Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.jsafe
Class JSAFE_MAC

java.lang.Object
  com.rsa.jsafe.JSAFE_Object
      com.rsa.jsafe.JSAFE_MAC

All Implemented Interfaces:: Cloneable, Serializable

public abstract class JSAFE_MAC
extends JSAFE_Object
implements Cloneable, Serializable

The JSAFE_MAC class provides a framework for MACs. Crypto-J implements HMAC, as defined in RFC 2104 and RFC 2202. This class instantiates the classes that create and verify MACs, and defines the functionality.

See Overview of Crypto-J for background and reference material on using and understanding Crypto-J.

See Also:: Serialized Form

Constructor Summary

JSAFE_MAC()

Method Summary

void
clearSensitiveData()

This method clears sensitive data from an object.

void
generateSalt(SecureRandom saltRandom)

Provides a common interface used as a convenience for the password-based MAC.

abstract int[]
getAlgorithmParameters()

Returns a new int array containing the algorithm's parameters.

JSAFE_SecretKey
getBlankKey()

Returns an empty JSAFE_SecretKey object to match the algorithm and device of this object.

abstract byte[]
getDERAlgorithmID()

Returns a new byte array containing the DER encoding of the algorithm ID of the algorithm in this object.

String
getDevice()

Returns the name of the device of record.

String[]
getDeviceList()

Returns a String array that describes all the devices used to execute the transformation.

abstract String
getDigestAlgorithm()

Returns the standard digest algorithm name.

static JSAFE_MAC
getInstance(byte[] berAlgID, int offset, String device)

Builds an object based on the algorithm ID.

static JSAFE_MAC
getInstance(String transformation, String device)

Builds a JSAFE_MAC object that authenticates messages according to the transformation, using the given device.

abstract String
getMACAlgorithm()

Returns the standard MAC algorithm name.

abstract int
getMACSize()

Returns the size (in bytes) of the MAC output, or -1 if the MAC is not initialized.

static int
getNextBEROffset(byte[] berAlgID, int offset)

Given the berAlgID, the BER encoding of the algorithm ID, beginning at offset, returns the index to the next byte in the array.

byte[]
getSalt()

Returns the salt that was either set or generated using a PRNG.

byte[]
macFinal()

Finalizes the calculation of the MAC and returns the result in a new byte array.

abstract int
macFinal(byte[] output, int offset)

Finalizes the message authentication process.

abstract void
macInit(JSAFE_SecretKey secretKey, SecureRandom random)

Initializes the MAC object to perform message authentication using the supplied secretKey and random objects.

abstract void
macReInit()

Re-initializes this object to calculate the MAC, using the key passed in during an earlier call to macInit().

abstract void
macUpdate(byte[] partIn, int offset, int partInLen)

Updates the message authentication process with the first partInLen bytes in the partIn array, beginning at offset.

void
setSalt(byte[] newSalt, int offset, int saltLen)

Sets the salt value for PBE algorithms.

abstract boolean
verifyFinal(byte[] mac, int offset, int macLen)

Determines whether or not the MAC verifies an object by comparing it with a reference MAC.

abstract void
verifyInit(JSAFE_SecretKey secretKey, SecureRandom random)

Initializes this object to verify using the specified secret key and random objects.

abstract void
verifyReInit()

Re-initializes this object to verify a MAC using the key passed in during a previous call to verifyInit().

abstract void
verifyUpdate(byte[] partIn, int offset, int partInLen)

Updates the message verification by processing the first partInLen byte in the array partIn, beginning at offset.

Methods inherited from class com.rsa.jsafe.JSAFE_Object

clone, overwrite, overwrite

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JSAFE_MAC

public JSAFE_MAC()

Method Detail

getInstance

public static JSAFE_MAC getInstance(byte[] berAlgID,
                                    int offset,
                                    String device)
                             throws JSAFE_UnimplementedException,
                                    JSAFE_InvalidParameterException

Builds an object based on the algorithm ID.

Parameters:: berAlgID - A byte array containing the BER encoding of an algorithm ID.; offset - The offset into berAlgID where the BER encoding begins.; device - A list of devices used to build the object.
Returns:: A new JSAFE_MAC object that performs the transformation as described by the algorithm ID.
Throws:: JSAFE_UnimplementedException - If the device or devices cannot perform the designated algorithm, or the toolkit cannot decode the BER encoding.; JSAFE_InvalidParameterException - If the BER encoding contains parameters that do not work.

getNextBEROffset

public static int getNextBEROffset(byte[] berAlgID,
                                   int offset)
                            throws JSAFE_UnimplementedException

Given the berAlgID, the BER encoding of the algorithm ID, beginning at offset, returns the index to the next byte in the array. In other words, gets the next offset after the algorithm ID.

