cryptix.provider.mac

Class HMAC

public class HMAC extends MessageDigest implements Parameterized, Cloneable

A class to implement the HMAC message authentication code, as described in RFC 2104.

The definition of HMAC-X for a given message digest algorithm X depends on that algorithm's internal block size, which is passed into the constructor when this class is used directly. Normally, this class will be obtained indirectly via the JCA API, e.g. MessageDigest.getInstance("HMAC-SHA-1") if SHA-1 is to be used as the digest algorithm.

The key can be set as a byte array using the "key" parameter. It is not reset after the MAC has been returned (this enables successive MACs using the same key to be calculated efficiently). For example:

    import java.security.Parameterized;
 
MessageDigest hmac = MessageDigest.getInstance("HMAC-SHA-1"); byte[] key = ..., input1 = ..., input2 = ...; ((Parameterized) mac).setParameter("key", key); byte[] mac1 = hmac.digest(input1); byte[] mac2 = hmac.digest(input2);

Parameters other than "key" are passed through to the MessageDigest object, but this can only be done when the key is not set. An explicit call to reset() will 'unset' the key.

This implementation does not support truncation of the output MAC. If truncation is desired, the caller should use only the relevant initial bits of the output array.

Note that although this class implements Cloneable, its clone() method will throw a CloneNotSupportedException if the underlying MessageDigest cannot be cloned. This should not be the case for any of the Cryptix-supported digest algorithms.

HMAC is similar, but not identical to the MAC used by Secure Sockets Layer version 3. The JCA standard algorithm name of the variant used in SSL v3 is "SSL3MAC-X", for a message digest name X.

References:

  1. RFC 2104, HMAC: Keyed-Hashing for Message Authentication
  2. RFC 2202, Test Cases for HMAC-MD5 and HMAC-SHA-1

Copyright © 1997 Systemics Ltd on behalf of the Cryptix Development Team.
All rights reserved.

$Revision: 1.4 $

Since: Cryptix 3.0.3

Author: David Hopwood

Constructor Summary
HMAC(String mdAlgorithm, int mdBlockSize)
Constructs an HMAC object for the given MD algorithm name and block size.
Method Summary
Objectclone()
Returns a copy of this HMAC object.
protected byte[]engineDigest()
Calculates the final MAC.
protected intengineGetDigestLength()
SPI: Returns the digest length in bytes.
protected ObjectengineGetParameter(String param)
protected voidengineReset()
Resets this object disregarding any temporary data present at the time of the invocation of this call.
protected voidengineSetParameter(String param, Object value)
protected voidengineUpdate(byte input)
Continues an HMAC digest using the input byte.
protected voidengineUpdate(byte[] input, int offset, int len)
Hashes a byte array from a given offset for a specified length.
ObjectgetParameter(String param)
voidsetParameter(String param, Object value)

Constructor Detail

HMAC

public HMAC(String mdAlgorithm, int mdBlockSize)
Constructs an HMAC object for the given MD algorithm name and block size.

Do not rely on being able to use this constructor to obtain a subclass of MessageDigest; when Cryptix is changed to use the Java 1.2 provider architecture, it will be a subclass of MessageDigestSpi instead.

Parameters: mdAlgorithm the standard JCA algorithm name of the message digest to be used. mdBlockSize the internal block size of the digest algorithm.

Method Detail

clone

public Object clone()
Returns a copy of this HMAC object.

Throws: CloneNotSupportedException if the underlying MessageDigest is not cloneable.

engineDigest

protected byte[] engineDigest()
Calculates the final MAC.

RFC 2104 describes HMAC as follows:

The definition of HMAC requires a cryptographic hash function, which we denote by H, and a secret key K. We assume H to be a cryptographic hash function where data is hashed by iterating a basic compression function on blocks of data. We denote by B the byte-length of such blocks (B=64 for all the above mentioned examples of hash functions), and by L the byte-length of hash outputs (L=16 for MD5, L=20 for SHA-1). The authentication key K can be of any length up to B, the block length of the hash function. Applications that use keys longer than B bytes will first hash the key using H and then use the resultant L byte string as the actual key to HMAC. In any case the minimal recommended length for K is L bytes (as the hash output length). See section 3 for more information on keys.

We define two fixed and different strings ipad and opad as follows (the 'i' and 'o' are mnemonics for inner and outer):

ipad = the byte 0x36 repeated B times
opad = the byte 0x5C repeated B times.

To compute HMAC over the data 'text' we perform

H(K XOR opad, H(K XOR ipad, text))

Namely,

  1. append zeros to the end of K to create a B byte string (e.g., if K is of length 20 bytes and B=64, then K will be appended with 44 zero bytes 0x00)
  2. XOR (bitwise exclusive-OR) the B byte string computed in step (1) with ipad
  3. append the stream of data 'text' to the B byte string resulting from step (2)
  4. apply H to the stream generated in step (3)
  5. XOR (bitwise exclusive-OR) the B byte string computed in step (1) with opad
  6. append the H result from step (4) to the B byte string resulting from step (5)
  7. apply H to the stream generated in step (6) and output the result

engineGetDigestLength

protected int engineGetDigestLength()
SPI: Returns the digest length in bytes.

engineGetParameter

protected Object engineGetParameter(String param)

engineReset

protected void engineReset()
Resets this object disregarding any temporary data present at the time of the invocation of this call.

engineSetParameter

protected void engineSetParameter(String param, Object value)

engineUpdate

protected void engineUpdate(byte input)
Continues an HMAC digest using the input byte.

engineUpdate

protected void engineUpdate(byte[] input, int offset, int len)
Hashes a byte array from a given offset for a specified length.

Parameters: input byte array from which data is to be hashed. offset start index of bytes to hash in input. len number of bytes to hash.

getParameter

public Object getParameter(String param)

setParameter

public void setParameter(String param, Object value)