Home Explore Help
Sign In
nnesse
/
minwin-gcc-5-2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f5de7b477e
Branches Tags
minwin-gcc-5-2
/
libjava
/
classpath
/
gnu
/
javax
/
crypto
/
mode
/
EAX.java

EAX.java 8.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290 
  1. /* EAX.java --
    2. 

  2.    Copyright (C) 2004, 2006 Free Software Foundation, Inc.
    3. 

  3. 

  4. This file is a part of GNU Classpath.
    5. 

  5. 

  6. GNU Classpath is free software; you can redistribute it and/or modify
    7. 

  7. it under the terms of the GNU General Public License as published by
    8. 

  8. the Free Software Foundation; either version 2 of the License, or (at
    9. 

  9. your option) any later version.
    10. 

  10. 

  11. GNU Classpath is distributed in the hope that it will be useful, but
    12. 

  12. WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14. General Public License for more details.
    15. 

  15. 

  16. You should have received a copy of the GNU General Public License
    17. 

  17. along with GNU Classpath; if not, write to the Free Software
    18. 

  18. Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
    19. 

  19. USA
    20. 

  20. 

  21. Linking this library statically or dynamically with other modules is
    22. 

  22. making a combined work based on this library.  Thus, the terms and
    23. 

  23. conditions of the GNU General Public License cover the whole
    24. 

  24. combination.
    25. 

  25. 

  26. As a special exception, the copyright holders of this library give you
    27. 

  27. permission to link this library with independent modules to produce an
    28. 

  28. executable, regardless of the license terms of these independent
    29. 

  29. modules, and to copy and distribute the resulting executable under
    30. 

  30. terms of your choice, provided that you also meet, for each linked
    31. 

  31. independent module, the terms and conditions of the license of that
    32. 

  32. module.  An independent module is a module which is not derived from
    33. 

  33. or based on this library.  If you modify this library, you may extend
    34. 

  34. this exception to your version of the library, but you are not
    35. 

  35. obligated to do so.  If you do not wish to do so, delete this
    36. 

  36. exception statement from your version.  */
    37. 

  37. 

  38. 

  39. package gnu.javax.crypto.mode;
    40. 

  40. 

  41. import gnu.java.security.Registry;
    42. 

  42. import gnu.javax.crypto.cipher.IBlockCipher;
    43. 

  43. import gnu.javax.crypto.mac.IMac;
    44. 

  44. import gnu.javax.crypto.mac.MacFactory;
    45. 

  45. 

  46. import java.security.InvalidKeyException;
    47. 

  47. import java.util.Arrays;
    48. 

  48. import java.util.Collections;
    49. 

  49. import java.util.HashMap;
    50. 

  50. import java.util.Iterator;
    51. 

  51. import java.util.Map;
    52. 

  52. 

  53. /**
    54. 

  54.  * A conventional two-pass authenticated-encrypted mode, EAX. EAX is a
    55. 

  55.  * <i>Authenticated Encryption with Additional Data</i> (<b>AEAD</b>) scheme,
    56. 

  56.  * which provides protection and authentication for the message, and provides
    57. 

  57.  * authentication of an (optional) header. EAX is composed of the counter mode
    58. 

  58.  * (CTR) and the one-key CBC MAC (OMAC).
    59. 

  59.  * <p>
    60. 

  60.  * This class makes full use of the {@link IAuthenticatedMode} interface, that
    61. 

  61.  * is, all methods of both {@link IMode} and {@link IMac} can be used as
    62. 

  62.  * specified in the {@link IAuthenticatedMode} interface.
    63. 

  63.  * <p>
    64. 

  64.  * References:
    65. 

  65.  * <ol>
    66. 

  66.  * <li>M. Bellare, P. Rogaway, and D. Wagner; <a
    67. 

  67.  * href="http://www.cs.berkeley.edu/~daw/papers/eprint-short-ae.pdf">A
    68. 

  68.  * Conventional Authenticated-Encryption Mode</a>.</li>
    69. 

  69.  * </ol>
    70. 

  70.  */
    71. 

  71. public class EAX
    72. 

  72.     implements IAuthenticatedMode
    73. 

  73. {
    74. 

  74.   /** The tag size, in bytes. */
    75. 

  75.   private int tagSize;
    76. 

  76.   /** The nonce OMAC instance. */
    77. 

  77.   private IMac nonceOmac;
    78. 

  78.   /** The header OMAC instance. */
    79. 

  79.   private IMac headerOmac;
    80. 

  80.   /** The message OMAC instance. */
    81. 

  81.   private IMac msgOmac;
    82. 

  82.   /** The CTR instance. */
    83. 

  83.   private IMode ctr;
    84. 

  84.   /** The direction state (encrypting or decrypting). */
    85. 

  85.   private int state;
    86. 

  86.   /** Whether we're initialized or not. */
    87. 

  87.   private boolean init;
    88. 

  88.   /** The cipher block size. */
    89. 

  89.   private int cipherBlockSize;
    90. 

  90.   /** The cipher. */
    91. 