Parameters:: berAlgID - A byte array containing the BER encoding of an algorithm ID.; offset - The offset into berAlgID where the BER encoding begins.
Returns:: The index into berAlgID of the byte following the algorithm ID.
Throws:: JSAFE_UnimplementedException - If the toolkit cannot decode the BER encoding.

getInstance

public static JSAFE_MAC getInstance(String transformation,
                                    String device)
                             throws JSAFE_UnimplementedException,
                                    JSAFE_InvalidParameterException

Builds a JSAFE_MAC object that authenticates messages according to the transformation, using the given device. The value of transformation must be one of the following:

transformation values

HMAC/MD5
HMAC/SHA1
HMAC/SHA224
HMAC/SHA256
HMAC/SHA384
HMAC/SHA512
PBE/HMAC/digest/PBEStandard

where the value of digest can be either MD5, SHA1, SHA224 , SHA256, SHA384 or SHA512 and the value of the PBEStandard object can be either PKCS12PBE-i-k (for backwards compatibility only) or PKCS12V1PBE-i-k (recommended over PKCS12PBE-i-k), where i is the iteration count and k refers to the key size. Refer to PBEConverter.pdf for the correct usage of PBE.

RSA Security recommends using an iteration count of 1000 (one thousand). There is no real limit to this value: the number must be positive and the bigger the number, the slower the operation. The key size (k) is a value from 0 to 2048.

The device value is as follows: "choice1{/choice2[...{/choicen]]]" where the choices are:

Java
Native
name of the specified hardware device

Parameters:: transformation - The representation of the desired operation (for example, "HMAC/SHA1").; device - A list of devices used to build the object (for example, "Java", "Native/Java").
Returns:: A new JSAFE_MAC object that performs the transformation.
Throws:: JSAFE_UnimplementedException - If the device or devices cannot perform the designated algorithm.; JSAFE_InvalidParameterException - If the transformation contains parameters that do not work.

getDERAlgorithmID

public abstract byte[] getDERAlgorithmID()
                                  throws JSAFE_UnimplementedException

Returns a new byte array containing the DER encoding of the algorithm ID of the algorithm in this object.

Returns:: A new byte array that contains the algorithm ID.
Throws:: JSAFE_UnimplementedException - If the algorithm has no OID, or there is not enough information to build the algorithm ID.

getDevice

public String getDevice()

Returns the name of the device of record. Possible device values are:

Java
Native
name of the specified device

Returns:: The device name.

getDeviceList

public String[] getDeviceList()

Returns a String array that describes all the devices used to execute the transformation. Because a transformation often consists of component algorithms, the implementation can consist of several component objects. A device can perform one or more of the algorithms, but it may let Java or another device perform one or more. Returns the names of the devices used by each component.

Returns:: A String array that describes the device used for a specific component.

getMACAlgorithm

public abstract String getMACAlgorithm()

Returns the standard MAC algorithm name.

Returns:: A String that describes the MAC algorithm.

getDigestAlgorithm

public abstract String getDigestAlgorithm()

Returns the standard digest algorithm name.

Returns:: A String that describes the digest algorithm.

getAlgorithmParameters

public abstract int[] getAlgorithmParameters()

Returns a new int array containing the algorithm's parameters. This may be an array of length 0.

Returns:: A new int array that contains the parameters of the algorithm.

getMACSize

public abstract int getMACSize()

Returns the size (in bytes) of the MAC output, or -1 if the MAC is not initialized.

Returns:: An int that is the MAC output size.

getBlankKey

public JSAFE_SecretKey getBlankKey()

Returns an empty JSAFE_SecretKey object to match the algorithm and device of this object. Sets or generates the key data with this key object.

Returns:: A new, empty JSAFE_SecretKey object.

macInit

public abstract void macInit(JSAFE_SecretKey secretKey,
                             SecureRandom random)
                      throws JSAFE_InvalidUseException,
                             JSAFE_InvalidKeyException

Initializes the MAC object to perform message authentication using the supplied secretKey and random objects. If the algorithm does not require a SecureRandom object, pass null. JSAFE_SecureRandom is a subclass of java.security.SecureRandom, so an object of that class is valid input for random. Initializes this object to calculate the MAC using key.

