1 /*
2 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.util.Arrays;
29
30 /**
31 * Implementation for the MD2 algorithm, see RFC1319. It is very slow and
32 * not particular secure. It is only supported to be able to verify
33 * RSA/Verisign root certificates signed using MD2withRSA. It should not
34 * be used for anything else.
35 *
36 * @since 1.5
37 * @author Andreas Sterbenz
38 */
39 public final class MD2 extends DigestBase {
40
41 // state, 48 ints
42 private int[] X;
43
44 // checksum, 16 ints. they are really bytes, but byte arithmetic in
45 // the JVM is much slower that int arithmetic.
46 private int[] C;
47
48 // temporary store for checksum C during final digest
49 private byte[] cBytes;
50
51 /**
52 * Create a new MD2 digest. Called by the JCA framework
53 */
54 public MD2() {
55 super("MD2", 16, 16);
56 X = new int[48];
57 C = new int[16];
58 cBytes = new byte[16];
59 }
60
61 public Object clone() throws CloneNotSupportedException {
62 MD2 copy = (MD2) super.clone();
63 copy.X = copy.X.clone();
64 copy.C = copy.C.clone();
65 copy.cBytes = new byte[16];
66 return copy;
67 }
68
69 // reset state and checksum
70 void implReset() {
71 Arrays.fill(X, 0);
72 Arrays.fill(C, 0);
73 }
74
75 // finish the digest
76 void implDigest(byte[] out, int ofs) {
77 int padValue = 16 - ((int)bytesProcessed & 15);
78 engineUpdate(PADDING[padValue], 0, padValue);
79 for (int i = 0; i < 16; i++) {
80 cBytes[i] = (byte)C[i];
81 }
82 implCompress(cBytes, 0);
83 for (int i = 0; i < 16; i++) {
84 out[ofs + i] = (byte)X[i];
85 }
86 }
87
88 // one iteration of the compression function
89 void implCompress(byte[] b, int ofs) {
90 for (int i = 0; i < 16; i++) {
91 int k = b[ofs + i] & 0xff;
92 X[16 + i] = k;
93 X[32 + i] = k ^ X[i];
94 }
95
96 // update the checksum
97 int t = C[15];
98 for (int i = 0; i < 16; i++) {
99 t = (C[i] ^= S[X[16 + i] ^ t]);
100 }
101
102 t = 0;
103 for (int i = 0; i < 18; i++) {
104 for (int j = 0; j < 48; j++) {
105 t = (X[j] ^= S[t]);
106 }
107 t = (t + i) & 0xff;
108 }
109 }
110
111 // substitution table derived from Pi. Copied from the RFC.
112 private final static int[] S = new int[] {
113 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
114 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
115 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
116 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
117 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
118 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
119 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
120 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
121 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
122 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
123 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
124 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
125 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
126 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
127 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
128 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
129 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
130 31, 26, 219, 153, 141, 51, 159, 17, 131, 20,
131 };
132
133 // digest padding. 17 element array.
134 // padding[0] is null
135 // padding[i] is an array of i time the byte value i (i = 1..16)
136 private final static byte[][] PADDING;
137
138 static {
139 PADDING = new byte[17][];
140 for (int i = 1; i < 17; i++) {
141 byte[] b = new byte[i];
142 Arrays.fill(b, (byte)i);
143 PADDING[i] = b;
144 }
145 }
146
147 }