My favorites | Sign in
Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Checkout | Browse | Changes |
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 
/*
 * Copyright 2008 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.keyczar;

import com.google.gson.annotations.Expose;

import org.keyczar.enums.KeyType;
import org.keyczar.exceptions.KeyczarException;
import org.keyczar.interfaces.SigningStream;
import org.keyczar.interfaces.Stream;
import org.keyczar.interfaces.VerifyingStream;
import org.keyczar.util.Base64Coder;
import org.keyczar.util.Util;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.Key;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/**
 * Wrapping class for HMAC-SHA1 keys
 *
 * @author steveweis@gmail.com (Steve Weis)
 * @author arkajit.dey@gmail.com (Arkajit Dey)
 *
 */
class HmacKey extends KeyczarKey {
  private static final String MAC_ALGORITHM = "HMACSHA1";

  @Expose private String hmacKeyString;

  private Key hmacKey;
  private byte[] hash = new byte[Keyczar.KEY_HASH_SIZE];

  static HmacKey generate() throws KeyczarException {
    return generate(KeyType.HMAC_SHA1.defaultSize());
  }

  static HmacKey generate(int keySize) throws KeyczarException {
    HmacKey key = new HmacKey();
    key.size = keySize;
    byte[] keyBytes = Util.rand(key.size() / 8);
    key.hmacKeyString = Base64Coder.encode(keyBytes);
    key.init();
    return key;
  }

  void init() throws KeyczarException {
    byte[] keyBytes = Base64Coder.decode(hmacKeyString);
    byte[] fullHash = Util.hash(keyBytes);
    System.arraycopy(fullHash, 0, hash, 0, hash.length);
    hmacKey = new SecretKeySpec(keyBytes, MAC_ALGORITHM);
  }

  /*
   * This method is for AesKey to grab the key bytes to compute an identifying
   * hash.
   */
  byte[] keyBytes() {
    return hmacKey.getEncoded();
  }

  @Override
  Stream getStream() throws KeyczarException {
    return new HmacStream();
  }

  @Override
  KeyType getType() {
    return KeyType.HMAC_SHA1;
  }

  @Override
  byte[] hash() {
    return hash;
  }

  static HmacKey read(String input) throws KeyczarException {
    HmacKey key = Util.gson().fromJson(input, HmacKey.class);
    key.init();
    return key;
  }

  private class HmacStream implements VerifyingStream, SigningStream {
    private Mac hmac;

    public HmacStream() throws KeyczarException {
      try {
        hmac = Mac.getInstance(MAC_ALGORITHM);
      } catch (GeneralSecurityException e) {
        throw new KeyczarException(e);
      }
    }

    public int digestSize() {
      return getType().getOutputSize();
    }

    public void initSign() throws KeyczarException {
      try {
        hmac.init(hmacKey);
      } catch (GeneralSecurityException e) {
        throw new KeyczarException(e);
      }
    }

    public void initVerify() throws KeyczarException {
      initSign();
    }

    public void sign(ByteBuffer output) {
      output.put(hmac.doFinal());
    }

    public void updateSign(ByteBuffer input) {
      hmac.update(input);
    }

    public void updateVerify(ByteBuffer input) {
      updateSign(input);
    }

    public boolean verify(ByteBuffer signature) {
      byte[] sigBytes = new byte[signature.remaining()];
      signature.get(sigBytes);

      return Util.safeArrayEquals(hmac.doFinal(), sigBytes);
    }
  }
}
Show details Hide details

Change log

r413 by steveweis on May 28, 2009   Diff 
Cleaning up warnings.
Adding safe array equality check.
Go to: 
Sign in to write a code review

Older revisions

r357 by steveweis on Nov 19, 2008   Diff 
Checking in version 0.6b.

Major changes include:
- Migrating away from X.509 / PKCS
representations of keys formats to
...
r315 by steveweis on Sep 10, 2008   Diff 
Moving Maven and code under java
r314 by steveweis on Sep 10, 2008   Diff 
Trying again
All revisions of this file

File info

Size: 3746 bytes, 146 lines