1 /*
2 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.util.Arrays;
29
30 /**
31 * Implementation for the MD2 algorithm, see RFC1319. It is very slow and
32 * not particular secure. It is only supported to be able to verify
33 * RSA/Verisign root certificates signed using MD2withRSA. It should not
34 * be used for anything else.
35 *
36 * @since 1.5
37 * @author Andreas Sterbenz
38 */
39 public final class MD2 extends DigestBase {
40
41 // state, 48 ints
42 private final int[] X;
43
44 // checksum, 16 ints. they are really bytes, but byte arithmetic in
45 // the JVM is much slower that int arithmetic.
46 private final int[] C;
47
48 // temporary store for checksum C during final digest
49 private final byte[] cBytes;
50
51 /**
52 * Create a new MD2 digest. Called by the JCA framework
53 */
54 public MD2() {
55 super("MD2", 16, 16);
56 X = new int[48];
57 C = new int[16];
58 cBytes = new byte[16];
59 }
60
61 private MD2(MD2 base) {
62 super(base);
63 this.X = base.X.clone();
64 this.C = base.C.clone();
65 cBytes = new byte[16];
66 }
67
68 public Object clone() {
69 return new MD2(this);
70 }
71
72 // reset state and checksum
73 void implReset() {
74 Arrays.fill(X, 0);
75 Arrays.fill(C, 0);
76 }
77
78 // finish the digest
79 void implDigest(byte[] out, int ofs) {
80 int padValue = 16 - ((int)bytesProcessed & 15);
81 engineUpdate(PADDING[padValue], 0, padValue);
82 for (int i = 0; i < 16; i++) {
83 cBytes[i] = (byte)C[i];
84 }
85 implCompress(cBytes, 0);
86 for (int i = 0; i < 16; i++) {
87 out[ofs + i] = (byte)X[i];
88 }
89 }
90
91 // one iteration of the compression function
92 void implCompress(byte[] b, int ofs) {
93 for (int i = 0; i < 16; i++) {
94 int k = b[ofs + i] & 0xff;
95 X[16 + i] = k;
96 X[32 + i] = k ^ X[i];
97 }
98
99 // update the checksum
100 int t = C[15];
101 for (int i = 0; i < 16; i++) {
102 t = (C[i] ^= S[X[16 + i] ^ t]);
103 }
104
105 t = 0;
106 for (int i = 0; i < 18; i++) {
107 for (int j = 0; j < 48; j++) {
108 t = (X[j] ^= S[t]);
109 }
110 t = (t + i) & 0xff;
111 }
112 }
113
114 // substitution table derived from Pi. Copied from the RFC.
115 private final static int[] S = new int[] {
116 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
117 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
118 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
119 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
120 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
121 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
122 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
123 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
124 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
125 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
126 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
127 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
128 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
130 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
131 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
132 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
133 31, 26, 219, 153, 141, 51, 159, 17, 131, 20,
134 };
135
136 // digest padding. 17 element array.
137 // padding[0] is null
138 // padding[i] is an array of i time the byte value i (i = 1..16)
139 private final static byte[][] PADDING;
140
141 static {
142 PADDING = new byte[17][];
143 for (int i = 1; i < 17; i++) {
144 byte[] b = new byte[i];
145 Arrays.fill(b, (byte)i);
146 PADDING[i] = b;
147 }
148 }
149
150 }