Parameters:: secretKey - A JSAFE_SecretKey object used to calculate the MAC.; random - A SecureRandom object from which this object draws random bytes, if necessary.
Throws:: JSAFE_InvalidUseException - If the object cannot be initialized.; JSAFE_InvalidKeyException - If the key object does not match this object (for example, if it is a different algorithm or different device).

macReInit

public abstract void macReInit()
                        throws JSAFE_InvalidUseException

Re-initializes this object to calculate the MAC, using the key passed in during an earlier call to macInit().

Throws:: JSAFE_InvalidUseException - If the object is not initialized to calculate the MAC.

macUpdate

public abstract void macUpdate(byte[] partIn,
                               int offset,
                               int partInLen)
                        throws JSAFE_InvalidUseException

Updates the message authentication process with the first partInLen bytes in the partIn array, beginning at offset. MACs the input data.

Parameters:: partIn - The data the MAC is calculated with.; offset - The offset into partIn where the data begins.; partInLen - The length of the data by which the MAC is calculated.
Throws:: JSAFE_InvalidUseException - If the object is not initialized to calculate the MAC.

getSalt

public byte[] getSalt()

Returns the salt that was either set or generated using a PRNG. By default, it returns null. This is not needed in non-PBE HMAC.

Returns:: A byte array containing the salt.

setSalt

public void setSalt(byte[] newSalt,
                    int offset,
                    int saltLen)

Sets the salt value for PBE algorithms. Not generally used.

Parameters:: newSalt - The byte array containing the data.; offset - The offset into newSalt where the data begins.; saltLen - The length of the salt.

generateSalt

public void generateSalt(SecureRandom saltRandom)
                  throws JSAFE_InvalidUseException

Provides a common interface used as a convenience for the password-based MAC. It is not implemented here. It should help generate a random salt.

Parameters:: saltRandom - A random number generator.
Throws:: JSAFE_InvalidUseException - If no random object is passed in.

macFinal

public byte[] macFinal()
                throws JSAFE_InvalidUseException

Finalizes the calculation of the MAC and returns the result in a new byte array. Call a Final method before reusing the object for authentication or verification.

Returns:: A new byte array that contains the MAC result.
Throws:: JSAFE_InvalidUseException - If the object is not initialized to calculate the MAC.

macFinal

public abstract int macFinal(byte[] output,
                             int offset)
                      throws JSAFE_InvalidUseException

Finalizes the message authentication process. It places the result into the supplied byte array output, beginning at offset. The return value is the number of bytes actually placed in the output buffer. Call a Final method before reusing the object for authentication or verification.

Parameters:: output - The buffer where the output is placed.; offset - The offset into output where the writing begins.
Returns:: The number of bytes placed into the output buffer.
Throws:: JSAFE_InvalidUseException - If the object is not initialized to calculate the MAC.

verifyInit

public abstract void verifyInit(JSAFE_SecretKey secretKey,
                                SecureRandom random)
                         throws JSAFE_InvalidUseException,
                                JSAFE_InvalidKeyException

Initializes this object to verify using the specified secret key and random objects. If the algorithm does not require a SecureRandom object, pass null. The JSAFE_SecureRandom object is a subclass of java.security.SecureRandom, so an object of that class is valid input for random.

An object that is initialized for verifying is not able to sign.

Parameters:: secretKey - A JSAFE_SecretKey object that is used to verify the MAC.; random - A SecureRandom object from which this object draws random bytes, if necessary.
Throws:: JSAFE_InvalidUseException - If the object cannot be initialized.; JSAFE_InvalidKeyException - If the key object does not match this object (for example, if it is a different algorithm or different device).

verifyReInit

public abstract void verifyReInit()
                           throws JSAFE_InvalidUseException

Re-initializes this object to verify a MAC using the key passed in during a previous call to verifyInit().

Throws:: JSAFE_InvalidUseException - If the object is not initialized to verify.

verifyUpdate

public abstract void verifyUpdate(byte[] partIn,
                                  int offset,
                                  int partInLen)
                           throws JSAFE_InvalidUseException

Updates the message verification by processing the first partInLen byte in the array partIn, beginning at offset. Continues MAC verification on the input data.

