diff options
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/macs')
14 files changed, 0 insertions, 2992 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java deleted file mode 100644 index 6de39a85..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java +++ /dev/null @@ -1,174 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; - -public class BlockCipherMac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private BlockCipher cipher; - - private int macSize; - - /** - * create a standard MAC based on a block cipher. This will produce an - * authentication code half the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @deprecated use CBCBlockCipherMac - */ - public BlockCipherMac( - BlockCipher cipher) - { - this(cipher, (cipher.getBlockSize() * 8) / 2); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. - * <p> - * Note: the size of the MAC must be at least 16 bits (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @deprecated use CBCBlockCipherMac - */ - public BlockCipherMac( - BlockCipher cipher, - int macSizeInBits) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - this.cipher = new CBCBlockCipher(cipher); - this.macSize = macSizeInBits / 8; - - mac = new byte[cipher.getBlockSize()]; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - public void init( - CipherParameters params) - { - reset(); - - cipher.init(true, params); - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - if (bufOff == buf.length) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - resultLen += cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - // - // pad with zeroes - // - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - - cipher.processBlock(buf, 0, mac, 0); - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java deleted file mode 100644 index 9bf6cb0e..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java +++ /dev/null @@ -1,229 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; - -/** - * standard CBC Block Cipher MAC - if no padding is specified the default of - * pad of zeroes is used. - */ -public class CBCBlockCipherMac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private BlockCipher cipher; - private BlockCipherPadding padding; - - private int macSize; - - /** - * create a standard MAC based on a CBC block cipher. This will produce an - * authentication code half the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - */ - public CBCBlockCipherMac( - BlockCipher cipher) - { - this(cipher, (cipher.getBlockSize() * 8) / 2, null); - } - - /** - * create a standard MAC based on a CBC block cipher. This will produce an - * authentication code half the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param padding the padding to be used to complete the last block. - */ - public CBCBlockCipherMac( - BlockCipher cipher, - BlockCipherPadding padding) - { - this(cipher, (cipher.getBlockSize() * 8) / 2, padding); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CBC mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - */ - public CBCBlockCipherMac( - BlockCipher cipher, - int macSizeInBits) - { - this(cipher, macSizeInBits, null); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CBC mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @param padding the padding to be used to complete the last block. - */ - public CBCBlockCipherMac( - BlockCipher cipher, - int macSizeInBits, - BlockCipherPadding padding) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - this.cipher = new CBCBlockCipher(cipher); - this.padding = padding; - this.macSize = macSizeInBits / 8; - - mac = new byte[cipher.getBlockSize()]; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - public void init( - CipherParameters params) - { - reset(); - - cipher.init(true, params); - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - if (bufOff == buf.length) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - if (padding == null) - { - // - // pad with zeroes - // - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - } - else - { - if (bufOff == blockSize) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - padding.addPadding(buf, bufOff); - } - - cipher.processBlock(buf, 0, mac, 0); - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java deleted file mode 100644 index d7ad6126..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java +++ /dev/null @@ -1,388 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * implements a Cipher-FeedBack (CFB) mode on top of a simple cipher. - */ -class MacCFBBlockCipher -{ - private byte[] IV; - private byte[] cfbV; - private byte[] cfbOutV; - - private int blockSize; - private BlockCipher cipher = null; - - /** - * Basic constructor. - * - * @param cipher the block cipher to be used as the basis of the - * feedback mode. - * @param blockSize the block size in bits (note: a multiple of 8) - */ - public MacCFBBlockCipher( - BlockCipher cipher, - int bitBlockSize) - { - this.cipher = cipher; - this.blockSize = bitBlockSize / 8; - - this.IV = new byte[cipher.getBlockSize()]; - this.cfbV = new byte[cipher.getBlockSize()]; - this.cfbOutV = new byte[cipher.getBlockSize()]; - } - - /** - * Initialise the cipher and, possibly, the initialisation vector (IV). - * If an IV isn't passed as part of the parameter, the IV will be all zeros. - * An IV which is too short is handled in FIPS compliant fashion. - * - * @param param the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - CipherParameters params) - throws IllegalArgumentException - { - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - - if (iv.length < IV.length) - { - System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); - } - else - { - System.arraycopy(iv, 0, IV, 0, IV.length); - } - - reset(); - - cipher.init(true, ivParam.getParameters()); - } - else - { - reset(); - - cipher.init(true, params); - } - } - - /** - * return the algorithm name and mode. - * - * @return the name of the underlying algorithm followed by "/CFB" - * and the block size in bits. - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/CFB" + (blockSize * 8); - } - - /** - * return the block size we are operating at. - * - * @return the block size we are operating at (in bytes). - */ - public int getBlockSize() - { - return blockSize; - } - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - cipher.processBlock(cfbV, 0, cfbOutV, 0); - - // - // XOR the cfbV with the plaintext producing the cipher text - // - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]); - } - - // - // change over the input block. - // - System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize); - System.arraycopy(out, outOff, cfbV, cfbV.length - blockSize, blockSize); - - return blockSize; - } - - /** - * reset the chaining vector back to the IV and reset the underlying - * cipher. - */ - public void reset() - { - System.arraycopy(IV, 0, cfbV, 0, IV.length); - - cipher.reset(); - } - - void getMacBlock( - byte[] mac) - { - cipher.processBlock(cfbV, 0, mac, 0); - } -} - -public class CFBBlockCipherMac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private MacCFBBlockCipher cipher; - private BlockCipherPadding padding = null; - - - private int macSize; - - /** - * create a standard MAC based on a CFB block cipher. This will produce an - * authentication code half the length of the block size of the cipher, with - * the CFB mode set to 8 bits. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - */ - public CFBBlockCipherMac( - BlockCipher cipher) - { - this(cipher, 8, (cipher.getBlockSize() * 8) / 2, null); - } - - /** - * create a standard MAC based on a CFB block cipher. This will produce an - * authentication code half the length of the block size of the cipher, with - * the CFB mode set to 8 bits. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param padding the padding to be used. - */ - public CFBBlockCipherMac( - BlockCipher cipher, - BlockCipherPadding padding) - { - this(cipher, 8, (cipher.getBlockSize() * 8) / 2, padding); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CFB mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param cfbBitSize the size of an output block produced by the CFB mode. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - */ - public CFBBlockCipherMac( - BlockCipher cipher, - int cfbBitSize, - int macSizeInBits) - { - this(cipher, cfbBitSize, macSizeInBits, null); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CFB mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param cfbBitSize the size of an output block produced by the CFB mode. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @param padding a padding to be used. - */ - public CFBBlockCipherMac( - BlockCipher cipher, - int cfbBitSize, - int macSizeInBits, - BlockCipherPadding padding) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - mac = new byte[cipher.getBlockSize()]; - - this.cipher = new MacCFBBlockCipher(cipher, cfbBitSize); - this.padding = padding; - this.macSize = macSizeInBits / 8; - - buf = new byte[this.cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - public void init( - CipherParameters params) - { - reset(); - - cipher.init(params); - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - if (bufOff == buf.length) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - resultLen += cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - // - // pad with zeroes - // - if (this.padding == null) - { - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - } - else - { - padding.addPadding(buf, bufOff); - } - - cipher.processBlock(buf, 0, mac, 0); - - cipher.getMacBlock(mac); - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/CMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/CMac.java deleted file mode 100644 index 0492ae69..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/CMac.java +++ /dev/null @@ -1,261 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html - * <p> - * CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC - * </p><p> - * CMAC is a NIST recomendation - see - * csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf - * </p><p> - * CMAC/OMAC1 is a blockcipher-based message authentication code designed and - * analyzed by Tetsu Iwata and Kaoru Kurosawa. - * </p><p> - * CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message - * Authentication Code). OMAC stands for One-Key CBC MAC. - * </p><p> - * It supports 128- or 64-bits block ciphers, with any key size, and returns - * a MAC with dimension less or equal to the block size of the underlying - * cipher. - * </p> - */ -public class CMac implements Mac -{ - private static final byte CONSTANT_128 = (byte)0x87; - private static final byte CONSTANT_64 = (byte)0x1b; - - private byte[] ZEROES; - - private byte[] mac; - - private byte[] buf; - private int bufOff; - private BlockCipher cipher; - - private int macSize; - - private byte[] L, Lu, Lu2; - - /** - * create a standard MAC based on a CBC block cipher (64 or 128 bit block). - * This will produce an authentication code the length of the block size - * of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - */ - public CMac(BlockCipher cipher) - { - this(cipher, cipher.getBlockSize() * 8); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and <= 128. - */ - public CMac(BlockCipher cipher, int macSizeInBits) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - if (macSizeInBits > (cipher.getBlockSize() * 8)) - { - throw new IllegalArgumentException( - "MAC size must be less or equal to " - + (cipher.getBlockSize() * 8)); - } - - if (cipher.getBlockSize() != 8 && cipher.getBlockSize() != 16) - { - throw new IllegalArgumentException( - "Block size must be either 64 or 128 bits"); - } - - this.cipher = new CBCBlockCipher(cipher); - this.macSize = macSizeInBits / 8; - - mac = new byte[cipher.getBlockSize()]; - - buf = new byte[cipher.getBlockSize()]; - - ZEROES = new byte[cipher.getBlockSize()]; - - bufOff = 0; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - private static int shiftLeft(byte[] block, byte[] output) - { - int i = block.length; - int bit = 0; - while (--i >= 0) - { - int b = block[i] & 0xff; - output[i] = (byte)((b << 1) | bit); - bit = (b >>> 7) & 1; - } - return bit; - } - - private static byte[] doubleLu(byte[] in) - { - byte[] ret = new byte[in.length]; - int carry = shiftLeft(in, ret); - int xor = 0xff & (in.length == 16 ? CONSTANT_128 : CONSTANT_64); - - /* - * NOTE: This construction is an attempt at a constant-time implementation. - */ - ret[in.length - 1] ^= (xor >>> ((1 - carry) << 3)); - - return ret; - } - - public void init(CipherParameters params) - { - validate(params); - - cipher.init(true, params); - - //initializes the L, Lu, Lu2 numbers - L = new byte[ZEROES.length]; - cipher.processBlock(ZEROES, 0, L, 0); - Lu = doubleLu(L); - Lu2 = doubleLu(Lu); - - reset(); - } - - void validate(CipherParameters params) - { - if (params != null) - { - if (!(params instanceof KeyParameter)) - { - // CMAC mode does not permit IV to underlying CBC mode - throw new IllegalArgumentException("CMac mode only permits key to be set."); - } - } - } - - public int getMacSize() - { - return macSize; - } - - public void update(byte in) - { - if (bufOff == buf.length) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update(byte[] in, int inOff, int len) - { - if (len < 0) - { - throw new IllegalArgumentException( - "Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal(byte[] out, int outOff) - { - int blockSize = cipher.getBlockSize(); - - byte[] lu; - if (bufOff == blockSize) - { - lu = Lu; - } - else - { - new ISO7816d4Padding().addPadding(buf, bufOff); - lu = Lu2; - } - - for (int i = 0; i < mac.length; i++) - { - buf[i] ^= lu[i]; - } - - cipher.processBlock(buf, 0, mac, 0); - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/CMacWithIV.java b/core/src/main/java/org/bouncycastle/crypto/macs/CMacWithIV.java deleted file mode 100644 index a0371d95..