| blob | 7d4f4c9a32cf1a2d5a24b15d23096e81d5b48fee |
1 /* ICMGenerator.java --
2 Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
4 This file is a part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or (at
9 your option) any later version.
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
19 USA
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
24 combination.
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
53 /**
54 * <p>Counter Mode is a way to define a pseudorandom keystream generator using
55 * a block cipher. The keystream can be used for additive encryption, key
56 * derivation, or any other application requiring pseudorandom data.</p>
57 *
58 * <p>In ICM, the keystream is logically broken into segments. Each segment is
59 * identified with a segment index, and the segments have equal lengths. This
60 * segmentation makes ICM especially appropriate for securing packet-based
61 * protocols.</p>
62 *
63 * <p>This implementation adheres to the definition of the ICM keystream
64 * generation function that allows for any symetric key block cipher algorithm
65 * (initialisation parameter <code>gnu.crypto.prng.icm.cipher.name</code> taken
66 * to be an instance of {@link java.lang.String}) to be used. If such a
67 * parameter is not defined/included in the initialisation <code>Map</code>,
68 * then the "Rijndael" algorithm is used. Furthermore, if the initialisation
69 * parameter <code>gnu.crypto.cipher.block.size</code> (taken to be a instance
70 * of {@link java.lang.Integer}) is missing or undefined in the initialisation
71 * <code>Map</code>, then the cipher's <em>default</em> block size is used.</p>
72 *
73 * <p>The practical limits and constraints of such generator are:</p>
74 * <ul>
75 * <li>The number of blocks in any segment <b>MUST NOT</b> exceed <code>
76 * 256 ** BLOCK_INDEX_LENGTH</code>. The number of segments <b>MUST NOT</b>
77 * exceed <code>256 ** SEGMENT_INDEX_LENGTH</code>. These restrictions ensure
78 * the uniqueness of each block cipher input.</li>
79 *
80 * <li>Each segment contains <code>SEGMENT_LENGTH</code> octets; this value
81 * <b>MUST NOT</b> exceed the value <code>(256 ** BLOCK_INDEX_LENGTH) *
82 * BLOCK_LENGTH</code>.</li>
83 *
84 * <li>The sum of <code>SEGMENT_INDEX_LENGTH</code> and
85 * <code>BLOCK_INDEX_LENGTH</code> <b>MUST NOT</b> exceed <code>BLOCK_LENGTH
86 * / 2</code>. This requirement protects the ICM keystream generator from
87 * potentially failing to be pseudorandom.</li>
88 * </ul>
89 *
90 * <p><b>NOTE</b>: Rijndael is used as the default symmetric key block cipher
91 * algorithm because, with its default block and key sizes, it is the AES. Yet
92 * being Rijndael, the algorithm offers more versatile block and key sizes which
93 * may prove to be useful for generating <em>longer</em> key streams.</p>
94 *
95 * <p>References:</p>
96 *
97 * <ol>
98 * <li><a href="http://www.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt">
99 * Integer Counter Mode</a>, David A. McGrew.</li>
100 * </ol>
101 */
103 {
105 // Constants and variables
106 // -------------------------------------------------------------------------
108 /** Property name of underlying block cipher for this ICM generator. */
111 /** Property name of ICM's block index length. */
114 /** Property name of ICM's segment index length. */
117 /** Property name of ICM's offset. */
120 /** Property name of ICM's segment index. */
123 /** The integer value 256 as a BigInteger. */
126 /** The underlying cipher implementation. */
129 /** This keystream block index length in bytes. */
132 /** This keystream segment index length in bytes. */
135 /** The index of the next block for a given keystream segment. */
138 /** The segment index for this keystream. */
141 /** The initial counter for a given keystream segment. */
144 // Constructor(s)
145 // -------------------------------------------------------------------------
147 /** Trivial 0-arguments constructor. */
149 {
151 }
153 // Class methods
154 // -------------------------------------------------------------------------
156 // Instance methods
157 // -------------------------------------------------------------------------
159 // Implementation of abstract methods in BasePRNG --------------------------
161 // Conceptually, ICM is a keystream generator that takes a secret key
162 // and a segment index as an input and then outputs a keystream
163 // segment. The segmentation lends itself to packet encryption, as
164 // each keystream segment can be used to encrypt a distinct packet.
165 //
166 // An ICM key consists of the block cipher key and an Offset. The
167 // Offset is an integer with BLOCK_LENGTH octets...
168 //
170 {
171 // find out which cipher algorithm to use
175 {
178 // ensure we have a reliable implementation of this cipher
180 }
181 else
184 }
185 }
186 else
189 }
191 // find out what block size we should use it in
195 {
197 }
198 else
199 {
204 }
206 // get the key material
209 {
211 }
213 // now initialise the cipher
218 }
220 try
221 {
223 }
225 {
227 }
229 // at this point we have an initialised (new or otherwise) cipher
230 // ensure that remaining params make sense
235 // offset, like the underlying cipher key is not cloneable
236 // always look for it and throw an exception if it's not there
238 // allow either a byte[] or a BigInteger
239 BigInteger r;
241 {
243 }
244 else
248 {
250 }
253 }
258 {
261 {
263 }
264 }
269 {
272 {
274 }
275 }
277 // if both are undefined check if it's a reuse
279 {
285 }
286 else
290 {
292 }
294 {
296 }
298 {
301 }
302 // save new values
305 }
307 // get the segment index as a BigInteger
310 {
314 }
315 // reuse; check if still valid
317 {
319 }
320 }
321 else
322 {
324 {
326 }
328 }
330 // The initial counter of the keystream segment with segment index s is
331 // defined as follows, where r denotes the Offset:
332 //
333 // C[0] = (s * (256^BLOCK_INDEX_LENGTH) + r) modulo (256^BLOCK_LENGTH)
334 //
337 counterRange);
338 }
341 {
343 {
345 }
347 {
349 }
354 // encrypt the counter for the current blockNdx
355 // C[i] = (C[0] + i) modulo (256^BLOCK_LENGTH).
361 {
365 }
367 {
370 cipherBlockSize);
372 }
376 }
377 }