1 /* 2 * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.security.*; 29 30 import static sun.security.provider.ByteArrayAccess.*; 31 32 /** 33 * The MD4 class is used to compute an MD4 message digest over a given 34 * buffer of bytes. It is an implementation of the RSA Data Security Inc 35 * MD4 algorithim as described in internet RFC 1320. 36 * 37 * <p>The MD4 algorithm is very weak and should not be used unless it is 38 * unavoidable. Therefore, it is not registered in our standard providers. To 39 * obtain an implementation, call the static getInstance() method in this 40 * class. 41 * 42 * @author Andreas Sterbenz 43 */ 44 public final class MD4 extends DigestBase { 45 46 // state of this object 47 private int[] state; 48 // temporary buffer, used by implCompress() 49 private int[] x; 50 51 // rotation constants 52 private static final int S11 = 3; 53 private static final int S12 = 7; 54 private static final int S13 = 11; 55 private static final int S14 = 19; 56 private static final int S21 = 3; 57 private static final int S22 = 5; 58 private static final int S23 = 9; 59 private static final int S24 = 13; 60 private static final int S31 = 3; 61 private static final int S32 = 9; 62 private static final int S33 = 11; 63 private static final int S34 = 15; 64 65 private final static Provider md4Provider; 66 67 static { 68 md4Provider = new Provider("MD4Provider", 1.0d, "MD4 MessageDigest") {}; 69 AccessController.doPrivileged(new PrivilegedAction<Void>() { 70 public Void run() { 71 md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4"); 72 return null; 73 } 74 }); 75 } 76 77 public static MessageDigest getInstance() { 78 try { 79 return MessageDigest.getInstance("MD4", md4Provider); 80 } catch (NoSuchAlgorithmException e) { 81 // should never occur 82 throw new ProviderException(e); 83 } 84 } 85 86 // Standard constructor, creates a new MD4 instance. 87 public MD4() { 88 super("MD4", 16, 64); 89 state = new int[4]; 90 x = new int[16]; 91 implReset(); 92 } 93 94 // clone this object 95 public Object clone() throws CloneNotSupportedException { 96 MD4 copy = (MD4) super.clone(); 97 copy.state = copy.state.clone(); 98 copy.x = new int[16]; 99 return copy; 100 } 101 102 /** 103 * Reset the state of this object. 104 */ 105 void implReset() { 106 // Load magic initialization constants. 107 state[0] = 0x67452301; 108 state[1] = 0xefcdab89; 109 state[2] = 0x98badcfe; 110 state[3] = 0x10325476; 111 } 112 113 /** 114 * Perform the final computations, any buffered bytes are added 115 * to the digest, the count is added to the digest, and the resulting 116 * digest is stored. 117 */ 118 void implDigest(byte[] out, int ofs) { 119 long bitsProcessed = bytesProcessed << 3; 120 121 int index = (int)bytesProcessed & 0x3f; 122 int padLen = (index < 56) ? (56 - index) : (120 - index); 123 engineUpdate(padding, 0, padLen); 124 125 i2bLittle4((int)bitsProcessed, buffer, 56); 126 i2bLittle4((int)(bitsProcessed >>> 32), buffer, 60); 127 implCompress(buffer, 0); 128 129 i2bLittle(state, 0, out, ofs, 16); 130 } 131 132 private static int FF(int a, int b, int c, int d, int x, int s) { 133 a += ((b & c) | ((~b) & d)) + x; 134 return ((a << s) | (a >>> (32 - s))); 135 } 136 137 private static int GG(int a, int b, int c, int d, int x, int s) { 138 a += ((b & c) | (b & d) | (c & d)) + x + 0x5a827999; 139 return ((a << s) | (a >>> (32 - s))); 140 } 141 142 private static int HH(int a, int b, int c, int d, int x, int s) { 143 a += ((b ^ c) ^ d) + x + 0x6ed9eba1; 144 return ((a << s) | (a >>> (32 - s))); 145 } 146 147 /** 148 * This is where the functions come together as the generic MD4 149 * transformation operation. It consumes sixteen 150 * bytes from the buffer, beginning at the specified offset. 151 */ 152 void implCompress(byte[] buf, int ofs) { 153 b2iLittle64(buf, ofs, x); 154 155 int a = state[0]; 156 int b = state[1]; 157 int c = state[2]; 158 int d = state[3]; 159 160 /* Round 1 */ 161 a = FF (a, b, c, d, x[ 0], S11); /* 1 */ 162 d = FF (d, a, b, c, x[ 1], S12); /* 2 */ 163 c = FF (c, d, a, b, x[ 2], S13); /* 3 */ 164 b = FF (b, c, d, a, x[ 3], S14); /* 4 */ 165 a = FF (a, b, c, d, x[ 4], S11); /* 5 */ 166 d = FF (d, a, b, c, x[ 5], S12); /* 6 */ 167 c = FF (c, d, a, b, x[ 6], S13); /* 7 */ 168 b = FF (b, c, d, a, x[ 7], S14); /* 8 */ 169 a = FF (a, b, c, d, x[ 8], S11); /* 9 */ 170 d = FF (d, a, b, c, x[ 9], S12); /* 10 */ 171 c = FF (c, d, a, b, x[10], S13); /* 11 */ 172 b = FF (b, c, d, a, x[11], S14); /* 12 */ 173 a = FF (a, b, c, d, x[12], S11); /* 13 */ 174 d = FF (d, a, b, c, x[13], S12); /* 14 */ 175 c = FF (c, d, a, b, x[14], S13); /* 15 */ 176 b = FF (b, c, d, a, x[15], S14); /* 16 */ 177 178 /* Round 2 */ 179 a = GG (a, b, c, d, x[ 0], S21); /* 17 */ 180 d = GG (d, a, b, c, x[ 4], S22); /* 18 */ 181 c = GG (c, d, a, b, x[ 8], S23); /* 19 */ 182 b = GG (b, c, d, a, x[12], S24); /* 20 */ 183 a = GG (a, b, c, d, x[ 1], S21); /* 21 */ 184 d = GG (d, a, b, c, x[ 5], S22); /* 22 */ 185 c = GG (c, d, a, b, x[ 9], S23); /* 23 */ 186 b = GG (b, c, d, a, x[13], S24); /* 24 */ 187 a = GG (a, b, c, d, x[ 2], S21); /* 25 */ 188 d = GG (d, a, b, c, x[ 6], S22); /* 26 */ 189 c = GG (c, d, a, b, x[10], S23); /* 27 */ 190 b = GG (b, c, d, a, x[14], S24); /* 28 */ 191 a = GG (a, b, c, d, x[ 3], S21); /* 29 */ 192 d = GG (d, a, b, c, x[ 7], S22); /* 30 */ 193 c = GG (c, d, a, b, x[11], S23); /* 31 */ 194 b = GG (b, c, d, a, x[15], S24); /* 32 */ 195 196 /* Round 3 */ 197 a = HH (a, b, c, d, x[ 0], S31); /* 33 */ 198 d = HH (d, a, b, c, x[ 8], S32); /* 34 */ 199 c = HH (c, d, a, b, x[ 4], S33); /* 35 */ 200 b = HH (b, c, d, a, x[12], S34); /* 36 */ 201 a = HH (a, b, c, d, x[ 2], S31); /* 37 */ 202 d = HH (d, a, b, c, x[10], S32); /* 38 */ 203 c = HH (c, d, a, b, x[ 6], S33); /* 39 */ 204 b = HH (b, c, d, a, x[14], S34); /* 40 */ 205 a = HH (a, b, c, d, x[ 1], S31); /* 41 */ 206 d = HH (d, a, b, c, x[ 9], S32); /* 42 */ 207 c = HH (c, d, a, b, x[ 5], S33); /* 43 */ 208 b = HH (b, c, d, a, x[13], S34); /* 44 */ 209 a = HH (a, b, c, d, x[ 3], S31); /* 45 */ 210 d = HH (d, a, b, c, x[11], S32); /* 46 */ 211 c = HH (c, d, a, b, x[ 7], S33); /* 47 */ 212 b = HH (b, c, d, a, x[15], S34); /* 48 */ 213 214 state[0] += a; 215 state[1] += b; 216 state[2] += c; 217 state[3] += d; 218 } 219 220 }