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/CMacWithIV.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; - -/** - * A non-NIST variant which allows passing of an IV to the underlying CBC cipher. - * <p>Note: there isn't really a good reason to use an IV here, use the regular CMac where possible.</p> - */ -public class CMacWithIV - extends CMac -{ - public CMacWithIV(BlockCipher cipher) - { - super(cipher); - } - - public CMacWithIV(BlockCipher cipher, int macSizeInBits) - { - super(cipher, macSizeInBits); - } - - void validate(CipherParameters params) - { - // accept all - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java deleted file mode 100644 index b34f9ea5..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.params.AEADParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * The GMAC specialisation of Galois/Counter mode (GCM) detailed in NIST Special Publication - * 800-38D. - * <p> - * GMac is an invocation of the GCM mode where no data is encrypted (i.e. all input data to the Mac - * is processed as additional authenticated data with the underlying GCM block cipher). - */ -public class GMac implements Mac -{ - private final GCMBlockCipher cipher; - private final int macSizeBits; - - /** - * Creates a GMAC based on the operation of a block cipher in GCM mode. - * <p> - * This will produce an authentication code the length of the block size of the cipher. - * - * @param cipher - * the cipher to be used in GCM mode to generate the MAC. - */ - public GMac(final GCMBlockCipher cipher) - { - // use of this confused flow analyser in some earlier JDKs - this.cipher = cipher; - this.macSizeBits = 128; - } - - /** - * Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode. - * - * @param macSizeBits - * the mac size to generate, in bits. Must be a multiple of 8 and >= 32 and <= 128. - * Sizes less than 96 are not recommended, but are supported for specialized applications. - * @param cipher - * the cipher to be used in GCM mode to generate the MAC. - */ - public GMac(final GCMBlockCipher cipher, final int macSizeBits) - { - this.cipher = cipher; - this.macSizeBits = macSizeBits; - } - - /** - * Initialises the GMAC - requires a {@link ParametersWithIV} providing a {@link KeyParameter} - * and a nonce. - */ - public void init(final CipherParameters params) throws IllegalArgumentException - { - if (params instanceof ParametersWithIV) - { - final ParametersWithIV param = (ParametersWithIV)params; - - final byte[] iv = param.getIV(); - final KeyParameter keyParam = (KeyParameter)param.getParameters(); - - // GCM is always operated in encrypt mode to calculate MAC - cipher.init(true, new AEADParameters(keyParam, macSizeBits, iv)); - } - else - { - throw new IllegalArgumentException("GMAC requires ParametersWithIV"); - } - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName() + "-GMAC"; - } - - public int getMacSize() - { - return macSizeBits / 8; - } - - public void update(byte in) throws IllegalStateException - { - cipher.processAADByte(in); - } - - public void update(byte[] in, int inOff, int len) - throws DataLengthException, IllegalStateException - { - cipher.processAADBytes(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - throws DataLengthException, IllegalStateException - { - try - { - return cipher.doFinal(out, outOff); - } - catch (InvalidCipherTextException e) - { - // Impossible in encrypt mode - throw new IllegalStateException(e.toString()); - } - } - - public void reset() - { - cipher.reset(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/GOST28147Mac.java b/core/src/main/java/org/bouncycastle/crypto/macs/GOST28147Mac.java deleted file mode 100644 index b71975b8..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/GOST28147Mac.java +++ /dev/null @@ -1,298 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithSBox; - -/** - * implementation of GOST 28147-89 MAC - */ -public class GOST28147Mac - implements Mac -{ - private int blockSize = 8; - private int macSize = 4; - private int bufOff; - private byte[] buf; - private byte[] mac; - private boolean firstStep = true; - private int[] workingKey = null; - - // - // This is default S-box - E_A. - private byte S[] = { - 0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5, - 0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1, - 0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9, - 0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6, - 0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6, - 0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6, - 0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE, - 0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4 - }; - - public GOST28147Mac() - { - mac = new byte[blockSize]; - - buf = new byte[blockSize]; - bufOff = 0; - } - - private int[] generateWorkingKey( - byte[] userKey) - { - if (userKey.length != 32) - { - throw new IllegalArgumentException("Key length invalid. Key needs to be 32 byte - 256 bit!!!"); - } - - int key[] = new int[8]; - for(int i=0; i!=8; i++) - { - key[i] = bytesToint(userKey,i*4); - } - - return key; - } - - public void init( - CipherParameters params) - throws IllegalArgumentException - { - reset(); - buf = new byte[blockSize]; - if (params instanceof ParametersWithSBox) - { - ParametersWithSBox param = (ParametersWithSBox)params; - - // - // Set the S-Box - // - System.arraycopy(param.getSBox(), 0, this.S, 0, param.getSBox().length); - - // - // set key if there is one - // - if (param.getParameters() != null) - { - workingKey = generateWorkingKey(((KeyParameter)param.getParameters()).getKey()); - } - } - else if (params instanceof KeyParameter) - { - workingKey = generateWorkingKey(((KeyParameter)params).getKey()); - } - else - { - throw new IllegalArgumentException("invalid parameter passed to GOST28147 init - " + params.getClass().getName()); - } - } - - public String getAlgorithmName() - { - return "GOST28147Mac"; - } - - public int getMacSize() - { - return macSize; - } - - private int gost28147_mainStep(int n1, int key) - { - int cm = (key + n1); // CM1 - - // S-box replacing - - int om = S[ 0 + ((cm >> (0 * 4)) & 0xF)] << (0 * 4); - om += S[ 16 + ((cm >> (1 * 4)) & 0xF)] << (1 * 4); - om += S[ 32 + ((cm >> (2 * 4)) & 0xF)] << (2 * 4); - om += S[ 48 + ((cm >> (3 * 4)) & 0xF)] << (3 * 4); - om += S[ 64 + ((cm >> (4 * 4)) & 0xF)] << (4 * 4); - om += S[ 80 + ((cm >> (5 * 4)) & 0xF)] << (5 * 4); - om += S[ 96 + ((cm >> (6 * 4)) & 0xF)] << (6 * 4); - om += S[112 + ((cm >> (7 * 4)) & 0xF)] << (7 * 4); - - return om << 11 | om >>> (32-11); // 11-leftshift - } - - private void gost28147MacFunc( - int[] workingKey, - byte[] in, - int inOff, - byte[] out, - int outOff) - { - int N1, N2, tmp; //tmp -> for saving N1 - N1 = bytesToint(in, inOff); - N2 = bytesToint(in, inOff + 4); - - for(int k = 0; k < 