Accueil Explorer Aide
Connexion
nnesse
/
minwin-gcc-5-2
Suivre 1
Voter 0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: f5de7b477e
Branches Tags
minwin-gcc-5-2
/
libjava
/
classpath
/
gnu
/
javax
/
crypto
/
mac
/
OMAC.java

OMAC.java 8.3 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305 
  1. /* OMAC.java --
    2. 

  2.    Copyright (C) 2004, 2006, 2010 Free Software Foundation, Inc.
    3. 

  3. 

  4. This file is a part of GNU Classpath.
    5. 

  5. 

  6. GNU Classpath is free software; you can redistribute it and/or modify
    7. 

  7. it under the terms of the GNU General Public License as published by
    8. 

  8. the Free Software Foundation; either version 2 of the License, or (at
    9. 

  9. your option) any later version.
    10. 

  10. 

  11. GNU Classpath is distributed in the hope that it will be useful, but
    12. 

  12. WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14. General Public License for more details.
    15. 

  15. 

  16. You should have received a copy of the GNU General Public License
    17. 

  17. along with GNU Classpath; if not, write to the Free Software
    18. 

  18. Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
    19. 

  19. USA
    20. 

  20. 

  21. Linking this library statically or dynamically with other modules is
    22. 

  22. making a combined work based on this library.  Thus, the terms and
    23. 

  23. conditions of the GNU General Public License cover the whole
    24. 

  24. combination.
    25. 

  25. 

  26. As a special exception, the copyright holders of this library give you
    27. 

  27. permission to link this library with independent modules to produce an
    28. 

  28. executable, regardless of the license terms of these independent
    29. 

  29. modules, and to copy and distribute the resulting executable under
    30. 

  30. terms of your choice, provided that you also meet, for each linked
    31. 

  31. independent module, the terms and conditions of the license of that
    32. 

  32. module.  An independent module is a module which is not derived from
    33. 

  33. or based on this library.  If you modify this library, you may extend
    34. 

  34. this exception to your version of the library, but you are not
    35. 

  35. obligated to do so.  If you do not wish to do so, delete this
    36. 

  36. exception statement from your version.  */
    37. 

  37. 

  38. 

  39. package gnu.javax.crypto.mac;
    40. 

  40. 

  41. import gnu.java.security.Configuration;
    42. 

  42. import gnu.java.security.Registry;
    43. 

  43. import gnu.java.security.util.Util;
    44. 

  44. import gnu.javax.crypto.cipher.CipherFactory;
    45. 

  45. import gnu.javax.crypto.cipher.IBlockCipher;
    46. 

  46. import gnu.javax.crypto.mode.IMode;
    47. 

  47. 

  48. import java.security.InvalidKeyException;
    49. 

  49. import java.util.Arrays;
    50. 

  50. import java.util.HashMap;
    51. 

  51. import java.util.Map;
    52. 

  52. import java.util.logging.Logger;
    53. 

  53. 

  54. /**
    55. 

  55.  * The One-Key CBC MAC, OMAC. This message authentication code is based on a
    56. 

  56.  * block cipher in CBC mode.
    57. 

  57.  * <p>
    58. 

  58.  * References:
    59. 

  59.  * <ol>
    60. 

  60.  * <li>Tetsu Iwata and Kaoru Kurosawa, <i><a
    61. 

  61.  * href="http://crypt.cis.ibaraki.ac.jp/omac/docs/omac.pdf">OMAC: One-Key CBC
    62. 

  62.  * MAC</a></i>.</li>
    63. 

  63.  * </ol>
    64. 

  64.  */
    65. 

  65. public class OMAC
    66. 

  66.     implements IMac
    67. 

  67. {
    68. 

  68.   private static final Logger log = Configuration.DEBUG ?
    69. 

  69.                         Logger.getLogger(OMAC.class.getName()) : null;
    70. 

  70.   private static final byte C1 = (byte) 0x87;
    71. 

  71.   private static final byte C2 = 0x1b;
    72. 

  72.   // Test key for OMAC-AES-128
    73. 

  73.   private static final byte[] KEY0 =
    74. 

  74.       Util.toBytesFromString("2b7e151628aed2a6abf7158809cf4f3c");
    75. 

  75.   // Test MAC for zero-length input.
    76. 

  76.   private static final byte[] DIGEST0 =
    77. 

  77.       Util.toBytesFromString("bb1d6929e95937287fa37d129b756746");
    78. 

  78.   private static Boolean valid;
    79. 

  79.   private final IBlockCipher cipher;
    80. 

  80.   private final String name;
    81. 

  81.   private IMode mode;
    82. 

  82.   private int blockSize;
    83. 

  83.   private int outputSize;
    84. 

  84.   private byte[] Lu, Lu2;
    85. 

  85.   private byte[] M;
    86. 

  86.   private byte[] Y;
    87. 

  87.   private boolean init;
    88. 

  88.   private int index;
    89. 

  89. 

  90.   public OMAC(IBlockCipher cipher)
    91. 

  91.   {
    92. 