  91.   private IBlockCipher cipher;
    92. 

  92.   /** The [t]_n array. */
    93. 

  93.   private byte[] t_n;
    94. 

  94.   private static boolean valid = false;
    95. 

  95. 

  96.   public EAX(IBlockCipher cipher, int cipherBlockSize)
    97. 

  97.   {
    98. 

  98.     this.cipher = cipher;
    99. 

  99.     this.cipherBlockSize = cipherBlockSize;
    100. 

  100.     String name = cipher.name();
    101. 

  101.     int i = name.indexOf('-');
    102. 

  102.     if (i >= 0)
    103. 

  103.       name = name.substring(0, i);
    104. 

  104.     String omacname = Registry.OMAC_PREFIX + name;
    105. 

  105.     nonceOmac = MacFactory.getInstance(omacname);
    106. 

  106.     headerOmac = MacFactory.getInstance(omacname);
    107. 

  107.     msgOmac = MacFactory.getInstance(omacname);
    108. 

  108.     ctr = ModeFactory.getInstance(Registry.CTR_MODE, cipher, cipherBlockSize);
    109. 

  109.     t_n = new byte[cipherBlockSize];
    110. 

  110.     init = false;
    111. 

  111.   }
    112. 

  112. 

  113.   public Object clone()
    114. 

  114.   {
    115. 

  115.     return new EAX((IBlockCipher) cipher.clone(), cipherBlockSize);
    116. 

  116.   }
    117. 

  117. 

  118.   public String name()
    119. 

  119.   {
    120. 

  120.     return Registry.EAX_MODE + "(" + cipher.name() + ")";
    121. 

  121.   }
    122. 

  122. 

  123.   public int defaultBlockSize()
    124. 

  124.   {
    125. 

  125.     return ctr.defaultBlockSize();
    126. 

  126.   }
    127. 

  127. 

  128.   public int defaultKeySize()
    129. 

  129.   {
    130. 

  130.     return ctr.defaultKeySize();
    131. 

  131.   }
    132. 

  132. 

  133.   public Iterator blockSizes()
    134. 

  134.   {
    135. 

  135.     return ctr.blockSizes();
    136. 

  136.   }
    137. 

  137. 

  138.   public Iterator keySizes()
    139. 

  139.   {
    140. 

  140.     return ctr.keySizes();
    141. 

  141.   }
    142. 

  142. 

  143.   public void init(Map attrib) throws InvalidKeyException
    144. 

  144.   {
    145. 

  145.     byte[] nonce = (byte[]) attrib.get(IV);
    146. 

  146.     if (nonce == null)
    147. 

  147.       throw new IllegalArgumentException("no nonce provided");
    148. 

  148.     byte[] key = (byte[]) attrib.get(KEY_MATERIAL);
    149. 

  149.     if (key == null)
    150. 

  150.       throw new IllegalArgumentException("no key provided");
    151. 

  151. 

  152.     Arrays.fill(t_n, (byte) 0);
    153. 

  153.     nonceOmac.reset();
    154. 

  154.     nonceOmac.init(Collections.singletonMap(MAC_KEY_MATERIAL, key));
    155. 

  155.     nonceOmac.update(t_n, 0, t_n.length);
    156. 

  156.     nonceOmac.update(nonce, 0, nonce.length);
    157. 

  157.     byte[] N = nonceOmac.digest();
    158. 

  158.     nonceOmac.reset();
    159. 

  159.     nonceOmac.update(t_n, 0, t_n.length);
    160. 

  160.     nonceOmac.update(nonce, 0, nonce.length);
    161. 

  161.     t_n[t_n.length - 1] = 1;
    162. 

  162.     headerOmac.reset();
    163. 

  163.     headerOmac.init(Collections.singletonMap(MAC_KEY_MATERIAL, key));
    164. 

  164.     headerOmac.update(t_n, 0, t_n.length);
    165. 

  165.     t_n[t_n.length - 1] = 2;
    166. 

  166.     msgOmac.reset();
    167. 

  167.     msgOmac.init(Collections.singletonMap(MAC_KEY_MATERIAL, key));
    168. 

  168.     msgOmac.update(t_n, 0, t_n.length);
    169. 

  169.     Integer modeSize = (Integer) attrib.get(MODE_BLOCK_SIZE);
    170. 

  170.     if (modeSize == null)
    171. 

  171.       modeSize = Integer.valueOf(cipherBlockSize);
    172. 

  172.     HashMap ctrAttr = new HashMap();
    173. 

  173.     ctrAttr.put(KEY_MATERIAL, key);
    174. 

  174.     ctrAttr.put(IV, N);
    175. 

  175.     ctrAttr.put(STATE, Integer.valueOf(ENCRYPTION));
    176. 

  176.     ctrAttr.put(MODE_BLOCK_SIZE, modeSize);
    177. 

  177.     ctr.reset();
    178. 

  178.     ctr.init(ctrAttr);
    179. 

  179.     Integer st = (Integer) attrib.get(STATE);
    180. 

  180.     if (st != null)
    181. 