2; k++) // 1-16 steps - { - for(int j = 0; j < 8; j++) - { - tmp = N1; - N1 = N2 ^ gost28147_mainStep(N1, workingKey[j]); // CM2 - N2 = tmp; - } - } - - intTobytes(N1, out, outOff); - intTobytes(N2, out, outOff + 4); - } - - //array of bytes to type int - private int bytesToint( - byte[] in, - int inOff) - { - return ((in[inOff + 3] << 24) & 0xff000000) + ((in[inOff + 2] << 16) & 0xff0000) + - ((in[inOff + 1] << 8) & 0xff00) + (in[inOff] & 0xff); - } - - //int to array of bytes - private void intTobytes( - int num, - byte[] out, - int outOff) - { - out[outOff + 3] = (byte)(num >>> 24); - out[outOff + 2] = (byte)(num >>> 16); - out[outOff + 1] = (byte)(num >>> 8); - out[outOff] = (byte)num; - } - - private byte[] CM5func(byte[] buf, int bufOff, byte[] mac) - { - byte[] sum = new byte[buf.length - bufOff]; - - System.arraycopy(buf, bufOff, sum, 0, mac.length); - - for (int i = 0; i != mac.length; i++) - { - sum[i] = (byte)(sum[i] ^ mac[i]); - } - - return sum; - } - - public void update(byte in) - throws IllegalStateException - { - if (bufOff == buf.length) - { - byte[] sumbuf = new byte[buf.length]; - System.arraycopy(buf, 0, sumbuf, 0, mac.length); - - if (firstStep) - { - firstStep = false; - } - else - { - sumbuf = CM5func(buf, 0, mac); - } - - gost28147MacFunc(workingKey, sumbuf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update(byte[] in, int inOff, int len) - throws DataLengthException, IllegalStateException - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - byte[] sumbuf = new byte[buf.length]; - System.arraycopy(buf, 0, sumbuf, 0, mac.length); - - if (firstStep) - { - firstStep = false; - } - else - { - sumbuf = CM5func(buf, 0, mac); - } - - gost28147MacFunc(workingKey, sumbuf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - sumbuf = CM5func(in, inOff, mac); - gost28147MacFunc(workingKey, sumbuf, 0, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal(byte[] out, int outOff) - throws DataLengthException, IllegalStateException - { - //padding with zero - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - - byte[] sumbuf = new byte[buf.length]; - System.arraycopy(buf, 0, sumbuf, 0, mac.length); - - if (firstStep) - { - firstStep = false; - } - else - { - sumbuf = CM5func(buf, 0, mac); - } - - gost28147MacFunc(workingKey, sumbuf, 0, mac, 0); - - System.arraycopy(mac, (mac.length/2)-macSize, out, outOff, macSize); - - reset(); - - return macSize; - } - - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - firstStep = true; - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/HMac.java deleted file mode 100644 index d4345d9b..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/HMac.java +++ /dev/null @@ -1,231 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import java.util.Hashtable; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.Memoable; - -/** - * HMAC implementation based on RFC2104 - * - * H(K XOR opad, H(K XOR ipad, text)) - */ -public class HMac - implements Mac -{ - private final static byte IPAD = (byte)0x36; - private final static byte OPAD = (byte)0x5C; - - private Digest digest; - private int digestSize; - private int blockLength; - private Memoable ipadState; - private Memoable opadState; - - private byte[] inputPad; - private byte[] outputBuf; - - private static Hashtable blockLengths; - - static - { - blockLengths = new Hashtable(); - - blockLengths.put("GOST3411", Integers.valueOf(32)); - - blockLengths.put("MD2", Integers.valueOf(16)); - blockLengths.put("MD4", Integers.valueOf(64)); - blockLengths.put("MD5", Integers.valueOf(64)); - - blockLengths.put("RIPEMD128", Integers.valueOf(64)); - blockLengths.put("RIPEMD160", Integers.valueOf(64)); - - blockLengths.put("SHA-1", Integers.valueOf(64)); - blockLengths.put("SHA-224", Integers.valueOf(64)); - blockLengths.put("SHA-256", Integers.valueOf(64)); - blockLengths.put("SHA-384", Integers.valueOf(128)); - blockLengths.put("SHA-512", Integers.valueOf(128)); - - blockLengths.put("Tiger", Integers.valueOf(64)); - blockLengths.put("Whirlpool", Integers.valueOf(64)); - } - - private static int getByteLength( - Digest digest) - { - if (digest instanceof ExtendedDigest) - { - return ((ExtendedDigest)digest).getByteLength(); - } - - Integer b = (Integer)blockLengths.get(digest.getAlgorithmName()); - - if (b == null) - { - throw new IllegalArgumentException("unknown digest passed: " + digest.getAlgorithmName()); - } - - return b.intValue(); - } - - /** - * Base constructor for one of the standard digest algorithms that the - * byteLength of the algorithm is know for. - * - * @param digest the digest. - */ - public HMac( - Digest digest) - { - this(digest, getByteLength(digest)); - } - - private HMac( - Digest digest, - int byteLength) - { - this.digest = digest; - this.digestSize = digest.getDigestSize(); - this.blockLength = byteLength; - this.inputPad = new byte[blockLength]; - this.outputBuf = new byte[blockLength + digestSize]; - } - - public String getAlgorithmName() - { - return digest.getAlgorithmName() + "/HMAC"; - } - - public Digest getUnderlyingDigest() - { - return digest; - } - - public void init( - CipherParameters params) - { - digest.reset(); - - byte[] key = ((KeyParameter)params).getKey(); - int keyLength = key.length; - - if (keyLength > blockLength) - { - digest.update(key, 0, keyLength); - digest.doFinal(inputPad, 0); - - keyLength = digestSize; - } - else - { - System.arraycopy(key, 0, inputPad, 0, keyLength); - } - - for (int i = keyLength; i < inputPad.length; i++) - { - inputPad[i] = 0; - } - - System.arraycopy(inputPad, 0, outputBuf, 0, blockLength); - - xorPad(inputPad, blockLength, IPAD); - xorPad(outputBuf, blockLength, OPAD); - - if (digest instanceof Memoable) - { - opadState = ((Memoable)digest).copy(); - - ((Digest)opadState).update(outputBuf, 0, blockLength); - } - - digest.update(inputPad, 0, inputPad.length); - - if (digest instanceof Memoable) - { - ipadState = ((Memoable)digest).copy(); - } - } - - public int getMacSize() - { - return digestSize; - } - - public void update( - byte in) - { - digest.update(in); - } - - public void update( - byte[] in, - int inOff, - int len) - { - digest.update(in, inOff, len); - } - - public int doFinal( - byte[] out, - int outOff) - { - digest.doFinal(outputBuf, blockLength); - - if (opadState != null) - { - ((Memoable)digest).reset(opadState); - digest.update(outputBuf, blockLength, digest.getDigestSize()); - } - else - { - digest.update(outputBuf, 0, outputBuf.length); - } - - int len = digest.doFinal(out, outOff); - - for (int i = blockLength; i < outputBuf.length; i++) - { - outputBuf[i] = 0; - } - - if (ipadState != null) - { - ((Memoable)digest).reset(ipadState); - } - else - { - digest.update(inputPad, 0, inputPad.length); - } - - return len; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * reset the underlying digest. - */ - digest.reset(); - - /* - * reinitialize the digest. - */ - digest.update(inputPad, 0, inputPad.length); - } - - private static void xorPad(byte[] pad, int len, byte n) - { - for (int i = 0; i < len; ++i) - { - pad[i] ^= n; - } - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java b/core/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java deleted file mode 100644 index 330b39e7..