  92.     this.cipher = cipher;
    93. 

  93.     this.name = "OMAC-" + cipher.name();
    94. 

  94.   }
    95. 

  95. 

  96.   public Object clone()
    97. 

  97.   {
    98. 

  98.     return new OMAC(cipher);
    99. 

  99.   }
    100. 

  100. 

  101.   public String name()
    102. 

  102.   {
    103. 

  103.     return name;
    104. 

  104.   }
    105. 

  105. 

  106.   public int macSize()
    107. 

  107.   {
    108. 

  108.     return outputSize;
    109. 

  109.   }
    110. 

  110. 

  111.   public void init(Map attrib) throws InvalidKeyException
    112. 

  112.   {
    113. 

  113.     HashMap attrib2 = new HashMap();
    114. 

  114.     attrib2.put(IBlockCipher.KEY_MATERIAL, attrib.get(MAC_KEY_MATERIAL));
    115. 

  115.     cipher.reset();
    116. 

  116.     cipher.init(attrib2);
    117. 

  117.     blockSize = cipher.currentBlockSize();
    118. 

  118.     Integer os = (Integer) attrib.get(TRUNCATED_SIZE);
    119. 

  119.     if (os != null)
    120. 

  120.       {
    121. 

  121.         outputSize = os.intValue();
    122. 

  122.         if (outputSize < 0 || outputSize > blockSize)
    123. 

  123.           throw new IllegalArgumentException("truncated size out of range");
    124. 

  124.       }
    125. 

  125.     else
    126. 

  126.       outputSize = blockSize;
    127. 

  127. 

  128.     byte[] L = new byte[blockSize];
    129. 

  129.     cipher.encryptBlock(L, 0, L, 0);
    130. 

  130.     if (Configuration.DEBUG)
    131. 

  131.       log.fine("L = " + Util.toString(L).toLowerCase());
    132. 

  132.     if (Lu != null)
    133. 

  133.       {
    134. 

  134.         Arrays.fill(Lu, (byte) 0);
    135. 

  135.         if (Lu.length != blockSize)
    136. 

  136.           Lu = new byte[blockSize];
    137. 

  137.       }
    138. 

  138.     else
    139. 

  139.       Lu = new byte[blockSize];
    140. 

  140.     if (Lu2 != null)
    141. 

  141.       {
    142. 

  142.         Arrays.fill(Lu2, (byte) 0);
    143. 

  143.         if (Lu2.length != blockSize)
    144. 

  144.           Lu2 = new byte[blockSize];
    145. 

  145.       }
    146. 

  146.     else
    147. 

  147.       Lu2 = new byte[blockSize];
    148. 

  148. 

  149.     boolean msb = (L[0] & 0x80) != 0;
    150. 

  150.     for (int i = 0; i < blockSize; i++)
    151. 

  151.       {
    152. 

  152.         Lu[i] = (byte)(L[i] << 1 & 0xFF);
    153. 

  153.         if (i + 1 < blockSize)
    154. 

  154.           Lu[i] |= (byte)((L[i + 1] & 0x80) >> 7);
    155. 

  155.       }
    156. 

  156.     if (msb)
    157. 

  157.       {
    158. 

  158.         if (blockSize == 16)
    159. 

  159.           Lu[Lu.length - 1] ^= C1;
    160. 

  160.         else if (blockSize == 8)
    161. 

  161.           Lu[Lu.length - 1] ^= C2;
    162. 

  162.         else
    163. 

  163.           throw new IllegalArgumentException("unsupported cipher block size: "
    164. 

  164.                                              + blockSize);
    165. 

  165.       }
    166. 

  166.     if (Configuration.DEBUG)
    167. 

  167.       log.fine("Lu = " + Util.toString(Lu).toLowerCase());
    168. 

  168.     msb = (Lu[0] & 0x80) != 0;
    169. 

  169.     for (int i = 0; i < blockSize; i++)
    170. 

  170.       {
    171. 

  171.         Lu2[i] = (byte)(Lu[i] << 1 & 0xFF);
    172. 

  172.         if (i + 1 < blockSize)
    173. 

  173.           Lu2[i] |= (byte)((Lu[i + 1] & 0x80) >> 7);
    174. 

  174.       }
    175. 

  175.     if (msb)
    176. 

  176.       {
    177. 

  177.         if (blockSize == 16)
    178. 

  178.           Lu2[Lu2.length - 1] ^= C1;
    179. 

  179.         else
    180. 

  180.           Lu2[Lu2.length - 1] ^= C2;
    181. 

  181.       }
    182. 

  182.     if (Configuration.DEBUG)
    183. 

  183.       log.fine("Lu2 = " + Util.toString(Lu2).toLowerCase());
    184. 

  184.     if (M != null)
    185. 

  185.       {
    186. 

  186.         Arrays.fill(M, (byte) 0);
    187. 

  187.         if (M.length != blockSize)
    188. 

  188.           M = new byte[blockSize];
    189. 

  189.       }
    190. 

  190.     else
    191. 

  191.       M = new byte[blockSize];
    192. 

  192.     if (Y != null)
    193. 

