GordianKnot Macs
Overview
MACs are supported via the GordianMacFactory interface.
GordianKnot supports most Macs available from BouncyCastle plus some additional algorithms.
JCA provides a subset of available algorithms as indicated
Macs
A mac is created by specifying a macSpec which comprises the macType plus additional configuration (e.g. digestSpec/symKeySpec) as appropriate. The mac can be used in much the same way as a JCA Mac, allowing init, reset, update and finalise methods.
A keyGenerator for a macSpec can be created, which can be used to generate random keys for the mac
Sample
/* Access factory */
final GordianFactory myBaseFactory = GordianGenerator.createFactory();
final GordianMacFactory myMacFactory = myBaseFactory.getMacFactory();
/* Create mac */
final GordianMacSpec mySpec = GordianMacSpecBuilder.poly1305(GordianSymKeySpec.aes(GordianLength.LEN_256));
final GordianMac myMac = myMacFactory.createMac(mySpec);
/* Create key */
final GordianKeyGenerator<GordianMacSpec> myGenerator = myMacFactory.getKeyGenerator(mySpec);
final GordianKey<GordianMacSpec> myKey = myGenerator.generateKey();
/* Calculate mac */
final byte[] myMessage = ...
final GordianMacParameters myParams = GordianMacParameters.keyWithRandomNonce(myKey);
myMac.init(myParams);
myMac.update(myMessage);
final byte[] myResult = myMac.finish();
Extensible Output functions
Some macs can operate as extensible output functions, although the functionality is not available in JCA.
The **GordianMacSpec** for the mac will indicate whether the mac supports Xof or not via the **isXof()** call. If the mac supports Xof then the mac will present the **GordianXof** interface
Sample
/* Access factory */
final GordianFactory myBaseFactory = GordianGenerator.createFactory();
final GordianMacFactory myMacFactory = myBaseFactory.getMacFactory();
/* Create mac */
final GordianMacSpec mySpec = GordianMacSpecBuilder.blake3Mac(GordianLength.LEN_256);
final GordianMac myMac = myMacFactory.createMac(mySpec);
final GordianXof myXof = (GordianXof) myMac;
/* Create key */
final GordianKeyGenerator<GordianMacSpec> myGenerator = myMacFactory.getKeyGenerator(mySpec);
final GordianKey<GordianMacSpec> myKey = myGenerator.generateKey();
/* Calculate mac */
final byte[] myMessage = ...
final GordianMacParameters myParams = GordianMacParameters.key(myKey);
myMac.init(myParams);
myDigest.update(myMessage);
final byte[] myOutput = new byte[200];
myDigest.output(myOutput, 0, 100);
myDigest.output(myOutput, 100, 100);
Algorithms
The following algorithms are supported, with the JCA subset indicated.
| Algorithm | OutputLengths | KeyLengths | JCA | Xof | Notes |
|---|---|---|---|---|---|
| HMac | digest length | All | Y | Jca does not support SM3, BLAKE, SHAKE, JH, Groestl, CubeHash or Kupyna | |
| GMac | 128 | As per cipher | Y | For all supported 128 bit block ciphers except Kalyna (BUG). Jca does not support Kuznyechik | |
| CMac | cipher block length | As per cipher | Y | Jca has limited set of supported ciphers | |
| Poly1305Mac | 128 | 256 | Y | For all supported 128 bit block ciphers with 128 bit keys. JCA does not support Kalyna. | |
| SkeinMac | digest length | All | Y | As per Digest | |
| VMPCMac | 160 | All | Y | ||
| Blake2Mac | digest length | less or equal to stateLength | As per Digest | ||
| Blake3Mac | digest length | 256 | Y | ||
| KupynaMac | digest length | ||||
| KalynaMac | cipher block length | As per cipher | |||
| CBCMac | cipher block length | As per cipher | |||
| CFBMac | cipher block length | As per cipher | |||
| GOSTMac | 32 | 256 | Y | ||
| SipHash | 64, 128 | 128 | Y | ||
| ZucMac | 32,64,128 | 128,256 | Y | For 128 bit keys the only output length supported is 32 | |
| KMAC | as per SHAKE | All | Y | Y | Key Length must be at least as long as the underlying SHAKE state length |