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java +++ /dev/null @@ -1,305 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC) - * - * This could as well be derived from CBCBlockCipherMac, but then the property mac in the base - * class must be changed to protected - */ - -public class ISO9797Alg3Mac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private BlockCipher cipher; - private BlockCipherPadding padding; - - private int macSize; - private KeyParameter lastKey2; - private KeyParameter lastKey3; - - /** - * create a Retail-MAC based on a CBC block cipher. This will produce an - * authentication code of the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. This must - * be DESEngine. - */ - public ISO9797Alg3Mac( - BlockCipher cipher) - { - this(cipher, cipher.getBlockSize() * 8, null); - } - - /** - * create a Retail-MAC based on a CBC block cipher. This will produce an - * authentication code of the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param padding the padding to be used to complete the last block. - */ - public ISO9797Alg3Mac( - BlockCipher cipher, - BlockCipherPadding padding) - { - this(cipher, cipher.getBlockSize() * 8, padding); - } - - /** - * create a Retail-MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses single DES CBC mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - */ - public ISO9797Alg3Mac( - BlockCipher cipher, - int macSizeInBits) - { - this(cipher, macSizeInBits, null); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses single DES CBC mode as the basis for the - * MAC generation. The final block is decrypted and then encrypted using the - * middle and right part of the key. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @param padding the padding to be used to complete the last block. - */ - public ISO9797Alg3Mac( - BlockCipher cipher, - int macSizeInBits, - BlockCipherPadding padding) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - if (!(cipher instanceof DESEngine)) - { - throw new IllegalArgumentException("cipher must be instance of DESEngine"); - } - - this.cipher = new CBCBlockCipher(cipher); - this.padding = padding; - this.macSize = macSizeInBits / 8; - - mac = new byte[cipher.getBlockSize()]; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return "ISO9797Alg3"; - } - - public void init(CipherParameters params) - { - reset(); - - if (!(params instanceof KeyParameter || params instanceof ParametersWithIV)) - { - throw new IllegalArgumentException( - "params must be an instance of KeyParameter or ParametersWithIV"); - } - - // KeyParameter must contain a double or triple length DES key, - // however the underlying cipher is a single DES. The middle and - // right key are used only in the final step. - - KeyParameter kp; - - if (params instanceof KeyParameter) - { - kp = (KeyParameter)params; - } - else - { - kp = (KeyParameter)((ParametersWithIV)params).getParameters(); - } - - KeyParameter key1; - byte[] keyvalue = kp.getKey(); - - if (keyvalue.length == 16) - { // Double length DES key - key1 = new KeyParameter(keyvalue, 0, 8); - this.lastKey2 = new KeyParameter(keyvalue, 8, 8); - this.lastKey3 = key1; - } - else if (keyvalue.length == 24) - { // Triple length DES key - key1 = new KeyParameter(keyvalue, 0, 8); - this.lastKey2 = new KeyParameter(keyvalue, 8, 8); - this.lastKey3 = new KeyParameter(keyvalue, 16, 8); - } - else - { - throw new IllegalArgumentException( - "Key must be either 112 or 168 bit long"); - } - - if (params instanceof ParametersWithIV) - { - cipher.init(true, new ParametersWithIV(key1, ((ParametersWithIV)params).getIV())); - } - else - { - cipher.init(true, key1); - } - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - if (bufOff == buf.length) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - resultLen += cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - if (padding == null) - { - // - // pad with zeroes - // - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - } - else - { - if (bufOff == blockSize) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - padding.addPadding(buf, bufOff); - } - - cipher.processBlock(buf, 0, mac, 0); - - // Added to code from base class - DESEngine deseng = new DESEngine(); - - deseng.init(false, this.lastKey2); - deseng.processBlock(mac, 0, mac, 0); - - deseng.init(true, this.lastKey3); - deseng.processBlock(mac, 0, mac, 0); - // **** - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java deleted file mode 100644 index 7463afd3..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * HMAC implementation based on RFC2104 - * - * H(K XOR opad, H(K XOR ipad, text)) - */ -public class OldHMac -implements Mac -{ - private final static int BLOCK_LENGTH = 64; - - private final static byte IPAD = (byte)0x36; - private final static byte OPAD = (byte)0x5C; - - private Digest digest; - private int digestSize; - private byte[] inputPad = new byte[BLOCK_LENGTH]; - private byte[] outputPad = new byte[BLOCK_LENGTH]; - - /** - * @deprecated uses incorrect pad for SHA-512 and SHA-384 use HMac. - */ - public OldHMac( - Digest digest) - { - this.digest = digest; - digestSize = digest.getDigestSize(); - } - - public String getAlgorithmName() - { - return digest.getAlgorithmName() + "/HMAC"; - } - - public Digest getUnderlyingDigest() - { - return digest; - } - - public void init( - CipherParameters params) - { - digest.reset(); - - byte[] key = ((KeyParameter)params).getKey(); - - if (key.length > BLOCK_LENGTH) - { - digest.update(key, 0, key.length); - digest.doFinal(inputPad, 0); - for (int i = digestSize; i < inputPad.length; i++) - { - inputPad[i] = 0; - } - } - else - { - System.arraycopy(key, 0, inputPad, 0, key.length); - for (int i = key.length; i < inputPad.length; i++) - { - inputPad[i] = 0; - } - } - - outputPad = new byte[inputPad.length]; - System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length); - - for (int i = 0; i < inputPad.length; i++) - { - inputPad[i] ^= IPAD; - } - - for (int i = 0; i < outputPad.length; i++) - { - outputPad[i] ^= OPAD; - } - - digest.update(inputPad, 0, inputPad.length); - } - - public int getMacSize() - { - return digestSize; - } - - public void update( - byte in) - { - digest.update(in); - } - - public void update( - byte[] in, - int inOff, - int len) - { - digest.update(in, inOff, len); - } - - public int doFinal( - byte[] out, - int outOff) - { - byte[] tmp = new byte[digestSize]; - digest.doFinal(tmp, 0); - - digest.update(outputPad, 0, outputPad.length); - digest.update(tmp, 0, tmp.length); - - int len = digest.doFinal(out, outOff); - - reset(); - - return len; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * reset the underlying digest. - */ - digest.reset(); - - /* - * reinitialize the digest. - */ - digest.update(inputPad, 0, inputPad.length); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java b/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java deleted file mode 100644 index 7a346f1e..