  181.       {
    182. 

  182.         state = st.intValue();
    183. 

  183.         if (state != ENCRYPTION && state != DECRYPTION)
    184. 

  184.           throw new IllegalArgumentException("invalid state");
    185. 

  185.       }
    186. 

  186.     else
    187. 

  187.       state = ENCRYPTION;
    188. 

  188. 

  189.     Integer ts = (Integer) attrib.get(TRUNCATED_SIZE);
    190. 

  190.     if (ts != null)
    191. 

  191.       tagSize = ts.intValue();
    192. 

  192.     else
    193. 

  193.       tagSize = cipherBlockSize;
    194. 

  194.     if (tagSize < 0 || tagSize > cipherBlockSize)
    195. 

  195.       throw new IllegalArgumentException("tag size out of range");
    196. 

  196.     init = true;
    197. 

  197.   }
    198. 

  198. 

  199.   public int currentBlockSize()
    200. 

  200.   {
    201. 

  201.     return ctr.currentBlockSize();
    202. 

  202.   }
    203. 

  203. 

  204.   public void encryptBlock(byte[] in, int inOff, byte[] out, int outOff)
    205. 

  205.   {
    206. 

  206.     if (! init)
    207. 

  207.       throw new IllegalStateException("not initialized");
    208. 

  208.     if (state != ENCRYPTION)
    209. 

  209.       throw new IllegalStateException("not encrypting");
    210. 

  210.     ctr.update(in, inOff, out, outOff);
    211. 

  211.     msgOmac.update(out, outOff, ctr.currentBlockSize());
    212. 

  212.   }
    213. 

  213. 

  214.   public void decryptBlock(byte[] in, int inOff, byte[] out, int outOff)
    215. 

  215.   {
    216. 

  216.     if (! init)
    217. 

  217.       throw new IllegalStateException("not initialized");
    218. 

  218.     if (state != DECRYPTION)
    219. 

  219.       throw new IllegalStateException("not decrypting");
    220. 

  220.     msgOmac.update(in, inOff, ctr.currentBlockSize());
    221. 

  221.     ctr.update(in, inOff, out, outOff);
    222. 

  222.   }
    223. 

  223. 

  224.   public void update(byte[] in, int inOff, byte[] out, int outOff)
    225. 

  225.   {
    226. 

  226.     switch (state)
    227. 

  227.       {
    228. 

  228.       case ENCRYPTION:
    229. 

  229.         encryptBlock(in, inOff, out, outOff);
    230. 

  230.         break;
    231. 

  231.       case DECRYPTION:
    232. 

  232.         decryptBlock(in, inOff, out, outOff);
    233. 

  233.         break;
    234. 

  234.       default:
    235. 

  235.         throw new IllegalStateException("impossible state " + state);
    236. 

  236.       }
    237. 

  237.   }
    238. 

  238. 

  239.   public void reset()
    240. 

  240.   {
    241. 

  241.     nonceOmac.reset();
    242. 

  242.     headerOmac.reset();
    243. 

  243.     msgOmac.reset();
    244. 

  244.     ctr.reset();
    245. 

  245.   }
    246. 

  246. 

  247.   public boolean selfTest()
    248. 

  248.   {
    249. 

  249.     return true; // XXX
    250. 

  250.   }
    251. 

  251. 

  252.   public int macSize()
    253. 

  253.   {
    254. 

  254.     return tagSize;
    255. 

  255.   }
    256. 

  256. 

  257.   public byte[] digest()
    258. 

  258.   {
    259. 

  259.     byte[] tag = new byte[tagSize];
    260. 

  260.     digest(tag, 0);
    261. 

  261.     return tag;
    262. 

  262.   }
    263. 

  263. 

  264.   public void digest(byte[] out, int outOffset)
    265. 

  265.   {
    266. 

  266.     if (outOffset < 0 || outOffset + tagSize > out.length)
    267. 

  267.       throw new IndexOutOfBoundsException();
    268. 

  268.     byte[] N = nonceOmac.digest();
    269. 

  269.     byte[] H = headerOmac.digest();
    270. 

  270.     byte[] M = msgOmac.digest();
    271. 

  271.     for (int i = 0; i < tagSize; i++)
    272. 

  272.       out[outOffset + i] = (byte)(N[i] ^ H[i] ^ M[i]);
    273. 

  273.     reset();
    274. 

  274.   }
    275. 

  275. 

  276.   public void update(byte b)
    277. 

  277.   {
    278. 

  278.     if (! init)
    279. 

  279.       throw new IllegalStateException("not initialized");
    280. 

  280.     headerOmac.update(b);
    281. 

  281.   }
    282. 

  282. 

  283.   public void update(byte[] buf, int off, int len)
    284. 

  284.   {
    285. 

  285.     if (! init)
    286. 

  286.       throw new IllegalStateException("not initialized");
    287. 

  287.     headerOmac.update(buf, off, len);
    288. 

  288.   }
    289. 

  289. }
    290. 

  290.