  193.       {
    194. 

  194.         Arrays.fill(Y, (byte) 0);
    195. 

  195.         if (Y.length != blockSize)
    196. 

  196.           Y = new byte[blockSize];
    197. 

  197.       }
    198. 

  198.     else
    199. 

  199.       Y = new byte[blockSize];
    200. 

  200. 

  201.     index = 0;
    202. 

  202.     init = true;
    203. 

  203.   }
    204. 

  204. 

  205.   public void update(byte b)
    206. 

  206.   {
    207. 

  207.     if (! init)
    208. 

  208.       throw new IllegalStateException("not initialized");
    209. 

  209.     if (index == M.length)
    210. 

  210.       {
    211. 

  211.         process();
    212. 

  212.         index = 0;
    213. 

  213.       }
    214. 

  214.     M[index++] = b;
    215. 

  215.   }
    216. 

  216. 

  217.   public void update(byte[] buf, int off, int len)
    218. 

  218.   {
    219. 

  219.     if (! init)
    220. 

  220.       throw new IllegalStateException("not initialized");
    221. 

  221.     if (off < 0 || len < 0 || off + len > buf.length)
    222. 

  222.       throw new IndexOutOfBoundsException("size=" + buf.length + "; off=" + off
    223. 

  223.                                           + "; len=" + len);
    224. 

  224.     for (int i = 0; i < len;)
    225. 

  225.       {
    226. 

  226.         if (index == blockSize)
    227. 

  227.           {
    228. 

  228.             process();
    229. 

  229.             index = 0;
    230. 

  230.           }
    231. 

  231.         int count = Math.min(blockSize - index, len - i);
    232. 

  232.         System.arraycopy(buf, off + i, M, index, count);
    233. 

  233.         index += count;
    234. 

  234.         i += count;
    235. 

  235.       }
    236. 

  236.   }
    237. 

  237. 

  238.   public byte[] digest()
    239. 

  239.   {
    240. 

  240.     byte[] b = new byte[outputSize];
    241. 

  241.     digest(b, 0);
    242. 

  242.     return b;
    243. 

  243.   }
    244. 

  244. 

  245.   public void digest(byte[] out, int off)
    246. 

  246.   {
    247. 

  247.     if (! init)
    248. 

  248.       throw new IllegalStateException("not initialized");
    249. 

  249.     if (off < 0 || off + outputSize > out.length)
    250. 

  250.       throw new IndexOutOfBoundsException("size=" + out.length + "; off=" + off
    251. 

  251.                                           + "; len=" + outputSize);
    252. 

  252.     byte[] T = new byte[blockSize];
    253. 

  253.     byte[] L = Lu;
    254. 

  254.     if (index < blockSize)
    255. 

  255.       {
    256. 

  256.         M[index++] = (byte) 0x80;
    257. 

  257.         while (index < blockSize)
    258. 

  258.           M[index++] = 0;
    259. 

  259.         L = Lu2;
    260. 

  260.       }
    261. 

  261.     for (int i = 0; i < blockSize; i++)
    262. 

  262.       T[i] = (byte)(M[i] ^ Y[i] ^ L[i]);
    263. 

  263.     cipher.encryptBlock(T, 0, T, 0);
    264. 

  264.     System.arraycopy(T, 0, out, off, outputSize);
    265. 

  265.     reset();
    266. 

  266.   }
    267. 

  267. 

  268.   public void reset()
    269. 

  269.   {
    270. 

  270.     index = 0;
    271. 

  271.     if (Y != null)
    272. 

  272.       Arrays.fill(Y, (byte) 0);
    273. 

  273.     if (M != null)
    274. 

  274.       Arrays.fill(M, (byte) 0);
    275. 

  275.   }
    276. 

  276. 

  277.   public boolean selfTest()
    278. 

  278.   {
    279. 

  279.     OMAC mac = new OMAC(CipherFactory.getInstance(Registry.AES_CIPHER));
    280. 

  280.     mac.reset();
    281. 

  281.     Map attr = new HashMap();
    282. 

  282.     attr.put(MAC_KEY_MATERIAL, KEY0);
    283. 

  283.     byte[] digest = null;
    284. 

  284.     try
    285. 

  285.       {
    286. 

  286.         mac.init(attr);
    287. 

  287.         digest = mac.digest();
    288. 

  288.       }
    289. 

  289.     catch (Exception x)
    290. 

  290.       {
    291. 

  291.         return false;
    292. 

  292.       }
    293. 

  293.     if (digest == null)
    294. 

  294.       return false;
    295. 

  295.     return Arrays.equals(DIGEST0, digest);
    296. 

  296.   }
    297. 

  297. 

  298.   private void process()
    299. 

  299.   {
    300. 

  300.     for (int i = 0; i < blockSize; i++)
    301. 

  301.       M[i] = (byte)(M[i] ^ Y[i]);
    302. 

  302.     cipher.encryptBlock(M, 0, Y, 0);
    303. 

  303.   }
    304. 

  304. }
    305. 

  305.