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java +++ /dev/null @@ -1,306 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.util.Pack; - -/** - * Poly1305 message authentication code, designed by D. J. Bernstein. - * <p> - * Poly1305 computes a 128-bit (16 bytes) authenticator, using a 128 bit nonce and a 256 bit key - * consisting of a 128 bit key applied to an underlying cipher, and a 128 bit key (with 106 - * effective key bits) used in the authenticator. - * <p> - * The polynomial calculation in this implementation is adapted from the public domain <a - * href="https://github.com/floodyberry/poly1305-donna">poly1305-donna-unrolled</a> C implementation - * by Andrew M (@floodyberry). - * @see Poly1305KeyGenerator - */ -public class Poly1305 - implements Mac -{ - private static final int BLOCK_SIZE = 16; - - private final BlockCipher cipher; - - private final byte[] singleByte = new byte[1]; - - // Initialised state - - /** Polynomial key */ - private int r0, r1, r2, r3, r4; - - /** Precomputed 5 * r[1..4] */ - private int s1, s2, s3, s4; - - /** Encrypted nonce */ - private int k0, k1, k2, k3; - - // Accumulating state - - /** Current block of buffered input */ - private final byte[] currentBlock = new byte[BLOCK_SIZE]; - - /** Current offset in input buffer */ - private int currentBlockOffset = 0; - - /** Polynomial accumulator */ - private int h0, h1, h2, h3, h4; - - /** - * Constructs a Poly1305 MAC, where the key passed to init() will be used directly. - */ - public Poly1305() - { - this.cipher = null; - } - - /** - * Constructs a Poly1305 MAC, using a 128 bit block cipher. - */ - public Poly1305(final BlockCipher cipher) - { - if (cipher.getBlockSize() != BLOCK_SIZE) - { - throw new IllegalArgumentException("Poly1305 requires a 128 bit block cipher."); - } - this.cipher = cipher; - } - - /** - * Initialises the Poly1305 MAC. - * - * @param params if used with a block cipher, then a {@link ParametersWithIV} containing a 128 bit - * nonce and a {@link KeyParameter} with a 256 bit key complying to the - * {@link Poly1305KeyGenerator Poly1305 key format}, otherwise just the - * {@link KeyParameter}. - */ - public void init(CipherParameters params) - throws IllegalArgumentException - { - byte[] nonce = null; - - if (cipher != null) - { - if (!(params instanceof ParametersWithIV)) - { - throw new IllegalArgumentException("Poly1305 requires an IV when used with a block cipher."); - } - - ParametersWithIV ivParams = (ParametersWithIV)params; - nonce = ivParams.getIV(); - params = ivParams.getParameters(); - } - - if (!(params instanceof KeyParameter)) - { - throw new IllegalArgumentException("Poly1305 requires a key."); - } - - KeyParameter keyParams = (KeyParameter)params; - - setKey(keyParams.getKey(), nonce); - - reset(); - } - - private void setKey(final byte[] key, final byte[] nonce) - { - if (cipher != null && (nonce == null || nonce.length != BLOCK_SIZE)) - { - throw new IllegalArgumentException("Poly1305 requires a 128 bit IV."); - } - - Poly1305KeyGenerator.checkKey(key); - - // Extract r portion of key - int t0 = Pack.littleEndianToInt(key, BLOCK_SIZE + 0); - int t1 = Pack.littleEndianToInt(key, BLOCK_SIZE + 4); - int t2 = Pack.littleEndianToInt(key, BLOCK_SIZE + 8); - int t3 = Pack.littleEndianToInt(key, BLOCK_SIZE + 12); - - r0 = t0 & 0x3ffffff; t0 >>>= 26; t0 |= t1 << 6; - r1 = t0 & 0x3ffff03; t1 >>>= 20; t1 |= t2 << 12; - r2 = t1 & 0x3ffc0ff; t2 >>>= 14; t2 |= t3 << 18; - r3 = t2 & 0x3f03fff; t3 >>>= 8; - r4 = t3 & 0x00fffff; - - // Precompute multipliers - s1 = r1 * 5; - s2 = r2 * 5; - s3 = r3 * 5; - s4 = r4 * 5; - - final byte[] kBytes; - if (cipher == null) - { - kBytes = key; - } - else - { - // Compute encrypted nonce - kBytes = new byte[BLOCK_SIZE]; - cipher.init(true, new KeyParameter(key, 0, BLOCK_SIZE)); - cipher.processBlock(nonce, 0, kBytes, 0); - } - - k0 = Pack.littleEndianToInt(kBytes, 0); - k1 = Pack.littleEndianToInt(kBytes, 4); - k2 = Pack.littleEndianToInt(kBytes, 8); - k3 = Pack.littleEndianToInt(kBytes, 12); - } - - public String getAlgorithmName() - { - return cipher == null ? "Poly1305" : "Poly1305-" + cipher.getAlgorithmName(); - } - - public int getMacSize() - { - return BLOCK_SIZE; - } - - public void update(final byte in) - throws IllegalStateException - { - singleByte[0] = in; - update(singleByte, 0, 1); - } - - public void update(final byte[] in, final int inOff, final int len) - throws DataLengthException, - IllegalStateException - { - int copied = 0; - while (len > copied) - { - if (currentBlockOffset == BLOCK_SIZE) - { - processBlock(); - currentBlockOffset = 0; - } - - int toCopy = Math.min((len - copied), BLOCK_SIZE - currentBlockOffset); - System.arraycopy(in, copied + inOff, currentBlock, currentBlockOffset, toCopy); - copied += toCopy; - currentBlockOffset += toCopy; - } - - } - - private void processBlock() - { - if (currentBlockOffset < BLOCK_SIZE) - { - currentBlock[currentBlockOffset] = 1; - for (int i = currentBlockOffset + 1; i < BLOCK_SIZE; i++) - { - currentBlock[i] = 0; - } - } - - final long t0 = 0xffffffffL & Pack.littleEndianToInt(currentBlock, 0); - final long t1 = 0xffffffffL & Pack.littleEndianToInt(currentBlock, 4); - final long t2 = 0xffffffffL & Pack.littleEndianToInt(currentBlock, 8); - final long t3 = 0xffffffffL & Pack.littleEndianToInt(currentBlock, 12); - - h0 += t0 & 0x3ffffff; - h1 += (((t1 << 32) | t0) >>> 26) & 0x3ffffff; - h2 += (((t2 << 32) | t1) >>> 20) & 0x3ffffff; - h3 += (((t3 << 32) | t2) >>> 14) & 0x3ffffff; - h4 += (t3 >>> 8); - - if (currentBlockOffset == BLOCK_SIZE) - { - h4 += (1 << 24); - } - - long tp0 = mul32x32_64(h0,r0) + mul32x32_64(h1,s4) + mul32x32_64(h2,s3) + mul32x32_64(h3,s2) + mul32x32_64(h4,s1); - long tp1 = mul32x32_64(h0,r1) + mul32x32_64(h1,r0) + mul32x32_64(h2,s4) + mul32x32_64(h3,s3) + mul32x32_64(h4,s2); - long tp2 = mul32x32_64(h0,r2) + mul32x32_64(h1,r1) + mul32x32_64(h2,r0) + mul32x32_64(h3,s4) + mul32x32_64(h4,s3); - long tp3 = mul32x32_64(h0,r3) + mul32x32_64(h1,r2) + mul32x32_64(h2,r1) + mul32x32_64(h3,r0) + mul32x32_64(h4,s4); - long tp4 = mul32x32_64(h0,r4) + mul32x32_64(h1,r3) + mul32x32_64(h2,r2) + mul32x32_64(h3,r1) + mul32x32_64(h4,r0); - - long b; - h0 = (int)tp0 & 0x3ffffff; b = (tp0 >>> 26); - tp1 += b; h1 = (int)tp1 & 0x3ffffff; b = ((tp1 >>> 26) & 0xffffffff); - tp2 += b; h2 = (int)tp2 & 0x3ffffff; b = ((tp2 >>> 26) & 0xffffffff); - tp3 += b; h3 = (int)tp3 & 0x3ffffff; b = (tp3 >>> 26); - tp4 += b; h4 = (int)tp4 & 0x3ffffff; b = (tp4 >>> 26); - h0 += b * 5; - } - - public int doFinal(final