|
1 /* |
|
2 * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.provider; |
|
27 |
|
28 import java.util.Arrays; |
|
29 |
|
30 /** |
|
31 * Implementation for the MD2 algorithm, see RFC1319. It is very slow and |
|
32 * not particular secure. It is only supported to be able to verify |
|
33 * RSA/Verisign root certificates signed using MD2withRSA. It should not |
|
34 * be used for anything else. |
|
35 * |
|
36 * @since 1.5 |
|
37 * @author Andreas Sterbenz |
|
38 */ |
|
39 public final class MD2 extends DigestBase { |
|
40 |
|
41 // state, 48 ints |
|
42 private int[] X; |
|
43 |
|
44 // checksum, 16 ints. they are really bytes, but byte arithmetic in |
|
45 // the JVM is much slower that int arithmetic. |
|
46 private int[] C; |
|
47 |
|
48 // temporary store for checksum C during final digest |
|
49 private byte[] cBytes; |
|
50 |
|
51 /** |
|
52 * Create a new MD2 digest. Called by the JCA framework |
|
53 */ |
|
54 public MD2() { |
|
55 super("MD2", 16, 16); |
|
56 X = new int[48]; |
|
57 C = new int[16]; |
|
58 cBytes = new byte[16]; |
|
59 } |
|
60 |
|
61 public Object clone() throws CloneNotSupportedException { |
|
62 MD2 copy = (MD2) super.clone(); |
|
63 copy.X = copy.X.clone(); |
|
64 copy.C = copy.C.clone(); |
|
65 copy.cBytes = new byte[16]; |
|
66 return copy; |
|
67 } |
|
68 |
|
69 // reset state and checksum |
|
70 void implReset() { |
|
71 Arrays.fill(X, 0); |
|
72 Arrays.fill(C, 0); |
|
73 } |
|
74 |
|
75 // finish the digest |
|
76 void implDigest(byte[] out, int ofs) { |
|
77 int padValue = 16 - ((int)bytesProcessed & 15); |
|
78 engineUpdate(PADDING[padValue], 0, padValue); |
|
79 for (int i = 0; i < 16; i++) { |
|
80 cBytes[i] = (byte)C[i]; |
|
81 } |
|
82 implCompress(cBytes, 0); |
|
83 for (int i = 0; i < 16; i++) { |
|
84 out[ofs + i] = (byte)X[i]; |
|
85 } |
|
86 } |
|
87 |
|
88 // one iteration of the compression function |
|
89 void implCompress(byte[] b, int ofs) { |
|
90 for (int i = 0; i < 16; i++) { |
|
91 int k = b[ofs + i] & 0xff; |
|
92 X[16 + i] = k; |
|
93 X[32 + i] = k ^ X[i]; |
|
94 } |
|
95 |
|
96 // update the checksum |
|
97 int t = C[15]; |
|
98 for (int i = 0; i < 16; i++) { |
|
99 t = (C[i] ^= S[X[16 + i] ^ t]); |
|
100 } |
|
101 |
|
102 t = 0; |
|
103 for (int i = 0; i < 18; i++) { |
|
104 for (int j = 0; j < 48; j++) { |
|
105 t = (X[j] ^= S[t]); |
|
106 } |
|
107 t = (t + i) & 0xff; |
|
108 } |
|
109 } |
|
110 |
|
111 // substitution table derived from Pi. Copied from the RFC. |
|
112 private static final int[] S = new int[] { |
|
113 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, |
|
114 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, |
|
115 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, |
|
116 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, |
|
117 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, |
|
118 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, |
|
119 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, |
|
120 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, |
|
121 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, |
|
122 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, |
|
123 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, |
|
124 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, |
|
125 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, |
|
126 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, |
|
127 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, |
|
128 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, |
|
129 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, |
|
130 31, 26, 219, 153, 141, 51, 159, 17, 131, 20, |
|
131 }; |
|
132 |
|
133 // digest padding. 17 element array. |
|
134 // padding[0] is null |
|
135 // padding[i] is an array of i time the byte value i (i = 1..16) |
|
136 private static final byte[][] PADDING; |
|
137 |
|
138 static { |
|
139 PADDING = new byte[17][]; |
|
140 for (int i = 1; i < 17; i++) { |
|
141 byte[] b = new byte[i]; |
|
142 Arrays.fill(b, (byte)i); |
|
143 PADDING[i] = b; |
|
144 } |
|
145 } |
|
146 |
|
147 } |