1 /*
2 * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.security.*;
29
30 import static sun.security.provider.ByteArrayAccess.*;
31
32 /**
33 * The MD4 class is used to compute an MD4 message digest over a given
34 * buffer of bytes. It is an implementation of the RSA Data Security Inc
35 * MD4 algorithim as described in internet RFC 1320.
36 *
37 * <p>The MD4 algorithm is very weak and should not be used unless it is
38 * unavoidable. Therefore, it is not registered in our standard providers. To
39 * obtain an implementation, call the static getInstance() method in this
40 * class.
41 *
42 * @author Andreas Sterbenz
43 */
44 public final class MD4 extends DigestBase {
45
46 // state of this object
47 private int[] state;
48 // temporary buffer, used by implCompress()
49 private int[] x;
50
51 // rotation constants
52 private static final int S11 = 3;
53 private static final int S12 = 7;
54 private static final int S13 = 11;
55 private static final int S14 = 19;
56 private static final int S21 = 3;
57 private static final int S22 = 5;
58 private static final int S23 = 9;
59 private static final int S24 = 13;
60 private static final int S31 = 3;
61 private static final int S32 = 9;
62 private static final int S33 = 11;
63 private static final int S34 = 15;
64
65 private final static Provider md4Provider;
66
67 static {
68 md4Provider = new Provider("MD4Provider", 1.0d, "MD4 MessageDigest") {};
69 AccessController.doPrivileged(new PrivilegedAction<Void>() {
70 public Void run() {
71 md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4");
72 return null;
73 }
74 });
75 }
76
77 public static MessageDigest getInstance() {
78 try {
79 return MessageDigest.getInstance("MD4", md4Provider);
80 } catch (NoSuchAlgorithmException e) {
81 // should never occur
82 throw new ProviderException(e);
83 }
84 }
85
86 // Standard constructor, creates a new MD4 instance.
87 public MD4() {
88 super("MD4", 16, 64);
89 state = new int[4];
90 x = new int[16];
91 implReset();
92 }
93
94 // clone this object
95 public Object clone() throws CloneNotSupportedException {
96 MD4 copy = (MD4) super.clone();
97 copy.state = copy.state.clone();
98 copy.x = new int[16];
99 return copy;
100 }
101
102 /**
103 * Reset the state of this object.
104 */
105 void implReset() {
106 // Load magic initialization constants.
107 state[0] = 0x67452301;
108 state[1] = 0xefcdab89;
109 state[2] = 0x98badcfe;
110 state[3] = 0x10325476;
111 }
112
113 /**
114 * Perform the final computations, any buffered bytes are added
115 * to the digest, the count is added to the digest, and the resulting
116 * digest is stored.
117 */
118 void implDigest(byte[] out, int ofs) {
119 long bitsProcessed = bytesProcessed << 3;
120
121 int index = (int)bytesProcessed & 0x3f;
122 int padLen = (index < 56) ? (56 - index) : (120 - index);
123 engineUpdate(padding, 0, padLen);
124
125 i2bLittle4((int)bitsProcessed, buffer, 56);
126 i2bLittle4((int)(bitsProcessed >>> 32), buffer, 60);
127 implCompress(buffer, 0);
128
129 i2bLittle(state, 0, out, ofs, 16);
130 }
131
132 private static int FF(int a, int b, int c, int d, int x, int s) {
133 a += ((b & c) | ((~b) & d)) + x;
134 return ((a << s) | (a >>> (32 - s)));
135 }
136
137 private static int GG(int a, int b, int c, int d, int x, int s) {
138 a += ((b & c) | (b & d) | (c & d)) + x + 0x5a827999;
139 return ((a << s) | (a >>> (32 - s)));
140 }
141
142 private static int HH(int a, int b, int c, int d, int x, int s) {
143 a += ((b ^ c) ^ d) + x + 0x6ed9eba1;
144 return ((a << s) | (a >>> (32 - s)));
145 }
146
147 /**
148 * This is where the functions come together as the generic MD4
149 * transformation operation. It consumes sixteen
150 * bytes from the buffer, beginning at the specified offset.