byte[] out, final int outOff) - throws DataLengthException, - IllegalStateException - { - if (outOff + BLOCK_SIZE > out.length) - { - throw new DataLengthException("Output buffer is too short."); - } - - if (currentBlockOffset > 0) - { - // Process padded final block - processBlock(); - } - - long f0, f1, f2, f3; - - int b = h0 >>> 26; - h0 = h0 & 0x3ffffff; - h1 += b; b = h1 >>> 26; h1 = h1 & 0x3ffffff; - h2 += b; b = h2 >>> 26; h2 = h2 & 0x3ffffff; - h3 += b; b = h3 >>> 26; h3 = h3 & 0x3ffffff; - h4 += b; b = h4 >>> 26; h4 = h4 & 0x3ffffff; - h0 += b * 5; - - int g0, g1, g2, g3, g4; - g0 = h0 + 5; b = g0 >>> 26; g0 &= 0x3ffffff; - g1 = h1 + b; b = g1 >>> 26; g1 &= 0x3ffffff; - g2 = h2 + b; b = g2 >>> 26; g2 &= 0x3ffffff; - g3 = h3 + b; b = g3 >>> 26; g3 &= 0x3ffffff; - g4 = h4 + b - (1 << 26); - - b = (g4 >>> 31) - 1; - int nb = ~b; - h0 = (h0 & nb) | (g0 & b); - h1 = (h1 & nb) | (g1 & b); - h2 = (h2 & nb) | (g2 & b); - h3 = (h3 & nb) | (g3 & b); - h4 = (h4 & nb) | (g4 & b); - - f0 = (((h0 ) | (h1 << 26)) & 0xffffffffl) + (0xffffffffL & k0); - f1 = (((h1 >>> 6 ) | (h2 << 20)) & 0xffffffffl) + (0xffffffffL & k1); - f2 = (((h2 >>> 12) | (h3 << 14)) & 0xffffffffl) + (0xffffffffL & k2); - f3 = (((h3 >>> 18) | (h4 << 8 )) & 0xffffffffl) + (0xffffffffL & k3); - - Pack.intToLittleEndian((int)f0, out, outOff); - f1 += (f0 >>> 32); - Pack.intToLittleEndian((int)f1, out, outOff + 4); - f2 += (f1 >>> 32); - Pack.intToLittleEndian((int)f2, out, outOff + 8); - f3 += (f2 >>> 32); - Pack.intToLittleEndian((int)f3, out, outOff + 12); - - reset(); - return BLOCK_SIZE; - } - - public void reset() - { - currentBlockOffset = 0; - - h0 = h1 = h2 = h3 = h4 = 0; - } - - private static final long mul32x32_64(int i1, int i2) - { - return ((long)i1) * i2; - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/SipHash.java b/core/src/main/java/org/bouncycastle/crypto/macs/SipHash.java deleted file mode 100644 index d6b9dbb8..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/SipHash.java +++ /dev/null @@ -1,216 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.util.Pack; - -/** - * Implementation of SipHash as specified in "SipHash: a fast short-input PRF", by Jean-Philippe - * Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf). - * <p> - * "SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d are the number of - * compression rounds and the number of finalization rounds. A compression round is identical to a - * finalization round and this round function is called SipRound. Given a 128-bit key k and a - * (possibly empty) byte string m, SipHash-c-d returns a 64-bit value..." - */ -public class SipHash - implements Mac -{ - protected final int c, d; - - protected long k0, k1; - protected long v0, v1, v2, v3; - - protected long m = 0; - protected int wordPos = 0; - protected int wordCount = 0; - - /** - * SipHash-2-4 - */ - public SipHash() - { - // use of 'this' confuses the flow analyser on earlier JDKs. - this.c = 2; - this.d = 4; - } - - /** - * SipHash-c-d - * - * @param c the number of compression rounds - * @param d the number of finalization rounds - */ - public SipHash(int c, int d) - { - this.c = c; - this.d = d; - } - - public String getAlgorithmName() - { - return "SipHash-" + c + "-" + d; - } - - public int getMacSize() - { - return 8; - } - - public void init(CipherParameters params) - throws IllegalArgumentException - { - if (!(params instanceof KeyParameter)) - { - throw new IllegalArgumentException("'params' must be an instance of KeyParameter"); - } - KeyParameter keyParameter = (KeyParameter)params; - byte[] key = keyParameter.getKey(); - if (key.length != 16) - { - throw new IllegalArgumentException("'params' must be a 128-bit key"); - } - - this.k0 = Pack.littleEndianToLong(key, 0); - this.k1 = Pack.littleEndianToLong(key, 8); - - reset(); - } - - public void update(byte input) - throws IllegalStateException - { - m >>>= 8; - m |= (input & 0xffL) << 56; - - if (++wordPos == 8) - { - processMessageWord(); - wordPos = 0; - } - } - - public void update(byte[] input, int offset, int length) - throws DataLengthException, - IllegalStateException - { - int i = 0, fullWords = length & ~7; - if (wordPos == 0) - { - for (; i < fullWords; i += 8) - { - m = Pack.littleEndianToLong(input, offset + i); - processMessageWord(); - } - for (; i < length; ++i) - { - m >>>= 8; - m |= (input[offset + i] & 0xffL) << 56; - } - wordPos = length - fullWords; - } - else - { - int bits = wordPos << 3; - for (; i < fullWords; i += 8) - { - long n = Pack.littleEndianToLong(input, offset + i); - m = (n << bits) | (m >>> -bits); - processMessageWord(); - m = n; - } - for (; i < length; ++i) - { - m >>>= 8; - m |= (input[offset + i] & 0xffL) << 56; - - if (++wordPos == 8) - { - processMessageWord(); - wordPos = 0; - } - } - } - } - - public long doFinal() - throws DataLengthException, IllegalStateException - { - // NOTE: 2 distinct shifts to avoid "64-bit shift" when wordPos == 0 - m >>>= ((7 - wordPos) << 3); - m >>>= 8; - m |= (((wordCount << 3) + wordPos) & 0xffL) << 56; - - processMessageWord(); - - v2 ^= 0xffL; - - applySipRounds(d); - - long result = v0 ^ v1 ^ v2 ^ v3; - - reset(); - - return result; - } - - public int doFinal(byte[] out, int outOff) - throws DataLengthException, IllegalStateException - { - long result = doFinal(); - Pack.longToLittleEndian(result, out, outOff); - return 8; - } - - public void reset() - { - v0 = k0 ^ 0x736f6d6570736575L; - v1 = k1 ^ 0x646f72616e646f6dL; - v2 = k0 ^ 0x6c7967656e657261L; - v3 = k1 ^ 0x7465646279746573L; - - m = 0; - wordPos = 0; - wordCount = 0; - } - - protected void processMessageWord() - { - ++wordCount; - v3 ^= m; - applySipRounds(c); - v0 ^= m; - } - - protected void applySipRounds(int n) - { - long r0 = v0, r1 = v1, r2 = v2, r3 = v3; - - for (int r = 0; r < n; ++r) - { - r0 += r1; - r2 += r3; - r1 = rotateLeft(r1, 13); - r3 = rotateLeft(r3, 16); - r1 ^= r0; - r3 ^= r2; - r0 = rotateLeft(r0, 32); - r2 += r1; - r0 += r3; - r1 = rotateLeft(r1, 17); - r3 = rotateLeft(r3, 21); - r1 ^= r2; - r3 ^= r0; - r2 = rotateLeft(r2, 32); - } - - v0 = r0; v1 = r1; v2 = r2; v3 = r3; - } - - protected static long rotateLeft(long x, int n) - { - return (x << n) | (x >>> -n); - } -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java deleted file mode 100644 index 7115b510..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java +++ /dev/null @@ -1,118 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.digests.SkeinEngine; -import org.bouncycastle.crypto.engines.ThreefishEngine; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.SkeinParameters; - -/** - * Implementation of the Skein parameterised MAC function in 256, 512 and 1024 bit block sizes, - * based on the {@link ThreefishEngine Threefish} tweakable block cipher. - * <p> - * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3 - * competition in October 2010. - * <p> - * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir - * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker. - * - * @see SkeinEngine - * @see SkeinParameters - */ -public class SkeinMac - implements Mac -{ - /** - * 256 bit block size - Skein MAC-256 - */ - public static final int SKEIN_256 = SkeinEngine.SKEIN_256; - /** - * 512 bit block size - Skein MAC-512 - */ - public static final int SKEIN_512 = SkeinEngine.SKEIN_512; - /** - * 1024 bit block size - Skein MAC-1024 - */ - public static final int SKEIN_1024 = SkeinEngine.SKEIN_1024; - - private SkeinEngine engine; - - /** - * Constructs a Skein MAC with an internal state size and output size. - * - * @param stateSizeBits the internal state size in bits - one of {@link #SKEIN_256}, {@link #SKEIN_512} or - * {@link #SKEIN_1024}. - * @param digestSizeBits the output/MAC size to produce in bits, which must be an integral number of bytes. - */ - public SkeinMac(int stateSizeBits, int digestSizeBits) - { - this.engine = new SkeinEngine(stateSizeBits, digestSizeBits); - } - - public SkeinMac(SkeinMac mac) - { - this.engine = new SkeinEngine(mac.engine); - } - - public String getAlgorithmName() - { - return "Skein-MAC-" + (engine.getBlockSize() * 8) + "-" + (engine.getOutputSize() * 8); - } - - /** - * Initialises the Skein digest with the provided parameters.<br> - * See {@link SkeinParameters} for details on the parameterisation of the Skein hash function. - * - * @param params an instance of {@link SkeinParameters} or {@link KeyParameter}. - */ - public void init(CipherParameters params) - throws IllegalArgumentException - { - SkeinParameters skeinParameters; - if (params instanceof SkeinParameters) - { - skeinParameters = (SkeinParameters)params; - } - else if (params instanceof KeyParameter) - { - skeinParameters = new SkeinParameters.Builder().setKey(((KeyParameter)params).getKey()).build(); - } - else - { - throw new IllegalArgumentException("Invalid parameter passed to Skein MAC init - " - + params.getClass().getName()); - } - if (skeinParameters.getKey() == null) - { - throw new IllegalArgumentException("Skein MAC requires a key parameter."); - } - engine.init(skeinParameters); - } - - public int getMacSize() - { - return engine.getOutputSize(); - } - - public void reset() - { - engine.reset(); - } - - public void update(byte in) - { - engine.update(in); - } - - public void update(byte[] in, int inOff, int len) - { - engine.update(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - return engine.doFinal(out, outOff); - } - -} diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/VMPCMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/VMPCMac.java deleted file mode 100644 index 58d06d08..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/macs/VMPCMac.java +++ /dev/null @@ -1,186 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public class VMPCMac implements Mac -{ - private byte g; - - private byte n = 0; - private byte[] P = null; - private byte s = 0; - - private byte[] T; - private byte[] workingIV; - - private byte[] workingKey; - - private byte x1, x2, x3, x4; - - public int doFinal(byte[] out, int outOff) - throws DataLengthException, IllegalStateException - { - // Execute the Post-Processing Phase - for (int r = 1; r < 25; r++) - { - s = P[(s + P[n & 0xff]) & 0xff]; - - x4 = P[(x4 + x3 + r) & 0xff]; - x3 = P[(x3 + x2 + r) & 0xff]; - x2 = P[(x2 + x1 + r) & 0xff]; - x1 = P[(x1 + s + r) & 0xff]; - T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1); - T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2); - T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3); - T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4); - g = (byte) ((g + 4) & 0x1f); - - byte temp = P[n & 0xff]; - P[n & 0xff] = P[s & 0xff]; - P[s & 0xff] = temp; - n = (byte) ((n + 1) & 0xff); - } - - // Input T to the IV-phase of the VMPC KSA - for (int m = 0; m < 768; m++) - { - s = P[(s + P[m & 0xff] + T[m & 0x1f]) & 0xff]; - byte temp = P[m & 0xff]; - P[m & 0xff] = P[s & 0xff]; - P[s & 0xff] = temp; - } - - // Store 20 new outputs of the VMPC Stream Cipher in table M - byte[] M = new byte[20]; - for (int i = 0; i < 20; i++) - { - s = P[(s + P[i & 0xff]) & 0xff]; - M[i] = P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff]; - - byte temp = P[i & 0xff]; - P[i & 0xff] = P[s & 0xff]; - P[s & 0xff] = temp; - } - - System.arraycopy(M, 0, out, outOff, M.length); - reset(); - - return M.length; - } - - public String getAlgorithmName() - { - return "VMPC-MAC"; - } - - public int getMacSize() - { - return 20; - } - - public void init(CipherParameters params) throws IllegalArgumentException - { - if (!(params instanceof ParametersWithIV)) - { - throw new IllegalArgumentException( - "VMPC-MAC Init parameters must include an IV"); - } - - ParametersWithIV ivParams = (ParametersWithIV) params; - KeyParameter key = (KeyParameter) ivParams.getParameters(); - - if (!(ivParams.getParameters() instanceof KeyParameter)) - { - throw new IllegalArgumentException( - "VMPC-MAC Init parameters must include a key"); - } - - this.workingIV = ivParams.getIV(); - - if (workingIV == null || workingIV.length < 1 || workingIV.length > 768) - { - throw new IllegalArgumentException( - "VMPC-MAC requires 1 to 768 bytes of IV"); - } - - this.workingKey = key.getKey(); - - reset(); - - } - - private void initKey(byte[] keyBytes, byte[] ivBytes) - { - s = 0; - P = new byte[256]; - for (int i = 0; i < 256; i++) - { - P[i] = (byte) i; - } - for (int m = 0; m < 768; m++) - { - s = P[(s + P[m & 0xff] + keyBytes[m % keyBytes.length]) & 0xff]; - byte temp = P[m & 0xff]; - P[m & 0xff] = P[s & 0xff]; - P[s & 0xff] = temp; - } - for (int m = 0; m < 768; m++) - { - s = P[(s + P[m & 0xff] + ivBytes[m % ivBytes.length]) & 0xff]; - byte temp = P[m & 0xff]; - P[m & 0xff] = P[s & 0xff]; - P[s & 0xff] = temp; - } - n = 0; - } - - public void reset() - { - initKey(this.workingKey, this.workingIV); - g = x1 = x2 = x3 = x4 = n = 0; - T = new byte[32]; - for (int i = 0; i < 32; i++) - { - T[i] = 0; - } - } - - public void update(byte in) throws IllegalStateException - { - s = P[(s + P[n & 0xff]) & 0xff]; - byte c = (byte) (in ^ P[(P[(P[s & 0xff]) & 0xff] + 1) & 0xff]); - - x4 = P[(x4 + x3) & 0xff]; - x3 = P[(x3 + x2) & 0xff]; - x2 = P[(x2 + x1) & 0xff]; - x1 = P[(x1 + s + c) & 0xff]; - T[g & 0x1f] = (byte) (T[g & 0x1f] ^ x1); - T[(g + 1) & 0x1f] = (byte) (T[(g + 1) & 0x1f] ^ x2); - T[(g + 2) & 0x1f] = (byte) (T[(g + 2) & 0x1f] ^ x3); - T[(g + 3) & 0x1f] = (byte) (T[(g + 3) & 0x1f] ^ x4); - g = (byte) ((g + 4) & 0x1f); - - byte temp = P[n & 0xff]; - P[n & 0xff] = P[s & 0xff]; - P[s & 0xff] = temp; - n = (byte) ((n + 1) & 0xff); - } - - public void update(byte[] in, int inOff, int len) - throws DataLengthException, IllegalStateException - { - if ((inOff + len) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - for (int i = 0; i < len; i++) - { - update(in[i]); - } - } -} |