Parameters:: partIn - The data to be verified.; offset - The offset into partIn where the data begins.; partInLen - The length of the data to verify.
Throws:: JSAFE_InvalidUseException - If the object is not initialized to verify.

verifyFinal

public abstract boolean verifyFinal(byte[] mac,
                                    int offset,
                                    int macLen)
                             throws JSAFE_InvalidUseException

Determines whether or not the MAC verifies an object by comparing it with a reference MAC. Pass the reference MAC in the buffer mac, beginning at offset and for macLen bytes. Call a verifyFinal() or macFinal() method before reusing the object for authentication or verification.

Returns:: A boolean. Returns true if the signature verifies, false otherwise.
Throws:: JSAFE_InvalidUseException - If the object is not initialized to verify.

clearSensitiveData

public void clearSensitiveData()

This method clears sensitive data from an object. Although the finalizer clears the data, there is no guarantee the garbage collector will quickly call the finalizer. Allows a user to clear data as soon as possible. After calling clearSensitiveData(), an Init (not a ReInit) method is called to perform other operations with the object.

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

RSA BSAFE Crypto-J 3.5.2

Method Summary
void	`clearSensitiveData()` This method clears sensitive data from an object.
void	`generateSalt(SecureRandom saltRandom)` Provides a common interface used as a convenience for the password-based MAC.
abstract int[]	`getAlgorithmParameters()` Returns a new `int` array containing the algorithm's parameters.
JSAFE_SecretKey	`getBlankKey()` Returns an empty `JSAFE_SecretKey` object to match the algorithm and device of this object.
abstract byte[]	`getDERAlgorithmID()` Returns a new `byte` array containing the DER encoding of the algorithm ID of the algorithm in this object.
String	`getDevice()` Returns the name of the device of record.
String[]	`getDeviceList()` Returns a `String` array that describes all the devices used to execute the transformation.
abstract String	`getDigestAlgorithm()` Returns the standard digest algorithm name.
static JSAFE_MAC	`getInstance(byte[] berAlgID, int offset, String device)` Builds an object based on the algorithm ID.
static JSAFE_MAC	`getInstance(String transformation, String device)` Builds a `JSAFE_MAC` object that authenticates messages according to the `transformation`, using the given `device`.
abstract String	`getMACAlgorithm()` Returns the standard MAC algorithm name.
abstract int	`getMACSize()` Returns the size (in bytes) of the MAC output, or `-1` if the MAC is not initialized.
static int	`getNextBEROffset(byte[] berAlgID, int offset)` Given the `berAlgID`, the BER encoding of the algorithm ID, beginning at `offset`, returns the index to the next byte in the array.
byte[]	`getSalt()` Returns the salt that was either set or generated using a PRNG.
byte[]	`macFinal()` Finalizes the calculation of the MAC and returns the result in a new `byte` array.
abstract int	`macFinal(byte[] output, int offset)` Finalizes the message authentication process.
abstract void	`macInit(JSAFE_SecretKey secretKey, SecureRandom random)` Initializes the MAC object to perform message authentication using the supplied `secretKey` and `random` objects.
abstract void	`macReInit()` Re-initializes this object to calculate the MAC, using the key passed in during an earlier call to `macInit()`.
abstract void	`macUpdate(byte[] partIn, int offset, int partInLen)` Updates the message authentication process with the first `partInLen` bytes in the `partIn` array, beginning at `offset`.
void	`setSalt(byte[] newSalt, int offset, int saltLen)` Sets the salt value for PBE algorithms.
abstract boolean	`verifyFinal(byte[] mac, int offset, int macLen)` Determines whether or not the MAC verifies an object by comparing it with a reference MAC.
abstract void	`verifyInit(JSAFE_SecretKey secretKey, SecureRandom random)` Initializes this object to verify using the specified secret key and random objects.
abstract void	`verifyReInit()` Re-initializes this object to verify a MAC using the key passed in during a previous call to `verifyInit()`.
abstract void	`verifyUpdate(byte[] partIn, int offset, int partInLen)` Updates the message verification by processing the first `partInLen` byte in the array `partIn`, beginning at `offset`.

com.rsa.jsafe Class JSAFE_MAC

JSAFE_MAC

getInstance

getNextBEROffset

getInstance

getDERAlgorithmID

getDevice

getDeviceList

getMACAlgorithm

getDigestAlgorithm

getAlgorithmParameters

getMACSize

getBlankKey

macInit

macReInit

macUpdate

getSalt

setSalt

generateSalt

macFinal

macFinal

verifyInit

verifyReInit

verifyUpdate

verifyFinal

clearSensitiveData

com.rsa.jsafe
Class JSAFE_MAC