1/*
2 * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26package sun.security.provider;
27
28import java.util.Arrays;
29
30/**
31 * Implementation for the MD2 algorithm, see RFC1319. It is very slow and
32 * not particular secure. It is only supported to be able to verify
33 * RSA/Verisign root certificates signed using MD2withRSA. It should not
34 * be used for anything else.
35 *
36 * @since   1.5
37 * @author  Andreas Sterbenz
38 */
39public final class MD2 extends DigestBase {
40
41    // state, 48 ints
42    private int[] X;
43
44    // checksum, 16 ints. they are really bytes, but byte arithmetic in
45    // the JVM is much slower that int arithmetic.
46    private int[] C;
47
48    // temporary store for checksum C during final digest
49    private byte[] cBytes;
50
51    /**
52     * Create a new MD2 digest. Called by the JCA framework
53     */
54    public MD2() {
55        super("MD2", 16, 16);
56        X = new int[48];
57        C = new int[16];
58        cBytes = new byte[16];
59    }
60
61    public Object clone() throws CloneNotSupportedException {
62        MD2 copy = (MD2) super.clone();
63        copy.X = copy.X.clone();
64        copy.C = copy.C.clone();
65        copy.cBytes = new byte[16];
66        return copy;
67    }
68
69    // reset state and checksum
70    void implReset() {
71        Arrays.fill(X, 0);
72        Arrays.fill(C, 0);
73    }
74
75    // finish the digest
76    void implDigest(byte[] out, int ofs) {
77        int padValue = 16 - ((int)bytesProcessed & 15);
78        engineUpdate(PADDING[padValue], 0, padValue);
79        for (int i = 0; i < 16; i++) {
80            cBytes[i] = (byte)C[i];
81        }
82        implCompress(cBytes, 0);
83        for (int i = 0; i < 16; i++) {
84            out[ofs + i] = (byte)X[i];
85        }
86    }
87
88    // one iteration of the compression function
89    void implCompress(byte[] b, int ofs) {
90        for (int i = 0; i < 16; i++) {
91            int k = b[ofs + i] & 0xff;
92            X[16 + i] = k;
93            X[32 + i] = k ^ X[i];
94        }
95
96        // update the checksum
97        int t = C[15];
98        for (int i = 0; i < 16; i++) {
99            t = (C[i] ^= S[X[16 + i] ^ t]);
100        }
101
102        t = 0;
103        for (int i = 0; i < 18; i++) {
104            for (int j = 0; j < 48; j++) {
105                t = (X[j] ^= S[t]);
106            }
107            t = (t + i) & 0xff;
108        }
109    }
110
111    // substitution table derived from Pi. Copied from the RFC.
112    private static final int[] S = new int[] {
113        41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
114        19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
115        76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
116        138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
117        245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
118        148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
119        39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
120        181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
121        150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
122        112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
123        96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
124        85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
125        234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
126        129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
127        8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
128        203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
129        166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
130        31, 26, 219, 153, 141, 51, 159, 17, 131, 20,
131    };
132
133    // digest padding. 17 element array.
134    // padding[0] is null
135    // padding[i] is an array of i time the byte value i (i = 1..16)
136    private static final byte[][] PADDING;
137
138    static {
139        PADDING = new byte[17][];
140        for (int i = 1; i < 17; i++) {
141            byte[] b = new byte[i];
142            Arrays.fill(b, (byte)i);
143            PADDING[i] = b;
144        }
145    }
146
147}
148