to set the various parameters of this object. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time.
setParameter
in interface Parameterized
xjava.security.Parameterized
param
- the string identifier of the parameter.value
- the parameter value.NullPointerException
- if param == nullNoSuchParameterException
- if there is no parameter with name
param for this cipher implementation.java.security.InvalidParameterException
- if the parameter exists but cannot
be set (for example because the object is in the
wrong state).InvalidParameterTypeException
- if value is the wrong type
for this parameter.public java.lang.Object getParameter(java.lang.String param) throws java.security.InvalidParameterException
Parameterized
This method supplies a general-purpose mechanism through which it is possible to get the various parameters of this object. A uniform algorithm-specific naming scheme for each parameter is desirable but left unspecified at this time.
getParameter
in interface Parameterized
xjava.security.Parameterized
param
- the string name of the parameter.NullPointerException
- if param == nullNoSuchParameterException
- if there is no parameter with name
param for this implementation.java.security.InvalidParameterException
- if the parameter exists but cannot
be read.protected void engineSetParameter(java.lang.String param, java.lang.Object value) throws java.security.InvalidParameterException
protected java.lang.Object engineGetParameter(java.lang.String param) throws java.security.InvalidParameterException
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |