The GMAC specialisation of Galois/Counter mode (GCM) detailed in NIST Special Publication 800-38D. GMac is an invocation of the GCM mode where no data is encrypted (i.e. all input data to the Mac is processed as additional authenticated data with the underlying GCM block cipher).
| 18 | * is processed as additional authenticated data with the underlying GCM block cipher). |
| 19 | */ |
| 20 | public class GMac implements Mac |
| 21 | { |
| 22 | private final GCMModeCipher cipher; |
| 23 | private int macSizeBits; |
| 24 | |
| 25 | /** |
| 26 | * Creates a GMAC based on the operation of a block cipher in GCM mode. |
| 27 | * <p> |
| 28 | * This will produce an authentication code the length of the block size of the cipher. |
| 29 | * |
| 30 | * @param cipher |
| 31 | * the cipher to be used in GCM mode to generate the MAC. |
| 32 | */ |
| 33 | public GMac(final GCMModeCipher cipher) |
| 34 | { |
| 35 | // use of this confused flow analyser in some earlier JDKs |
| 36 | this.cipher = cipher; |
| 37 | this.macSizeBits = 128; |
| 38 | } |
| 39 | |
| 40 | /** |
| 41 | * Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode. |
| 42 | * |
| 43 | * @param macSizeBits |
| 44 | * the mac size to generate, in bits. Must be a multiple of 8 and >= 32 and <= 128. |
| 45 | * Sizes less than 96 are not recommended, but are supported for specialized applications. |
| 46 | * @param cipher |
| 47 | * the cipher to be used in GCM mode to generate the MAC. |
| 48 | */ |
| 49 | public GMac(final GCMModeCipher cipher, final int macSizeBits) |
| 50 | { |
| 51 | this.cipher = cipher; |
| 52 | this.macSizeBits = macSizeBits; |
| 53 | } |
| 54 | |
| 55 | /** |
| 56 | * Initialises the GMAC - requires either a {@link ParametersWithIV} providing a |
| 57 | * {@link KeyParameter} and a nonce, or an {@link AEADParameters} carrying the key, nonce and |
| 58 | * desired MAC size. When {@link AEADParameters} are supplied the MAC size they carry overrides |
| 59 | * the one passed to the constructor (this is the form used by RFC 9044 AES-GMAC, whose |
| 60 | * GMACParameters allow a 12 to 16 octet tag). |
| 61 | */ |
| 62 | public void init(final CipherParameters params) throws IllegalArgumentException |
| 63 | { |
| 64 | if (params instanceof AEADParameters) |
| 65 | { |
| 66 | final AEADParameters param = (AEADParameters)params; |
| 67 | |
| 68 | this.macSizeBits = param.getMacSize(); |
| 69 | |
| 70 | // GCM is always operated in encrypt mode to calculate MAC |
| 71 | cipher.init(true, param); |
| 72 | } |
| 73 | else if (params instanceof ParametersWithIV) |
| 74 | { |
| 75 | final ParametersWithIV param = (ParametersWithIV)params; |
| 76 | |
| 77 | final byte[] iv = param.getIV(); |
nothing calls this directly
no outgoing calls
no test coverage detected