151 */
152 void implCompress(byte[] buf, int ofs) {
153 b2iLittle64(buf, ofs, x);
154
155 int a = state[0];
156 int b = state[1];
157 int c = state[2];
158 int d = state[3];
159
160 /* Round 1 */
161 a = FF (a, b, c, d, x[ 0], S11); /* 1 */
162 d = FF (d, a, b, c, x[ 1], S12); /* 2 */
163 c = FF (c, d, a, b, x[ 2], S13); /* 3 */
164 b = FF (b, c, d, a, x[ 3], S14); /* 4 */
165 a = FF (a, b, c, d, x[ 4], S11); /* 5 */
166 d = FF (d, a, b, c, x[ 5], S12); /* 6 */
167 c = FF (c, d, a, b, x[ 6], S13); /* 7 */
168 b = FF (b, c, d, a, x[ 7], S14); /* 8 */
169 a = FF (a, b, c, d, x[ 8], S11); /* 9 */
170 d = FF (d, a, b, c, x[ 9], S12); /* 10 */
171 c = FF (c, d, a, b, x[10], S13); /* 11 */
172 b = FF (b, c, d, a, x[11], S14); /* 12 */
173 a = FF (a, b, c, d, x[12], S11); /* 13 */
174 d = FF (d, a, b, c, x[13], S12); /* 14 */
175 c = FF (c, d, a, b, x[14], S13); /* 15 */
176 b = FF (b, c, d, a, x[15], S14); /* 16 */
177
178 /* Round 2 */
179 a = GG (a, b, c, d, x[ 0], S21); /* 17 */
180 d = GG (d, a, b, c, x[ 4], S22); /* 18 */
181 c = GG (c, d, a, b, x[ 8], S23); /* 19 */
182 b = GG (b, c, d, a, x[12], S24); /* 20 */
183 a = GG (a, b, c, d, x[ 1], S21); /* 21 */
184 d = GG (d, a, b, c, x[ 5], S22); /* 22 */
185 c = GG (c, d, a, b, x[ 9], S23); /* 23 */
186 b = GG (b, c, d, a, x[13], S24); /* 24 */
187 a = GG (a, b, c, d, x[ 2], S21); /* 25 */
188 d = GG (d, a, b, c, x[ 6], S22); /* 26 */
189 c = GG (c, d, a, b, x[10], S23); /* 27 */
190 b = GG (b, c, d, a, x[14], S24); /* 28 */
191 a = GG (a, b, c, d, x[ 3], S21); /* 29 */
192 d = GG (d, a, b, c, x[ 7], S22); /* 30 */
193 c = GG (c, d, a, b, x[11], S23); /* 31 */
194 b = GG (b, c, d, a, x[15], S24); /* 32 */
195
196 /* Round 3 */
197 a = HH (a, b, c, d, x[ 0], S31); /* 33 */
198 d = HH (d, a, b, c, x[ 8], S32); /* 34 */
199 c = HH (c, d, a, b, x[ 4], S33); /* 35 */
200 b = HH (b, c, d, a, x[12], S34); /* 36 */
201 a = HH (a, b, c, d, x[ 2], S31); /* 37 */
202 d = HH (d, a, b, c, x[10], S32); /* 38 */
203 c = HH (c, d, a, b, x[ 6], S33); /* 39 */
204 b = HH (b, c, d, a, x[14], S34); /* 40 */
205 a = HH (a, b, c, d, x[ 1], S31); /* 41 */
206 d = HH (d, a, b, c, x[ 9], S32); /* 42 */
207 c = HH (c, d, a, b, x[ 5], S33); /* 43 */
208 b = HH (b, c, d, a, x[13], S34); /* 44 */
209 a = HH (a, b, c, d, x[ 3], S31); /* 45 */
210 d = HH (d, a, b, c, x[11], S32); /* 46 */
211 c = HH (c, d, a, b, x[ 7], S33); /* 47 */
212 b = HH (b, c, d, a, x[15], S34); /* 48 */
213
214 state[0] += a;
215 state[1] += b;
216 state[2] += c;
217 state[3] += d;
218 }
219
220 }