diff options
Diffstat (limited to 'libjava/classpath/gnu/javax/crypto')
269 files changed, 11526 insertions, 16742 deletions
diff --git a/libjava/classpath/gnu/javax/crypto/RSACipherImpl.java b/libjava/classpath/gnu/javax/crypto/RSACipherImpl.java index 0a4c29db6f1..60504ecce85 100644 --- a/libjava/classpath/gnu/javax/crypto/RSACipherImpl.java +++ b/libjava/classpath/gnu/javax/crypto/RSACipherImpl.java @@ -1,5 +1,5 @@ -/* DiffieHellmanImpl.java -- implementation of the Diffie-Hellman key agreement. - Copyright (C) 2005 Free Software Foundation, Inc. +/* RSACipherImpl.java -- + Copyright (C) 2005, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,26 +38,21 @@ exception statement from your version. */ package gnu.javax.crypto; -import gnu.classpath.ByteArray; import gnu.classpath.debug.Component; import gnu.classpath.debug.SystemLogger; +import gnu.java.security.util.ByteArray; import java.math.BigInteger; - import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; - import java.security.interfaces.RSAKey; -import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; - import java.security.spec.AlgorithmParameterSpec; - import java.util.logging.Logger; import javax.crypto.BadPaddingException; @@ -67,10 +62,10 @@ import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.ShortBufferException; -public class RSACipherImpl extends CipherSpi +public class RSACipherImpl + extends CipherSpi { private static final Logger logger = SystemLogger.SYSTEM; - private static final byte[] EMPTY = new byte[0]; private int opmode = -1; private RSAPrivateKey decipherKey = null; @@ -80,48 +75,44 @@ public class RSACipherImpl extends CipherSpi private byte[] dataBuffer = null; private int pos = 0; - protected void engineSetMode (String mode) throws NoSuchAlgorithmException + protected void engineSetMode(String mode) throws NoSuchAlgorithmException { - throw new NoSuchAlgorithmException ("only one mode available"); + throw new NoSuchAlgorithmException("only one mode available"); } - protected void engineSetPadding (String pad) throws NoSuchPaddingException + protected void engineSetPadding(String pad) throws NoSuchPaddingException { - throw new NoSuchPaddingException ("only one padding available"); + throw new NoSuchPaddingException("only one padding available"); } - protected int engineGetBlockSize () + protected int engineGetBlockSize() { return 1; } - protected int engineGetOutputSize (int inputLen) + protected int engineGetOutputSize(int inputLen) { int outputLen = 0; if (decipherKey != null) - { - outputLen = (decipherKey.getModulus ().bitLength () + 7) / 8; - } + outputLen = (decipherKey.getModulus().bitLength() + 7) / 8; else if (encipherKey != null) - { - outputLen = (encipherKey.getModulus ().bitLength () + 7) / 8; - } + outputLen = (encipherKey.getModulus().bitLength() + 7) / 8; else - throw new IllegalStateException ("not initialized"); + throw new IllegalStateException("not initialized"); if (inputLen > outputLen) - throw new IllegalArgumentException ("not configured to encode " + inputLen - + "bytes; at most " + outputLen); + throw new IllegalArgumentException("not configured to encode " + inputLen + + "bytes; at most " + outputLen); return outputLen; } - protected int engineGetKeySize (final Key key) throws InvalidKeyException + protected int engineGetKeySize(final Key key) throws InvalidKeyException { - if (!(key instanceof RSAKey)) - throw new InvalidKeyException ("not an RSA key"); - return ((RSAKey) key).getModulus ().bitLength (); + if (! (key instanceof RSAKey)) + throw new InvalidKeyException("not an RSA key"); + return ((RSAKey) key).getModulus().bitLength(); } - protected byte[] engineGetIV () + protected byte[] engineGetIV() { return null; } @@ -131,18 +122,18 @@ public class RSACipherImpl extends CipherSpi return null; } - protected void engineInit (int opmode, Key key, SecureRandom random) - throws InvalidKeyException + protected void engineInit(int opmode, Key key, SecureRandom random) + throws InvalidKeyException { int outputLen = 0; if (opmode == Cipher.ENCRYPT_MODE) { - if (!(key instanceof RSAPublicKey)) - throw new InvalidKeyException ("expecting a RSAPublicKey"); + if (! (key instanceof RSAPublicKey)) + throw new InvalidKeyException("expecting a RSAPublicKey"); encipherKey = (RSAPublicKey) key; decipherKey = null; blindingKey = null; - outputLen = (encipherKey.getModulus ().bitLength () + 7) / 8; + outputLen = (encipherKey.getModulus().bitLength() + 7) / 8; } else if (opmode == Cipher.DECRYPT_MODE) { @@ -151,74 +142,78 @@ public class RSACipherImpl extends CipherSpi decipherKey = (RSAPrivateKey) key; encipherKey = null; blindingKey = null; - outputLen = (decipherKey.getModulus ().bitLength () + 7) / 8; + outputLen = (decipherKey.getModulus().bitLength() + 7) / 8; } else if (key instanceof RSAPublicKey) { if (decipherKey == null) - throw new IllegalStateException ("must configure decryption key first"); - if (!decipherKey.getModulus ().equals (((RSAPublicKey) key).getModulus ())) - throw new InvalidKeyException ("blinding key is not compatible"); + throw new IllegalStateException("must configure decryption key first"); + if (! decipherKey.getModulus().equals(((RSAPublicKey) key).getModulus())) + throw new InvalidKeyException("blinding key is not compatible"); blindingKey = (RSAPublicKey) key; return; } else - throw new InvalidKeyException ("expecting either an RSAPrivateKey or an RSAPublicKey (for blinding)"); + throw new InvalidKeyException( + "expecting either an RSAPrivateKey or an RSAPublicKey (for blinding)"); } else - throw new IllegalArgumentException ("only encryption and decryption supported"); + throw new IllegalArgumentException("only encryption and decryption supported"); this.random = random; this.opmode = opmode; pos = 0; dataBuffer = new byte[outputLen]; } - protected void engineInit (int opmode, Key key, AlgorithmParameterSpec spec, SecureRandom random) - throws InvalidKeyException + protected void engineInit(int opmode, Key key, AlgorithmParameterSpec spec, + SecureRandom random) throws InvalidKeyException { - engineInit (opmode, key, random); + engineInit(opmode, key, random); } - protected void engineInit (int opmode, Key key, AlgorithmParameters params, SecureRandom random) - throws InvalidKeyException + protected void engineInit(int opmode, Key key, AlgorithmParameters params, + SecureRandom random) throws InvalidKeyException { - engineInit (opmode, key, random); + engineInit(opmode, key, random); } - protected byte[] engineUpdate (byte[] in, int offset, int length) + protected byte[] engineUpdate(byte[] in, int offset, int length) { if (opmode != Cipher.ENCRYPT_MODE && opmode != Cipher.DECRYPT_MODE) - throw new IllegalStateException ("not initialized"); - System.arraycopy (in, offset, dataBuffer, pos, length); + throw new IllegalStateException("not initialized"); + System.arraycopy(in, offset, dataBuffer, pos, length); pos += length; return EMPTY; } - protected int engineUpdate (byte[] in, int offset, int length, byte[] out, int outOffset) + protected int engineUpdate(byte[] in, int offset, int length, byte[] out, + int outOffset) { - engineUpdate (in, offset, length); + engineUpdate(in, offset, length); return 0; } - protected byte[] engineDoFinal (byte[] in, int offset, int length) - throws IllegalBlockSizeException, BadPaddingException + protected byte[] engineDoFinal(byte[] in, int offset, int length) + throws IllegalBlockSizeException, BadPaddingException { - engineUpdate (in, offset, length); + engineUpdate(in, offset, length); if (opmode == Cipher.DECRYPT_MODE) { if (pos < dataBuffer.length) - throw new IllegalBlockSizeException ("expecting exactly " + dataBuffer.length + " bytes"); - BigInteger enc = new BigInteger (1, dataBuffer); - byte[] dec = rsaDecrypt (enc); - logger.log (Component.CRYPTO, "RSA: decryption produced\n{0}", - new ByteArray (dec)); + throw new IllegalBlockSizeException("expecting exactly " + + dataBuffer.length + " bytes"); + BigInteger enc = new BigInteger(1, dataBuffer); + byte[] dec = rsaDecrypt(enc); + logger.log(Component.CRYPTO, "RSA: decryption produced\n{0}", + new ByteArray(dec)); if (dec[0] != 0x02) - throw new BadPaddingException ("expected padding type 2"); + throw new BadPaddingException("expected padding type 2"); int i; - for (i = 1; i < dec.length && dec[i] != 0x00; i++); - int len = dec.length - i; + for (i = 1; i < dec.length && dec[i] != 0x00; i++) + ; // keep incrementing i + int len = dec.length - i - 1; // skip the 0x00 byte byte[] result = new byte[len]; - System.arraycopy (dec, i, result, 0, len); + System.arraycopy(dec, i + 1, result, 0, len); pos = 0; return result; } @@ -226,29 +221,29 @@ public class RSACipherImpl extends CipherSpi { offset = dataBuffer.length - pos; if (offset < 3) - throw new IllegalBlockSizeException ("input is too large to encrypt"); + throw new IllegalBlockSizeException("input is too large to encrypt"); byte[] dec = new byte[dataBuffer.length]; dec[0] = 0x02; if (random == null) - random = new SecureRandom (); - byte[] pad = new byte[offset - 2]; - random.nextBytes (pad); - for (int i = 0; i < pad.length; i++) - if (pad[i] == 0) - pad[i] = 1; - System.arraycopy (pad, 0, dec, 1, pad.length); + random = new SecureRandom(); + byte[] pad = new byte[offset - 2]; + random.nextBytes(pad); + for (int i = 0; i < pad.length; i++) + if (pad[i] == 0) + pad[i] = 1; + System.arraycopy(pad, 0, dec, 1, pad.length); dec[dec.length - pos] = 0x00; - System.arraycopy (dataBuffer, 0, dec, offset, pos); - logger.log (Component.CRYPTO, "RSA: produced padded plaintext\n{0}", - new ByteArray (dec)); - BigInteger x = new BigInteger (1, dec); - BigInteger y = x.modPow (encipherKey.getPublicExponent (), - encipherKey.getModulus ()); - byte[] enc = y.toByteArray (); + System.arraycopy(dataBuffer, 0, dec, offset, pos); + logger.log(Component.CRYPTO, "RSA: produced padded plaintext\n{0}", + new ByteArray(dec)); + BigInteger x = new BigInteger(1, dec); + BigInteger y = x.modPow(encipherKey.getPublicExponent(), + encipherKey.getModulus()); + byte[] enc = y.toByteArray(); if (enc[0] == 0x00) { byte[] tmp = new byte[enc.length - 1]; - System.arraycopy (enc, 1, tmp, 0, tmp.length); + System.arraycopy(enc, 1, tmp, 0, tmp.length); enc = tmp; } pos = 0; @@ -256,56 +251,54 @@ public class RSACipherImpl extends CipherSpi } } - protected int engineDoFinal (byte[] out, int offset) - throws ShortBufferException, IllegalBlockSizeException, BadPaddingException + protected int engineDoFinal(byte[] out, int offset) + throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException { - byte[] result = engineDoFinal (EMPTY, 0, 0); + byte[] result = engineDoFinal(EMPTY, 0, 0); if (out.length - offset < result.length) - throw new ShortBufferException ("need " + result.length + ", have " - + (out.length - offset)); - System.arraycopy (result, 0, out, offset, result.length); + throw new ShortBufferException("need " + result.length + ", have " + + (out.length - offset)); + System.arraycopy(result, 0, out, offset, result.length); return result.length; } - protected int engineDoFinal (final byte[] input, final int offset, final int length, - final byte[] output, final int outputOffset) - throws ShortBufferException, IllegalBlockSizeException, BadPaddingException + protected int engineDoFinal(final byte[] input, final int offset, + final int length, final byte[] output, + final int outputOffset) + throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException { - byte[] result = engineDoFinal (input, offset, length); + byte[] result = engineDoFinal(input, offset, length); if (output.length - outputOffset < result.length) - throw new ShortBufferException ("need " + result.length + ", have " - + (output.length - outputOffset)); - System.arraycopy (result, 0, output, outputOffset, result.length); + throw new ShortBufferException("need " + result.length + ", have " + + (output.length - outputOffset)); + System.arraycopy(result, 0, output, outputOffset, result.length); return result.length; } /** * Decrypts the ciphertext, employing RSA blinding if possible. */ - private byte[] rsaDecrypt (BigInteger enc) + private byte[] rsaDecrypt(BigInteger enc) { if (random == null) - random = new SecureRandom (); - BigInteger n = decipherKey.getModulus (); + random = new SecureRandom(); + BigInteger n = decipherKey.getModulus(); BigInteger r = null; BigInteger pubExp = null; if (blindingKey != null) - pubExp = blindingKey.getPublicExponent (); + pubExp = blindingKey.getPublicExponent(); if (pubExp != null && (decipherKey instanceof RSAPrivateCrtKey)) - pubExp = ((RSAPrivateCrtKey) decipherKey).getPublicExponent (); + pubExp = ((RSAPrivateCrtKey) decipherKey).getPublicExponent(); if (pubExp != null) { - r = new BigInteger (n.bitLength () - 1, random); - enc = r.modPow (pubExp, n).multiply (enc).mod (n); + r = new BigInteger(n.bitLength() - 1, random); + enc = r.modPow(pubExp, n).multiply(enc).mod(n); } - - BigInteger dec = enc.modPow (decipherKey.getPrivateExponent (), n); - + BigInteger dec = enc.modPow(decipherKey.getPrivateExponent(), n); if (pubExp != null) - { - dec = dec.multiply (r.modInverse (n)).mod (n); - } - - return dec.toByteArray (); + dec = dec.multiply(r.modInverse(n)).mod(n); + return dec.toByteArray(); } } diff --git a/libjava/classpath/gnu/javax/crypto/assembly/Assembly.java b/libjava/classpath/gnu/javax/crypto/assembly/Assembly.java index 2d5bba3646e..49770675bbd 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/Assembly.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/Assembly.java @@ -41,23 +41,19 @@ package gnu.javax.crypto.assembly; import java.util.Map; /** - * <p>An <code>Assembly</code> is a construction consisting of a chain of + * An <code>Assembly</code> is a construction consisting of a chain of * {@link Transformer} elements; each wired in pre- or post- transformation * mode. This chain is terminated by one <code>LoopbackTransformer</code> - * element.</p> - * - * <p>Once constructed, and correctly initialised, the bulk of the methods - * available on the <code>Assembly</code> are delegated to the <i>head</i> - * of the {@link Transformer} chain of the <code>Assembly</code>.</p> - * + * element. + * <p> + * Once constructed, and correctly initialised, the bulk of the methods + * available on the <code>Assembly</code> are delegated to the <i>head</i> of + * the {@link Transformer} chain of the <code>Assembly</code>. + * * @see Transformer */ public class Assembly { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String DIRECTION = "gnu.crypto.assembly.assembly.direction"; /** Flag that tells if the instance is initialised or not; and if yes how. */ @@ -66,9 +62,6 @@ public class Assembly /** The first Transformer in the chain. */ private Transformer head; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Trivial constructor that sets the <i>chain</i> to a * <code>LoopbackTransformer</code>. @@ -81,21 +74,15 @@ public class Assembly head = new LoopbackTransformer(); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - /** * Adds the designated {@link Transformer} and signals that it should operate * in pre-processing mode; i.e. it should apply its internal transformation * algorithm on the input data stream, <b>before</b> it passes that stream to * the next element in the <i>chain</i>. - * + * * @param t the {@link Transformer} to add at the head of the current chain. - * @throws IllegalArgumentException if the designated {@link Transformer} - * has a non-null tail; i.e. it is already an element of a chain. + * @throws IllegalArgumentException if the designated {@link Transformer} has + * a non-null tail; i.e. it is already an element of a chain. */ public void addPreTransformer(Transformer t) { @@ -107,10 +94,10 @@ public class Assembly * in post-processing mode; i.e. it should apply its internal transformation * algorithm on the input data stream, <b>after</b> it passes that stream to * the next element in the <i>chain</i>. - * + * * @param t the {@link Transformer} to add at the head of the current chain. - * @throws IllegalArgumentException if the designated {@link Transformer} - * has a non-null tail; i.e. it is already an element of a chain. + * @throws IllegalArgumentException if the designated {@link Transformer} has + * a non-null tail; i.e. it is already an element of a chain. */ public void addPostTransformer(Transformer t) { @@ -120,22 +107,18 @@ public class Assembly /** * Initialises the <code>Assembly</code> for operation with specific * characteristics. - * + * * @param attributes a set of name-value pairs that describes the desired - * future behaviour of this instance. + * future behaviour of this instance. * @throws IllegalStateException if the instance is already initialised. */ public void init(Map attributes) throws TransformerException { if (wired != null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); Direction flow = (Direction) attributes.get(DIRECTION); if (flow == null) - { - flow = Direction.FORWARD; - } + flow = Direction.FORWARD; attributes.put(Transformer.DIRECTION, flow); head.init(attributes); wired = flow; @@ -155,12 +138,12 @@ public class Assembly * Convenience method that calls the method with same name and three * arguments, using a byte array of length <code>1</code> whose contents are * the designated byte. - * + * * @param b the byte to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #update(byte[], int, int) */ public byte[] update(byte b) throws TransformerException @@ -172,12 +155,12 @@ public class Assembly * Convenience method that calls the method with same name and three * arguments. All bytes in <code>in</code>, starting from index position * <code>0</code> are considered. - * + * * @param in the input data bytes. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #update(byte[], int, int) */ public byte[] update(byte[] in) throws TransformerException @@ -187,34 +170,32 @@ public class Assembly /** * Processes a designated number of bytes from a given byte array. - * + * * @param in the input data bytes. * @param offset index of <code>in</code> from which to start considering - * data. + * data. * @param length the count of bytes to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. */ public byte[] update(byte[] in, int offset, int length) throws TransformerException { if (wired == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); return head.update(in, offset, length); } /** - * Convenience method that calls the method with same name and three - * arguments using a 0-long byte array. - * + * Convenience method that calls the method with same name and three arguments + * using a 0-long byte array. + * * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #lastUpdate(byte[], int, int) */ public byte[] lastUpdate() throws TransformerException @@ -226,12 +207,12 @@ public class Assembly * Convenience method that calls the method with same name and three * arguments, using a byte array of length <code>1</code> whose contents are * the designated byte. - * + * * @param b the byte to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #lastUpdate(byte[], int, int) */ public byte[] lastUpdate(byte b) throws TransformerException @@ -243,12 +224,12 @@ public class Assembly * Convenience method that calls the method with same name and three * arguments. All bytes in <code>in</code>, starting from index position * <code>0</code> are considered. - * + * * @param in the input data bytes. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #lastUpdate(byte[], int, int) */ public byte[] lastUpdate(byte[] in) throws TransformerException @@ -257,39 +238,33 @@ public class Assembly } /** - * Processes a designated number of bytes from a given byte array and - * signals, at the same time, that this is the last <i>push</i> operation for - * this <code>Assembly</code>. - * + * Processes a designated number of bytes from a given byte array and signals, + * at the same time, that this is the last <i>push</i> operation for this + * <code>Assembly</code>. + * * @param in the input data bytes. * @param offset index of <code>in</code> from which to start considering - * data. + * data. * @param length the count of bytes to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. - * @throws TransformerException if a transformation-related exception - * occurs during the operation. + * @throws TransformerException if a transformation-related exception occurs + * during the operation. */ public byte[] lastUpdate(byte[] in, int offset, int length) throws TransformerException { if (wired == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); byte[] result = head.lastUpdate(in, offset, length); reset(); return result; } - // helper methods ---------------------------------------------------------- - private void wireTransformer(Transformer t, Operation mode) { if (t.tail != null) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); t.setMode(mode); t.tail = head; head = t; diff --git a/libjava/classpath/gnu/javax/crypto/assembly/Cascade.java b/libjava/classpath/gnu/javax/crypto/assembly/Cascade.java index 678a7e7308d..f790956a472 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/Cascade.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/Cascade.java @@ -49,36 +49,31 @@ import java.util.Map; import java.util.Set; /** - * <p>A <i>Cascade</i> Cipher is the concatenation of two or more block ciphers + * A <i>Cascade</i> Cipher is the concatenation of two or more block ciphers * each with independent keys. Plaintext is input to the first stage; the output - * of stage <code>i</code> is input to stage <code>i + 1</code>; and the output - * of the last stage is the <i>Cascade</i>'s ciphertext output.</p> - * - * <p>In the simplest case, all stages in a <code>Cascade</code> have <i>k</i>-bit + * of stage <code>i</code> is input to stage <code>i + 1</code>; and the + * output of the last stage is the <i>Cascade</i>'s ciphertext output. + * <p> + * In the simplest case, all stages in a <code>Cascade</code> have <i>k</i>-bit * keys, and the stage inputs and outputs are all n-bit quantities. The stage * ciphers may differ (general cascade of ciphers), or all be identical (cascade - * of identical ciphers).</p> - * - * <p>The term "block ciphers" used above refers to implementations of - * {@link gnu.crypto.mode.IMode}, including the {@link gnu.crypto.mode.ECB} - * mode which basically exposes a symmetric-key block cipher algorithm as a - * <i>Mode</i> of Operations.</p> - * - * <p>References:</p> - * + * of identical ciphers). + * <p> + * The term "block ciphers" used above refers to implementations of + * {@link gnu.javax.crypto.mode.IMode}, including the + * {@link gnu.javax.crypto.mode.ECB} mode which basically exposes a + * symmetric-key block cipher algorithm as a <i>Mode</i> of Operations. + * <p> + * References: * <ol> - * <li><a href="http://www.cacr.math.uwaterloo.ca/hac">[HAC]</a>: Handbook of - * Applied Cryptography.<br> - * CRC Press, Inc. ISBN 0-8493-8523-7, 1997<br> - * Menezes, A., van Oorschot, P. and S. Vanstone.</li> + * <li><a href="http://www.cacr.math.uwaterloo.ca/hac">[HAC]</a>: Handbook of + * Applied Cryptography.<br> + * CRC Press, Inc. ISBN 0-8493-8523-7, 1997<br> + * Menezes, A., van Oorschot, P. and S. Vanstone.</li> * </ol> */ public class Cascade { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String DIRECTION = "gnu.crypto.assembly.cascade.direction"; /** The map of Stages chained in this cascade. */ @@ -93,9 +88,6 @@ public class Cascade /** The curently set block-size for this instance. */ protected int blockSize; - // Constructor(s) - // ------------------------------------------------------------------------- - public Cascade() { super(); @@ -106,12 +98,9 @@ public class Cascade blockSize = 0; } - // Class methods - // ------------------------------------------------------------------------- - /** * Returns the Least Common Multiple of two integers. - * + * * @param a the first integer. * @param b the second integer. * @return the LCM of <code>abs(a)</code> and <code>abs(b)</code>. @@ -123,18 +112,15 @@ public class Cascade return A.multiply(B).divide(A.gcd(B)).abs().intValue(); } - // Instance methods - // ------------------------------------------------------------------------- - /** * Adds to the end of the current chain, a designated {@link Stage}. - * + * * @param stage the {@link Stage} to append to the chain. * @return a unique identifier for this stage, within this cascade. * @throws IllegalStateException if the instance is already initialised. - * @throws IllegalArgumentException if the designated stage is already in - * the chain, or it has incompatible characteristics with the current - * elements already in the chain. + * @throws IllegalArgumentException if the designated stage is already in the + * chain, or it has incompatible characteristics with the current + * elements already in the chain. */ public Object append(Stage stage) throws IllegalArgumentException { @@ -143,13 +129,13 @@ public class Cascade /** * Adds to the begining of the current chain, a designated {@link Stage}. - * + * * @param stage the {@link Stage} to prepend to the chain. * @return a unique identifier for this stage, within this cascade. * @throws IllegalStateException if the instance is already initialised. - * @throws IllegalArgumentException if the designated stage is already in - * the chain, or it has incompatible characteristics with the current - * elements already in the chain. + * @throws IllegalArgumentException if the designated stage is already in the + * chain, or it has incompatible characteristics with the current + * elements already in the chain. */ public Object prepend(Stage stage) throws IllegalArgumentException { @@ -159,62 +145,49 @@ public class Cascade /** * Inserts a {@link Stage} into the current chain, at the specified index * (zero-based) position. - * + * * @param stage the {@link Stage} to insert into the chain. * @return a unique identifier for this stage, within this cascade. - * @throws IllegalArgumentException if the designated stage is already in - * the chain, or it has incompatible characteristics with the current - * elements already in the chain. + * @throws IllegalArgumentException if the designated stage is already in the + * chain, or it has incompatible characteristics with the current + * elements already in the chain. * @throws IllegalStateException if the instance is already initialised. * @throws IndexOutOfBoundsException if <code>index</code> is less than - * <code>0</code> or greater than the current size of this cascade. + * <code>0</code> or greater than the current size of this + * cascade. */ public Object insert(int index, Stage stage) throws IllegalArgumentException, IndexOutOfBoundsException { if (stages.containsValue(stage)) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); if (wired != null || stage == null) - { - throw new IllegalStateException(); - } - + throw new IllegalStateException(); if (index < 0 || index > size()) - { - throw new IndexOutOfBoundsException(); - } - + throw new IndexOutOfBoundsException(); // check that there is a non-empty set of common block-sizes Set set = stage.blockSizes(); if (stages.isEmpty()) { if (set.isEmpty()) - { - throw new IllegalArgumentException("1st stage with no block sizes"); - } + throw new IllegalArgumentException("1st stage with no block sizes"); } else { Set common = this.blockSizes(); common.retainAll(set); if (common.isEmpty()) - { - throw new IllegalArgumentException("no common block sizes found"); - } + throw new IllegalArgumentException("no common block sizes found"); } - Object result = new Object(); stageKeys.add(index, result); stages.put(result, stage); - return result; } /** * Returns the current number of stages in this chain. - * + * * @return the current count of stages in this chain. */ public int size() @@ -226,18 +199,16 @@ public class Cascade * Returns an {@link Iterator} over the stages contained in this instance. * Each element of this iterator is a concrete implementation of a {@link * Stage}. - * + * * @return an {@link Iterator} over the stages contained in this instance. - * Each element of the returned iterator is a concrete instance of a {@link - * Stage}. + * Each element of the returned iterator is a concrete instance of a + * {@link Stage}. */ public Iterator stages() { LinkedList result = new LinkedList(); for (Iterator it = stageKeys.listIterator(); it.hasNext();) - { - result.addLast(stages.get(it.next())); - } + result.addLast(stages.get(it.next())); return result.listIterator(); } @@ -245,9 +216,9 @@ public class Cascade * Returns the {@link Set} of supported block sizes for this * <code>Cascade</code> that are common to all of its chained stages. Each * element in the returned {@link Set} is an instance of {@link Integer}. - * - * @return a {@link Set} of supported block sizes common to all the stages - * of the chain. + * + * @return a {@link Set} of supported block sizes common to all the stages of + * the chain. */ public Set blockSizes() { @@ -255,42 +226,33 @@ public class Cascade for (Iterator it = stages.values().iterator(); it.hasNext();) { Stage aStage = (Stage) it.next(); - if (result == null) - { // first time - result = new HashSet(aStage.blockSizes()); - } + if (result == null) // first time + result = new HashSet(aStage.blockSizes()); else - { - result.retainAll(aStage.blockSizes()); - } + result.retainAll(aStage.blockSizes()); } return result == null ? Collections.EMPTY_SET : result; } /** * Initialises the chain for operation with specific characteristics. - * + * * @param attributes a set of name-value pairs that describes the desired - * future behaviour of this instance. + * future behaviour of this instance. * @throws IllegalStateException if the chain, or any of its stages, is - * already initialised. + * already initialised. * @throws InvalidKeyException if the intialisation data provided with the - * stage is incorrect or causes an invalid key to be generated. + * stage is incorrect or causes an invalid key to be generated. * @see Direction#FORWARD * @see Direction#REVERSED */ public void init(Map attributes) throws InvalidKeyException { if (wired != null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); Direction flow = (Direction) attributes.get(DIRECTION); if (flow == null) - { - flow = Direction.FORWARD; - } - + flow = Direction.FORWARD; int optimalSize = 0; for (Iterator it = stageKeys.listIterator(); it.hasNext();) { @@ -300,30 +262,25 @@ public class Cascade Stage stage = (Stage) stages.get(id); stage.init(attr); optimalSize = optimalSize == 0 ? stage.currentBlockSize() - : lcm(optimalSize, - stage.currentBlockSize()); - } - - if (flow == Direction.REVERSED) - { // reverse order - Collections.reverse(stageKeys); + : lcm(optimalSize, + stage.currentBlockSize()); } + if (flow == Direction.REVERSED) // reverse order + Collections.reverse(stageKeys); wired = flow; blockSize = optimalSize; } /** * Returns the currently set block size for the chain. - * + * * @return the current block size for the chain. * @throws IllegalStateException if the instance is not initialised. */ public int currentBlockSize() { if (wired == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); return blockSize; } @@ -334,25 +291,21 @@ public class Cascade public void reset() { for (Iterator it = stageKeys.listIterator(); it.hasNext();) - { - ((Stage) stages.get(it.next())).reset(); - } - if (wired == Direction.REVERSED) - { // reverse it back - Collections.reverse(stageKeys); - } + ((Stage) stages.get(it.next())).reset(); + if (wired == Direction.REVERSED) // reverse it back + Collections.reverse(stageKeys); wired = null; blockSize = 0; } /** * Processes exactly one block of <i>plaintext</i> (if initialised in the - * {@link Direction#FORWARD} state) or <i>ciphertext</i> (if initialised in the - * {@link Direction#REVERSED} state). - * + * {@link Direction#FORWARD} state) or <i>ciphertext</i> (if initialised in + * the {@link Direction#REVERSED} state). + * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering - * data. + * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store result. * @throws IllegalStateException if the instance is not initialised. @@ -360,23 +313,17 @@ public class Cascade public void update(byte[] in, int inOffset, byte[] out, int outOffset) { if (wired == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); int stageBlockSize, j, i = stages.size(); for (Iterator it = stageKeys.listIterator(); it.hasNext();) { Stage stage = (Stage) stages.get(it.next()); stageBlockSize = stage.currentBlockSize(); for (j = 0; j < blockSize; j += stageBlockSize) - { - stage.update(in, inOffset + j, out, outOffset + j); - } + stage.update(in, inOffset + j, out, outOffset + j); i--; if (i > 0) - { - System.arraycopy(out, outOffset, in, inOffset, blockSize); - } + System.arraycopy(out, outOffset, in, inOffset, blockSize); } } @@ -385,18 +332,16 @@ public class Cascade * encryption / decryption test(s) for all supported block and key sizes of * underlying block cipher(s) wrapped by Mode leafs. The test also includes * one (1) variable key Known Answer Test (KAT) for each block cipher. - * + * * @return <code>true</code> if the implementation passes simple - * <i>correctness</i> tests. Returns <code>false</code> otherwise. + * <i>correctness</i> tests. Returns <code>false</code> otherwise. */ public boolean selfTest() { for (Iterator it = stageKeys.listIterator(); it.hasNext();) { - if (!((Stage) stages.get(it.next())).selfTest()) - { - return false; - } + if (! ((Stage) stages.get(it.next())).selfTest()) + return false; } return true; } diff --git a/libjava/classpath/gnu/javax/crypto/assembly/CascadeStage.java b/libjava/classpath/gnu/javax/crypto/assembly/CascadeStage.java index 81629f5a8e7..b86f42e2aec 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/CascadeStage.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/CascadeStage.java @@ -44,19 +44,13 @@ import java.util.Map; import java.util.Set; /** - * <p>A Cascade <i>Stage</i> in a Cascade Cipher.</p> + * A Cascade <i>Stage</i> in a Cascade Cipher. */ -class CascadeStage extends Stage +class CascadeStage + extends Stage { - - // Constants and variables - // ------------------------------------------------------------------------- - private Cascade delegate; - // Constructor(s) - // ------------------------------------------------------------------------- - CascadeStage(Cascade cascade, Direction forwardDirection) { super(forwardDirection); @@ -64,12 +58,6 @@ class CascadeStage extends Stage this.delegate = cascade; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public Set blockSizes() { return Collections.unmodifiableSet(delegate.blockSizes()); @@ -79,9 +67,7 @@ class CascadeStage extends Stage { Direction flow = (Direction) attributes.get(DIRECTION); attributes.put(DIRECTION, flow.equals(forward) ? forward - : Direction.reverse(forward)); - // delegate.init(flow.equals(forward) ? forward : backward); - // delegate.init(flow.equals(forward) ? forward : Direction.reverse(forward)); + : Direction.reverse(forward)); delegate.init(attributes); } diff --git a/libjava/classpath/gnu/javax/crypto/assembly/CascadeTransformer.java b/libjava/classpath/gnu/javax/crypto/assembly/CascadeTransformer.java index dbbc7cd286e..5fce51a15eb 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/CascadeTransformer.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/CascadeTransformer.java @@ -45,19 +45,13 @@ import java.util.Map; * An Adapter to use any {@link Cascade} as a {@link Transformer} in an * {@link Assembly}. */ -class CascadeTransformer extends Transformer +class CascadeTransformer + extends Transformer { - - // Constants and variables - // ------------------------------------------------------------------------- - private Cascade delegate; private int blockSize; - // Constructor(s) - // ------------------------------------------------------------------------- - CascadeTransformer(Cascade delegate) { super(); @@ -65,12 +59,6 @@ class CascadeTransformer extends Transformer this.delegate = delegate; } - // Class methods - // ------------------------------------------------------------------------- - - // Instant methods - // ------------------------------------------------------------------------- - void initDelegate(Map attributes) throws TransformerException { attributes.put(Cascade.DIRECTION, wired); @@ -107,11 +95,9 @@ class CascadeTransformer extends Transformer { if (inBuffer.size() != 0) { - throw new TransformerException( - "lastUpdateDelegate()", - new IllegalStateException( - "Cascade transformer, after last " - + "update, must be empty but isn't")); + IllegalStateException cause = new IllegalStateException( + "Cascade transformer, after last update, must be empty but isn't"); + throw new TransformerException("lastUpdateDelegate()", cause); } return new byte[0]; } diff --git a/libjava/classpath/gnu/javax/crypto/assembly/DeflateTransformer.java b/libjava/classpath/gnu/javax/crypto/assembly/DeflateTransformer.java index 35328a6c1dc..e5c0b7a5724 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/DeflateTransformer.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/DeflateTransformer.java @@ -44,27 +44,22 @@ import java.util.zip.Deflater; import java.util.zip.Inflater; /** - * <p>A {@link Transformer} Adapter allowing inclusion of a DEFLATE compression + * A {@link Transformer} Adapter allowing inclusion of a DEFLATE compression * algorithm in an {@link Assembly} chain. The {@link Direction#FORWARD} * transformation is a compression (deflate) of input data, while the - * {@link Direction#REVERSED} one is a decompression (inflate) that restores - * the original data.</p> - * - * <p>This {@link Transformer} uses a {@link Deflater} instance to carry on the - * compression, and an {@link Inflater} to do the decompression.</p> - * - * <p>When using such a {@link Transformer}, in an {@link Assembly}, there must + * {@link Direction#REVERSED} one is a decompression (inflate) that restores the + * original data. + * <p> + * This {@link Transformer} uses a {@link Deflater} instance to carry on the + * compression, and an {@link Inflater} to do the decompression. + * <p> + * When using such a {@link Transformer}, in an {@link Assembly}, there must * be at least one element behind this instance in the constructed chain; - * otherwise, a {@link TransformerException} is thrown at initialisation time.</p> - * - * @version Revision: $ + * otherwise, a {@link TransformerException} is thrown at initialisation time. */ -class DeflateTransformer extends Transformer +class DeflateTransformer + extends Transformer { - - // Constants and variables - // ------------------------------------------------------------------------- - private Deflater compressor; private Inflater decompressor; @@ -73,46 +68,31 @@ class DeflateTransformer extends Transformer private byte[] zlibBuffer; - // Constructor(s) - // ------------------------------------------------------------------------- - DeflateTransformer() { super(); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - void initDelegate(Map attributes) throws TransformerException { if (tail == null) { - throw new TransformerException( - "initDelegate()", - new IllegalStateException( - "Compression transformer missing its tail!")); + IllegalStateException cause = new IllegalStateException( + "Compression transformer missing its tail!"); + throw new TransformerException("initDelegate()", cause); } outputBlockSize = tail.currentBlockSize(); zlibBuffer = new byte[outputBlockSize]; Direction flow = (Direction) attributes.get(DIRECTION); if (flow == Direction.FORWARD) - { - compressor = new Deflater(); - } + compressor = new Deflater(); else - { - decompressor = new Inflater(); - } + decompressor = new Inflater(); } int delegateBlockSize() { - // return outputBlockSize; return 1; } @@ -131,68 +111,36 @@ class DeflateTransformer extends Transformer if (wired == Direction.FORWARD) { compressor.setInput(in, offset, length); - while (!compressor.needsInput()) - { - compress(); - } + while (! compressor.needsInput()) + compress(); } - else - { // decompression: inflate first and then update tail - decompress(in, offset, length); - } - + else // decompression: inflate first and then update tail + decompress(in, offset, length); result = inBuffer.toByteArray(); inBuffer.reset(); return result; } - // byte[] lastUpdateDelegate(byte[] in, int offset, int length) - // throws TransformerException { - // // process multiples of blocksize as much as possible - // byte[] result = this.updateDelegate(in, offset, length); - // inBuffer.write(result, 0, result.length); - // if (wired == Direction.FORWARD) { // compressing - // if (!compressor.finished()) { - // compressor.finish(); - // while (!compressor.finished()) { - // compress(); - // } - // } - // } else { // decompressing - // if (!decompressor.finished()) { - // throw new TransformerException("lastUpdateDelegate()", - // new IllegalStateException("Compression transformer, after last " - // +"update, must be finished but isn't")); - // } - // } - // - // result = inBuffer.toByteArray(); - // inBuffer.reset(); - // return result; - // } byte[] lastUpdateDelegate() throws TransformerException { // process multiples of blocksize as much as possible - if (wired == Direction.FORWARD) - { // compressing - if (!compressor.finished()) + if (wired == Direction.FORWARD) // compressing + { + if (! compressor.finished()) { compressor.finish(); - while (!compressor.finished()) - { - compress(); - } + while (! compressor.finished()) + compress(); } } - else - { // decompressing - if (!decompressor.finished()) + else // decompressing + { + if (! decompressor.finished()) { - throw new TransformerException( - "lastUpdateDelegate()", - new IllegalStateException( - "Compression transformer, after last " - + "update, must be finished but isn't")); + IllegalStateException cause = new IllegalStateException( + "Compression transformer, after last update, must be finished " + + "but isn't"); + throw new TransformerException("lastUpdateDelegate()", cause); } } byte[] result = inBuffer.toByteArray(); @@ -204,9 +152,7 @@ class DeflateTransformer extends Transformer { int len = compressor.deflate(zlibBuffer); if (len > 0) - { - inBuffer.write(zlibBuffer, 0, len); - } + inBuffer.write(zlibBuffer, 0, len); } private void decompress(byte[] in, int offset, int length) @@ -225,9 +171,7 @@ class DeflateTransformer extends Transformer throw new TransformerException("decompress()", x); } if (len > 0) - { - inBuffer.write(zlibBuffer, 0, len); - } + inBuffer.write(zlibBuffer, 0, len); } } } diff --git a/libjava/classpath/gnu/javax/crypto/assembly/Direction.java b/libjava/classpath/gnu/javax/crypto/assembly/Direction.java index 58b59a6307f..48c74ed1ba0 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/Direction.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/Direction.java @@ -39,32 +39,26 @@ exception statement from your version. */ package gnu.javax.crypto.assembly; /** - * <p>An enumeration type for wiring {@link Stage} instances into {@link - * Cascade} Cipher chains, as well as for operating a {@link Cascade} in a - * given direction.</p> - * - * <p>The possible values for this type are two:</p> + * An enumeration type for wiring {@link Stage} instances into {@link Cascade} + * Cipher chains, as well as for operating a {@link Cascade} in a given + * direction. + * <p> + * The possible values for this type are two: * <ol> - * <li>FORWARD: equivalent to {@link gnu.crypto.mode.IMode#ENCRYPTION}, and - * its inverse value</li> - * <li>REVERSED: equivalent to {@link gnu.crypto.mode.IMode#DECRYPTION}.</li> + * <li>FORWARD: equivalent to {@link gnu.javax.crypto.mode.IMode#ENCRYPTION}, + * and its inverse value</li> + * <li>REVERSED: equivalent to {@link gnu.javax.crypto.mode.IMode#DECRYPTION}. + * </li> * </ol> */ public final class Direction { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final Direction FORWARD = new Direction(1); public static final Direction REVERSED = new Direction(2); private int value; - // Constructor(s) - // ------------------------------------------------------------------------- - private Direction(int value) { super(); @@ -72,17 +66,11 @@ public final class Direction this.value = value; } - // Class methods - // ------------------------------------------------------------------------- - public static final Direction reverse(Direction d) { return (d.equals(FORWARD) ? REVERSED : FORWARD); } - // Instance methods - // ------------------------------------------------------------------------- - public String toString() { return (this == FORWARD ? "forward" : "reversed"); diff --git a/libjava/classpath/gnu/javax/crypto/assembly/LoopbackTransformer.java b/libjava/classpath/gnu/javax/crypto/assembly/LoopbackTransformer.java index 3c0bdfab30c..bba1da77843 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/LoopbackTransformer.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/LoopbackTransformer.java @@ -44,27 +44,15 @@ import java.util.Map; * A trivial {@link Transformer} to allow closing a chain in an {@link Assembly}. * This class is not visible outside this package. */ -final class LoopbackTransformer extends Transformer +final class LoopbackTransformer + extends Transformer { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - - /** Trivial protected constructor. */ + /** Trivial package-private constructor. */ LoopbackTransformer() { super(); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public void init(Map attributes) throws TransformerException { } @@ -84,8 +72,6 @@ final class LoopbackTransformer extends Transformer return lastUpdateDelegate(); } - // abstract methods to be implemented by concrete subclasses --------------- - void initDelegate(Map attributes) throws TransformerException { } diff --git a/libjava/classpath/gnu/javax/crypto/assembly/ModeStage.java b/libjava/classpath/gnu/javax/crypto/assembly/ModeStage.java index 1143348f675..253ab4ae60a 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/ModeStage.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/ModeStage.java @@ -48,25 +48,19 @@ import java.util.Map; import java.util.Set; /** - * <p>An {@link IMode} {@link Stage} in a {@link Cascade} Cipher chain.</p> - * - * <p>Such a stage wraps an implementation of a Block Cipher Mode of Operation + * An {@link IMode} {@link Stage} in a {@link Cascade} Cipher chain. + * <p> + * Such a stage wraps an implementation of a Block Cipher Mode of Operation * ({@link IMode}) to allow inclusion of such an instance in a cascade of block - * ciphers.</p> + * ciphers. */ -class ModeStage extends Stage +class ModeStage + extends Stage { - - // Constants and variables - // ------------------------------------------------------------------------- - private IMode delegate; private transient Set cachedBlockSizes; - // Constructor(s) - // ------------------------------------------------------------------------- - ModeStage(IMode mode, Direction forwardDirection) { super(forwardDirection); @@ -75,21 +69,13 @@ class ModeStage extends Stage cachedBlockSizes = null; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public Set blockSizes() { if (cachedBlockSizes == null) { HashSet result = new HashSet(); for (Iterator it = delegate.blockSizes(); it.hasNext();) - { - result.add(it.next()); - } + result.add(it.next()); cachedBlockSizes = Collections.unmodifiableSet(result); } return cachedBlockSizes; @@ -99,9 +85,8 @@ class ModeStage extends Stage { Direction flow = (Direction) attributes.get(DIRECTION); attributes.put(IMode.STATE, - new Integer(flow.equals(forward) ? IMode.ENCRYPTION - : IMode.DECRYPTION)); - + Integer.valueOf(flow.equals(forward) ? IMode.ENCRYPTION + : IMode.DECRYPTION)); delegate.init(attributes); } diff --git a/libjava/classpath/gnu/javax/crypto/assembly/Operation.java b/libjava/classpath/gnu/javax/crypto/assembly/Operation.java index 34cae52ea80..28fdf941298 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/Operation.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/Operation.java @@ -39,34 +39,26 @@ exception statement from your version. */ package gnu.javax.crypto.assembly; /** - * <p>An enumeration type for specifying the operation type of a - * {@link Transformer}.</p> - * - * <p>The possible values for this type are two:</p> + * An enumeration type for specifying the operation type of a + * {@link Transformer}. + * <p> + * The possible values for this type are two: * <ol> - * <li>PRE_PROCESSING: where the input data is first processed by the - * current {@link Transformer} before being passed to the rest of the chain; - * and</li> - * <li>POST_PROCESSING: where the input data is first passed to the rest of - * the chain, and the resulting bytes are then processed by the current - * {@link Transformer}.</li> + * <li>PRE_PROCESSING: where the input data is first processed by the current + * {@link Transformer} before being passed to the rest of the chain; and</li> + * <li>POST_PROCESSING: where the input data is first passed to the rest of the + * chain, and the resulting bytes are then processed by the current + * {@link Transformer}.</li> * </ol> */ public final class Operation { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final Operation PRE_PROCESSING = new Operation(1); public static final Operation POST_PROCESSING = new Operation(2); private int value; - // Constructor(s) - // ------------------------------------------------------------------------- - private Operation(int value) { super(); @@ -74,12 +66,6 @@ public final class Operation this.value = value; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public String toString() { return (this == PRE_PROCESSING ? "pre-processing" : "post-processing"); diff --git a/libjava/classpath/gnu/javax/crypto/assembly/PaddingTransformer.java b/libjava/classpath/gnu/javax/crypto/assembly/PaddingTransformer.java index c63f92e87bc..c11f4fe88da 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/PaddingTransformer.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/PaddingTransformer.java @@ -44,26 +44,20 @@ import gnu.javax.crypto.pad.WrongPaddingException; import java.util.Map; /** - * <p>An Adapter to use any {@link IPad} as a {@link Transformer} in an - * {@link Assembly}.</p> - * - * <p>When using such a {@link Transformer}, in an {@link Assembly}, there must + * An Adapter to use any {@link IPad} as a {@link Transformer} in an + * {@link Assembly}. + * <p> + * When using such a {@link Transformer}, in an {@link Assembly}, there must * be at least one element behind this instance in the constructed chain; - * otherwise, a {@link TransformerException} is thrown at initialisation time.</p> + * otherwise, a {@link TransformerException} is thrown at initialisation time. */ -class PaddingTransformer extends Transformer +class PaddingTransformer + extends Transformer { - - // Constants and variables - // ------------------------------------------------------------------------- - private IPad delegate; private int outputBlockSize = 1; - // Constructor(s) - // ------------------------------------------------------------------------- - PaddingTransformer(IPad padding) { super(); @@ -71,20 +65,13 @@ class PaddingTransformer extends Transformer this.delegate = padding; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - void initDelegate(Map attributes) throws TransformerException { if (tail == null) { - throw new TransformerException( - "initDelegate()", - new IllegalStateException( - "Padding transformer missing its tail!")); + IllegalStateException cause = new IllegalStateException( + "Padding transformer missing its tail!"); + throw new TransformerException("initDelegate()", cause); } outputBlockSize = tail.currentBlockSize(); delegate.init(outputBlockSize); @@ -108,9 +95,10 @@ class PaddingTransformer extends Transformer byte[] tmp = inBuffer.toByteArray(); inBuffer.reset(); byte[] result; - if (wired == Direction.FORWARD) - { // padding - // buffers remaining bytes from (inBuffer + in) that are less than 1 block + if (wired == Direction.FORWARD) // padding + { + // buffers remaining bytes from (inBuffer + in) that are less than 1 + // block if (tmp.length < outputBlockSize) { inBuffer.write(tmp, 0, tmp.length); @@ -124,8 +112,8 @@ class PaddingTransformer extends Transformer System.arraycopy(tmp, 0, result, 0, newlen); } } - else - { // unpadding + else // unpadding + { // always keep in own buffer a max of 1 block to cater for lastUpdate if (tmp.length < outputBlockSize) { @@ -147,14 +135,14 @@ class PaddingTransformer extends Transformer byte[] result; // process multiples of blocksize as much as possible // catenate result from processing inBuffer with last-update( tail ) - if (wired == Direction.FORWARD) - { // padding + if (wired == Direction.FORWARD) // padding + { result = inBuffer.toByteArray(); byte[] padding = delegate.pad(result, 0, result.length); inBuffer.write(padding, 0, padding.length); } - else - { // unpadding + else // unpadding + { byte[] tmp = inBuffer.toByteArray(); inBuffer.reset(); int realLength; diff --git a/libjava/classpath/gnu/javax/crypto/assembly/Stage.java b/libjava/classpath/gnu/javax/crypto/assembly/Stage.java index 23d50bb8237..d023f62830a 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/Stage.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/Stage.java @@ -45,59 +45,56 @@ import java.util.Map; import java.util.Set; /** - * <p>A <i>Stage</i> in a Cascade Cipher.</p> - * - * <p>Each stage may be either an implementation of a Block Cipher Mode of - * Operation ({@link IMode}) or another Cascade Cipher ({@link Cascade}). Each - * stage has also a <i>natural</i> operational direction when constructed for - * inclusion within a {@link Cascade}. This <i>natural</i> direction dictates - * how data flows from one stage into another when stages are chained together - * in a cascade. One can think of a stage and its natural direction as the - * specification of how to wire the stage into the chain. The following diagrams - * may help understand the paradigme. The first shows two stages chained each - * with a {@link Direction#FORWARD} direction.</p> + * A <i>Stage</i> in a Cascade Cipher. + * <p> + * Each stage may be either an implementation of a Block Cipher Mode of + * Operation ({@link IMode}) or another Cascade Cipher ({@link Cascade}). + * Each stage has also a <i>natural</i> operational direction when constructed + * for inclusion within a {@link Cascade}. This <i>natural</i> direction + * dictates how data flows from one stage into another when stages are chained + * together in a cascade. One can think of a stage and its natural direction as + * the specification of how to wire the stage into the chain. The following + * diagrams may help understand the paradigme. The first shows two stages + * chained each with a {@link Direction#FORWARD} direction. + * * <pre> - * FORWARD FORWARD - * +------+ +-------+ - * | | | | - * | +--in --+ | +--in --+ - * ---+ | Stage | | | Stage | +--- - * +--out--+ | +--out--+ | - * | | | | - * +-------+ +------+ + * FORWARD FORWARD + * +------+ +-------+ + * | | | | + * | +--in --+ | +--in --+ + * ---+ | Stage | | | Stage | +--- + * +--out--+ | +--out--+ | + * | | | | + * +-------+ +------+ * </pre> - * <p>The second diagram shows two stages, one in a {@link Direction#FORWARD} + * + * <p> + * The second diagram shows two stages, one in a {@link Direction#FORWARD} * direction, while the other is wired in a {@link Direction#REVERSED} - * direction.</p> + * direction. + * * <pre> - * FORWARD REVERSED - * +------+ +------+ - * | | | | - * | +--in --+ +--in --+ | - * ---+ | Stage | | Stage | +--- - * +--out--+ +--out--+ - * | | - * +---------------+ + * FORWARD REVERSED + * +------+ +------+ + * | | | | + * | +--in --+ +--in --+ | + * ---+ | Stage | | Stage | +--- + * +--out--+ +--out--+ + * | | + * +---------------+ * </pre> - * + * * @see ModeStage * @see CascadeStage */ public abstract class Stage { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String DIRECTION = "gnu.crypto.assembly.stage.direction"; protected Direction forward; protected Direction wired; - // Constructor(s) - // ------------------------------------------------------------------------- - protected Stage(Direction forwardDirection) { super(); @@ -106,9 +103,6 @@ public abstract class Stage this.wired = null; } - // Class methods - // ------------------------------------------------------------------------- - public static final Stage getInstance(IMode mode, Direction forwardDirection) { return new ModeStage(mode, forwardDirection); @@ -120,32 +114,27 @@ public abstract class Stage return new CascadeStage(cascade, forwardDirection); } - // Instance methods - // ------------------------------------------------------------------------- - /** * Returns the {@link Set} of supported block sizes for this * <code>Stage</code>. Each element in the returned {@link Set} is an * instance of {@link Integer}. - * + * * @return a {@link Set} of supported block sizes. */ public abstract Set blockSizes(); /** * Initialises the stage for operation with specific characteristics. - * + * * @param attributes a set of name-value pairs that describes the desired - * future behaviour of this instance. + * future behaviour of this instance. * @throws IllegalStateException if the instance is already initialised. * @throws InvalidKeyException if the key data is invalid. */ public void init(Map attributes) throws InvalidKeyException { if (wired != null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); Direction flow = (Direction) attributes.get(DIRECTION); if (flow == null) { @@ -158,7 +147,7 @@ public abstract class Stage /** * Returns the currently set block size for the stage. - * + * * @return the current block size for this stage. * @throws IllegalStateException if the instance is not initialised. */ @@ -178,10 +167,10 @@ public abstract class Stage * Processes exactly one block of <i>plaintext</i> (if initialised in the * {@link Direction#FORWARD} state) or <i>ciphertext</i> (if initialised in * the {@link Direction#REVERSED} state). - * + * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering - * data. + * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store result. * @throws IllegalStateException if the instance is not initialised. @@ -189,9 +178,7 @@ public abstract class Stage public void update(byte[] in, int inOffset, byte[] out, int outOffset) { if (wired == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); updateDelegate(in, inOffset, out, outOffset); } @@ -200,14 +187,12 @@ public abstract class Stage * encryption / decryption test(s) for all supported block and key sizes of * underlying block cipher(s) wrapped by Mode leafs. The test also includes * one (1) variable key Known Answer Test (KAT) for each block cipher. - * + * * @return <code>true</code> if the implementation passes simple - * <i>correctness</i> tests. Returns <code>false</code> otherwise. + * <i>correctness</i> tests. Returns <code>false</code> otherwise. */ public abstract boolean selfTest(); - // abstract methods to be implemented by concrete subclasses --------------- - abstract void initDelegate(Map attributes) throws InvalidKeyException; abstract void resetDelegate(); diff --git a/libjava/classpath/gnu/javax/crypto/assembly/Transformer.java b/libjava/classpath/gnu/javax/crypto/assembly/Transformer.java index 80430dc196f..58a991b93b9 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/Transformer.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/Transformer.java @@ -44,50 +44,44 @@ import java.io.ByteArrayOutputStream; import java.util.Map; /** - * <p>A <code>Transformer</code> is an abstract representation of a two-way + * A <code>Transformer</code> is an abstract representation of a two-way * <i>transformation</i> that can be chained together with other instances of * this type. Examples of such transformations in this library are: - * {@link Cascade} cipher, {@link gnu.crypto.pad.IPad} algorithm, and a + * {@link Cascade} cipher, {@link gnu.javax.crypto.pad.IPad} algorithm, and a * ZLib-based deflater/inflater algorithm. A special implementation of a - * <code>Transformer</code> to close a chain is also provided.</p> - * - * <p>A <code>Transformer</code> is characterised by the followings:<p> + * <code>Transformer</code> to close a chain is also provided. + * <p> + * A <code>Transformer</code> is characterised by the followings: * <ul> - * <li>It can be chained to other instances, to form an {@link Assembly}.</li> - * <li>When configured in an {@link Assembly}, it can be set to apply its - * internal transformation on the input data stream before (pre-processing) - * or after (post-processing) passing the input data to the next element in - * the chain. Note that the same type <code>Transformer</code> can be used as - * either in pre-processing or a post-processing modes.</li> - * <li>A special transformer --<code>LoopbackTransformer</code>-- is used to - * close the chain.</li> - * <li>A useful type of <code>Transformer</code> --one we're interested in-- - * has internal buffers. The distinction between a casual push (update) - * operation and the last one allows to correctly flush any intermediate - * bytes that may exist in those buffers.</li> + * <li>It can be chained to other instances, to form an {@link Assembly}.</li> + * <li>When configured in an {@link Assembly}, it can be set to apply its + * internal transformation on the input data stream before (pre-processing) or + * after (post-processing) passing the input data to the next element in the + * chain. Note that the same type <code>Transformer</code> can be used as + * either in pre-processing or a post-processing modes.</li> + * <li>A special transformer --<code>LoopbackTransformer</code>-- is used + * to close the chain.</li> + * <li>A useful type of <code>Transformer</code> --one we're interested in-- + * has internal buffers. The distinction between a casual push (update) + * operation and the last one allows to correctly flush any intermediate bytes + * that may exist in those buffers.</li> * </ul> - * - * <p>To allow wiring <code>Transformer</code> instances together, a + * <p> + * To allow wiring <code>Transformer</code> instances together, a * <i>minimal-output-size</i> in bytes is necessary. The trivial case of a * value of <code>1</code> for such attribute practically means that no output * buffering, from the previous element, is needed --which is independant of - * buffering the input if the <code>Transformer</code> implementation itself is - * block-based.</p> - * + * buffering the input if the <code>Transformer</code> implementation itself + * is block-based. + * * @see CascadeTransformer * @see PaddingTransformer * @see DeflateTransformer */ public abstract class Transformer { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String DIRECTION = "gnu.crypto.assembly.transformer.direction"; - // public static final String MODE = "gnu.crypto.assembly.transformer.mode"; - protected Direction wired; protected Operation mode; @@ -98,9 +92,6 @@ public abstract class Transformer protected ByteArrayOutputStream outBuffer = new ByteArrayOutputStream(2048); - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial protected constructor. */ protected Transformer() { @@ -109,9 +100,6 @@ public abstract class Transformer this.wired = null; } - // Class methods - // ------------------------------------------------------------------------- - public static final Transformer getCascadeTransformer(Cascade cascade) { return new CascadeTransformer(cascade); @@ -127,81 +115,69 @@ public abstract class Transformer return new DeflateTransformer(); } - // Instance methods - // ------------------------------------------------------------------------- - /** * Sets the operational mode of this <code>Transformer</code>. - * + * * @param mode the processing mode this <code>Transformer</code> is required - * to operate in. - * @throws IllegalStateException if this instance has already been assigned - * an operational mode. + * to operate in. + * @throws IllegalStateException if this instance has already been assigned an + * operational mode. */ public void setMode(final Operation mode) { if (this.mode != null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); this.mode = mode; } /** * Returns <code>true</code> if this <code>Transformer</code> was wired in * pre-processing mode; <code>false</code> otherwise. - * - * @return <code>true</code> if this <code>Transformer</code> has been wired - * in pre-processing mode; <code>false</code> otherwise. - * @throws IllegalStateException if this instance has not yet been assigned - * an operational <i>type</i>. + * + * @return <code>true</code> if this <code>Transformer</code> has been + * wired in pre-processing mode; <code>false</code> otherwise. + * @throws IllegalStateException if this instance has not yet been assigned an + * operational <i>type</i>. */ public boolean isPreProcessing() { if (mode == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); return (mode == Operation.PRE_PROCESSING); } /** * Returns <code>true</code> if this <code>Transformer</code> was wired in * post-processing mode; <code>false</code> otherwise. - * - * @return <code>true</code> if this <code>Transformer</code> has been wired - * in post-processing mode; <code>false</code> otherwise. - * @throws IllegalStateException if this instance has not yet been assigned - * an operational <i>type</i>. + * + * @return <code>true</code> if this <code>Transformer</code> has been + * wired in post-processing mode; <code>false</code> otherwise. + * @throws IllegalStateException if this instance has not yet been assigned an + * operational <i>type</i>. */ public boolean isPostProcessing() { - return !isPreProcessing(); + return ! isPreProcessing(); } /** * Initialises the <code>Transformer</code> for operation with specific * characteristics. - * + * * @param attributes a set of name-value pairs that describes the desired - * future behaviour of this instance. + * future behaviour of this instance. * @throws IllegalStateException if the instance is already initialised. */ public void init(Map attributes) throws TransformerException { if (wired != null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); Direction flow = (Direction) attributes.get(DIRECTION); if (flow == null) - { - flow = Direction.FORWARD; - } + flow = Direction.FORWARD; wired = flow; inBuffer.reset(); outBuffer.reset(); - tail.init(attributes); // initialise tail first initDelegate(attributes); // initialise this instance } @@ -209,15 +185,13 @@ public abstract class Transformer /** * Returns the block-size of this <code>Transformer</code>. A value of * <code>1</code> indicates that this instance is block-agnostic. - * + * * @return the current minimal required block size. */ public int currentBlockSize() { if (wired == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); return delegateBlockSize(); } @@ -238,12 +212,12 @@ public abstract class Transformer * Convenience method that calls the method with same name and three * arguments, using a byte array of length <code>1</code> whose contents are * the designated byte. - * + * * @param b the byte to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #update(byte[], int, int) */ public byte[] update(byte b) throws TransformerException @@ -253,14 +227,14 @@ public abstract class Transformer /** * Convenience method that calls the same method with three arguments. All - * bytes in <code>in</code>, starting from index position <code>0</code> are - * considered. - * + * bytes in <code>in</code>, starting from index position <code>0</code> + * are considered. + * * @param in the input data bytes. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #update(byte[], int, int) */ public byte[] update(byte[] in) throws TransformerException @@ -270,48 +244,42 @@ public abstract class Transformer /** * Processes a designated number of bytes from a given byte array. - * + * * @param in the input data bytes. * @param offset index of <code>in</code> from which to start considering - * data. + * data. * @param length the count of bytes to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. */ public byte[] update(byte[] in, int offset, int length) throws TransformerException { if (wired == null) - { - throw new IllegalStateException(); - } - byte[] result = (wired == Direction.FORWARD ? forwardUpdate(in, offset, - length) - : inverseUpdate(in, offset, - length)); + throw new IllegalStateException(); + byte[] result = (wired == Direction.FORWARD ? forwardUpdate(in, offset, length) + : inverseUpdate(in, offset, length)); return result; } /** * Convenience method that calls the same method with three arguments. A * zero-long byte array is used. - * + * * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #lastUpdate(byte[], int, int) */ public byte[] lastUpdate() throws TransformerException { byte[] result = (wired == Direction.FORWARD ? lastForwardUpdate() - : lastInverseUpdate()); - if (inBuffer.size() != 0) - { // we still have some buffered bytes - throw new TransformerException("lastUpdate(): input buffer not empty"); - } + : lastInverseUpdate()); + if (inBuffer.size() != 0) // we still have some buffered bytes + throw new TransformerException("lastUpdate(): input buffer not empty"); return result; } @@ -319,12 +287,12 @@ public abstract class Transformer * Convenience method that calls the method with same name and three * arguments, using a byte array of length <code>1</code> whose contents are * the designated byte. - * + * * @param b the byte to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #lastUpdate(byte[], int, int) */ public byte[] lastUpdate(byte b) throws TransformerException @@ -334,14 +302,14 @@ public abstract class Transformer /** * Convenience method that calls the same method with three arguments. All - * bytes in <code>in</code>, starting from index position <code>0</code> are - * considered. - * + * bytes in <code>in</code>, starting from index position <code>0</code> + * are considered. + * * @param in the input data bytes. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. * @see #lastUpdate(byte[], int, int) */ public byte[] lastUpdate(byte[] in) throws TransformerException @@ -350,18 +318,18 @@ public abstract class Transformer } /** - * Processes a designated number of bytes from a given byte array and - * signals, at the same time, that this is the last <i>push</i> operation on - * this <code>Transformer</code>. - * + * Processes a designated number of bytes from a given byte array and signals, + * at the same time, that this is the last <i>push</i> operation on this + * <code>Transformer</code>. + * * @param in the input data bytes. * @param offset index of <code>in</code> from which to start considering - * data. + * data. * @param length the count of bytes to process. * @return the result of transformation. * @throws IllegalStateException if the instance is not initialised. * @throws TransformerException if a transformation-related exception occurs - * during the operation. + * during the operation. */ public byte[] lastUpdate(byte[] in, int offset, int length) throws TransformerException @@ -378,22 +346,18 @@ public abstract class Transformer return result; } - // helper methods ---------------------------------------------------------- - private byte[] forwardUpdate(byte[] in, int off, int len) throws TransformerException { - return (isPreProcessing() ? preTransform(in, off, len) : postTransform(in, - off, - len)); + return (isPreProcessing() ? preTransform(in, off, len) + : postTransform(in, off, len)); } private byte[] inverseUpdate(byte[] in, int off, int len) throws TransformerException { - return (isPreProcessing() ? postTransform(in, off, len) : preTransform(in, - off, - len)); + return (isPreProcessing() ? postTransform(in, off, len) + : preTransform(in, off, len)); } private byte[] preTransform(byte[] in, int off, int len) @@ -444,8 +408,6 @@ public abstract class Transformer return result; } - // abstract methods to be implemented by concrete subclasses --------------- - abstract void initDelegate(Map attributes) throws TransformerException; abstract int delegateBlockSize(); diff --git a/libjava/classpath/gnu/javax/crypto/assembly/TransformerException.java b/libjava/classpath/gnu/javax/crypto/assembly/TransformerException.java index 412f0f0f183..2c972f858d3 100644 --- a/libjava/classpath/gnu/javax/crypto/assembly/TransformerException.java +++ b/libjava/classpath/gnu/javax/crypto/assembly/TransformerException.java @@ -43,17 +43,11 @@ import java.io.PrintWriter; /** */ -public class TransformerException extends Exception +public class TransformerException + extends Exception { - - // Constants and variables - // ------------------------------------------------------------------------- - private Throwable _exception = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public TransformerException() { super(); @@ -78,12 +72,6 @@ public class TransformerException extends Exception this._exception = cause; } - // Class methods - // ------------------------------------------------------------------------- - - // Instant methods - // ------------------------------------------------------------------------- - public Throwable getCause() { return _exception; @@ -98,61 +86,53 @@ public class TransformerException extends Exception { super.printStackTrace(); if (_exception != null) - { - _exception.printStackTrace(); - } + _exception.printStackTrace(); } /** * Prints this exception's stack trace to a print stream. If this exception - * has a root exception; the stack trace of the root exception is also - * printed to the print stream. - * + * has a root exception; the stack trace of the root exception is also printed + * to the print stream. + * * @param ps the non-null print stream to which to print. */ public void printStackTrace(PrintStream ps) { super.printStackTrace(ps); if (_exception != null) - { - _exception.printStackTrace(ps); - } + _exception.printStackTrace(ps); } /** * Prints this exception's stack trace to a print writer. If this exception - * has a root exception; the stack trace of the root exception is also - * printed to the print writer. - * + * has a root exception; the stack trace of the root exception is also printed + * to the print writer. + * * @param pw the non-null print writer to use for output. */ public void printStackTrace(PrintWriter pw) { super.printStackTrace(pw); if (_exception != null) - { - _exception.printStackTrace(pw); - } + _exception.printStackTrace(pw); } /** * Returns the string representation of this exception. The string - * representation contains this exception's class name, its detailed - * messsage, and if it has a root exception, the string representation of the - * root exception. This string representation is meant for debugging and not - * meant to be interpreted programmatically. - * + * representation contains this exception's class name, its detailed messsage, + * and if it has a root exception, the string representation of the root + * exception. This string representation is meant for debugging and not meant + * to be interpreted programmatically. + * * @return the non-null string representation of this exception. * @see Throwable#getMessage() */ public String toString() { - StringBuffer sb = new StringBuffer(this.getClass().getName()).append(": ").append( - super.toString()); + StringBuffer sb = new StringBuffer(this.getClass().getName()) + .append(": ").append(super.toString()); if (_exception != null) - { - sb.append("; caused by: ").append(_exception.toString()); - } + sb.append("; caused by: ").append(_exception.toString()); return sb.toString(); } } diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Anubis.java b/libjava/classpath/gnu/javax/crypto/cipher/Anubis.java index ca4e8edfe77..653957ec619 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Anubis.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Anubis.java @@ -38,111 +38,82 @@ exception statement from your version. */ package gnu.javax.crypto.cipher; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.Util; -//import java.io.PrintWriter; import java.security.InvalidKeyException; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; +import java.util.logging.Logger; /** - * <p>Anubis is a 128-bit block cipher that accepts a variable-length key. The + * Anubis is a 128-bit block cipher that accepts a variable-length key. The * cipher is a uniform substitution-permutation network whose inverse only * differs from the forward operation in the key schedule. The design of both * the round transformation and the key schedule is based upon the Wide Trail - * strategy and permits a wide variety of implementation trade-offs.</p> - * - * <p>References:</p> - * + * strategy and permits a wide variety of implementation trade-offs. + * <p> + * References: * <ol> - * <li><a href="http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html">The - * ANUBIS Block Cipher</a>.<br> - * <a href="mailto:paulo.barreto@terra.com.br">Paulo S.L.M. Barreto</a> and - * <a href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li> + * <li><a + * href="http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html">The + * ANUBIS Block Cipher</a>.<br> + * <a href="mailto:paulo.barreto@terra.com.br">Paulo S.L.M. Barreto</a> and <a + * href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li> * </ol> */ -public final class Anubis extends BaseCipher +public final class Anubis + extends BaseCipher { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - // private static final String NAME = "anubis"; - private static final boolean DEBUG = false; - - private static final int debuglevel = 9; - - // private static final PrintWriter err = new PrintWriter(System.out, true); - // private static void debug(String s) { - // err.println(">>> "+NAME+": "+s); - // } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(Anubis.class.getName()); private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes - private static final int DEFAULT_KEY_SIZE = 16; // in bytes - private static final String Sd = // p. 25 [ANUBIS] - "\uBA54\u2F74\u53D3\uD24D\u50AC\u8DBF\u7052\u9A4C" - + "\uEAD5\u97D1\u3351\u5BA6\uDE48\uA899\uDB32\uB7FC" - + "\uE39E\u919B\uE2BB\u416E\uA5CB\u6B95\uA1F3\uB102" - + "\uCCC4\u1D14\uC363\uDA5D\u5FDC\u7DCD\u7F5A\u6C5C" - + "\uF726\uFFED\uE89D\u6F8E\u19A0\uF089\u0F07\uAFFB" - + "\u0815\u0D04\u0164\uDF76\u79DD\u3D16\u3F37\u6D38" - + "\uB973\uE935\u5571\u7B8C\u7288\uF62A\u3E5E\u2746" - + "\u0C65\u6861\u03C1\u57D6\uD958\uD866\uD73A\uC83C" - + "\uFA96\uA798\uECB8\uC7AE\u694B\uABA9\u670A\u47F2" - + "\uB522\uE5EE\uBE2B\u8112\u831B\u0E23\uF545\u21CE" - + "\u492C\uF9E6\uB628\u1782\u1A8B\uFE8A\u09C9\u874E" - + "\uE12E\uE4E0\uEB90\uA41E\u8560\u0025\uF4F1\u940B" - + "\uE775\uEF34\u31D4\uD086\u7EAD\uFD29\u303B\u9FF8" - + "\uC613\u0605\uC511\u777C\u7A78\u361C\u3959\u1856" - + "\uB3B0\u2420\uB292\uA3C0\u4462\u10B4\u8443\u93C2" - + "\u4ABD\u8F2D\uBC9C\u6A40\uCFA2\u804F\u1FCA\uAA42"; - + "\uBA54\u2F74\u53D3\uD24D\u50AC\u8DBF\u7052\u9A4C" + + "\uEAD5\u97D1\u3351\u5BA6\uDE48\uA899\uDB32\uB7FC" + + "\uE39E\u919B\uE2BB\u416E\uA5CB\u6B95\uA1F3\uB102" + + "\uCCC4\u1D14\uC363\uDA5D\u5FDC\u7DCD\u7F5A\u6C5C" + + "\uF726\uFFED\uE89D\u6F8E\u19A0\uF089\u0F07\uAFFB" + + "\u0815\u0D04\u0164\uDF76\u79DD\u3D16\u3F37\u6D38" + + "\uB973\uE935\u5571\u7B8C\u7288\uF62A\u3E5E\u2746" + + "\u0C65\u6861\u03C1\u57D6\uD958\uD866\uD73A\uC83C" + + "\uFA96\uA798\uECB8\uC7AE\u694B\uABA9\u670A\u47F2" + + "\uB522\uE5EE\uBE2B\u8112\u831B\u0E23\uF545\u21CE" + + "\u492C\uF9E6\uB628\u1782\u1A8B\uFE8A\u09C9\u874E" + + "\uE12E\uE4E0\uEB90\uA41E\u8560\u0025\uF4F1\u940B" + + "\uE775\uEF34\u31D4\uD086\u7EAD\uFD29\u303B\u9FF8" + + "\uC613\u0605\uC511\u777C\u7A78\u361C\u3959\u1856" + + "\uB3B0\u2420\uB292\uA3C0\u4462\u10B4\u8443\u93C2" + + "\u4ABD\u8F2D\uBC9C\u6A40\uCFA2\u804F\u1FCA\uAA42"; private static final byte[] S = new byte[256]; - private static final int[] T0 = new int[256]; - private static final int[] T1 = new int[256]; - private static final int[] T2 = new int[256]; - private static final int[] T3 = new int[256]; - private static final int[] T4 = new int[256]; - private static final int[] T5 = new int[256]; - /** * Anubis round constants. This is the largest possible considering that we * always use R values, R = 8 + N, and 4 <= N <= 10. */ private static final int[] rc = new int[18]; - /** - * KAT vector (from ecb_vk): - * I=83 + * KAT vector (from ecb_vk): I=83 * KEY=000000000000000000002000000000000000000000000000 * CT=2E66AB15773F3D32FB6C697509460DF4 */ - private static final byte[] KAT_KEY = Util.toBytesFromString("000000000000000000002000000000000000000000000000"); - - private static final byte[] KAT_CT = Util.toBytesFromString("2E66AB15773F3D32FB6C697509460DF4"); - + private static final byte[] KAT_KEY = + Util.toBytesFromString("000000000000000000002000000000000000000000000000"); + private static final byte[] KAT_CT = + Util.toBytesFromString("2E66AB15773F3D32FB6C697509460DF4"); /** caches the result of the correctness test, once executed. */ private static Boolean valid; - // Static code - to initialise lookup tables ------------------------------- - static { long time = System.currentTimeMillis(); - int ROOT = 0x11d; // para. 2.1 [ANUBIS] int i, s, s2, s4, s6, s8, t; char c; @@ -151,213 +122,172 @@ public final class Anubis extends BaseCipher c = Sd.charAt(i >>> 1); s = ((i & 1) == 0 ? c >>> 8 : c) & 0xFF; S[i] = (byte) s; - s2 = s << 1; if (s2 > 0xFF) - { - s2 ^= ROOT; - } - + s2 ^= ROOT; s4 = s2 << 1; if (s4 > 0xFF) - { - s4 ^= ROOT; - } - + s4 ^= ROOT; s6 = s4 ^ s2; s8 = s4 << 1; if (s8 > 0xFF) - { - s8 ^= ROOT; - } - - T0[i] = s << 24 | s2 << 16 | s4 << 8 | s6; - T1[i] = s2 << 24 | s << 16 | s6 << 8 | s4; - T2[i] = s4 << 24 | s6 << 16 | s << 8 | s2; + s8 ^= ROOT; + T0[i] = s << 24 | s2 << 16 | s4 << 8 | s6; + T1[i] = s2 << 24 | s << 16 | s6 << 8 | s4; + T2[i] = s4 << 24 | s6 << 16 | s << 8 | s2; T3[i] = s6 << 24 | s4 << 16 | s2 << 8 | s; - - T4[i] = s << 24 | s << 16 | s << 8 | s; - T5[s] = s << 24 | s2 << 16 | s6 << 8 | s8; + T4[i] = s << 24 | s << 16 | s << 8 | s; + T5[s] = s << 24 | s2 << 16 | s6 << 8 | s8; } - // compute round constant for (i = 0, s = 0; i < 18;) - { - rc[i++] = S[(s++) & 0xFF] << 24 | (S[(s++) & 0xFF] & 0xFF) << 16 - | (S[(s++) & 0xFF] & 0xFF) << 8 | (S[(s++) & 0xFF] & 0xFF); - } - + rc[i++] = S[(s++) & 0xFF] << 24 + | (S[(s++) & 0xFF] & 0xFF) << 16 + | (S[(s++) & 0xFF] & 0xFF) << 8 + | (S[(s++) & 0xFF] & 0xFF); time = System.currentTimeMillis() - time; - - if (DEBUG && debuglevel > 8) + if (Configuration.DEBUG) { - System.out.println("=========="); - System.out.println(); - System.out.println("Static data"); - System.out.println(); - - System.out.println(); - System.out.println("T0[]:"); + log.fine("Static data"); + log.fine("T0[]:"); + StringBuilder sb; for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (t = 0; t < 4; t++) - { - System.out.print("0x" + Util.toString(T0[i * 4 + t]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T0[i * 4 + t])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T1[]:"); + log.fine("T1[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (t = 0; t < 4; t++) - { - System.out.print("0x" + Util.toString(T1[i * 4 + t]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T1[i * 4 + t])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T2[]:"); + log.fine("T2[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (t = 0; t < 4; t++) - { - System.out.print("0x" + Util.toString(T2[i * 4 + t]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T2[i * 4 + t])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T3[]:"); + log.fine("T3[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (t = 0; t < 4; t++) - { - System.out.print("0x" + Util.toString(T3[i * 4 + t]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T3[i * 4 + t])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T4[]:"); + log.fine("T4[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (t = 0; t < 4; t++) - { - System.out.print("0x" + Util.toString(T4[i * 4 + t]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T4[i * 4 + t])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T5[]:"); + log.fine("T5[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (t = 0; t < 4; t++) - { - System.out.print("0x" + Util.toString(T5[i * 4 + t]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T5[i * 4 + t])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("rc[]:"); + log.fine("rc[]:"); for (i = 0; i < 18; i++) - { - System.out.println("0x" + Util.toString(rc[i])); - } - System.out.println(); - - System.out.println(); - System.out.println("Total initialization time: " + time + " ms."); - System.out.println(); + log.fine("0x" + Util.toString(rc[i])); + log.fine("Total initialization time: " + time + " ms."); } } - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public Anubis() { super(Registry.ANUBIS_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - private static void anubis(byte[] in, int i, byte[] out, int j, int[][] K) { // extract encryption round keys int R = K.length - 1; int[] Ker = K[0]; - // mu function + affine key addition - int a0 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Ker[0]; - int a1 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Ker[1]; - int a2 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Ker[2]; - int a3 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i] & 0xFF)) - ^ Ker[3]; - + int a0 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Ker[0]; + int a1 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Ker[1]; + int a2 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Ker[2]; + int a3 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i] & 0xFF) ) ^ Ker[3]; int b0, b1, b2, b3; // round function for (int r = 1; r < R; r++) { Ker = K[r]; - b0 = T0[a0 >>> 24] ^ T1[a1 >>> 24] ^ T2[a2 >>> 24] ^ T3[a3 >>> 24] - ^ Ker[0]; - b1 = T0[(a0 >>> 16) & 0xFF] ^ T1[(a1 >>> 16) & 0xFF] - ^ T2[(a2 >>> 16) & 0xFF] ^ T3[(a3 >>> 16) & 0xFF] ^ Ker[1]; - b2 = T0[(a0 >>> 8) & 0xFF] ^ T1[(a1 >>> 8) & 0xFF] - ^ T2[(a2 >>> 8) & 0xFF] ^ T3[(a3 >>> 8) & 0xFF] ^ Ker[2]; - b3 = T0[a0 & 0xFF] ^ T1[a1 & 0xFF] ^ T2[a2 & 0xFF] ^ T3[a3 & 0xFF] - ^ Ker[3]; + b0 = T0[ a0 >>> 24 ] + ^ T1[ a1 >>> 24 ] + ^ T2[ a2 >>> 24 ] + ^ T3[ a3 >>> 24 ] ^ Ker[0]; + b1 = T0[(a0 >>> 16) & 0xFF] + ^ T1[(a1 >>> 16) & 0xFF] + ^ T2[(a2 >>> 16) & 0xFF] + ^ T3[(a3 >>> 16) & 0xFF] ^ Ker[1]; + b2 = T0[(a0 >>> 8) & 0xFF] + ^ T1[(a1 >>> 8) & 0xFF] + ^ T2[(a2 >>> 8) & 0xFF] + ^ T3[(a3 >>> 8) & 0xFF] ^ Ker[2]; + b3 = T0[ a0 & 0xFF] + ^ T1[ a1 & 0xFF] + ^ T2[ a2 & 0xFF] + ^ T3[ a3 & 0xFF] ^ Ker[3]; a0 = b0; a1 = b1; a2 = b2; a3 = b3; - if (DEBUG && debuglevel > 6) - { - System.out.println("T" + r + "=" + Util.toString(a0) - + Util.toString(a1) + Util.toString(a2) - + Util.toString(a3)); - } + if (Configuration.DEBUG) + log.fine("T" + r + "=" + Util.toString(a0) + Util.toString(a1) + + Util.toString(a2) + Util.toString(a3)); } - // last round function Ker = K[R]; int tt = Ker[0]; - out[j++] = (byte) (S[a0 >>> 24] ^ (tt >>> 24)); - out[j++] = (byte) (S[a1 >>> 24] ^ (tt >>> 16)); - out[j++] = (byte) (S[a2 >>> 24] ^ (tt >>> 8)); - out[j++] = (byte) (S[a3 >>> 24] ^ tt); + out[j++] = (byte)(S[ a0 >>> 24 ] ^ (tt >>> 24)); + out[j++] = (byte)(S[ a1 >>> 24 ] ^ (tt >>> 16)); + out[j++] = (byte)(S[ a2 >>> 24 ] ^ (tt >>> 8)); + out[j++] = (byte)(S[ a3 >>> 24 ] ^ tt); tt = Ker[1]; - out[j++] = (byte) (S[(a0 >>> 16) & 0xFF] ^ (tt >>> 24)); - out[j++] = (byte) (S[(a1 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (S[(a2 >>> 16) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (S[(a3 >>> 16) & 0xFF] ^ tt); + out[j++] = (byte)(S[(a0 >>> 16) & 0xFF] ^ (tt >>> 24)); + out[j++] = (byte)(S[(a1 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(S[(a2 >>> 16) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(S[(a3 >>> 16) & 0xFF] ^ tt); tt = Ker[2]; - out[j++] = (byte) (S[(a0 >>> 8) & 0xFF] ^ (tt >>> 24)); - out[j++] = (byte) (S[(a1 >>> 8) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (S[(a2 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (S[(a3 >>> 8) & 0xFF] ^ tt); + out[j++] = (byte)(S[(a0 >>> 8) & 0xFF] ^ (tt >>> 24)); + out[j++] = (byte)(S[(a1 >>> 8) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(S[(a2 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(S[(a3 >>> 8) & 0xFF] ^ tt); tt = Ker[3]; - out[j++] = (byte) (S[a0 & 0xFF] ^ (tt >>> 24)); - out[j++] = (byte) (S[a1 & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (S[a2 & 0xFF] ^ (tt >>> 8)); - out[j] = (byte) (S[a3 & 0xFF] ^ tt); - - if (DEBUG && debuglevel > 6) - { - System.out.println("T=" + Util.toString(out, j - 15, 16)); - System.out.println(); - } + out[j++] = (byte)(S[ a0 & 0xFF] ^ (tt >>> 24)); + out[j++] = (byte)(S[ a1 & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(S[ a2 & 0xFF] ^ (tt >>> 8)); + out[j ] = (byte)(S[ a3 & 0xFF] ^ tt); + if (Configuration.DEBUG) + log.fine("T=" + Util.toString(out, j - 15, 16) + "\n"); } - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { Anubis result = new Anubis(); @@ -366,12 +296,10 @@ public final class Anubis extends BaseCipher return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(DEFAULT_BLOCK_SIZE)); + al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE)); return Collections.unmodifiableList(al).iterator(); } @@ -380,17 +308,14 @@ public final class Anubis extends BaseCipher { ArrayList al = new ArrayList(); for (int n = 4; n < 10; n++) - { - al.add(new Integer(n * 32 / 8)); - } - + al.add(Integer.valueOf(n * 32 / 8)); return Collections.unmodifiableList(al).iterator(); } /** - * <p>Expands a user-supplied key material into a session key for a - * designated <i>block size</i>.</p> - * + * Expands a user-supplied key material into a session key for a designated + * <i>block size</i>. + * * @param uk the 32N-bit user-supplied key material; 4 <= N <= 10. * @param bs the desired block size in bytes. * @return an Object encapsulating the session key. @@ -400,95 +325,91 @@ public final class Anubis extends BaseCipher public Object makeKey(byte[] uk, int bs) throws InvalidKeyException { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); if (uk == null) - { - throw new InvalidKeyException("Empty key"); - } + throw new InvalidKeyException("Empty key"); if ((uk.length % 4) != 0) - { - throw new InvalidKeyException("Key is not multiple of 32-bit."); - } + throw new InvalidKeyException("Key is not multiple of 32-bit."); int N = uk.length / 4; if (N < 4 || N > 10) - { - throw new InvalidKeyException("Key is not 32N; 4 <= N <= 10"); - } + throw new InvalidKeyException("Key is not 32N; 4 <= N <= 10"); int R = 8 + N; int[][] Ke = new int[R + 1][4]; // encryption round keys int[][] Kd = new int[R + 1][4]; // decryption round keys int[] tk = new int[N]; int[] kk = new int[N]; int r, i, j, k, k0, k1, k2, k3, tt; - // apply mu to k0 for (r = 0, i = 0; r < N;) - { - tk[r++] = uk[i++] << 24 | (uk[i++] & 0xFF) << 16 - | (uk[i++] & 0xFF) << 8 | (uk[i++] & 0xFF); - } + tk[r++] = uk[i++] << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); for (r = 0; r <= R; r++) { if (r > 0) { // psi = key evolution function - kk[0] = T0[(tk[0] >>> 24)] ^ T1[(tk[N - 1] >>> 16) & 0xFF] - ^ T2[(tk[N - 2] >>> 8) & 0xFF] ^ T3[tk[N - 3] & 0xFF]; - kk[1] = T0[(tk[1] >>> 24)] ^ T1[(tk[0] >>> 16) & 0xFF] - ^ T2[(tk[N - 1] >>> 8) & 0xFF] ^ T3[tk[N - 2] & 0xFF]; - kk[2] = T0[(tk[2] >>> 24)] ^ T1[(tk[1] >>> 16) & 0xFF] - ^ T2[(tk[0] >>> 8) & 0xFF] ^ T3[tk[N - 1] & 0xFF]; - kk[3] = T0[(tk[3] >>> 24)] ^ T1[(tk[2] >>> 16) & 0xFF] - ^ T2[(tk[1] >>> 8) & 0xFF] ^ T3[tk[0] & 0xFF]; - + kk[0] = T0[(tk[0 ] >>> 24) ] + ^ T1[(tk[N - 1] >>> 16) & 0xFF] + ^ T2[(tk[N - 2] >>> 8) & 0xFF] + ^ T3[ tk[N - 3] & 0xFF]; + kk[1] = T0[(tk[1 ] >>> 24) ] + ^ T1[(tk[0 ] >>> 16) & 0xFF] + ^ T2[(tk[N - 1] >>> 8) & 0xFF] + ^ T3[ tk[N - 2] & 0xFF]; + kk[2] = T0[(tk[2 ] >>> 24) ] + ^ T1[(tk[1 ] >>> 16) & 0xFF] + ^ T2[(tk[0 ] >>> 8) & 0xFF] + ^ T3[ tk[N - 1] & 0xFF]; + kk[3] = T0[(tk[3 ] >>> 24) ] + ^ T1[(tk[2 ] >>> 16) & 0xFF] + ^ T2[(tk[1 ] >>> 8) & 0xFF] + ^ T3[ tk[0 ] & 0xFF]; for (i = 4; i < N; i++) - { - kk[i] = T0[tk[i] >>> 24] ^ T1[(tk[i - 1] >>> 16) & 0xFF] - ^ T2[(tk[i - 2] >>> 8) & 0xFF] ^ T3[tk[i - 3] & 0xFF]; - } + kk[i] = T0[ tk[i ] >>> 24 ] + ^ T1[(tk[i - 1] >>> 16) & 0xFF] + ^ T2[(tk[i - 2] >>> 8) & 0xFF] + ^ T3[ tk[i - 3] & 0xFF]; // apply sigma (affine addition) to round constant tk[0] = rc[r - 1] ^ kk[0]; for (i = 1; i < N; i++) - { - tk[i] = kk[i]; - } + tk[i] = kk[i]; } - // phi = key selection function tt = tk[N - 1]; - k0 = T4[tt >>> 24]; + k0 = T4[ tt >>> 24 ]; k1 = T4[(tt >>> 16) & 0xFF]; - k2 = T4[(tt >>> 8) & 0xFF]; - k3 = T4[tt & 0xFF]; - + k2 = T4[(tt >>> 8) & 0xFF]; + k3 = T4[ tt & 0xFF]; for (k = N - 2; k >= 0; k--) { tt = tk[k]; - k0 = T4[tt >>> 24] ^ (T5[(k0 >>> 24) & 0xFF] & 0xFF000000) - ^ (T5[(k0 >>> 16) & 0xFF] & 0x00FF0000) - ^ (T5[(k0 >>> 8) & 0xFF] & 0x0000FF00) - ^ (T5[k0 & 0xFF] & 0x000000FF); - k1 = T4[(tt >>> 16) & 0xFF] ^ (T5[(k1 >>> 24) & 0xFF] & 0xFF000000) - ^ (T5[(k1 >>> 16) & 0xFF] & 0x00FF0000) - ^ (T5[(k1 >>> 8) & 0xFF] & 0x0000FF00) - ^ (T5[k1 & 0xFF] & 0x000000FF); - k2 = T4[(tt >>> 8) & 0xFF] ^ (T5[(k2 >>> 24) & 0xFF] & 0xFF000000) - ^ (T5[(k2 >>> 16) & 0xFF] & 0x00FF0000) - ^ (T5[(k2 >>> 8) & 0xFF] & 0x0000FF00) - ^ (T5[(k2) & 0xFF] & 0x000000FF); - k3 = T4[tt & 0xFF] ^ (T5[(k3 >>> 24) & 0xFF] & 0xFF000000) - ^ (T5[(k3 >>> 16) & 0xFF] & 0x00FF0000) - ^ (T5[(k3 >>> 8) & 0xFF] & 0x0000FF00) - ^ (T5[k3 & 0xFF] & 0x000000FF); + k0 = T4[ tt >>> 24 ] + ^ (T5[(k0 >>> 24) & 0xFF] & 0xFF000000) + ^ (T5[(k0 >>> 16) & 0xFF] & 0x00FF0000) + ^ (T5[(k0 >>> 8) & 0xFF] & 0x0000FF00) + ^ (T5 [k0 & 0xFF] & 0x000000FF); + k1 = T4[(tt >>> 16) & 0xFF] + ^ (T5[(k1 >>> 24) & 0xFF] & 0xFF000000) + ^ (T5[(k1 >>> 16) & 0xFF] & 0x00FF0000) + ^ (T5[(k1 >>> 8) & 0xFF] & 0x0000FF00) + ^ (T5[ k1 & 0xFF] & 0x000000FF); + k2 = T4[(tt >>> 8) & 0xFF] + ^ (T5[(k2 >>> 24) & 0xFF] & 0xFF000000) + ^ (T5[(k2 >>> 16) & 0xFF] & 0x00FF0000) + ^ (T5[(k2 >>> 8) & 0xFF] & 0x0000FF00) + ^ (T5[ k2 & 0xFF] & 0x000000FF); + k3 = T4[ tt & 0xFF] + ^ (T5[(k3 >>> 24) & 0xFF] & 0xFF000000) + ^ (T5[(k3 >>> 16) & 0xFF] & 0x00FF0000) + ^ (T5[(k3 >>> 8) & 0xFF] & 0x0000FF00) + ^ (T5[ k3 & 0xFF] & 0x000000FF); } - Ke[r][0] = k0; Ke[r][1] = k1; Ke[r][2] = k2; Ke[r][3] = k3; - if (r == 0 || r == R) { Kd[R - r][0] = k0; @@ -498,72 +419,61 @@ public final class Anubis extends BaseCipher } else { - Kd[R - r][0] = T0[S[k0 >>> 24] & 0xFF] - ^ T1[S[(k0 >>> 16) & 0xFF] & 0xFF] - ^ T2[S[(k0 >>> 8) & 0xFF] & 0xFF] - ^ T3[S[k0 & 0xFF] & 0xFF]; - Kd[R - r][1] = T0[S[k1 >>> 24] & 0xFF] - ^ T1[S[(k1 >>> 16) & 0xFF] & 0xFF] - ^ T2[S[(k1 >>> 8) & 0xFF] & 0xFF] - ^ T3[S[k1 & 0xFF] & 0xFF]; - Kd[R - r][2] = T0[S[k2 >>> 24] & 0xFF] - ^ T1[S[(k2 >>> 16) & 0xFF] & 0xFF] - ^ T2[S[(k2 >>> 8) & 0xFF] & 0xFF] - ^ T3[S[k2 & 0xFF] & 0xFF]; - Kd[R - r][3] = T0[S[k3 >>> 24] & 0xFF] - ^ T1[S[(k3 >>> 16) & 0xFF] & 0xFF] - ^ T2[S[(k3 >>> 8) & 0xFF] & 0xFF] - ^ T3[S[k3 & 0xFF] & 0xFF]; + Kd[R - r][0] = T0[S[ k0 >>> 24 ] & 0xFF] + ^ T1[S[(k0 >>> 16) & 0xFF] & 0xFF] + ^ T2[S[(k0 >>> 8) & 0xFF] & 0xFF] + ^ T3[S[ k0 & 0xFF] & 0xFF]; + Kd[R - r][1] = T0[S[ k1 >>> 24 ] & 0xFF] + ^ T1[S[(k1 >>> 16) & 0xFF] & 0xFF] + ^ T2[S[(k1 >>> 8) & 0xFF] & 0xFF] + ^ T3[S[ k1 & 0xFF] & 0xFF]; + Kd[R - r][2] = T0[S[ k2 >>> 24 ] & 0xFF] + ^ T1[S[(k2 >>> 16) & 0xFF] & 0xFF] + ^ T2[S[(k2 >>> 8) & 0xFF] & 0xFF] + ^ T3[S[ k2 & 0xFF] & 0xFF]; + Kd[R - r][3] = T0[S[ k3 >>> 24 ] & 0xFF] + ^ T1[S[(k3 >>> 16) & 0xFF] & 0xFF] + ^ T2[S[(k3 >>> 8) & 0xFF] & 0xFF] + ^ T3[S[ k3 & 0xFF] & 0xFF]; } } - - if (DEBUG && debuglevel > 8) + if (Configuration.DEBUG) { - System.out.println(); - System.out.println("Key schedule"); - System.out.println(); - System.out.println("Ke[]:"); + log.fine("Key schedule"); + log.fine("Ke[]:"); + StringBuilder sb; for (r = 0; r < R + 1; r++) { - System.out.print("#" + r + ": "); + sb = new StringBuilder("#").append(r).append(": "); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(Ke[r][j]) + ", "); - System.out.println(); + sb.append("0x").append(Util.toString(Ke[r][j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("Kd[]:"); + log.fine("Kd[]:"); for (r = 0; r < R + 1; r++) { - System.out.print("#" + r + ": "); + sb = new StringBuilder("#").append(r).append(": "); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(Kd[r][j]) + ", "); - System.out.println(); + sb.append("0x").append(Util.toString(Kd[r][j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); } - return new Object[] { Ke, Kd }; } public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - - int[][] K = (int[][]) ((Object[]) k)[0]; + throw new IllegalArgumentException(); + int[][] K = (int[][])((Object[]) k)[0]; anubis(in, i, out, j, K); } public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - - int[][] K = (int[][]) ((Object[]) k)[1]; + throw new IllegalArgumentException(); + int[][] K = (int[][])((Object[]) k)[1]; anubis(in, i, out, j, K); } @@ -573,11 +483,9 @@ public final class Anubis extends BaseCipher { boolean result = super.selfTest(); // do symmetry tests if (result) - { - result = testKat(KAT_KEY, KAT_CT); - } + result = testKat(KAT_KEY, KAT_CT); valid = Boolean.valueOf(result); } return valid.booleanValue(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java b/libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java index 9d62311ed58..a5bbe698769 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java @@ -38,47 +38,39 @@ exception statement from your version. */ package gnu.javax.crypto.cipher; -import gnu.java.security.util.Util; +import gnu.java.security.Configuration; import java.security.InvalidKeyException; import java.util.Arrays; import java.util.Iterator; import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; /** - * <p>A basic abstract class to facilitate implementing symmetric key block - * ciphers.</p> + * A basic abstract class to facilitate implementing symmetric key block + * ciphers. */ -public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi +public abstract class BaseCipher + implements IBlockCipher, IBlockCipherSpi { - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(BaseCipher.class.getName()); /** The canonical name prefix of the cipher. */ protected String name; - /** The default block size, in bytes. */ protected int defaultBlockSize; - /** The default key size, in bytes. */ protected int defaultKeySize; - /** The current block size, in bytes. */ protected int currentBlockSize; - /** The session key for this instance. */ protected transient Object currentKey; - /** The instance lock. */ protected Object lock = new Object(); - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial constructor for use by concrete subclasses.</p> - * + * Trivial constructor for use by concrete subclasses. + * * @param name the canonical name prefix of this instance. * @param defaultBlockSize the default block size in bytes. * @param defaultKeySize the default key size in bytes. @@ -92,27 +84,15 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi this.defaultKeySize = defaultKeySize; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // IBlockCipher interface implementation ----------------------------------- - public abstract Object clone(); public String name() { StringBuffer sb = new StringBuffer(name).append('-'); if (currentKey == null) - { - sb.append(String.valueOf(8 * defaultBlockSize)); - } + sb.append(String.valueOf(8 * defaultBlockSize)); else - { - sb.append(String.valueOf(8 * currentBlockSize)); - } + sb.append(String.valueOf(8 * currentBlockSize)); return sb.toString(); } @@ -131,17 +111,13 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi synchronized (lock) { if (currentKey != null) - { - throw new IllegalStateException(); - } - + throw new IllegalStateException(); Integer bs = (Integer) attributes.get(CIPHER_BLOCK_SIZE); - if (bs == null) - { // no block size was specified. - if (currentBlockSize == 0) - { // happy birthday - currentBlockSize = defaultBlockSize; - } // else it's a clone. use as is + if (bs == null) // no block size was specified + { + if (currentBlockSize == 0) // happy birthday + currentBlockSize = defaultBlockSize; + // else it's a clone. use as is } else { @@ -153,17 +129,11 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi { ok = (currentBlockSize == ((Integer) it.next()).intValue()); if (ok) - { - break; - } - } - if (!ok) - { - throw new IllegalArgumentException( - IBlockCipher.CIPHER_BLOCK_SIZE); + break; } + if (! ok) + throw new IllegalArgumentException(IBlockCipher.CIPHER_BLOCK_SIZE); } - byte[] k = (byte[]) attributes.get(KEY_MATERIAL); currentKey = makeKey(k, currentBlockSize); } @@ -172,9 +142,7 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi public int currentBlockSize() { if (currentKey == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); return currentBlockSize; } @@ -182,7 +150,6 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi { synchronized (lock) { - // currentBlockSize = 0; currentKey = null; } } @@ -193,10 +160,7 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi synchronized (lock) { if (currentKey == null) - { - throw new IllegalStateException(); - } - + throw new IllegalStateException(); encrypt(in, inOffset, out, outOffset, currentKey, currentBlockSize); } } @@ -207,10 +171,7 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi synchronized (lock) { if (currentKey == null) - { - throw new IllegalStateException(); - } - + throw new IllegalStateException(); decrypt(in, inOffset, out, outOffset, currentKey, currentBlockSize); } } @@ -219,25 +180,17 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi { int ks; Iterator bit; - // do symmetry tests for all block-size/key-size combos for (Iterator kit = keySizes(); kit.hasNext();) { ks = ((Integer) kit.next()).intValue(); for (bit = blockSizes(); bit.hasNext();) - { - if (!testSymmetry(ks, ((Integer) bit.next()).intValue())) - { - return false; - } - } + if (! testSymmetry(ks, ((Integer) bit.next()).intValue())) + return false; } - return true; } - // own methods ------------------------------------------------------------- - private boolean testSymmetry(int ks, int bs) { try @@ -248,24 +201,18 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi byte[] cpt = new byte[bs]; int i; for (i = 0; i < ks; i++) - { - kb[i] = (byte) i; - } + kb[i] = (byte) i; for (i = 0; i < bs; i++) - { - pt[i] = (byte) i; - } - + pt[i] = (byte) i; Object k = makeKey(kb, bs); encrypt(pt, 0, ct, 0, k, bs); decrypt(ct, 0, cpt, 0, k, bs); - return Arrays.equals(pt, cpt); - } catch (Exception x) { - x.printStackTrace(System.err); + if (Configuration.DEBUG) + log.log(Level.FINE, "Exception in testSymmetry() for " + name(), x); return false; } } @@ -281,24 +228,20 @@ public abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi { int bs = pt.length; byte[] t = new byte[bs]; - Object k = makeKey(kb, bs); - // test encryption encrypt(pt, 0, t, 0, k, bs); - if (!Arrays.equals(t, ct)) - { - return false; - } + if (! Arrays.equals(t, ct)) + return false; // test decryption decrypt(t, 0, t, 0, k, bs); return Arrays.equals(t, pt); - } catch (Exception x) { - x.printStackTrace(System.err); + if (Configuration.DEBUG) + log.log(Level.FINE, "Exception in testKat() for " + name(), x); return false; } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java b/libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java index ca1fdfbd394..68722e913c4 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java @@ -51,370 +51,210 @@ import java.util.Collections; import java.util.Iterator; /** - * Blowfish is a 16-round, 64-bit Feistel cipher designed by Bruce - * Schneier. It accepts a variable-length key of up to 448 bits. - * - * <p>References:</p> + * Blowfish is a 16-round, 64-bit Feistel cipher designed by Bruce Schneier. It + * accepts a variable-length key of up to 448 bits. + * <p> + * References: * <ol> - * <li>Schneier, Bruce: <i>Applied Cryptography</i>, Second Edition, - * 336--339, 647--654 (1996 Bruce Schneier).</li> - * <li><a href="http://www.counterpane.com/blowfish.html">The - * Blowfish Encryption Algorithm.</a></li> + * <li>Schneier, Bruce: <i>Applied Cryptography</i>, Second Edition, 336--339, + * 647--654 (1996 Bruce Schneier).</li> + * <li><a href="http://www.counterpane.com/blowfish.html">The Blowfish + * Encryption Algorithm.</a></li> * </ol> */ -public class Blowfish extends BaseCipher +public class Blowfish + extends BaseCipher { - - // Constants and variables - // ----------------------------------------------------------------- - private static final int DEFAULT_BLOCK_SIZE = 8; - private static final int DEFAULT_KEY_SIZE = 8; - private static final int MAX_KEY_LENGTH = 56; - /** Initial value of the p-array. */ - private static final int[] P = { 0x243f6a88, 0x85a308d3, 0x13198a2e, - 0x03707344, 0xa4093822, 0x299f31d0, - 0x082efa98, 0xec4e6c89, 0x452821e6, - 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, - 0xb5470917, 0x9216d5d9, 0x8979fb1b }; - + private static final int[] P = { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b }; /** Initial value of S-box 1. */ - static final int[] KS0 = { 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, - 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, - 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, - 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, - 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, - 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, - 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, - 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, - 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, - 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, - 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, - 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, - 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, - 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, - 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, - 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, - 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, - 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, - 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, - 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, - 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, - 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, - 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, - 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, - 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, - 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, - 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, - 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, - 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, - 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, - 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, - 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, - 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, - 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, - 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, - 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, - 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, - 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, - 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, - 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, - 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, - 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, - 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a }; - + static final int[] KS0 = { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, + 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, + 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, + 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, + 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, + 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, + 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, + 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, + 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, + 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, + 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, + 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, + 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, + 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, + 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, + 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, + 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, + 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, + 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, + 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, + 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, + 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a }; /** Initial value of S-box 2. */ - private static final int[] KS1 = { 0x4b7a70e9, 0xb5b32944, 0xdb75092e, - 0xc4192623, 0xad6ea6b0, 0x49a7df7d, - 0x9cee60b8, 0x8fedb266, 0xecaa8c71, - 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, - 0xe4183a3e, 0x3f54989a, 0x5b429d65, - 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, - 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, - 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, - 0x3c971814, 0x6b6a70a1, 0x687f3584, - 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, - 0x5716f2b8, 0xb03ada37, 0xf0500c0d, - 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, - 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, - 0x22f54701, 0x3ae5e581, 0x37c2dadc, - 0xc8b57634, 0x9af3dda7, 0xa9446146, - 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, - 0x183eb331, 0x4e548b38, 0x4f6db908, - 0x6f420d03, 0xf60a04bf, 0x2cb81290, - 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, - 0xdccf3f2e, 0x5512721f, 0x2e6b7124, - 0x501adde6, 0x9f84cd87, 0x7a584718, - 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, - 0xc464c3d2, 0xef1c1847, 0x3215d908, - 0xdd433b37, 0x24c2ba16, 0x12a14d43, - 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, - 0x5f11199b, 0x043556f1, 0xd7a3c76b, - 0x3c11183b, 0x5924a509, 0xf28fe6ed, - 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, - 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, - 0x2965dcb9, 0x99e71d0f, 0x803e89d6, - 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, - 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, - 0x1939260f, 0x19c27960, 0x5223a708, - 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, - 0x018cff28, 0xc332ddef, 0xbe6c5aa5, - 0x65582185, 0x68ab9802, 0xeecea50f, - 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, - 0x619f1510, 0x13cca830, 0xeb61bd96, - 0x0334fe1e, 0xaa0363cf, 0xb5735c90, - 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, - 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, - 0xa02369b9, 0x655abb50, 0x40685a32, - 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, - 0x623d7da8, 0xf837889a, 0x97e32d77, - 0x11ed935f, 0x16681281, 0x0e358829, - 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, - 0x1ac24696, 0xcdb30aeb, 0x532e3054, - 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, - 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, - 0x203e13e0, 0x45eee2b6, 0xa3aaabea, - 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, - 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, - 0x3d816250, 0xcf62a1f2, 0x5b8d2646, - 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, - 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, - 0x23820e00, 0x58428d2a, 0x0c55f5ea, - 0x1dadf43e, 0x233f7061, 0x3372f092, - 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, - 0xce77326e, 0xa6078084, 0x19f8509e, - 0xe8efd855, 0x61d99735, 0xa969a7aa, - 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, - 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, - 0x675fda79, 0xe3674340, 0xc5c43465, - 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, - 0xdb83adf7 }; - + private static final int[] KS1 = { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, + 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, + 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, + 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, + 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, + 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, + 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, + 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, + 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, + 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, + 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, + 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, + 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, + 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, + 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, + 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, + 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, + 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, + 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, + 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, + 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, + 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 }; /** Initial value of S-box 3. */ - private static final int[] KS2 = { 0xe93d5a68, 0x948140f7, 0xf64c261c, - 0x94692934, 0x411520f7, 0x7602d4f7, - 0xbcf46b2e, 0xd4a20068, 0xd4082471, - 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, - 0xbf8b8840, 0x4d95fc1d, 0x96b591af, - 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, - 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, - 0xabca0a9a, 0x28507825, 0x530429f4, - 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, - 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, - 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, - 0xce78a399, 0x406b2a42, 0x20fe9e35, - 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, - 0xeae397b2, 0x3a6efa74, 0xdd5b4332, - 0x6841e7f7, 0xca7820fb, 0xfb0af54e, - 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, - 0xd096954b, 0x55a867bc, 0xa1159a58, - 0xcca92963, 0x99e1db33, 0xa62a4a56, - 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, - 0x05282ce3, 0x95c11548, 0xe4c66d22, - 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, - 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, - 0x41113564, 0x257b7834, 0x602a9c60, - 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, - 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, - 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, - 0xde720c8c, 0x2da2f728, 0xd0127845, - 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, - 0xf33e8d1e, 0x0a476341, 0x992eff74, - 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, - 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, - 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, - 0xb5390f92, 0x690fed0b, 0x667b9ffb, - 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, - 0x763bd6eb, 0x37392eb3, 0xcc115979, - 0x8026e297, 0xf42e312d, 0x6842ada7, - 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, - 0x4bfb6350, 0x1a6b1018, 0x11caedfa, - 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, - 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, - 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, - 0x60787bf8, 0x6003604d, 0xd1fd8346, - 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, - 0x3c005e5f, 0x77a057be, 0xbde8ae24, - 0x55464299, 0xbf582e61, 0x4e58f48f, - 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, - 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, - 0x846a0e79, 0x915f95e2, 0x466e598e, - 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, - 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, - 0x662d09a1, 0xc4324633, 0xe85a1f02, - 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, - 0x2868f169, 0xdcb7da83, 0x573906fe, - 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, - 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, - 0x61a806b5, 0xf0177a28, 0xc0f586e0, - 0x006058aa, 0x30dc7d62, 0x11e69ed7, - 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, - 0xce591d76, 0x6f05e409, 0x4b7c0188, - 0x39720a3d, 0x7c927c24, 0x86e3725f, - 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, - 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, - 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, - 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, - 0x406000e0 }; - + private static final int[] KS2 = { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, + 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, + 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, + 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, + 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, + 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, + 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, + 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, + 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, + 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, + 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, + 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, + 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, + 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, + 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, + 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, + 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, + 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, + 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, + 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, + 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, + 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 }; /** Initial value of S-box 4. */ - private static final int[] KS3 = { 0x3a39ce37, 0xd3faf5cf, 0xabc27737, - 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, - 0xd3822740, 0x99bc9bbe, 0xd5118e9d, - 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, - 0x6a366eb4, 0x5748ab2f, 0xbc946e79, - 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, - 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, - 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, - 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, - 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, - 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, - 0x4ba99586, 0xef5562e9, 0xc72fefd3, - 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, - 0x3b3ee593, 0xe990fd5a, 0x9e34d797, - 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, - 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, - 0x5a88f54c, 0xe029ac71, 0xe019a5e6, - 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, - 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, - 0xe3d35e8c, 0x15056dd4, 0x88f46dba, - 0x03a16125, 0x0564f0bd, 0xc3eb9e15, - 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, - 0x26dcf319, 0x7533d928, 0xb155fdf5, - 0x03563482, 0x8aba3cbb, 0x28517711, - 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, - 0x9320f991, 0xea7a90c2, 0xfb3e7bce, - 0x5121ce64, 0x774fbe32, 0xa8b6e37e, - 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, - 0x09072166, 0xb39a460a, 0x6445c0dd, - 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, - 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, - 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, - 0x8d6612ae, 0xbf3c6f47, 0xd29be463, - 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, - 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, - 0x34d2466a, 0x0115af84, 0xe1b00428, - 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, - 0x277227f8, 0x611560b1, 0xe7933fdc, - 0xbb3a792b, 0x344525bd, 0xa08839e1, - 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, - 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, - 0xd0dadecb, 0xd50ada38, 0x0339c32a, - 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, - 0x27d9459c, 0xbf97222c, 0x15e6fc2a, - 0x0f91fc71, 0x9b941525, 0xfae59361, - 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, - 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, - 0x4c98a0be, 0x3278e964, 0x9f1f9532, - 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, - 0xc37632d8, 0xdf359f8d, 0x9b992f2e, - 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, - 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, - 0xf6fb2299, 0xf523f357, 0xa6327623, - 0x93a83531, 0x56cccd02, 0xacf08162, - 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, - 0x71c65614, 0xe6c6c7bd, 0x327a140a, - 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, - 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, - 0xcd769c2b, 0x53113ec0, 0x1640e3d3, - 0x38abbd60, 0x2547adf0, 0xba38209c, - 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, - 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, - 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, - 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, - 0x3ac372e6 }; - + private static final int[] KS3 = { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, + 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, + 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, + 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, + 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, + 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, + 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, + 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, + 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, + 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, + 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, + 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, + 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, + 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, + 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, + 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, + 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, + 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, + 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, + 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, + 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, + 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 }; /** Cache of the self test. */ private static Boolean valid; - /** * Test vector, as published in * href="http://www.counterpane.com/vectors.txt">http://www.counterpane.com/vectors.txt</a>. @@ -424,20 +264,13 @@ public class Blowfish extends BaseCipher * CT=4EF997456198DD78 */ private static final byte[] TV_KEY = Util.toBytesFromString("0000000000000000"); - private static final byte[] TV_CT = Util.toBytesFromString("4EF997456198DD78"); - // Constructors - // ----------------------------------------------------------------------- - public Blowfish() { super(Registry.BLOWFISH_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Clonable interface implementation. - // ----------------------------------------------------------------------- - public Object clone() { Blowfish result = new Blowfish(); @@ -445,36 +278,14 @@ public class Blowfish extends BaseCipher return result; } - // Implementations of abstract methods from BaseCipher - // ----------------------------------------------------------------------- - public Iterator keySizes() { return new Sequence(8, MAX_KEY_LENGTH, 8).iterator(); - // return new Iterator() { - // private int i = 0; - - // public boolean hasNext() { - // return i <= MAX_KEY_LENGTH-8; - // } - - // public Object next() { - // if (hasNext()) { - // i += 8; - // return new Integer(i); - // } - // return null; - // } - - // public void remove() { - // throw new UnsupportedOperationException(); - // } - // }; } public Iterator blockSizes() { - return Collections.singleton(new Integer(DEFAULT_BLOCK_SIZE)).iterator(); + return Collections.singleton(Integer.valueOf(DEFAULT_BLOCK_SIZE)).iterator(); } public Object makeKey(byte[] k, int bs) @@ -485,7 +296,6 @@ public class Blowfish extends BaseCipher System.arraycopy(KS1, 0, ctx.s1, 0, KS1.length); System.arraycopy(KS2, 0, ctx.s2, 0, KS2.length); System.arraycopy(KS3, 0, ctx.s3, 0, KS3.length); - // XOR the key with the P-box int l = 0; for (int i = 0; i < ctx.p.length; i++) @@ -495,13 +305,10 @@ public class Blowfish extends BaseCipher { data = (data << 8) | (k[l++] & 0xff); if (l >= k.length) - { - l = 0; - } + l = 0; } ctx.p[i] ^= data; } - // We swap the left and right words here only, so we can avoid // swapping altogether during encryption/decryption. int t; @@ -559,18 +366,22 @@ public class Blowfish extends BaseCipher public void encrypt(byte[] in, int i, byte[] out, int o, Object k, int bs) { Block x = new Block(); - x.left = (in[i] & 0xff) << 24 | (in[i + 1] & 0xff) << 16 - | (in[i + 2] & 0xff) << 8 | (in[i + 3] & 0xff); - x.right = (in[i + 4] & 0xff) << 24 | (in[i + 5] & 0xff) << 16 - | (in[i + 6] & 0xff) << 8 | (in[i + 7] & 0xff); + x.left = (in[i ] & 0xff) << 24 + | (in[i + 1] & 0xff) << 16 + | (in[i + 2] & 0xff) << 8 + | (in[i + 3] & 0xff); + x.right = (in[i + 4] & 0xff) << 24 + | (in[i + 5] & 0xff) << 16 + | (in[i + 6] & 0xff) << 8 + | (in[i + 7] & 0xff); blowfishEncrypt(x, (Context) k); - out[o] = (byte) (x.right >>> 24); - out[o + 1] = (byte) (x.right >>> 16); - out[o + 2] = (byte) (x.right >>> 8); + out[o ] = (byte)(x.right >>> 24); + out[o + 1] = (byte)(x.right >>> 16); + out[o + 2] = (byte)(x.right >>> 8); out[o + 3] = (byte) x.right; - out[o + 4] = (byte) (x.left >>> 24); - out[o + 5] = (byte) (x.left >>> 16); - out[o + 6] = (byte) (x.left >>> 8); + out[o + 4] = (byte)(x.left >>> 24); + out[o + 5] = (byte)(x.left >>> 16); + out[o + 6] = (byte)(x.left >>> 8); out[o + 7] = (byte) x.left; x.left = x.right = 0; } @@ -578,63 +389,96 @@ public class Blowfish extends BaseCipher public void decrypt(byte[] in, int i, byte[] out, int o, Object k, int bs) { Block x = new Block(); - x.left = (in[i] & 0xff) << 24 | (in[i + 1] & 0xff) << 16 - | (in[i + 2] & 0xff) << 8 | (in[i + 3] & 0xff); - x.right = (in[i + 4] & 0xff) << 24 | (in[i + 5] & 0xff) << 16 - | (in[i + 6] & 0xff) << 8 | (in[i + 7] & 0xff); + x.left = (in[i ] & 0xff) << 24 + | (in[i + 1] & 0xff) << 16 + | (in[i + 2] & 0xff) << 8 + | (in[i + 3] & 0xff); + x.right = (in[i + 4] & 0xff) << 24 + | (in[i + 5] & 0xff) << 16 + | (in[i + 6] & 0xff) << 8 + | (in[i + 7] & 0xff); blowfishDecrypt(x, (Context) k); - out[o] = (byte) (x.right >>> 24); - out[o + 1] = (byte) (x.right >>> 16); - out[o + 2] = (byte) (x.right >>> 8); + out[o ] = (byte)(x.right >>> 24); + out[o + 1] = (byte)(x.right >>> 16); + out[o + 2] = (byte)(x.right >>> 8); out[o + 3] = (byte) x.right; - out[o + 4] = (byte) (x.left >>> 24); - out[o + 5] = (byte) (x.left >>> 16); - out[o + 6] = (byte) (x.left >>> 8); + out[o + 4] = (byte)(x.left >>> 24); + out[o + 5] = (byte)(x.left >>> 16); + out[o + 6] = (byte)(x.left >>> 8); out[o + 7] = (byte) x.left; x.left = x.right = 0; } - // Own methods - // ----------------------------------------------------------------- - /** Encrypt a single pair of 32-bit integers. */ private void blowfishEncrypt(Block x, Context ctx) { int[] p = ctx.p; int[] s0 = ctx.s0, s1 = ctx.s1, s2 = ctx.s2, s3 = ctx.s3; x.left ^= p[0]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[1]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[2]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[3]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[4]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[5]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[6]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[7]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[8]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[9]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[10]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[11]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[12]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[13]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[14]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[15]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[16]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[1]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[2]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[3]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[4]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[5]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[6]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[7]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[8]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[9]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[10]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[11]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[12]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[13]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[14]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[15]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[16]; x.right ^= p[17]; } @@ -644,38 +488,70 @@ public class Blowfish extends BaseCipher int[] p = ctx.p; int[] s0 = ctx.s0, s1 = ctx.s1, s2 = ctx.s2, s3 = ctx.s3; x.left ^= p[17]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[16]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[15]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[14]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[13]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[12]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[11]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[10]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[9]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[8]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[7]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[6]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[5]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[4]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[3]; - x.right ^= ((s0[x.left >>> 24] + s1[x.left >>> 16 & 0xff]) ^ s2[x.left >>> 8 & 0xff]) - + s3[x.left & 0xff] ^ p[2]; - x.left ^= ((s0[x.right >>> 24] + s1[x.right >>> 16 & 0xff]) ^ s2[x.right >>> 8 & 0xff]) - + s3[x.right & 0xff] ^ p[1]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[16]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[15]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[14]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[13]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[12]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[11]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[10]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[9]; + x.right ^= ((s0[x.left >>> 24] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[8]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[7]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[6]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[5]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[4]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[3]; + x.right ^= ((s0[x.left >>> 24 ] + + s1[x.left >>> 16 & 0xff]) + ^ s2[x.left >>> 8 & 0xff]) + + s3[x.left & 0xff] ^ p[2]; + x.left ^= ((s0[x.right >>> 24 ] + + s1[x.right >>> 16 & 0xff]) + ^ s2[x.right >>> 8 & 0xff]) + + s3[x.right & 0xff] ^ p[1]; x.right ^= p[0]; } @@ -685,30 +561,19 @@ public class Blowfish extends BaseCipher { boolean result = super.selfTest(); // symmetry if (result) - { - result = testKat(TV_KEY, TV_CT); - } + result = testKat(TV_KEY, TV_CT); valid = Boolean.valueOf(result); } return valid.booleanValue(); } - // Inner classes. - // ----------------------------------------------------------------------- - /** A simple wrapper for the P- and S-boxes. */ - private class Context implements Cloneable + private class Context + implements Cloneable { - - // Constants and variables. - // -------------------------------------------------------------------- - /** The P-array. */ int[] p, s0, s1, s2, s3; - // Constructors. - // -------------------------------------------------------------------- - /** Default 0-arguments constructor. */ Context() { @@ -733,9 +598,6 @@ public class Blowfish extends BaseCipher this.s3 = (int[]) that.s3.clone(); } - // Clonable interface implementation. - // -------------------------------------------------------------------- - public Object clone() { return new Context(this); @@ -746,4 +608,4 @@ public class Blowfish extends BaseCipher { int left, right; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Cast5.java b/libjava/classpath/gnu/javax/crypto/cipher/Cast5.java index a0e0c60f33f..a7521530ce0 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Cast5.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Cast5.java @@ -47,12 +47,11 @@ import java.util.Collections; import java.util.Iterator; /** - * <p>An implmenetation of the <code>CAST5</code> (a.k.a. CAST-128) algorithm, - * as per <i>RFC-2144</i>, dated May 1997.</p> - * - * <p>In this RFC, <i>Carlisle Adams</i> (the CA in CAST, ST stands for - * <i>Stafford Tavares</i>) describes CAST5 as:</p> - * + * An implmenetation of the <code>CAST5</code> (a.k.a. CAST-128) algorithm, + * as per <i>RFC-2144</i>, dated May 1997. + * <p> + * In this RFC, <i>Carlisle Adams</i> (the CA in CAST, ST stands for + * <i>Stafford Tavares</i>) describes CAST5 as: * <blockquote> * "...a DES-like Substitution-Permutation Network (SPN) cryptosystem which * appears to have good resistance to differential cryptanalysis, linear @@ -61,19 +60,18 @@ import java.util.Iterator; * Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no * complementation property, and an absence of weak and semi-weak keys." * </blockquote> - * - * <p><code>CAST5</code> is a symmetric block cipher with a block-size of 8 + * <p> + * <code>CAST5</code> is a symmetric block cipher with a block-size of 8 * bytes and a variable key-size of up to 128 bits. Its authors, and their * employer (Entrust Technologies, a Nortel majority-owned company), made it * available worldwide on a royalty-free basis for commercial and non-commercial - * uses.</p> - * - * <p>The <code>CAST5</code> encryption algorithm has been designed to allow a + * uses. + * <p> + * The <code>CAST5</code> encryption algorithm has been designed to allow a * key size that can vary from <code>40</code> bits to <code>128</code> bits, * in 8-bit increments (that is, the allowable key sizes are <code>40, 48, 56, * 64, ..., 112, 120,</code> and <code>128</code> bits. For variable keysize - * operation, the specification is as follows:</p> - * + * operation, the specification is as follows: * <ol> * <li>For key sizes up to and including <code>80</code> bits (i.e., * <code>40, 48, 56, 64, 72,</code> and <code>80</code> bits), the algorithm @@ -86,25 +84,19 @@ import java.util.Iterator; * <code>128</code> bits (since the <code>CAST5</code> key schedule assumes * an input key of <code>128</code> bits).</li> * </ol> - * - * <p>References:</p> - * + * <p> + * References: * <ol> * <li><a href="http://www.ietf.org/rfc/rfc2144.txt">The CAST-128 Encryption * Algorithm</a>.<br> * <a href="mailto:cadams@entrust.com">Carlisle Adams</a>.</li> * </ol> */ -public class Cast5 extends BaseCipher +public class Cast5 + extends BaseCipher { - - // Constants and variables - // ------------------------------------------------------------------------- - private static final int DEFAULT_BLOCK_SIZE = 8; // in bytes - private static final int DEFAULT_KEY_SIZE = 5; // in bytes - /** * KAT vector (from rfc-2144): * 40-bit key = 01 23 45 67 12 @@ -113,727 +105,372 @@ public class Cast5 extends BaseCipher * ciphertext = 7A C8 16 D1 6E 9B 30 2E */ private static final byte[] KAT_KEY = Util.toBytesFromString("0123456712"); - private static final byte[] KAT_PT = Util.toBytesFromString("0123456789ABCDEF"); - private static final byte[] KAT_CT = Util.toBytesFromString("7AC816D16E9B302E"); - /** caches the result of the correctness test, once executed. */ private static Boolean valid; - // CAST5 S-boxes - private static final int[] S1 = { 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, - 0x3F258C7A, 0x1E213F2F, 0x9C004DD3, - 0x6003E540, 0xCF9FC949, 0xBFD4AF27, - 0x88BBBDB5, 0xE2034090, 0x98D09675, - 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, - 0x22D4FF8E, 0x28683B6F, 0xC07FD059, - 0xFF2379C8, 0x775F50E2, 0x43C340D3, - 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D, - 0xA1C9E0D6, 0x346C4819, 0x61B76D87, - 0x22540F2F, 0x2ABE32E1, 0xAA54166B, - 0x22568E3A, 0xA2D341D0, 0x66DB40C8, - 0xA784392F, 0x004DFF2F, 0x2DB9D2DE, - 0x97943FAC, 0x4A97C1D8, 0x527644B7, - 0xB5F437A7, 0xB82CBAEF, 0xD751D159, - 0x6FF7F0ED, 0x5A097A1F, 0x827B68D0, - 0x90ECF52E, 0x22B0C054, 0xBC8E5935, - 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, - 0xBEE5812D, 0xB7332290, 0xE93B159F, - 0xB48EE411, 0x4BFF345D, 0xFD45C240, - 0xAD31973F, 0xC4F6D02E, 0x55FC8165, - 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, - 0xC19B0C50, 0x882240F2, 0x0C6E4F38, - 0xA4E4BFD7, 0x4F5BA272, 0x564C1D2F, - 0xC59C5319, 0xB949E354, 0xB04669FE, - 0xB1B6AB8A, 0xC71358DD, 0x6385C545, - 0x110F935D, 0x57538AD5, 0x6A390493, - 0xE63D37E0, 0x2A54F6B3, 0x3A787D5F, - 0x6276A0B5, 0x19A6FCDF, 0x7A42206A, - 0x29F9D4D5, 0xF61B1891, 0xBB72275E, - 0xAA508167, 0x38901091, 0xC6B505EB, - 0x84C7CB8C, 0x2AD75A0F, 0x874A1427, - 0xA2D1936B, 0x2AD286AF, 0xAA56D291, - 0xD7894360, 0x425C750D, 0x93B39E26, - 0x187184C9, 0x6C00B32D, 0x73E2BB14, - 0xA0BEBC3C, 0x54623779, 0x64459EAB, - 0x3F328B82, 0x7718CF82, 0x59A2CEA6, - 0x04EE002E, 0x89FE78E6, 0x3FAB0950, - 0x325FF6C2, 0x81383F05, 0x6963C5C8, - 0x76CB5AD6, 0xD49974C9, 0xCA180DCF, - 0x380782D5, 0xC7FA5CF6, 0x8AC31511, - 0x35E79E13, 0x47DA91D0, 0xF40F9086, - 0xA7E2419E, 0x31366241, 0x051EF495, - 0xAA573B04, 0x4A805D8D, 0x548300D0, - 0x00322A3C, 0xBF64CDDF, 0xBA57A68E, - 0x75C6372B, 0x50AFD341, 0xA7C13275, - 0x915A0BF5, 0x6B54BFAB, 0x2B0B1426, - 0xAB4CC9D7, 0x449CCD82, 0xF7FBF265, - 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324, - 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, - 0xC8BD25AC, 0xEADF55B3, 0xD5BD9E98, - 0xE31231B2, 0x2AD5AD6C, 0x954329DE, - 0xADBE4528, 0xD8710F69, 0xAA51C90F, - 0xAA786BF6, 0x22513F1E, 0xAA51A79B, - 0x2AD344CC, 0x7B5A41F0, 0xD37CFBAD, - 0x1B069505, 0x41ECE491, 0xB4C332E6, - 0x032268D4, 0xC9600ACC, 0xCE387E6D, - 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, - 0xD4DF39DE, 0xE01063DA, 0x4736F464, - 0x5AD328D8, 0xB347CC96, 0x75BB0FC3, - 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A, - 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, - 0xAC39570A, 0x3F04442F, 0x6188B153, - 0xE0397A2E, 0x5727CB79, 0x9CEB418F, - 0x1CACD68D, 0x2AD37C96, 0x0175CB9D, - 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, - 0xEC0E7779, 0x4744EAD4, 0xB11C3274, - 0xDD24CB9E, 0x7E1C54BD, 0xF01144F9, - 0xD2240EB1, 0x9675B3FD, 0xA3AC3755, - 0xD47C27AF, 0x51C85F4D, 0x56907596, - 0xA5BB15E6, 0x580304F0, 0xCA042CF1, - 0x011A37EA, 0x8DBFAADB, 0x35BA3E4A, - 0x3526FFA0, 0xC37B4D09, 0xBC306ED9, - 0x98A52666, 0x5648F725, 0xFF5E569D, - 0x0CED63D0, 0x7C63B2CF, 0x700B45E1, - 0xD5EA50F1, 0x85A92872, 0xAF1FBDA7, - 0xD4234870, 0xA7870BF3, 0x2D3B4D79, - 0x42E04198, 0x0CD0EDE7, 0x26470DB8, - 0xF881814C, 0x474D6AD7, 0x7C0C5E5C, - 0xD1231959, 0x381B7298, 0xF5D2F4DB, - 0xAB838653, 0x6E2F1E23, 0x83719C9E, - 0xBD91E046, 0x9A56456E, 0xDC39200C, - 0x20C8C571, 0x962BDA1C, 0xE1E696FF, - 0xB141AB08, 0x7CCA89B9, 0x1A69E783, - 0x02CC4843, 0xA2F7C579, 0x429EF47D, - 0x427B169C, 0x5AC9F049, 0xDD8F0F00, - 0x5C8165BF }; - - private static final int[] S2 = { 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, - 0x393F4380, 0xFE61CF7A, 0xEEC5207A, - 0x55889C94, 0x72FC0651, 0xADA7EF79, - 0x4E1D7235, 0xD55A63CE, 0xDE0436BA, - 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, - 0xA1D6EFF3, 0xA0B52F7B, 0x59E83605, - 0xEE15B094, 0xE9FFD909, 0xDC440086, - 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB, - 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, - 0xA5E6CF7B, 0x01420DDB, 0xE4E7EF5B, - 0x25A1FF41, 0xE180F806, 0x1FC41080, - 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4, - 0x98DE8B7F, 0x77E83F4E, 0x79929269, - 0x24FA9F7B, 0xE113C85B, 0xACC40083, - 0xD7503525, 0xF7EA615F, 0x62143154, - 0x0D554B63, 0x5D681121, 0xC866C359, - 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, - 0x5C672B21, 0x071F6181, 0x39F7627F, - 0x361E3084, 0xE4EB573B, 0x602F64A4, - 0xD63ACD9C, 0x1BBC4635, 0x9E81032D, - 0x2701F50C, 0x99847AB4, 0xA0E3DF79, - 0xBA6CF38C, 0x10843094, 0x2537A95E, - 0xF46F6FFE, 0xA1FF3B1F, 0x208CFB6A, - 0x8F458C74, 0xD9E0A227, 0x4EC73A34, - 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, - 0x3559648D, 0x8A45388C, 0x1D804366, - 0x721D9BFD, 0xA58684BB, 0xE8256333, - 0x844E8212, 0x128D8098, 0xFED33FB4, - 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, - 0xE49754BD, 0xC5D655DD, 0xEB667064, - 0x77840B4D, 0xA1B6A801, 0x84DB26A9, - 0xE0B56714, 0x21F043B7, 0xE5D05860, - 0x54F03084, 0x066FF472, 0xA31AA153, - 0xDADC4755, 0xB5625DBF, 0x68561BE6, - 0x83CA6B94, 0x2D6ED23B, 0xECCF01DB, - 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709, - 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, - 0x5F0E5304, 0x81ED6F61, 0x20E74364, - 0xB45E1378, 0xDE18639B, 0x881CA122, - 0xB96726D1, 0x8049A7E8, 0x22B7DA7B, - 0x5E552D25, 0x5272D237, 0x79D2951C, - 0xC60D894C, 0x488CB402, 0x1BA4FE5B, - 0xA4B09F6B, 0x1CA815CF, 0xA20C3005, - 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9, - 0x0BEEFF53, 0xE3214517, 0xB4542835, - 0x9F63293C, 0xEE41E729, 0x6E1D2D7C, - 0x50045286, 0x1E6685F3, 0xF33401C6, - 0x30A22C95, 0x31A70850, 0x60930F13, - 0x73F98417, 0xA1269859, 0xEC645C44, - 0x52C877A9, 0xCDFF33A6, 0xA02B1741, - 0x7CBAD9A2, 0x2180036F, 0x50D99C08, - 0xCB3F4861, 0xC26BD765, 0x64A3F6AB, - 0x80342676, 0x25A75E7B, 0xE4E6D1FC, - 0x20C710E6, 0xCDF0B680, 0x17844D3B, - 0x31EEF84D, 0x7E0824E4, 0x2CCB49EB, - 0x846A3BAE, 0x8FF77888, 0xEE5D60F6, - 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, - 0x30F66F43, 0xB3FAEC54, 0x157FD7FA, - 0xEF8579CC, 0xD152DE58, 0xDB2FFD5E, - 0x8F32CE19, 0x306AF97A, 0x02F03EF8, - 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, - 0xC68E4906, 0xB8DA230C, 0x80823028, - 0xDCDEF3C8, 0xD35FB171, 0x088A1BC8, - 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D, - 0xC72FEFFA, 0x22822E99, 0x82C570B4, - 0xD8D94E89, 0x8B1C34BC, 0x301E16E6, - 0x273BE979, 0xB0FFEAA6, 0x61D9B8C6, - 0x00B24869, 0xB7FFCE3F, 0x08DC283B, - 0x43DAF65A, 0xF7E19798, 0x7619B72F, - 0x8F1C9BA4, 0xDC8637A0, 0x16A7D3B1, - 0x9FC393B7, 0xA7136EEB, 0xC6BCC63E, - 0x1A513742, 0xEF6828BC, 0x520365D6, - 0x2D6A77AB, 0x3527ED4B, 0x821FD216, - 0x095C6E2E, 0xDB92F2FB, 0x5EEA29CB, - 0x145892F5, 0x91584F7F, 0x5483697B, - 0x2667A8CC, 0x85196048, 0x8C4BACEA, - 0x833860D4, 0x0D23E0F9, 0x6C387E8A, - 0x0AE6D249, 0xB284600C, 0xD835731D, - 0xDCB1C647, 0xAC4C56EA, 0x3EBD81B3, - 0x230EABB0, 0x6438BC87, 0xF0B5B1FA, - 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, - 0x4FB089BD, 0x649DA589, 0xA345415E, - 0x5C038323, 0x3E5D3BB9, 0x43D79572, - 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF, - 0x7160A539, 0x73BFBE70, 0x83877605, - 0x4523ECF1 }; - - private static final int[] S3 = { 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, - 0xE810C907, 0x47607FFF, 0x369FE44B, - 0x8C1FC644, 0xAECECA90, 0xBEB1F9BF, - 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE, - 0x920E8806, 0xF0AD0548, 0xE13C8D83, - 0x927010D5, 0x11107D9F, 0x07647DB9, - 0xB2E3E4D4, 0x3D4F285E, 0xB9AFA820, - 0xFADE82E0, 0xA067268B, 0x8272792E, - 0x553FB2C0, 0x489AE22B, 0xD4EF9794, - 0x125E3FBC, 0x21FFFCEE, 0x825B1BFD, - 0x9255C5ED, 0x1257A240, 0x4E1A8302, - 0xBAE07FFF, 0x528246E7, 0x8E57140E, - 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, - 0xC982B5A5, 0xA8C01DB7, 0x579FC264, - 0x67094F31, 0xF2BD3F5F, 0x40FFF7C1, - 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B, - 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, - 0x55819D99, 0xA197C81C, 0x4A012D6E, - 0xC5884A28, 0xCCC36F71, 0xB843C213, - 0x6C0743F1, 0x8309893C, 0x0FEDDD5F, - 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, - 0x5AFB9A04, 0xA747D2D0, 0x1651192E, - 0xAF70BF3E, 0x58C31380, 0x5F98302E, - 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82, - 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, - 0x50DA88B8, 0x8427F4A0, 0x1EAC5790, - 0x796FB449, 0x8252DC15, 0xEFBD7D9B, - 0xA672597D, 0xADA840D8, 0x45F54504, - 0xFA5D7403, 0xE83EC305, 0x4F91751A, - 0x925669C2, 0x23EFE941, 0xA903F12E, - 0x60270DF2, 0x0276E4B6, 0x94FD6574, - 0x927985B2, 0x8276DBCB, 0x02778176, - 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, - 0xE29D840E, 0x842F7D83, 0x340CE5C8, - 0x96BBB682, 0x93B4B148, 0xEF303CAB, - 0x984FAF28, 0x779FAF9B, 0x92DC560D, - 0x224D1E20, 0x8437AA88, 0x7D29DC96, - 0x2756D3DC, 0x8B907CEE, 0xB51FD240, - 0xE7C07CE3, 0xE566B4A1, 0xC3E9615E, - 0x3CF8209D, 0x6094D1E3, 0xCD9CA341, - 0x5C76460E, 0x00EA983B, 0xD4D67881, - 0xFD47572C, 0xF76CEDD9, 0xBDA8229C, - 0x127DADAA, 0x438A074E, 0x1F97C090, - 0x081BDB8A, 0x93A07EBE, 0xB938CA15, - 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, - 0x64380E51, 0x68CC7BFB, 0xD90F2788, - 0x12490181, 0x5DE5FFD4, 0xDD7EF86A, - 0x76A2E214, 0xB9A40368, 0x925D958F, - 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, - 0xFAF7933B, 0x6D498623, 0x193CBCFA, - 0x27627545, 0x825CF47A, 0x61BD8BA0, - 0xD11E42D1, 0xCEAD04F4, 0x127EA392, - 0x10428DB7, 0x8272A972, 0x9270C4A8, - 0x127DE50B, 0x285BA1C8, 0x3C62F44F, - 0x35C0EAA5, 0xE805D231, 0x428929FB, - 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B, - 0x1F081FAB, 0x108618AE, 0xFCFD086D, - 0xF9FF2889, 0x694BCC11, 0x236A5CAE, - 0x12DECA4D, 0x2C3F8CC5, 0xD2D02DFE, - 0xF8EF5896, 0xE4CF52DA, 0x95155B67, - 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, - 0x89D36B45, 0x3A609437, 0xEC00C9A9, - 0x44715253, 0x0A874B49, 0xD773BC40, - 0x7C34671C, 0x02717EF6, 0x4FEB5536, - 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, - 0x50B4EF6D, 0x07478CD1, 0x006E1888, - 0xA2E53F55, 0xB9E6D4BC, 0xA2048016, - 0x97573833, 0xD7207D67, 0xDE0F8F3D, - 0x72F87B33, 0xABCC4F33, 0x7688C55D, - 0x7B00A6B0, 0x947B0001, 0x570075D2, - 0xF9BB88F8, 0x8942019E, 0x4264A5FF, - 0x856302E0, 0x72DBD92B, 0xEE971B69, - 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, - 0xE5C98767, 0xCF1FEBD2, 0x61EFC8C2, - 0xF1AC2571, 0xCC8239C2, 0x67214CB8, - 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE, - 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, - 0x60543A49, 0x5727C148, 0x2BE98A1D, - 0x8AB41738, 0x20E1BE24, 0xAF96DA0F, - 0x68458425, 0x99833BE5, 0x600D457D, - 0x282F9350, 0x8334B362, 0xD91D1120, - 0x2B6D8DA0, 0x642B1E31, 0x9C305A00, - 0x52BCE688, 0x1B03588A, 0xF7BAEFD5, - 0x4142ED9C, 0xA4315C11, 0x83323EC5, - 0xDFEF4636, 0xA133C501, 0xE9D3531C, - 0xEE353783 }; - - private static final int[] S4 = { 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, - 0xD273A298, 0x4A4F7BDB, 0x64AD8C57, - 0x85510443, 0xFA020ED1, 0x7E287AFF, - 0xE60FB663, 0x095F35A1, 0x79EBF120, - 0xFD059D43, 0x6497B7B1, 0xF3641F63, - 0x241E4ADF, 0x28147F5F, 0x4FA2B8CD, - 0xC9430040, 0x0CC32220, 0xFDD30B30, - 0xC0A5374F, 0x1D2D00D9, 0x24147B15, - 0xEE4D111A, 0x0FCA5167, 0x71FF904C, - 0x2D195FFE, 0x1A05645F, 0x0C13FEFE, - 0x081B08CA, 0x05170121, 0x80530100, - 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701, - 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, - 0x7293EA25, 0xCE84FFDF, 0xF5718801, - 0x3DD64B04, 0xA26F263B, 0x7ED48400, - 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5, - 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, - 0x503F7E93, 0xD3772061, 0x11B638E1, - 0x72500E03, 0xF80EB2BB, 0xABE0502E, - 0xEC8D77DE, 0x57971E81, 0xE14F6746, - 0xC9335400, 0x6920318F, 0x081DBB99, - 0xFFC304A5, 0x4D351805, 0x7F3D5CE3, - 0xA6C866C6, 0x5D5BCCA9, 0xDAEC6FEA, - 0x9F926F91, 0x9F46222F, 0x3991467D, - 0xA5BF6D8E, 0x1143C44F, 0x43958302, - 0xD0214EEB, 0x022083B8, 0x3FB6180C, - 0x18F8931E, 0x281658E6, 0x26486E3E, - 0x8BD78A70, 0x7477E4C1, 0xB506E07C, - 0xF32D0A25, 0x79098B02, 0xE4EABB81, - 0x28123B23, 0x69DEAD38, 0x1574CA16, - 0xDF871B62, 0x211C40B7, 0xA51A9EF9, - 0x0014377B, 0x041E8AC8, 0x09114003, - 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, - 0x2F91A340, 0x557BE8DE, 0x00EAE4A7, - 0x0CE5C2EC, 0x4DB4BBA6, 0xE756BDFF, - 0xDD3369AC, 0xEC17B035, 0x06572327, - 0x99AFC8B0, 0x56C8C391, 0x6B65811C, - 0x5E146119, 0x6E85CB75, 0xBE07C002, - 0xC2325577, 0x893FF4EC, 0x5BBFC92D, - 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24, - 0x20C763EF, 0xC366A5FC, 0x9C382880, - 0x0ACE3205, 0xAAC9548A, 0xECA1D7C7, - 0x041AFA32, 0x1D16625A, 0x6701902C, - 0x9B757A54, 0x31D477F7, 0x9126B031, - 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, - 0x56E55A79, 0x026A4CEB, 0x52437EFF, - 0x2F8F76B4, 0x0DF980A5, 0x8674CDE3, - 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF, - 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, - 0x2E096B7C, 0x1741A254, 0xE5B6A035, - 0x213D42F6, 0x2C1C7C26, 0x61C2F50F, - 0x6552DAF9, 0xD2C231F8, 0x25130F69, - 0xD8167FA2, 0x0418F2C8, 0x001A96A6, - 0x0D1526AB, 0x63315C21, 0x5E0A72EC, - 0x49BAFEFD, 0x187908D9, 0x8D0DBD86, - 0x311170A7, 0x3E9B640C, 0xCC3E10D7, - 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, - 0x6C728AFF, 0x71EAE2A1, 0x1F9AF36E, - 0xCFCBD12F, 0xC1DE8417, 0xAC07BE6B, - 0xCB44A1D8, 0x8B9B0F56, 0x013988C3, - 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, - 0x12A3A4E2, 0x6F7DE532, 0x58FD7EB6, - 0xD01EE900, 0x24ADFFC2, 0xF4990FC5, - 0x9711AAC5, 0x001D7B95, 0x82E5E7D2, - 0x109873F6, 0x00613096, 0xC32D9521, - 0xADA121FF, 0x29908415, 0x7FBB977F, - 0xAF9EB3DB, 0x29C9ED2A, 0x5CE2A465, - 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091, - 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, - 0x015F1919, 0x77079103, 0xDEA03AF6, - 0x78A8565E, 0xDEE356DF, 0x21F05CBE, - 0x8B75E387, 0xB3C50651, 0xB8A5C3EF, - 0xD8EEB6D2, 0xE523BE77, 0xC2154529, - 0x2F69EFDF, 0xAFE67AFB, 0xF470C4B2, - 0xF3E0EB5B, 0xD6CC9876, 0x39E4460C, - 0x1FDA8538, 0x1987832F, 0xCA007367, - 0xA99144F8, 0x296B299E, 0x492FC295, - 0x9266BEAB, 0xB5676E69, 0x9BD3DDDA, - 0xDF7E052F, 0xDB25701C, 0x1B5E51EE, - 0xF65324E6, 0x6AFCE36C, 0x0316CC04, - 0x8644213E, 0xB7DC59D0, 0x7965291F, - 0xCCD6FD43, 0x41823979, 0x932BCDF6, - 0xB657C34D, 0x4EDFD282, 0x7AE5290C, - 0x3CB9536B, 0x851E20FE, 0x9833557E, - 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, - 0x0AEF7ED2 }; - - private static final int[] S5 = { 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, - 0xA6337911, 0xB86A7FFF, 0x1DD358F5, - 0x44DD9D44, 0x1731167F, 0x08FBF1FA, - 0xE7F511CC, 0xD2051B00, 0x735ABA00, - 0x2AB722D8, 0x386381CB, 0xACF6243A, - 0x69BEFD7A, 0xE6A2E77F, 0xF0C720CD, - 0xC4494816, 0xCCF5C180, 0x38851640, - 0x15B0A848, 0xE68B18CB, 0x4CAADEFF, - 0x5F480A01, 0x0412B2AA, 0x259814FC, - 0x41D0EFE2, 0x4E40B48D, 0x248EB6FB, - 0x8DBA1CFE, 0x41A99B02, 0x1A550A04, - 0xBA8F65CB, 0x7251F4E7, 0x95A51725, - 0xC106ECD7, 0x97A5980A, 0xC539B9AA, - 0x4D79FE6A, 0xF2F3F763, 0x68AF8040, - 0xED0C9E56, 0x11B4958B, 0xE1EB5A88, - 0x8709E6B0, 0xD7E07156, 0x4E29FEA7, - 0x6366E52D, 0x02D1C000, 0xC4AC8E05, - 0x9377F571, 0x0C05372A, 0x578535F2, - 0x2261BE02, 0xD642A0C9, 0xDF13A280, - 0x74B55BD2, 0x682199C0, 0xD421E5EC, - 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, - 0x3D959981, 0x5C1FF900, 0xFE38D399, - 0x0C4EFF0B, 0x062407EA, 0xAA2F4FB1, - 0x4FB96976, 0x90C79505, 0xB0A8A774, - 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, - 0xE66A4263, 0xDF65001F, 0x0EC50966, - 0xDFDD55BC, 0x29DE0655, 0x911E739A, - 0x17AF8975, 0x32C7911C, 0x89F89468, - 0x0D01E980, 0x524755F4, 0x03B63CC9, - 0x0CC844B2, 0xBCF3F0AA, 0x87AC36E9, - 0xE53A7426, 0x01B3D82B, 0x1A9E7449, - 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910, - 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, - 0x04A5C284, 0x636737B6, 0x50F5B616, - 0xF24766E3, 0x8ECA36C1, 0x136E05DB, - 0xFEF18391, 0xFB887A37, 0xD6E7F7D4, - 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, - 0xEC2941DA, 0x26E46695, 0xB7566419, - 0xF654EFC5, 0xD08D58B7, 0x48925401, - 0xC1BACB7F, 0xE5FF550F, 0xB6083049, - 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, - 0x223A66CE, 0xC62BF3CD, 0x9E0885F9, - 0x68CB3E47, 0x086C010F, 0xA21DE820, - 0xD18B69DE, 0xF3F65777, 0xFA02C3F6, - 0x407EDAC3, 0xCBB3D550, 0x1793084D, - 0xB0D70EBA, 0x0AB378D5, 0xD951FB0C, - 0xDED7DA56, 0x4124BBE4, 0x94CA0B56, - 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE, - 0x580A249F, 0x94F74BC0, 0xE327888E, - 0x9F7B5561, 0xC3DC0280, 0x05687715, - 0x646C6BD7, 0x44904DB3, 0x66B4F0A3, - 0xC0F1648A, 0x697ED5AF, 0x49E92FF6, - 0x309E374F, 0x2CB6356A, 0x85808573, - 0x4991F840, 0x76F0AE02, 0x083BE84D, - 0x28421C9A, 0x44489406, 0x736E4CB8, - 0xC1092910, 0x8BC95FC6, 0x7D869CF4, - 0x134F616F, 0x2E77118D, 0xB31B2BE1, - 0xAA90B472, 0x3CA5D717, 0x7D161BBA, - 0x9CAD9010, 0xAF462BA2, 0x9FE459D2, - 0x45D34559, 0xD9F2DA13, 0xDBC65487, - 0xF3E4F94E, 0x176D486F, 0x097C13EA, - 0x631DA5C7, 0x445F7382, 0x175683F4, - 0xCDC66A97, 0x70BE0288, 0xB3CDCF72, - 0x6E5DD2F3, 0x20936079, 0x459B80A5, - 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, - 0x224E42F2, 0x1C5C1572, 0xF6721B2C, - 0x1AD2FFF3, 0x8C25404E, 0x324ED72F, - 0x4067B7FD, 0x0523138E, 0x5CA3BC78, - 0xDC0FD66E, 0x75922283, 0x784D6B17, - 0x58EBB16E, 0x44094F85, 0x3F481D87, - 0xFCFEAE7B, 0x77B5FF76, 0x8C2302BF, - 0xAAF47556, 0x5F46B02A, 0x2B092801, - 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, - 0x66D5E7C0, 0xDF3B0874, 0x95055110, - 0x1B5AD7A8, 0xF61ED5AD, 0x6CF6E479, - 0x20758184, 0xD0CEFA65, 0x88F7BE58, - 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, - 0x5346ABA0, 0x5CE96C28, 0xE176EDA3, - 0x6BAC307F, 0x376829D2, 0x85360FA9, - 0x17E3FE2A, 0x24B79767, 0xF5A96B20, - 0xD6CD2595, 0x68FF1EBF, 0x7555442C, - 0xF19F06BE, 0xF9E0659A, 0xEEB9491D, - 0x34010718, 0xBB30CAB8, 0xE822FE15, - 0x88570983, 0x750E6249, 0xDA627E55, - 0x5E76FFA8, 0xB1534546, 0x6D47DE08, - 0xEFE9E7D4 }; - - private static final int[] S6 = { 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, - 0xE2337F7C, 0x95DB08E7, 0x016843B4, - 0xECED5CBC, 0x325553AC, 0xBF9F0960, - 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9, - 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, - 0x8989B138, 0x33F14961, 0xC01937BD, - 0xF506C6DA, 0xE4625E7E, 0xA308EA99, - 0x4E23E33C, 0x79CBD7CC, 0x48A14367, - 0xA3149619, 0xFEC94BD5, 0xA114174A, - 0xEAA01866, 0xA084DB2D, 0x09A8486F, - 0xA888614A, 0x2900AF98, 0x01665991, - 0xE1992863, 0xC8F30C60, 0x2E78EF3C, - 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, - 0xD0A82072, 0xFD41197E, 0x9305A6B0, - 0xE86BE3DA, 0x74BED3CD, 0x372DA53C, - 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3, - 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, - 0x4E670C53, 0x5C3D9C01, 0x64BDB941, - 0x2C0E636A, 0xBA7DD9CD, 0xEA6F7388, - 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D, - 0xF0D48D8C, 0xB88153E2, 0x08A19866, - 0x1AE2EAC8, 0x284CAF89, 0xAA928223, - 0x9334BE53, 0x3B3A21BF, 0x16434BE3, - 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9, - 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, - 0xA694A807, 0x5B7C5ECC, 0x221DB3A6, - 0x9A69A02F, 0x68818A54, 0xCEB2296F, - 0x53C0843A, 0xFE893655, 0x25BFE68A, - 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, - 0xA9A99387, 0x53BDDB65, 0xE76FFBE7, - 0xE967FD78, 0x0BA93563, 0x8E342BC1, - 0xE8A11BE9, 0x4980740D, 0xC8087DFC, - 0x8DE4BF99, 0xA11101A0, 0x7FD37975, - 0xDA5A26C0, 0xE81F994F, 0x9528CD89, - 0xFD339FED, 0xB87834BF, 0x5F04456D, - 0x22258698, 0xC9C4C83B, 0x2DC156BE, - 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, - 0xD2916EBF, 0x4EC75B95, 0x24F2C3C0, - 0x42D15D99, 0xCD0D7FA0, 0x7B6E27FF, - 0xA8DC8AF0, 0x7345C106, 0xF41E232F, - 0x35162386, 0xE6EA8926, 0x3333B094, - 0x157EC6F2, 0x372B74AF, 0x692573E4, - 0xE9A9D848, 0xF3160289, 0x3A62EF1D, - 0xA787E238, 0xF3A5F676, 0x74364853, - 0x20951063, 0x4576698D, 0xB6FAD407, - 0x592AF950, 0x36F73523, 0x4CFB6E87, - 0x7DA4CEC0, 0x6C152DAA, 0xCB0396A8, - 0xC50DFE5D, 0xFCD707AB, 0x0921C42F, - 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, - 0x754613C9, 0x2B05D08D, 0x48B9D585, - 0xDC049441, 0xC8098F9B, 0x7DEDE786, - 0xC39A3373, 0x42410005, 0x6A091751, - 0x0EF3C8A6, 0x890072D6, 0x28207682, - 0xA9A9F7BE, 0xBF32679D, 0xD45B5B75, - 0xB353FD00, 0xCBB0E358, 0x830F220A, - 0x1F8FB214, 0xD372CF08, 0xCC3C4A13, - 0x8CF63166, 0x061C87BE, 0x88C98F88, - 0x6062E397, 0x47CF8E7A, 0xB6C85283, - 0x3CC2ACFB, 0x3FC06976, 0x4E8F0252, - 0x64D8314D, 0xDA3870E3, 0x1E665459, - 0xC10908F0, 0x513021A5, 0x6C5B68B7, - 0x822F8AA0, 0x3007CD3E, 0x74719EEF, - 0xDC872681, 0x073340D4, 0x7E432FD9, - 0x0C5EC241, 0x8809286C, 0xF592D891, - 0x08A930F6, 0x957EF305, 0xB7FBFFBD, - 0xC266E96F, 0x6FE4AC98, 0xB173ECC0, - 0xBC60B42A, 0x953498DA, 0xFBA1AE12, - 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB, - 0xE2969123, 0x257F0C3D, 0x9348AF49, - 0x361400BC, 0xE8816F4A, 0x3814F200, - 0xA3F94043, 0x9C7A54C2, 0xBC704F57, - 0xDA41E7F9, 0xC25AD33A, 0x54F4A084, - 0xB17F5505, 0x59357CBE, 0xEDBD15C8, - 0x7F97C5AB, 0xBA5AC7B5, 0xB6F6DEAF, - 0x3A479C3A, 0x5302DA25, 0x653D7E6A, - 0x54268D49, 0x51A477EA, 0x5017D55B, - 0xD7D25D88, 0x44136C76, 0x0404A8C8, - 0xB8E5A121, 0xB81A928A, 0x60ED5869, - 0x97C55B96, 0xEAEC991B, 0x29935913, - 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5, - 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, - 0xA0E1D855, 0xD36B4CF1, 0xF544EDEB, - 0xB0E93524, 0xBEBB8FBD, 0xA2D762CF, - 0x49C92F54, 0x38B5F331, 0x7128A454, - 0x48392905, 0xA65B1DB8, 0x851C97BD, - 0xD675CF2F }; - - private static final int[] S7 = { 0x85E04019, 0x332BF567, 0x662DBFFF, - 0xCFC65693, 0x2A8D7F6F, 0xAB9BC912, - 0xDE6008A1, 0x2028DA1F, 0x0227BCE7, - 0x4D642916, 0x18FAC300, 0x50F18B82, - 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, - 0xB28707DE, 0xA05FBCF6, 0xCD4181E9, - 0xE150210C, 0xE24EF1BD, 0xB168C381, - 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43, - 0x4D495001, 0x38BE4341, 0x913CEE1D, - 0x92A79C3F, 0x089766BE, 0xBAEEADF4, - 0x1286BECF, 0xB6EACB19, 0x2660C200, - 0x7565BDE4, 0x64241F7A, 0x8248DCA9, - 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, - 0x356D1CF2, 0x107789BE, 0xB3B2E9CE, - 0x0502AA8F, 0x0BC0351E, 0x166BF52A, - 0xEB12FF82, 0xE3486911, 0xD34D7516, - 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, - 0x4981AC83, 0x334266CE, 0x8C9341B7, - 0xD0D854C0, 0xCB3A6C88, 0x47BC2829, - 0x4725BA37, 0xA66AD22B, 0x7AD61F1E, - 0x0C5CBAFA, 0x4437F107, 0xB6E79962, - 0x42D2D816, 0x0A961288, 0xE1A5C06E, - 0x13749E67, 0x72FC081A, 0xB1D139F7, - 0xF9583745, 0xCF19DF58, 0xBEC3F756, - 0xC06EBA30, 0x07211B24, 0x45C28829, - 0xC95E317F, 0xBC8EC511, 0x38BC46E9, - 0xC6E6FA14, 0xBAE8584A, 0xAD4EBC46, - 0x468F508B, 0x7829435F, 0xF124183B, - 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, - 0x16E39264, 0x92544A8B, 0x009B4FC3, - 0xABA68CED, 0x9AC96F78, 0x06A5B79A, - 0xB2856E6E, 0x1AEC3CA9, 0xBE838688, - 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, - 0xB3A1F25D, 0xF7DEBB85, 0x61FE033C, - 0x16746233, 0x3C034C28, 0xDA6D0C74, - 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802, - 0x98F8F35A, 0x1626A49F, 0xEED82B29, - 0x1D382FE3, 0x0C4FB99A, 0xBB325778, - 0x3EC6D97B, 0x6E77A6A9, 0xCB658B5C, - 0xD45230C7, 0x2BD1408B, 0x60C03EB7, - 0xB9068D78, 0xA33754F4, 0xF430C87D, - 0xC8A71302, 0xB96D8C32, 0xEBD4E7BE, - 0xBE8B9D2D, 0x7979FB06, 0xE7225308, - 0x8B75CF77, 0x11EF8DA4, 0xE083C858, - 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, - 0x5DDA0033, 0xF28EBFB0, 0xF5B9C310, - 0xA0EAC280, 0x08B9767A, 0xA3D9D2B0, - 0x79D34217, 0x021A718D, 0x9AC6336A, - 0x2711FD60, 0x438050E3, 0x069908A8, - 0x3D7FEDC4, 0x826D2BEF, 0x4EEB8476, - 0x488DCF25, 0x36C9D566, 0x28E74E41, - 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF, - 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, - 0x9EA80509, 0xF22B017D, 0xA4173F70, - 0xDD1E16C3, 0x15E0D7F9, 0x50B1B887, - 0x2B9F4FD5, 0x625ABA82, 0x6A017962, - 0x2EC01B9C, 0x15488AA9, 0xD716E740, - 0x40055A2C, 0x93D29A22, 0xE32DBF9A, - 0x058745B9, 0x3453DC1E, 0xD699296E, - 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07, - 0xB87242D1, 0x19DE7EAE, 0x053E561A, - 0x15AD6F8C, 0x66626C1C, 0x7154C24C, - 0xEA082B2A, 0x93EB2939, 0x17DCB0F0, - 0x58D4F2AE, 0x9EA294FB, 0x52CF564C, - 0x9883FE66, 0x2EC40581, 0x763953C3, - 0x01D6692E, 0xD3A0C108, 0xA1E7160E, - 0xE4F2DFA6, 0x693ED285, 0x74904698, - 0x4C2B0EDD, 0x4F757656, 0x5D393378, - 0xA132234F, 0x3D321C5D, 0xC3F5E194, - 0x4B269301, 0xC79F022F, 0x3C997E7E, - 0x5E4F9504, 0x3FFAFBBD, 0x76F7AD0E, - 0x296693F4, 0x3D1FCE6F, 0xC61E45BE, - 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, - 0x4E72B567, 0x5592A33D, 0xB5229301, - 0xCFD2A87F, 0x60AEB767, 0x1814386B, - 0x30BCC33D, 0x38A0C07D, 0xFD1606F2, - 0xC363519B, 0x589DD390, 0x5479F8E6, - 0x1CB8D647, 0x97FD61A9, 0xEA7759F4, - 0x2D57539D, 0x569A58CF, 0xE84E63AD, - 0x462E1B78, 0x6580F87E, 0xF3817914, - 0x91DA55F4, 0x40A230F3, 0xD1988F35, - 0xB6E318D2, 0x3FFA50BC, 0x3D40F021, - 0xC3C0BDAE, 0x4958C24C, 0x518F36B2, - 0x84B1D370, 0x0FEDCE83, 0x878DDADA, - 0xF2A279C7, 0x94E01BE8, 0x90716F4B, - 0x954B8AA3 }; - - private static final int[] S8 = { 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, - 0x35648095, 0x7789F8B7, 0xE6C1121B, - 0x0E241600, 0x052CE8B5, 0x11A9CFB0, - 0xE5952F11, 0xECE7990A, 0x9386D174, - 0x2A42931C, 0x76E38111, 0xB12DEF3A, - 0x37DDDDFC, 0xDE9ADEB1, 0x0A0CC32C, - 0xBE197029, 0x84A00940, 0xBB243A0F, - 0xB4D137CF, 0xB44E79F0, 0x049EEDFD, - 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, - 0x669DED42, 0xC7ECE831, 0x3F8F95E7, - 0x72DF191B, 0x7580330D, 0x94074251, - 0x5C7DCDFA, 0xABBE6D63, 0xAA402164, - 0xB301D40A, 0x02E7D1CA, 0x53571DAE, - 0x7A3182A2, 0x12A8DDEC, 0xFDAA335D, - 0x176F43E8, 0x71FB46D4, 0x38129022, - 0xCE949AD4, 0xB84769AD, 0x965BD862, - 0x82F3D055, 0x66FB9767, 0x15B80B4E, - 0x1D5B47A0, 0x4CFDE06F, 0xC28EC4B8, - 0x57E8726E, 0x647A78FC, 0x99865D44, - 0x608BD593, 0x6C200E03, 0x39DC5FF6, - 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, - 0x70108C0C, 0xBBD35049, 0x2998DF04, - 0x980CF42A, 0x9B6DF491, 0x9E7EDD53, - 0x06918548, 0x58CB7E07, 0x3B74EF2E, - 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, - 0xA4EB215B, 0x3CF1D2E2, 0x19B47A38, - 0x424F7618, 0x35856039, 0x9D17DEE7, - 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8, - 0x09C467CD, 0xC18910B1, 0xE11DBF7B, - 0x06CD1AF8, 0x7170C608, 0x2D5E3354, - 0xD4DE495A, 0x64C6D006, 0xBCC0C62C, - 0x3DD00DB3, 0x708F8F34, 0x77D51B42, - 0x264F620F, 0x24B8D2BF, 0x15C1B79E, - 0x46A52564, 0xF8D7E54E, 0x3E378160, - 0x7895CDA5, 0x859C15A5, 0xE6459788, - 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB, - 0x7F229B1E, 0x31842E7B, 0x24259FD7, - 0xF8BEF472, 0x835FFCB8, 0x6DF4C1F2, - 0x96F5B195, 0xFD0AF0FC, 0xB0FE134C, - 0xE2506D3D, 0x4F9B12EA, 0xF215F225, - 0xA223736F, 0x9FB4C428, 0x25D04979, - 0x34C713F8, 0xC4618187, 0xEA7A6E98, - 0x7CD16EFC, 0x1436876C, 0xF1544107, - 0xBEDEEE14, 0x56E9AF27, 0xA04AA441, - 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, - 0x151682EB, 0xA842EEDF, 0xFDBA60B4, - 0xF1907B75, 0x20E3030F, 0x24D8C29E, - 0xE139673B, 0xEFA63FB8, 0x71873054, - 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, - 0xB01A4504, 0xF1E47D8D, 0x844A1BE5, - 0xBAE7DFDC, 0x42CBDA70, 0xCD7DAE0A, - 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C, - 0xCEA4D428, 0x79D130A4, 0x3486EBFB, - 0x33D3CDDC, 0x77853B53, 0x37EFFCB5, - 0xC5068778, 0xE580B3E6, 0x4E68B8F4, - 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C, - 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, - 0x223613BD, 0xDD06CAA2, 0x37DF932B, - 0xC4248289, 0xACF3EBC3, 0x5715F6B7, - 0xEF3478DD, 0xF267616F, 0xC148CBE4, - 0x9052815E, 0x5E410FAB, 0xB48A2465, - 0x2EDA7FA4, 0xE87B40E4, 0xE98EA084, - 0x5889E9E1, 0xEFD390FC, 0xDD07D35B, - 0xDB485694, 0x38D7E5B2, 0x57720101, - 0x730EDEBC, 0x5B643113, 0x94917E4F, - 0x503C2FBA, 0x646F1282, 0x7523D24A, - 0xE0779695, 0xF9C17A8F, 0x7A5B2121, - 0xD187B896, 0x29263A4D, 0xBA510CDF, - 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, - 0x1A00726E, 0x11403092, 0x00DA6D77, - 0x4A0CDD61, 0xAD1F4603, 0x605BDFB0, - 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A, - 0xA0E736A0, 0x5564A6B9, 0x10853209, - 0xC7EB8F37, 0x2DE705CA, 0x8951570F, - 0xDF09822B, 0xBD691A6C, 0xAA12E4F2, - 0x87451C0F, 0xE0F6A27A, 0x3ADA4819, - 0x4CF1764F, 0x0D771C2B, 0x67CDB156, - 0x350D8384, 0x5938FA0F, 0x42399EF3, - 0x36997B07, 0x0E84093D, 0x4AA93E61, - 0x8360D87B, 0x1FA98B0C, 0x1149382C, - 0xE97625A5, 0x0614D1B7, 0x0E25244B, - 0x0C768347, 0x589E8D82, 0x0D2059D1, - 0xA466BB1E, 0xF8DA0A82, 0x04F19130, - 0xBA6E4EC0, 0x99265164, 0x1EE7230D, - 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, - 0xEA8BF59E }; - + private static final int[] S1 = { + 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A, 0x1E213F2F, 0x9C004DD3, + 0x6003E540, 0xCF9FC949, 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675, + 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E, 0x28683B6F, 0xC07FD059, + 0xFF2379C8, 0x775F50E2, 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D, + 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F, 0x2ABE32E1, 0xAA54166B, + 0x22568E3A, 0xA2D341D0, 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE, + 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7, 0xB82CBAEF, 0xD751D159, + 0x6FF7F0ED, 0x5A097A1F, 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935, + 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D, 0xB7332290, 0xE93B159F, + 0xB48EE411, 0x4BFF345D, 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165, + 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50, 0x882240F2, 0x0C6E4F38, + 0xA4E4BFD7, 0x4F5BA272, 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE, + 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D, 0x57538AD5, 0x6A390493, + 0xE63D37E0, 0x2A54F6B3, 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A, + 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167, 0x38901091, 0xC6B505EB, + 0x84C7CB8C, 0x2AD75A0F, 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291, + 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9, 0x6C00B32D, 0x73E2BB14, + 0xA0BEBC3C, 0x54623779, 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6, + 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2, 0x81383F05, 0x6963C5C8, + 0x76CB5AD6, 0xD49974C9, 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511, + 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E, 0x31366241, 0x051EF495, + 0xAA573B04, 0x4A805D8D, 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E, + 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5, 0x6B54BFAB, 0x2B0B1426, + 0xAB4CC9D7, 0x449CCD82, 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324, + 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC, 0xEADF55B3, 0xD5BD9E98, + 0xE31231B2, 0x2AD5AD6C, 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F, + 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC, 0x7B5A41F0, 0xD37CFBAD, + 0x1B069505, 0x41ECE491, 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D, + 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE, 0xE01063DA, 0x4736F464, + 0x5AD328D8, 0xB347CC96, 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A, + 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A, 0x3F04442F, 0x6188B153, + 0xE0397A2E, 0x5727CB79, 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D, + 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779, 0x4744EAD4, 0xB11C3274, + 0xDD24CB9E, 0x7E1C54BD, 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755, + 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6, 0x580304F0, 0xCA042CF1, + 0x011A37EA, 0x8DBFAADB, 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9, + 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0, 0x7C63B2CF, 0x700B45E1, + 0xD5EA50F1, 0x85A92872, 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79, + 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C, 0x474D6AD7, 0x7C0C5E5C, + 0xD1231959, 0x381B7298, 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E, + 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571, 0x962BDA1C, 0xE1E696FF, + 0xB141AB08, 0x7CCA89B9, 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D, + 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF }; + private static final int[] S2 = { + 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380, 0xFE61CF7A, 0xEEC5207A, + 0x55889C94, 0x72FC0651, 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA, + 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3, 0xA0B52F7B, 0x59E83605, + 0xEE15B094, 0xE9FFD909, 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB, + 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B, 0x01420DDB, 0xE4E7EF5B, + 0x25A1FF41, 0xE180F806, 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4, + 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B, 0xE113C85B, 0xACC40083, + 0xD7503525, 0xF7EA615F, 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359, + 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21, 0x071F6181, 0x39F7627F, + 0x361E3084, 0xE4EB573B, 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D, + 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C, 0x10843094, 0x2537A95E, + 0xF46F6FFE, 0xA1FF3B1F, 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34, + 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D, 0x8A45388C, 0x1D804366, + 0x721D9BFD, 0xA58684BB, 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4, + 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD, 0xC5D655DD, 0xEB667064, + 0x77840B4D, 0xA1B6A801, 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860, + 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755, 0xB5625DBF, 0x68561BE6, + 0x83CA6B94, 0x2D6ED23B, 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709, + 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304, 0x81ED6F61, 0x20E74364, + 0xB45E1378, 0xDE18639B, 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B, + 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C, 0x488CB402, 0x1BA4FE5B, + 0xA4B09F6B, 0x1CA815CF, 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9, + 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C, 0xEE41E729, 0x6E1D2D7C, + 0x50045286, 0x1E6685F3, 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13, + 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9, 0xCDFF33A6, 0xA02B1741, + 0x7CBAD9A2, 0x2180036F, 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB, + 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6, 0xCDF0B680, 0x17844D3B, + 0x31EEF84D, 0x7E0824E4, 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6, + 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43, 0xB3FAEC54, 0x157FD7FA, + 0xEF8579CC, 0xD152DE58, 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8, + 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906, 0xB8DA230C, 0x80823028, + 0xDCDEF3C8, 0xD35FB171, 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D, + 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89, 0x8B1C34BC, 0x301E16E6, + 0x273BE979, 0xB0FFEAA6, 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B, + 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4, 0xDC8637A0, 0x16A7D3B1, + 0x9FC393B7, 0xA7136EEB, 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6, + 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E, 0xDB92F2FB, 0x5EEA29CB, + 0x145892F5, 0x91584F7F, 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA, + 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249, 0xB284600C, 0xD835731D, + 0xDCB1C647, 0xAC4C56EA, 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA, + 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD, 0x649DA589, 0xA345415E, + 0x5C038323, 0x3E5D3BB9, 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF, + 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1 }; + private static final int[] S3 = { + 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907, 0x47607FFF, 0x369FE44B, + 0x8C1FC644, 0xAECECA90, 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE, + 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5, 0x11107D9F, 0x07647DB9, + 0xB2E3E4D4, 0x3D4F285E, 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E, + 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC, 0x21FFFCEE, 0x825B1BFD, + 0x9255C5ED, 0x1257A240, 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E, + 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5, 0xA8C01DB7, 0x579FC264, + 0x67094F31, 0xF2BD3F5F, 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B, + 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99, 0xA197C81C, 0x4A012D6E, + 0xC5884A28, 0xCCC36F71, 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F, + 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04, 0xA747D2D0, 0x1651192E, + 0xAF70BF3E, 0x58C31380, 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82, + 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8, 0x8427F4A0, 0x1EAC5790, + 0x796FB449, 0x8252DC15, 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504, + 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2, 0x23EFE941, 0xA903F12E, + 0x60270DF2, 0x0276E4B6, 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176, + 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E, 0x842F7D83, 0x340CE5C8, + 0x96BBB682, 0x93B4B148, 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D, + 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC, 0x8B907CEE, 0xB51FD240, + 0xE7C07CE3, 0xE566B4A1, 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341, + 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C, 0xF76CEDD9, 0xBDA8229C, + 0x127DADAA, 0x438A074E, 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15, + 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51, 0x68CC7BFB, 0xD90F2788, + 0x12490181, 0x5DE5FFD4, 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F, + 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B, 0x6D498623, 0x193CBCFA, + 0x27627545, 0x825CF47A, 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392, + 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B, 0x285BA1C8, 0x3C62F44F, + 0x35C0EAA5, 0xE805D231, 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B, + 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889, 0x694BCC11, 0x236A5CAE, + 0x12DECA4D, 0x2C3F8CC5, 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67, + 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45, 0x3A609437, 0xEC00C9A9, + 0x44715253, 0x0A874B49, 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536, + 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D, 0x07478CD1, 0x006E1888, + 0xA2E53F55, 0xB9E6D4BC, 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D, + 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0, 0x947B0001, 0x570075D2, + 0xF9BB88F8, 0x8942019E, 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69, + 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767, 0xCF1FEBD2, 0x61EFC8C2, + 0xF1AC2571, 0xCC8239C2, 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE, + 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49, 0x5727C148, 0x2BE98A1D, + 0x8AB41738, 0x20E1BE24, 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D, + 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0, 0x642B1E31, 0x9C305A00, + 0x52BCE688, 0x1B03588A, 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5, + 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783 }; + private static final int[] S4 = { + 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298, 0x4A4F7BDB, 0x64AD8C57, + 0x85510443, 0xFA020ED1, 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120, + 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF, 0x28147F5F, 0x4FA2B8CD, + 0xC9430040, 0x0CC32220, 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15, + 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE, 0x1A05645F, 0x0C13FEFE, + 0x081B08CA, 0x05170121, 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701, + 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25, 0xCE84FFDF, 0xF5718801, + 0x3DD64B04, 0xA26F263B, 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5, + 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93, 0xD3772061, 0x11B638E1, + 0x72500E03, 0xF80EB2BB, 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746, + 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5, 0x4D351805, 0x7F3D5CE3, + 0xA6C866C6, 0x5D5BCCA9, 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D, + 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB, 0x022083B8, 0x3FB6180C, + 0x18F8931E, 0x281658E6, 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C, + 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23, 0x69DEAD38, 0x1574CA16, + 0xDF871B62, 0x211C40B7, 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003, + 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340, 0x557BE8DE, 0x00EAE4A7, + 0x0CE5C2EC, 0x4DB4BBA6, 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327, + 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119, 0x6E85CB75, 0xBE07C002, + 0xC2325577, 0x893FF4EC, 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24, + 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205, 0xAAC9548A, 0xECA1D7C7, + 0x041AFA32, 0x1D16625A, 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031, + 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79, 0x026A4CEB, 0x52437EFF, + 0x2F8F76B4, 0x0DF980A5, 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF, + 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C, 0x1741A254, 0xE5B6A035, + 0x213D42F6, 0x2C1C7C26, 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69, + 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB, 0x63315C21, 0x5E0A72EC, + 0x49BAFEFD, 0x187908D9, 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7, + 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF, 0x71EAE2A1, 0x1F9AF36E, + 0xCFCBD12F, 0xC1DE8417, 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3, + 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2, 0x6F7DE532, 0x58FD7EB6, + 0xD01EE900, 0x24ADFFC2, 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2, + 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF, 0x29908415, 0x7FBB977F, + 0xAF9EB3DB, 0x29C9ED2A, 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091, + 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919, 0x77079103, 0xDEA03AF6, + 0x78A8565E, 0xDEE356DF, 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF, + 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF, 0xAFE67AFB, 0xF470C4B2, + 0xF3E0EB5B, 0xD6CC9876, 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367, + 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB, 0xB5676E69, 0x9BD3DDDA, + 0xDF7E052F, 0xDB25701C, 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04, + 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43, 0x41823979, 0x932BCDF6, + 0xB657C34D, 0x4EDFD282, 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E, + 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2 }; + private static final int[] S5 = { + 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911, 0xB86A7FFF, 0x1DD358F5, + 0x44DD9D44, 0x1731167F, 0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00, + 0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A, 0xE6A2E77F, 0xF0C720CD, + 0xC4494816, 0xCCF5C180, 0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF, + 0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2, 0x4E40B48D, 0x248EB6FB, + 0x8DBA1CFE, 0x41A99B02, 0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725, + 0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A, 0xF2F3F763, 0x68AF8040, + 0xED0C9E56, 0x11B4958B, 0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7, + 0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571, 0x0C05372A, 0x578535F2, + 0x2261BE02, 0xD642A0C9, 0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC, + 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981, 0x5C1FF900, 0xFE38D399, + 0x0C4EFF0B, 0x062407EA, 0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774, + 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263, 0xDF65001F, 0x0EC50966, + 0xDFDD55BC, 0x29DE0655, 0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468, + 0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2, 0xBCF3F0AA, 0x87AC36E9, + 0xE53A7426, 0x01B3D82B, 0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910, + 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284, 0x636737B6, 0x50F5B616, + 0xF24766E3, 0x8ECA36C1, 0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4, + 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA, 0x26E46695, 0xB7566419, + 0xF654EFC5, 0xD08D58B7, 0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049, + 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE, 0xC62BF3CD, 0x9E0885F9, + 0x68CB3E47, 0x086C010F, 0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6, + 0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA, 0x0AB378D5, 0xD951FB0C, + 0xDED7DA56, 0x4124BBE4, 0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE, + 0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561, 0xC3DC0280, 0x05687715, + 0x646C6BD7, 0x44904DB3, 0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6, + 0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840, 0x76F0AE02, 0x083BE84D, + 0x28421C9A, 0x44489406, 0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4, + 0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472, 0x3CA5D717, 0x7D161BBA, + 0x9CAD9010, 0xAF462BA2, 0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487, + 0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7, 0x445F7382, 0x175683F4, + 0xCDC66A97, 0x70BE0288, 0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5, + 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2, 0x1C5C1572, 0xF6721B2C, + 0x1AD2FFF3, 0x8C25404E, 0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78, + 0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E, 0x44094F85, 0x3F481D87, + 0xFCFEAE7B, 0x77B5FF76, 0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801, + 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0, 0xDF3B0874, 0x95055110, + 0x1B5AD7A8, 0xF61ED5AD, 0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58, + 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0, 0x5CE96C28, 0xE176EDA3, + 0x6BAC307F, 0x376829D2, 0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20, + 0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE, 0xF9E0659A, 0xEEB9491D, + 0x34010718, 0xBB30CAB8, 0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55, + 0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4 }; + private static final int[] S6 = { + 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C, 0x95DB08E7, 0x016843B4, + 0xECED5CBC, 0x325553AC, 0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9, + 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138, 0x33F14961, 0xC01937BD, + 0xF506C6DA, 0xE4625E7E, 0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367, + 0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866, 0xA084DB2D, 0x09A8486F, + 0xA888614A, 0x2900AF98, 0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C, + 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072, 0xFD41197E, 0x9305A6B0, + 0xE86BE3DA, 0x74BED3CD, 0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3, + 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53, 0x5C3D9C01, 0x64BDB941, + 0x2C0E636A, 0xBA7DD9CD, 0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D, + 0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8, 0x284CAF89, 0xAA928223, + 0x9334BE53, 0x3B3A21BF, 0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9, + 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807, 0x5B7C5ECC, 0x221DB3A6, + 0x9A69A02F, 0x68818A54, 0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A, + 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387, 0x53BDDB65, 0xE76FFBE7, + 0xE967FD78, 0x0BA93563, 0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC, + 0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0, 0xE81F994F, 0x9528CD89, + 0xFD339FED, 0xB87834BF, 0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE, + 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF, 0x4EC75B95, 0x24F2C3C0, + 0x42D15D99, 0xCD0D7FA0, 0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F, + 0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2, 0x372B74AF, 0x692573E4, + 0xE9A9D848, 0xF3160289, 0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853, + 0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950, 0x36F73523, 0x4CFB6E87, + 0x7DA4CEC0, 0x6C152DAA, 0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F, + 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9, 0x2B05D08D, 0x48B9D585, + 0xDC049441, 0xC8098F9B, 0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751, + 0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE, 0xBF32679D, 0xD45B5B75, + 0xB353FD00, 0xCBB0E358, 0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13, + 0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397, 0x47CF8E7A, 0xB6C85283, + 0x3CC2ACFB, 0x3FC06976, 0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459, + 0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0, 0x3007CD3E, 0x74719EEF, + 0xDC872681, 0x073340D4, 0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891, + 0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F, 0x6FE4AC98, 0xB173ECC0, + 0xBC60B42A, 0x953498DA, 0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB, + 0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC, 0xE8816F4A, 0x3814F200, + 0xA3F94043, 0x9C7A54C2, 0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084, + 0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB, 0xBA5AC7B5, 0xB6F6DEAF, + 0x3A479C3A, 0x5302DA25, 0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B, + 0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121, 0xB81A928A, 0x60ED5869, + 0x97C55B96, 0xEAEC991B, 0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5, + 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855, 0xD36B4CF1, 0xF544EDEB, + 0xB0E93524, 0xBEBB8FBD, 0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454, + 0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F }; + private static final int[] S7 = { + 0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693, 0x2A8D7F6F, 0xAB9BC912, + 0xDE6008A1, 0x2028DA1F, 0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82, + 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE, 0xA05FBCF6, 0xCD4181E9, + 0xE150210C, 0xE24EF1BD, 0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43, + 0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F, 0x089766BE, 0xBAEEADF4, + 0x1286BECF, 0xB6EACB19, 0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9, + 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2, 0x107789BE, 0xB3B2E9CE, + 0x0502AA8F, 0x0BC0351E, 0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516, + 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83, 0x334266CE, 0x8C9341B7, + 0xD0D854C0, 0xCB3A6C88, 0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E, + 0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816, 0x0A961288, 0xE1A5C06E, + 0x13749E67, 0x72FC081A, 0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756, + 0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F, 0xBC8EC511, 0x38BC46E9, + 0xC6E6FA14, 0xBAE8584A, 0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B, + 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264, 0x92544A8B, 0x009B4FC3, + 0xABA68CED, 0x9AC96F78, 0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688, + 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D, 0xF7DEBB85, 0x61FE033C, + 0x16746233, 0x3C034C28, 0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802, + 0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3, 0x0C4FB99A, 0xBB325778, + 0x3EC6D97B, 0x6E77A6A9, 0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7, + 0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302, 0xB96D8C32, 0xEBD4E7BE, + 0xBE8B9D2D, 0x7979FB06, 0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858, + 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033, 0xF28EBFB0, 0xF5B9C310, + 0xA0EAC280, 0x08B9767A, 0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A, + 0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4, 0x826D2BEF, 0x4EEB8476, + 0x488DCF25, 0x36C9D566, 0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF, + 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509, 0xF22B017D, 0xA4173F70, + 0xDD1E16C3, 0x15E0D7F9, 0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962, + 0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C, 0x93D29A22, 0xE32DBF9A, + 0x058745B9, 0x3453DC1E, 0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07, + 0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C, 0x66626C1C, 0x7154C24C, + 0xEA082B2A, 0x93EB2939, 0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C, + 0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E, 0xD3A0C108, 0xA1E7160E, + 0xE4F2DFA6, 0x693ED285, 0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378, + 0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301, 0xC79F022F, 0x3C997E7E, + 0x5E4F9504, 0x3FFAFBBD, 0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE, + 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567, 0x5592A33D, 0xB5229301, + 0xCFD2A87F, 0x60AEB767, 0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2, + 0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647, 0x97FD61A9, 0xEA7759F4, + 0x2D57539D, 0x569A58CF, 0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914, + 0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2, 0x3FFA50BC, 0x3D40F021, + 0xC3C0BDAE, 0x4958C24C, 0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA, + 0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3 }; + private static final int[] S8 = { + 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095, 0x7789F8B7, 0xE6C1121B, + 0x0E241600, 0x052CE8B5, 0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174, + 0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC, 0xDE9ADEB1, 0x0A0CC32C, + 0xBE197029, 0x84A00940, 0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD, + 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42, 0xC7ECE831, 0x3F8F95E7, + 0x72DF191B, 0x7580330D, 0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164, + 0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2, 0x12A8DDEC, 0xFDAA335D, + 0x176F43E8, 0x71FB46D4, 0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862, + 0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0, 0x4CFDE06F, 0xC28EC4B8, + 0x57E8726E, 0x647A78FC, 0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6, + 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C, 0xBBD35049, 0x2998DF04, + 0x980CF42A, 0x9B6DF491, 0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E, + 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B, 0x3CF1D2E2, 0x19B47A38, + 0x424F7618, 0x35856039, 0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8, + 0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8, 0x7170C608, 0x2D5E3354, + 0xD4DE495A, 0x64C6D006, 0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42, + 0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564, 0xF8D7E54E, 0x3E378160, + 0x7895CDA5, 0x859C15A5, 0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB, + 0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472, 0x835FFCB8, 0x6DF4C1F2, + 0x96F5B195, 0xFD0AF0FC, 0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225, + 0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8, 0xC4618187, 0xEA7A6E98, + 0x7CD16EFC, 0x1436876C, 0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441, + 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB, 0xA842EEDF, 0xFDBA60B4, + 0xF1907B75, 0x20E3030F, 0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054, + 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504, 0xF1E47D8D, 0x844A1BE5, + 0xBAE7DFDC, 0x42CBDA70, 0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C, + 0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC, 0x77853B53, 0x37EFFCB5, + 0xC5068778, 0xE580B3E6, 0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C, + 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD, 0xDD06CAA2, 0x37DF932B, + 0xC4248289, 0xACF3EBC3, 0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4, + 0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4, 0xE87B40E4, 0xE98EA084, + 0x5889E9E1, 0xEFD390FC, 0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101, + 0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA, 0x646F1282, 0x7523D24A, + 0xE0779695, 0xF9C17A8F, 0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF, + 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E, 0x11403092, 0x00DA6D77, + 0x4A0CDD61, 0xAD1F4603, 0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A, + 0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37, 0x2DE705CA, 0x8951570F, + 0xDF09822B, 0xBD691A6C, 0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819, + 0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384, 0x5938FA0F, 0x42399EF3, + 0x36997B07, 0x0E84093D, 0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C, + 0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347, 0x589E8D82, 0x0D2059D1, + 0xA466BB1E, 0xF8DA0A82, 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D, + 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E }; private static final int _12_ROUNDS = 12; - private static final int _16_ROUNDS = 16; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public Cast5() { super(Registry.CAST5_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - /** * Assuming the input is a 32-bit block organised as: b31b30b29...b0, this * method returns an array of 4 Java ints, containing from position 0 onward @@ -848,26 +485,17 @@ public class Cast5 extends BaseCipher return new int[] { x >>> 24, (x >>> 16) & 0xFF, (x >>> 8) & 0xFF, x & 0xFF }; } - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { Cast5 result = new Cast5(); result.currentBlockSize = this.currentBlockSize; - return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(DEFAULT_BLOCK_SIZE)); - + al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE)); return Collections.unmodifiableList(al).iterator(); } @@ -875,49 +503,43 @@ public class Cast5 extends BaseCipher { ArrayList al = new ArrayList(); for (int n = 5; n < 17; n++) - { - al.add(new Integer(n)); - } - + al.add(Integer.valueOf(n)); return Collections.unmodifiableList(al).iterator(); } public Object makeKey(byte[] uk, int bs) throws InvalidKeyException { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); if (uk == null) - { - throw new InvalidKeyException("Empty key"); - } + throw new InvalidKeyException("Empty key"); int len = uk.length; if (len < 5 || len > 16) - { - throw new InvalidKeyException( - "Key size (in bytes) is not in the range [5..16]"); - } - + throw new InvalidKeyException("Key size (in bytes) is not in the range [5..16]"); Cast5Key result = new Cast5Key(); result.rounds = (len < 11) ? _12_ROUNDS : _16_ROUNDS; byte[] kk = new byte[16]; System.arraycopy(uk, 0, kk, 0, len); - int z0z1z2z3, z4z5z6z7, z8z9zAzB, zCzDzEzF; int z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, zA, zB, zC, zD, zE, zF; int x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xA, xB, xC, xD, xE, xF; int[] b; - - int x0x1x2x3 = kk[0] << 24 | (kk[1] & 0xFF) << 16 | (kk[2] & 0xFF) << 8 - | (kk[3] & 0xFF); - int x4x5x6x7 = kk[4] << 24 | (kk[5] & 0xFF) << 16 | (kk[6] & 0xFF) << 8 - | (kk[7] & 0xFF); - int x8x9xAxB = kk[8] << 24 | (kk[9] & 0xFF) << 16 | (kk[10] & 0xFF) << 8 - | (kk[11] & 0xFF); - int xCxDxExF = kk[12] << 24 | (kk[13] & 0xFF) << 16 | (kk[14] & 0xFF) << 8 - | (kk[15] & 0xFF); - + int x0x1x2x3 = kk[0 ] << 24 + | (kk[1 ] & 0xFF) << 16 + | (kk[2 ] & 0xFF) << 8 + | (kk[3 ] & 0xFF); + int x4x5x6x7 = kk[4 ] << 24 + | (kk[5 ] & 0xFF) << 16 + | (kk[6 ] & 0xFF) << 8 + | (kk[7 ] & 0xFF); + int x8x9xAxB = kk[8 ] << 24 + | (kk[9 ] & 0xFF) << 16 + | (kk[10] & 0xFF) << 8 + | (kk[11] & 0xFF); + int xCxDxExF = kk[12] << 24 + | (kk[13] & 0xFF) << 16 + | (kk[14] & 0xFF) << 8 + | (kk[15] & 0xFF); b = unscramble(x0x1x2x3); x0 = b[0]; x1 = b[1]; @@ -938,7 +560,6 @@ public class Cast5 extends BaseCipher xD = b[1]; xE = b[2]; xF = b[3]; - z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]; b = unscramble(z0z1z2z3); z0 = b[0]; @@ -963,12 +584,10 @@ public class Cast5 extends BaseCipher zD = b[1]; zE = b[2]; zF = b[3]; - result.Km0 = S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]; result.Km1 = S5[zA] ^ S6[zB] ^ S7[z5] ^ S8[z4] ^ S6[z6]; result.Km2 = S5[zC] ^ S6[zD] ^ S7[z3] ^ S8[z2] ^ S7[z9]; result.Km3 = S5[zE] ^ S6[zF] ^ S7[z1] ^ S8[z0] ^ S8[zC]; - x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0]; b = unscramble(x0x1x2x3); x0 = b[0]; @@ -993,12 +612,10 @@ public class Cast5 extends BaseCipher xD = b[1]; xE = b[2]; xF = b[3]; - result.Km4 = S5[x3] ^ S6[x2] ^ S7[xC] ^ S8[xD] ^ S5[x8]; result.Km5 = S5[x1] ^ S6[x0] ^ S7[xE] ^ S8[xF] ^ S6[xD]; result.Km6 = S5[x7] ^ S6[x6] ^ S7[x8] ^ S8[x9] ^ S7[x3]; result.Km7 = S5[x5] ^ S6[x4] ^ S7[xA] ^ S8[xB] ^ S8[x7]; - z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]; b = unscramble(z0z1z2z3); z0 = b[0]; @@ -1023,12 +640,10 @@ public class Cast5 extends BaseCipher zD = b[1]; zE = b[2]; zF = b[3]; - result.Km8 = S5[z3] ^ S6[z2] ^ S7[zC] ^ S8[zD] ^ S5[z9]; result.Km9 = S5[z1] ^ S6[z0] ^ S7[zE] ^ S8[zF] ^ S6[zC]; result.Km10 = S5[z7] ^ S6[z6] ^ S7[z8] ^ S8[z9] ^ S7[z2]; result.Km11 = S5[z5] ^ S6[z4] ^ S7[zA] ^ S8[zB] ^ S8[z6]; - x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0]; b = unscramble(x0x1x2x3); x0 = b[0]; @@ -1053,17 +668,14 @@ public class Cast5 extends BaseCipher xD = b[1]; xE = b[2]; xF = b[3]; - result.Km12 = S5[x8] ^ S6[x9] ^ S7[x7] ^ S8[x6] ^ S5[x3]; result.Km13 = S5[xA] ^ S6[xB] ^ S7[x5] ^ S8[x4] ^ S6[x7]; result.Km14 = S5[xC] ^ S6[xD] ^ S7[x3] ^ S8[x2] ^ S7[x8]; result.Km15 = S5[xE] ^ S6[xF] ^ S7[x1] ^ S8[x0] ^ S8[xD]; - // The remaining half is identical to what is given above, carrying on // from the last created x0..xF to generate keys K17 - K32. These keys // will be used as the 'rotation' keys and as such only the five least // significant bits are to be considered. - z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]; b = unscramble(z0z1z2z3); z0 = b[0]; @@ -1088,12 +700,10 @@ public class Cast5 extends BaseCipher zD = b[1]; zE = b[2]; zF = b[3]; - result.Kr0 = (S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]) & 0x1F; result.Kr1 = (S5[zA] ^ S6[zB] ^ S7[z5] ^ S8[z4] ^ S6[z6]) & 0x1F; result.Kr2 = (S5[zC] ^ S6[zD] ^ S7[z3] ^ S8[z2] ^ S7[z9]) & 0x1F; result.Kr3 = (S5[zE] ^ S6[zF] ^ S7[z1] ^ S8[z0] ^ S8[zC]) & 0x1F; - x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0]; b = unscramble(x0x1x2x3); x0 = b[0]; @@ -1118,12 +728,10 @@ public class Cast5 extends BaseCipher xD = b[1]; xE = b[2]; xF = b[3]; - result.Kr4 = (S5[x3] ^ S6[x2] ^ S7[xC] ^ S8[xD] ^ S5[x8]) & 0x1F; result.Kr5 = (S5[x1] ^ S6[x0] ^ S7[xE] ^ S8[xF] ^ S6[xD]) & 0x1F; result.Kr6 = (S5[x7] ^ S6[x6] ^ S7[x8] ^ S8[x9] ^ S7[x3]) & 0x1F; result.Kr7 = (S5[x5] ^ S6[x4] ^ S7[xA] ^ S8[xB] ^ S8[x7]) & 0x1F; - z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]; b = unscramble(z0z1z2z3); z0 = b[0]; @@ -1148,12 +756,10 @@ public class Cast5 extends BaseCipher zD = b[1]; zE = b[2]; zF = b[3]; - result.Kr8 = (S5[z3] ^ S6[z2] ^ S7[zC] ^ S8[zD] ^ S5[z9]) & 0x1F; result.Kr9 = (S5[z1] ^ S6[z0] ^ S7[zE] ^ S8[zF] ^ S6[zC]) & 0x1F; result.Kr10 = (S5[z7] ^ S6[z6] ^ S7[z8] ^ S8[z9] ^ S7[z2]) & 0x1F; result.Kr11 = (S5[z5] ^ S6[z4] ^ S7[zA] ^ S8[zB] ^ S8[z6]) & 0x1F; - x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0]; b = unscramble(x0x1x2x3); x0 = b[0]; @@ -1178,23 +784,19 @@ public class Cast5 extends BaseCipher xD = b[1]; xE = b[2]; xF = b[3]; - result.Kr12 = (S5[x8] ^ S6[x9] ^ S7[x7] ^ S8[x6] ^ S5[x3]) & 0x1F; result.Kr13 = (S5[xA] ^ S6[xB] ^ S7[x5] ^ S8[x4] ^ S6[x7]) & 0x1F; result.Kr14 = (S5[xC] ^ S6[xD] ^ S7[x3] ^ S8[x2] ^ S7[x8]) & 0x1F; result.Kr15 = (S5[xE] ^ S6[xF] ^ S7[x1] ^ S8[x0] ^ S8[xD]) & 0x1F; - return result; } /** - * <p>The full encryption algorithm is given in the following four steps.</p> - * + * The full encryption algorithm is given in the following four steps. * <pre> * INPUT: plaintext m1...m64; key K = k1...k128. * OUTPUT: ciphertext c1...c64. * </pre> - * * <ol> * <li>(key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from a user * key (see makeKey() method).</li> @@ -1210,13 +812,12 @@ public class Cast5 extends BaseCipher * <li>c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and * concatenate to form the ciphertext.)</li> * </ol> - * - * <p>Decryption is identical to the encryption algorithm given above, except + * <p> + * Decryption is identical to the encryption algorithm given above, except * that the rounds (and therefore the subkey pairs) are used in reverse order - * to compute (L0,R0) from (R16,L16).</p> - * - * <p>Looking at the iterations/rounds in pairs we have:</p> - * + * to compute (L0,R0) from (R16,L16). + * <p> + * Looking at the iterations/rounds in pairs we have: * <pre> * (1a) Li = Ri-1; * (1b) Ri = Li-1 ^ Fi(Ri-1); @@ -1249,16 +850,16 @@ public class Cast5 extends BaseCipher public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); Cast5Key K = (Cast5Key) k; - - int L = (in[i++] & 0xFF) << 24 | (in[i++] & 0xFF) << 16 - | (in[i++] & 0xFF) << 8 | in[i++] & 0xFF; - int R = (in[i++] & 0xFF) << 24 | (in[i++] & 0xFF) << 16 - | (in[i++] & 0xFF) << 8 | in[i] & 0xFF; - + int L = (in[i++] & 0xFF) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | in[i++] & 0xFF; + int R = (in[i++] & 0xFF) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | in[i ] & 0xFF; L ^= f1(R, K.Km0, K.Kr0); R ^= f2(L, K.Km1, K.Kr1); // round 2 L ^= f3(R, K.Km2, K.Kr2); @@ -1278,30 +879,29 @@ public class Cast5 extends BaseCipher L ^= f3(R, K.Km14, K.Kr14); R ^= f1(L, K.Km15, K.Kr15); // round 16 } - - out[j++] = (byte) (R >>> 24); - out[j++] = (byte) (R >>> 16); - out[j++] = (byte) (R >>> 8); + out[j++] = (byte)(R >>> 24); + out[j++] = (byte)(R >>> 16); + out[j++] = (byte)(R >>> 8); out[j++] = (byte) R; - out[j++] = (byte) (L >>> 24); - out[j++] = (byte) (L >>> 16); - out[j++] = (byte) (L >>> 8); - out[j] = (byte) L; + out[j++] = (byte)(L >>> 24); + out[j++] = (byte)(L >>> 16); + out[j++] = (byte)(L >>> 8); + out[j ] = (byte) L; } public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); Cast5Key K = (Cast5Key) k; - - int L = (in[i++] & 0xFF) << 24 | (in[i++] & 0xFF) << 16 - | (in[i++] & 0xFF) << 8 | in[i++] & 0xFF; - int R = (in[i++] & 0xFF) << 24 | (in[i++] & 0xFF) << 16 - | (in[i++] & 0xFF) << 8 | in[i] & 0xFF; - + int L = (in[i++] & 0xFF) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | in[i++] & 0xFF; + int R = (in[i++] & 0xFF) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | in[i ] & 0xFF; if (K.rounds == _16_ROUNDS) { L ^= f1(R, K.Km15, K.Kr15); @@ -1321,15 +921,14 @@ public class Cast5 extends BaseCipher R ^= f3(L, K.Km2, K.Kr2); L ^= f2(R, K.Km1, K.Kr1); R ^= f1(L, K.Km0, K.Kr0); - - out[j++] = (byte) (R >>> 24); - out[j++] = (byte) (R >>> 16); - out[j++] = (byte) (R >>> 8); + out[j++] = (byte)(R >>> 24); + out[j++] = (byte)(R >>> 16); + out[j++] = (byte)(R >>> 8); out[j++] = (byte) R; - out[j++] = (byte) (L >>> 24); - out[j++] = (byte) (L >>> 16); - out[j++] = (byte) (L >>> 8); - out[j] = (byte) L; + out[j++] = (byte)(L >>> 24); + out[j++] = (byte)(L >>> 16); + out[j++] = (byte)(L >>> 8); + out[j ] = (byte) L; } public boolean selfTest() @@ -1338,54 +937,51 @@ public class Cast5 extends BaseCipher { boolean result = super.selfTest(); // do symmetry tests if (result) - { - result = testKat(KAT_KEY, KAT_CT, KAT_PT); - } + result = testKat(KAT_KEY, KAT_CT, KAT_PT); valid = Boolean.valueOf(result); } return valid.booleanValue(); } - // helper methods ---------------------------------------------------------- - private final int f1(int I, int m, int r) { I = m + I; I = I << r | I >>> (32 - r); - return (((S1[(I >>> 24) & 0xFF]) ^ S2[(I >>> 16) & 0xFF]) - S3[(I >>> 8) & 0xFF]) - + S4[I & 0xFF]; + return (((S1[(I >>> 24) & 0xFF]) + ^ S2[(I >>> 16) & 0xFF]) + - S3[(I >>> 8) & 0xFF]) + + S4[ I & 0xFF]; } private final int f2(int I, int m, int r) { I = m ^ I; I = I << r | I >>> (32 - r); - return (((S1[(I >>> 24) & 0xFF]) - S2[(I >>> 16) & 0xFF]) + S3[(I >>> 8) & 0xFF]) - ^ S4[I & 0xFF]; + return (((S1[(I >>> 24) & 0xFF]) + - S2[(I >>> 16) & 0xFF]) + + S3[(I >>> 8) & 0xFF]) + ^ S4[ I & 0xFF]; } private final int f3(int I, int m, int r) { I = m - I; I = I << r | I >>> (32 - r); - return (((S1[(I >>> 24) & 0xFF]) + S2[(I >>> 16) & 0xFF]) ^ S3[(I >>> 8) & 0xFF]) - - S4[I & 0xFF]; + return (((S1[(I >>> 24) & 0xFF]) + + S2[(I >>> 16) & 0xFF]) + ^ S3[(I >>> 8) & 0xFF]) + - S4[ I & 0xFF]; } - // Inner class(es) - // ========================================================================= - /** An opaque CAST5 key object. */ private class Cast5Key { int rounds; - /** Masking session keys. */ - int Km0, Km1, Km2, Km3, Km4, Km5, Km6, Km7, Km8, Km9, Km10, Km11, Km12, - Km13, Km14, Km15; - + int Km0, Km1, Km2, Km3, Km4, Km5, Km6, Km7, + Km8, Km9, Km10, Km11, Km12, Km13, Km14, Km15; /** Rotation session keys. */ - int Kr0, Kr1, Kr2, Kr3, Kr4, Kr5, Kr6, Kr7, Kr8, Kr9, Kr10, Kr11, Kr12, - Kr13, Kr14, Kr15; + int Kr0, Kr1, Kr2, Kr3, Kr4, Kr5, Kr6, Kr7, + Kr8, Kr9, Kr10, Kr11, Kr12, Kr13, Kr14, Kr15; } } diff --git a/libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java b/libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java index 082bfb8fa2d..d6bb42253b8 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java @@ -45,105 +45,69 @@ import java.util.HashSet; import java.util.Set; /** - * <p>A <i>Factory</i> to instantiate symmetric block cipher instances.</p> + * A <i>Factory</i> to instantiate symmetric block cipher instances. */ -public class CipherFactory implements Registry +public class CipherFactory + implements Registry { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor to enforce Singleton pattern. */ private CipherFactory() { super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a block cipher given its name.</p> - * + * Returns an instance of a block cipher given its name. + * * @param name the case-insensitive name of the symmetric-key block cipher - * algorithm. + * algorithm. * @return an instance of the designated cipher algorithm, or - * <code>null</code> if none is found. - * @exception InternalError if the implementation does not pass its - * self-test. + * <code>null</code> if none is found. + * @exception InternalError if the implementation does not pass its self-test. */ public static final IBlockCipher getInstance(String name) { if (name == null) - { - return null; - } - + return null; name = name.trim(); IBlockCipher result = null; if (name.equalsIgnoreCase(ANUBIS_CIPHER)) - { - result = new Anubis(); - } + result = new Anubis(); else if (name.equalsIgnoreCase(BLOWFISH_CIPHER)) - { - result = new Blowfish(); - } + result = new Blowfish(); else if (name.equalsIgnoreCase(DES_CIPHER)) - { - result = new DES(); - } + result = new DES(); else if (name.equalsIgnoreCase(KHAZAD_CIPHER)) - { - result = new Khazad(); - } + result = new Khazad(); else if (name.equalsIgnoreCase(RIJNDAEL_CIPHER) || name.equalsIgnoreCase(AES_CIPHER)) - { - result = new Rijndael(); - } + result = new Rijndael(); else if (name.equalsIgnoreCase(SERPENT_CIPHER)) - { - result = new Serpent(); - } + result = new Serpent(); else if (name.equalsIgnoreCase(SQUARE_CIPHER)) - { - result = new Square(); - } + result = new Square(); else if (name.equalsIgnoreCase(TRIPLEDES_CIPHER) || name.equalsIgnoreCase(DESEDE_CIPHER)) - { - result = new TripleDES(); - } + result = new TripleDES(); else if (name.equalsIgnoreCase(TWOFISH_CIPHER)) - { - result = new Twofish(); - } + result = new Twofish(); else if (name.equalsIgnoreCase(CAST5_CIPHER) - || (name.equalsIgnoreCase(CAST128_CIPHER) || (name.equalsIgnoreCase(CAST_128_CIPHER)))) - { - result = new Cast5(); - } + || (name.equalsIgnoreCase(CAST128_CIPHER) + || (name.equalsIgnoreCase(CAST_128_CIPHER)))) + result = new Cast5(); else if (name.equalsIgnoreCase(NULL_CIPHER)) - { - result = new NullCipher(); - } + result = new NullCipher(); - if (result != null && !result.selfTest()) - { - throw new InternalError(result.name()); - } + if (result != null && ! result.selfTest()) + throw new InternalError(result.name()); return result; } /** - * <p>Returns a {@link Set} of symmetric key block cipher implementation - * names supported by this <i>Factory</i>.</p> - * + * Returns a {@link Set} of symmetric key block cipher implementation names + * supported by this <i>Factory</i>. + * * @return a {@link Set} of block cipher names (Strings). */ public static final Set getNames() @@ -160,10 +124,6 @@ public class CipherFactory implements Registry hs.add(TWOFISH_CIPHER); hs.add(CAST5_CIPHER); hs.add(NULL_CIPHER); - return Collections.unmodifiableSet(hs); } - - // Instance methods - // ------------------------------------------------------------------------- -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/DES.java b/libjava/classpath/gnu/javax/crypto/cipher/DES.java index 8b7627ceaf8..3ced62c3f40 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/DES.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/DES.java @@ -48,353 +48,169 @@ import java.util.Collections; import java.util.Iterator; /** - * <p>The Data Encryption Standard. DES is a 64-bit block cipher with a 56-bit + * The Data Encryption Standard. DES is a 64-bit block cipher with a 56-bit * key, developed by IBM in the 1970's for the standardization process begun by - * the National Bureau of Standards (now NIST).</p> - * - * <p>New applications should not use DES except for compatibility.</p> - * - * <p>This version is based upon the description and sample implementation in - * [1].</p> - * - * <p>References:</p> + * the National Bureau of Standards (now NIST). + * <p> + * New applications should not use DES except for compatibility. + * <p> + * This version is based upon the description and sample implementation in + * [1]. + * <p> + * References: * <ol> * <li>Bruce Schneier, <i>Applied Cryptography: Protocols, Algorithms, and * Source Code in C, Second Edition</i>. (1996 John Wiley and Sons) ISBN * 0-471-11709-9. Pages 265--301, 623--632.</li> * </ol> */ -public class DES extends BaseCipher +public class DES + extends BaseCipher { - - // Constants and variables - // ------------------------------------------------------------------------- - /** DES operates on 64 bit blocks. */ public static final int BLOCK_SIZE = 8; - /** DES uses 56 bits of a 64 bit parity-adjusted key. */ public static final int KEY_SIZE = 8; - // S-Boxes 1 through 8. - private static final int[] SP1 = new int[] { 0x01010400, 0x00000000, - 0x00010000, 0x01010404, - 0x01010004, 0x00010404, - 0x00000004, 0x00010000, - 0x00000400, 0x01010400, - 0x01010404, 0x00000400, - 0x01000404, 0x01010004, - 0x01000000, 0x00000004, - 0x00000404, 0x01000400, - 0x01000400, 0x00010400, - 0x00010400, 0x01010000, - 0x01010000, 0x01000404, - 0x00010004, 0x01000004, - 0x01000004, 0x00010004, - 0x00000000, 0x00000404, - 0x00010404, 0x01000000, - 0x00010000, 0x01010404, - 0x00000004, 0x01010000, - 0x01010400, 0x01000000, - 0x01000000, 0x00000400, - 0x01010004, 0x00010000, - 0x00010400, 0x01000004, - 0x00000400, 0x00000004, - 0x01000404, 0x00010404, - 0x01010404, 0x00010004, - 0x01010000, 0x01000404, - 0x01000004, 0x00000404, - 0x00010404, 0x01010400, - 0x00000404, 0x01000400, - 0x01000400, 0x00000000, - 0x00010004, 0x00010400, - 0x00000000, 0x01010004 }; - - private static final int[] SP2 = new int[] { 0x80108020, 0x80008000, - 0x00008000, 0x00108020, - 0x00100000, 0x00000020, - 0x80100020, 0x80008020, - 0x80000020, 0x80108020, - 0x80108000, 0x80000000, - 0x80008000, 0x00100000, - 0x00000020, 0x80100020, - 0x00108000, 0x00100020, - 0x80008020, 0x00000000, - 0x80000000, 0x00008000, - 0x00108020, 0x80100000, - 0x00100020, 0x80000020, - 0x00000000, 0x00108000, - 0x00008020, 0x80108000, - 0x80100000, 0x00008020, - 0x00000000, 0x00108020, - 0x80100020, 0x00100000, - 0x80008020, 0x80100000, - 0x80108000, 0x00008000, - 0x80100000, 0x80008000, - 0x00000020, 0x80108020, - 0x00108020, 0x00000020, - 0x00008000, 0x80000000, - 0x00008020, 0x80108000, - 0x00100000, 0x80000020, - 0x00100020, 0x80008020, - 0x80000020, 0x00100020, - 0x00108000, 0x00000000, - 0x80008000, 0x00008020, - 0x80000000, 0x80100020, - 0x80108020, 0x00108000 }; - - private static final int[] SP3 = new int[] { 0x00000208, 0x08020200, - 0x00000000, 0x08020008, - 0x08000200, 0x00000000, - 0x00020208, 0x08000200, - 0x00020008, 0x08000008, - 0x08000008, 0x00020000, - 0x08020208, 0x00020008, - 0x08020000, 0x00000208, - 0x08000000, 0x00000008, - 0x08020200, 0x00000200, - 0x00020200, 0x08020000, - 0x08020008, 0x00020208, - 0x08000208, 0x00020200, - 0x00020000, 0x08000208, - 0x00000008, 0x08020208, - 0x00000200, 0x08000000, - 0x08020200, 0x08000000, - 0x00020008, 0x00000208, - 0x00020000, 0x08020200, - 0x08000200, 0x00000000, - 0x00000200, 0x00020008, - 0x08020208, 0x08000200, - 0x08000008, 0x00000200, - 0x00000000, 0x08020008, - 0x08000208, 0x00020000, - 0x08000000, 0x08020208, - 0x00000008, 0x00020208, - 0x00020200, 0x08000008, - 0x08020000, 0x08000208, - 0x00000208, 0x08020000, - 0x00020208, 0x00000008, - 0x08020008, 0x00020200 }; - - private static final int[] SP4 = new int[] { 0x00802001, 0x00002081, - 0x00002081, 0x00000080, - 0x00802080, 0x00800081, - 0x00800001, 0x00002001, - 0x00000000, 0x00802000, - 0x00802000, 0x00802081, - 0x00000081, 0x00000000, - 0x00800080, 0x00800001, - 0x00000001, 0x00002000, - 0x00800000, 0x00802001, - 0x00000080, 0x00800000, - 0x00002001, 0x00002080, - 0x00800081, 0x00000001, - 0x00002080, 0x00800080, - 0x00002000, 0x00802080, - 0x00802081, 0x00000081, - 0x00800080, 0x00800001, - 0x00802000, 0x00802081, - 0x00000081, 0x00000000, - 0x00000000, 0x00802000, - 0x00002080, 0x00800080, - 0x00800081, 0x00000001, - 0x00802001, 0x00002081, - 0x00002081, 0x00000080, - 0x00802081, 0x00000081, - 0x00000001, 0x00002000, - 0x00800001, 0x00002001, - 0x00802080, 0x00800081, - 0x00002001, 0x00002080, - 0x00800000, 0x00802001, - 0x00000080, 0x00800000, - 0x00002000, 0x00802080 }; - - private static final int[] SP5 = new int[] { 0x00000100, 0x02080100, - 0x02080000, 0x42000100, - 0x00080000, 0x00000100, - 0x40000000, 0x02080000, - 0x40080100, 0x00080000, - 0x02000100, 0x40080100, - 0x42000100, 0x42080000, - 0x00080100, 0x40000000, - 0x02000000, 0x40080000, - 0x40080000, 0x00000000, - 0x40000100, 0x42080100, - 0x42080100, 0x02000100, - 0x42080000, 0x40000100, - 0x00000000, 0x42000000, - 0x02080100, 0x02000000, - 0x42000000, 0x00080100, - 0x00080000, 0x42000100, - 0x00000100, 0x02000000, - 0x40000000, 0x02080000, - 0x42000100, 0x40080100, - 0x02000100, 0x40000000, - 0x42080000, 0x02080100, - 0x40080100, 0x00000100, - 0x02000000, 0x42080000, - 0x42080100, 0x00080100, - 0x42000000, 0x42080100, - 0x02080000, 0x00000000, - 0x40080000, 0x42000000, - 0x00080100, 0x02000100, - 0x40000100, 0x00080000, - 0x00000000, 0x40080000, - 0x02080100, 0x40000100 }; - - private static final int[] SP6 = new int[] { 0x20000010, 0x20400000, - 0x00004000, 0x20404010, - 0x20400000, 0x00000010, - 0x20404010, 0x00400000, - 0x20004000, 0x00404010, - 0x00400000, 0x20000010, - 0x00400010, 0x20004000, - 0x20000000, 0x00004010, - 0x00000000, 0x00400010, - 0x20004010, 0x00004000, - 0x00404000, 0x20004010, - 0x00000010, 0x20400010, - 0x20400010, 0x00000000, - 0x00404010, 0x20404000, - 0x00004010, 0x00404000, - 0x20404000, 0x20000000, - 0x20004000, 0x00000010, - 0x20400010, 0x00404000, - 0x20404010, 0x00400000, - 0x00004010, 0x20000010, - 0x00400000, 0x20004000, - 0x20000000, 0x00004010, - 0x20000010, 0x20404010, - 0x00404000, 0x20400000, - 0x00404010, 0x20404000, - 0x00000000, 0x20400010, - 0x00000010, 0x00004000, - 0x20400000, 0x00404010, - 0x00004000, 0x00400010, - 0x20004010, 0x00000000, - 0x20404000, 0x20000000, - 0x00400010, 0x20004010 }; - - private static final int[] SP7 = new int[] { 0x00200000, 0x04200002, - 0x04000802, 0x00000000, - 0x00000800, 0x04000802, - 0x00200802, 0x04200800, - 0x04200802, 0x00200000, - 0x00000000, 0x04000002, - 0x00000002, 0x04000000, - 0x04200002, 0x00000802, - 0x04000800, 0x00200802, - 0x00200002, 0x04000800, - 0x04000002, 0x04200000, - 0x04200800, 0x00200002, - 0x04200000, 0x00000800, - 0x00000802, 0x04200802, - 0x00200800, 0x00000002, - 0x04000000, 0x00200800, - 0x04000000, 0x00200800, - 0x00200000, 0x04000802, - 0x04000802, 0x04200002, - 0x04200002, 0x00000002, - 0x00200002, 0x04000000, - 0x04000800, 0x00200000, - 0x04200800, 0x00000802, - 0x00200802, 0x04200800, - 0x00000802, 0x04000002, - 0x04200802, 0x04200000, - 0x00200800, 0x00000000, - 0x00000002, 0x04200802, - 0x00000000, 0x00200802, - 0x04200000, 0x00000800, - 0x04000002, 0x04000800, - 0x00000800, 0x00200002 }; - - private static final int[] SP8 = new int[] { 0x10001040, 0x00001000, - 0x00040000, 0x10041040, - 0x10000000, 0x10001040, - 0x00000040, 0x10000000, - 0x00040040, 0x10040000, - 0x10041040, 0x00041000, - 0x10041000, 0x00041040, - 0x00001000, 0x00000040, - 0x10040000, 0x10000040, - 0x10001000, 0x00001040, - 0x00041000, 0x00040040, - 0x10040040, 0x10041000, - 0x00001040, 0x00000000, - 0x00000000, 0x10040040, - 0x10000040, 0x10001000, - 0x00041040, 0x00040000, - 0x00041040, 0x00040000, - 0x10041000, 0x00001000, - 0x00000040, 0x10040040, - 0x00001000, 0x00041040, - 0x10001000, 0x00000040, - 0x10000040, 0x10040000, - 0x10040040, 0x10000000, - 0x00040000, 0x10001040, - 0x00000000, 0x10041040, - 0x00040040, 0x10000040, - 0x10040000, 0x10001000, - 0x10001040, 0x00000000, - 0x10041040, 0x00041000, - 0x00041000, 0x00001040, - 0x00001040, 0x00040040, - 0x10000000, 0x10041000 }; - + private static final int[] SP1 = new int[] { + 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, + 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, + 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, + 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, + 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, + 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, + 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, + 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, + 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, + 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, + 0x00010004, 0x00010400, 0x00000000, 0x01010004 }; + private static final int[] SP2 = new int[] { + 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, + 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, + 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, + 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, + 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, + 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, + 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, + 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, + 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, + 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, + 0x80000000, 0x80100020, 0x80108020, 0x00108000 }; + private static final int[] SP3 = new int[] { + 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, + 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, + 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, + 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, + 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, + 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, + 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, + 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, + 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, + 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, + 0x00020208, 0x00000008, 0x08020008, 0x00020200 }; + private static final int[] SP4 = new int[] { + 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, + 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, + 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, + 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, + 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, + 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, + 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, + 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, + 0x00000080, 0x00800000, 0x00002000, 0x00802080 }; + private static final int[] SP5 = new int[] { + 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, + 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, + 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, + 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, + 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, + 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, + 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, + 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, + 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, + 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, + 0x00000000, 0x40080000, 0x02080100, 0x40000100 }; + private static final int[] SP6 = new int[] { + 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, + 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, + 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, + 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, + 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, + 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, + 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, + 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, + 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, + 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, + 0x20404000, 0x20000000, 0x00400010, 0x20004010 }; + private static final int[] SP7 = new int[] { + 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, + 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, + 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, + 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, + 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, + 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, + 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, + 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, + 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, + 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, + 0x04000002, 0x04000800, 0x00000800, 0x00200002 }; + private static final int[] SP8 = new int[] { + 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, + 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, + 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, + 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, + 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, + 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, + 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, + 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, + 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, + 0x00001040, 0x00040040, 0x10000000, 0x10041000 }; /** * Constants that help in determining whether or not a byte array is parity * adjusted. */ - private static final byte[] PARITY = { 8, 1, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, - 0, 2, 8, 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, - 0, 8, 0, 8, 8, 3, 0, 8, 8, 0, 8, 0, 0, - 8, 8, 0, 0, 8, 0, 8, 8, 0, 8, 0, 0, 8, - 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, 0, - 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, - 8, 0, 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, - 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, - 0, 8, 8, 0, 8, 0, 0, 8, 0, 8, 8, 0, 8, - 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, - 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, - 0, 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, - 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, 0, - 8, 8, 0, 8, 0, 0, 8, 0, 8, 8, 0, 8, 0, - 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, 8, 0, 0, - 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, - 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, - 8, 8, 0, 4, 8, 8, 0, 8, 0, 0, 8, 8, 0, - 0, 8, 0, 8, 8, 0, 8, 5, 0, 8, 0, 8, 8, - 0, 0, 8, 8, 0, 8, 0, 6, 8 }; - + private static final byte[] PARITY = { + 8, 1, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 2, 8, + 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 3, + 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, + 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, + 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, + 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, + 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, + 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, + 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, + 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, + 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, + 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, + 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8, + 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, + 4, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0, + 8, 5, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 6, 8 }; // Key schedule constants. - - private static final byte[] ROTARS = { 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, - 21, 23, 25, 27, 28 }; - - private static final byte[] PC1 = { 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, - 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, - 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, - 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, - 3 }; - - private static final byte[] PC2 = { 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, - 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, - 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, - 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, - 41, 49, 35, 28, 31 }; - + private static final byte[] ROTARS = { + 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 }; + private static final byte[] PC1 = { + 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, + 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, + 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, + 28, 20, 12, 4, 27, 19, 11, 3 }; + private static final byte[] PC2 = { + 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, + 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, + 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 }; /** * Weak keys (parity adjusted): If all the bits in each half are either 0 * or 1, then the key used for any cycle of the algorithm is the same as * all other cycles. */ public static final byte[][] WEAK_KEYS = { - Util.toBytesFromString("0101010101010101"), - Util.toBytesFromString("01010101FEFEFEFE"), - Util.toBytesFromString("FEFEFEFE01010101"), - Util.toBytesFromString("FEFEFEFEFEFEFEFE") }; - + Util.toBytesFromString("0101010101010101"), + Util.toBytesFromString("01010101FEFEFEFE"), + Util.toBytesFromString("FEFEFEFE01010101"), + Util.toBytesFromString("FEFEFEFEFEFEFEFE") }; /** * Semi-weak keys (parity adjusted): Some pairs of keys encrypt plain text * to identical cipher text. In other words, one key in the pair can decrypt @@ -403,73 +219,69 @@ public class DES extends BaseCipher * generated, these semi-weak keys produce only two different sub-keys. */ public static final byte[][] SEMIWEAK_KEYS = { - Util.toBytesFromString("01FE01FE01FE01FE"), - Util.toBytesFromString("FE01FE01FE01FE01"), - Util.toBytesFromString("1FE01FE00EF10EF1"), - Util.toBytesFromString("E01FE01FF10EF10E"), - Util.toBytesFromString("01E001E001F101F1"), - Util.toBytesFromString("E001E001F101F101"), - Util.toBytesFromString("1FFE1FFE0EFE0EFE"), - Util.toBytesFromString("FE1FFE1FFE0EFE0E"), - Util.toBytesFromString("011F011F010E010E"), - Util.toBytesFromString("1F011F010E010E01"), - Util.toBytesFromString("E0FEE0FEF1FEF1FE"), - Util.toBytesFromString("FEE0FEE0FEF1FEF1") }; - + Util.toBytesFromString("01FE01FE01FE01FE"), + Util.toBytesFromString("FE01FE01FE01FE01"), + Util.toBytesFromString("1FE01FE00EF10EF1"), + Util.toBytesFromString("E01FE01FF10EF10E"), + Util.toBytesFromString("01E001E001F101F1"), + Util.toBytesFromString("E001E001F101F101"), + Util.toBytesFromString("1FFE1FFE0EFE0EFE"), + Util.toBytesFromString("FE1FFE1FFE0EFE0E"), + Util.toBytesFromString("011F011F010E010E"), + Util.toBytesFromString("1F011F010E010E01"), + Util.toBytesFromString("E0FEE0FEF1FEF1FE"), + Util.toBytesFromString("FEE0FEE0FEF1FEF1") }; /** Possible weak keys (parity adjusted) --produce 4 instead of 16 subkeys. */ public static final byte[][] POSSIBLE_WEAK_KEYS = { - Util.toBytesFromString("1F1F01010E0E0101"), - Util.toBytesFromString("011F1F01010E0E01"), - Util.toBytesFromString("1F01011F0E01010E"), - Util.toBytesFromString("01011F1F01010E0E"), - Util.toBytesFromString("E0E00101F1F10101"), - Util.toBytesFromString("FEFE0101FEFE0101"), - Util.toBytesFromString("FEE01F01FEF10E01"), - Util.toBytesFromString("E0FE1F01F1FE0E01"), - Util.toBytesFromString("FEE0011FFEF1010E"), - Util.toBytesFromString("E0FE011FF1FE010E"), - Util.toBytesFromString("E0E01F1FF1F10E0E"), - Util.toBytesFromString("FEFE1F1FFEFE0E0E"), - Util.toBytesFromString("1F1F01010E0E0101"), - Util.toBytesFromString("011F1F01010E0E01"), - Util.toBytesFromString("1F01011F0E01010E"), - Util.toBytesFromString("01011F1F01010E0E"), - Util.toBytesFromString("01E0E00101F1F101"), - Util.toBytesFromString("1FFEE0010EFEF001"), - Util.toBytesFromString("1FE0FE010EF1FE01"), - Util.toBytesFromString("01FEFE0101FEFE01"), - Util.toBytesFromString("1FE0E01F0EF1F10E"), - Util.toBytesFromString("01FEE01F01FEF10E"), - Util.toBytesFromString("01E0FE1F01F1FE0E"), - Util.toBytesFromString("1FFEFE1F0EFEFE0E"), - - Util.toBytesFromString("E00101E0F10101F1"), - Util.toBytesFromString("FE1F01E0FE0E0EF1"), - Util.toBytesFromString("FE011FE0FE010EF1"), - Util.toBytesFromString("E01F1FE0F10E0EF1"), - Util.toBytesFromString("FE0101FEFE0101FE"), - Util.toBytesFromString("E01F01FEF10E01FE"), - Util.toBytesFromString("E0011FFEF1010EFE"), - Util.toBytesFromString("FE1F1FFEFE0E0EFE"), - Util.toBytesFromString("1FFE01E00EFE01F1"), - Util.toBytesFromString("01FE1FE001FE0EF1"), - Util.toBytesFromString("1FE001FE0EF101FE"), - Util.toBytesFromString("01E01FFE01F10EFE"), - Util.toBytesFromString("0101E0E00101F1F1"), - Util.toBytesFromString("1F1FE0E00E0EF1F1"), - Util.toBytesFromString("1F01FEE00E01FEF1"), - Util.toBytesFromString("011FFEE0010EFEF1"), - Util.toBytesFromString("1F01E0FE0E01F1FE"), - Util.toBytesFromString("011FE0FE010EF1FE"), - Util.toBytesFromString("0101FEFE0001FEFE"), - Util.toBytesFromString("1F1FFEFE0E0EFEFE"), - Util.toBytesFromString("FEFEE0E0FEFEF1F1"), - Util.toBytesFromString("E0FEFEE0F1FEFEF1"), - Util.toBytesFromString("FEE0E0FEFEF1F1FE"), - Util.toBytesFromString("E0E0FEFEF1F1FEFE") }; - - // Constructor(s) - // ------------------------------------------------------------------------- + Util.toBytesFromString("1F1F01010E0E0101"), + Util.toBytesFromString("011F1F01010E0E01"), + Util.toBytesFromString("1F01011F0E01010E"), + Util.toBytesFromString("01011F1F01010E0E"), + Util.toBytesFromString("E0E00101F1F10101"), + Util.toBytesFromString("FEFE0101FEFE0101"), + Util.toBytesFromString("FEE01F01FEF10E01"), + Util.toBytesFromString("E0FE1F01F1FE0E01"), + Util.toBytesFromString("FEE0011FFEF1010E"), + Util.toBytesFromString("E0FE011FF1FE010E"), + Util.toBytesFromString("E0E01F1FF1F10E0E"), + Util.toBytesFromString("FEFE1F1FFEFE0E0E"), + Util.toBytesFromString("1F1F01010E0E0101"), + Util.toBytesFromString("011F1F01010E0E01"), + Util.toBytesFromString("1F01011F0E01010E"), + Util.toBytesFromString("01011F1F01010E0E"), + Util.toBytesFromString("01E0E00101F1F101"), + Util.toBytesFromString("1FFEE0010EFEF001"), + Util.toBytesFromString("1FE0FE010EF1FE01"), + Util.toBytesFromString("01FEFE0101FEFE01"), + Util.toBytesFromString("1FE0E01F0EF1F10E"), + Util.toBytesFromString("01FEE01F01FEF10E"), + Util.toBytesFromString("01E0FE1F01F1FE0E"), + Util.toBytesFromString("1FFEFE1F0EFEFE0E"), + + Util.toBytesFromString("E00101E0F10101F1"), + Util.toBytesFromString("FE1F01E0FE0E0EF1"), + Util.toBytesFromString("FE011FE0FE010EF1"), + Util.toBytesFromString("E01F1FE0F10E0EF1"), + Util.toBytesFromString("FE0101FEFE0101FE"), + Util.toBytesFromString("E01F01FEF10E01FE"), + Util.toBytesFromString("E0011FFEF1010EFE"), + Util.toBytesFromString("FE1F1FFEFE0E0EFE"), + Util.toBytesFromString("1FFE01E00EFE01F1"), + Util.toBytesFromString("01FE1FE001FE0EF1"), + Util.toBytesFromString("1FE001FE0EF101FE"), + Util.toBytesFromString("01E01FFE01F10EFE"), + Util.toBytesFromString("0101E0E00101F1F1"), + Util.toBytesFromString("1F1FE0E00E0EF1F1"), + Util.toBytesFromString("1F01FEE00E01FEF1"), + Util.toBytesFromString("011FFEE0010EFEF1"), + Util.toBytesFromString("1F01E0FE0E01F1FE"), + Util.toBytesFromString("011FE0FE010EF1FE"), + Util.toBytesFromString("0101FEFE0001FEFE"), + Util.toBytesFromString("1F1FFEFE0E0EFEFE"), + Util.toBytesFromString("FEFEE0E0FEFEF1F1"), + Util.toBytesFromString("E0FEFEE0F1FEFEF1"), + Util.toBytesFromString("FEE0E0FEFEF1F1FE"), + Util.toBytesFromString("E0E0FEFEF1F1FEFE") }; /** Default 0-argument constructor. */ public DES() @@ -477,28 +289,23 @@ public class DES extends BaseCipher super(Registry.DES_CIPHER, BLOCK_SIZE, KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Adjust the parity for a raw key array. This essentially means that each + * Adjust the parity for a raw key array. This essentially means that each * byte in the array will have an odd number of '1' bits (the last bit in - * each byte is unused.</p> + * each byte is unused. * * @param kb The key array, to be parity-adjusted. * @param offset The starting index into the key bytes. */ public static void adjustParity(byte[] kb, int offset) { - for (int i = offset; i < KEY_SIZE; i++) - { - kb[i] ^= (PARITY[kb[i] & 0xff] == 8) ? 1 : 0; - } + for (int i = offset; i < offset + KEY_SIZE; i++) + kb[i] ^= (PARITY[kb[i] & 0xff] == 8) ? 1 : 0; } /** - * <p>Test if a byte array, which must be at least 8 bytes long, is parity - * adjusted.</p> + * Test if a byte array, which must be at least 8 bytes long, is parity + * adjusted. * * @param kb The key bytes. * @param offset The starting index into the key bytes. @@ -527,59 +334,35 @@ public class DES extends BaseCipher } /** - * <p>Test if a key is a weak key.</p> + * Test if a key is a weak key. * * @param kb The key to test. * @return <code>true</code> if the key is weak. */ public static boolean isWeak(byte[] kb) { - // return Arrays.equals(kb, WEAK_KEYS[0]) || Arrays.equals(kb, WEAK_KEYS[1]) - // || Arrays.equals(kb, WEAK_KEYS[2]) || Arrays.equals(kb, WEAK_KEYS[3]) - // || Arrays.equals(kb, WEAK_KEYS[4]) || Arrays.equals(kb, WEAK_KEYS[5]) - // || Arrays.equals(kb, WEAK_KEYS[6]) || Arrays.equals(kb, WEAK_KEYS[7]); for (int i = 0; i < WEAK_KEYS.length; i++) - { - if (Arrays.equals(WEAK_KEYS[i], kb)) - { - return true; - } - } + if (Arrays.equals(WEAK_KEYS[i], kb)) + return true; return false; } /** - * <p>Test if a key is a semi-weak key.</p> + * Test if a key is a semi-weak key. * * @param kb The key to test. * @return <code>true</code> if this key is semi-weak. */ public static boolean isSemiWeak(byte[] kb) { - // return Arrays.equals(kb, SEMIWEAK_KEYS[0]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[1]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[2]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[3]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[4]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[5]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[6]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[7]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[8]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[9]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[10]) - // || Arrays.equals(kb, SEMIWEAK_KEYS[11]); for (int i = 0; i < SEMIWEAK_KEYS.length; i++) - { - if (Arrays.equals(SEMIWEAK_KEYS[i], kb)) - { - return true; - } - } + if (Arrays.equals(SEMIWEAK_KEYS[i], kb)) + return true; return false; } /** - * <p>Test if the designated byte array represents a possibly weak key.</p> + * Test if the designated byte array represents a possibly weak key. * * @param kb the byte array to test. * @return <code>true</code> if <code>kb</code>represents a possibly weak key. @@ -588,18 +371,14 @@ public class DES extends BaseCipher public static boolean isPossibleWeak(byte[] kb) { for (int i = 0; i < POSSIBLE_WEAK_KEYS.length; i++) - { - if (Arrays.equals(POSSIBLE_WEAK_KEYS[i], kb)) - { - return true; - } - } + if (Arrays.equals(POSSIBLE_WEAK_KEYS[i], kb)) + return true; return false; } /** - * <p>The core DES function. This is used for both encryption and decryption, - * the only difference being the key.</p> + * The core DES function. This is used for both encryption and decryption, + * the only difference being the key. * * @param in The input bytes. * @param i The starting offset into the input bytes. @@ -610,13 +389,15 @@ public class DES extends BaseCipher private static void desFunc(byte[] in, int i, byte[] out, int o, int[] key) { int right, left, work; - // Load. - left = (in[i++] & 0xff) << 24 | (in[i++] & 0xff) << 16 - | (in[i++] & 0xff) << 8 | in[i++] & 0xff; - right = (in[i++] & 0xff) << 24 | (in[i++] & 0xff) << 16 - | (in[i++] & 0xff) << 8 | in[i] & 0xff; - + left = (in[i++] & 0xff) << 24 + | (in[i++] & 0xff) << 16 + | (in[i++] & 0xff) << 8 + | in[i++] & 0xff; + right = (in[i++] & 0xff) << 24 + | (in[i++] & 0xff) << 16 + | (in[i++] & 0xff) << 8 + | in[i ] & 0xff; // Initial permutation. work = ((left >>> 4) ^ right) & 0x0F0F0F0F; left ^= work << 4; @@ -681,7 +462,6 @@ public class DES extends BaseCipher t |= SP2[work & 0x3F]; right ^= t; } - // The final permutation. right = (right << 31) | (right >>> 1); work = (left ^ right) & 0xAAAAAAAA; @@ -705,19 +485,16 @@ public class DES extends BaseCipher right ^= work << 4; left ^= work; - out[o++] = (byte) (right >>> 24); - out[o++] = (byte) (right >>> 16); - out[o++] = (byte) (right >>> 8); + out[o++] = (byte)(right >>> 24); + out[o++] = (byte)(right >>> 16); + out[o++] = (byte)(right >>> 8); out[o++] = (byte) right; - out[o++] = (byte) (left >>> 24); - out[o++] = (byte) (left >>> 16); - out[o++] = (byte) (left >>> 8); - out[o] = (byte) left; + out[o++] = (byte)(left >>> 24); + out[o++] = (byte)(left >>> 16); + out[o++] = (byte)(left >>> 8); + out[o ] = (byte) left; } - // Instance methods implementing BaseCipher - // ------------------------------------------------------------------------- - public Object clone() { return new DES(); @@ -725,12 +502,12 @@ public class DES extends BaseCipher public Iterator blockSizes() { - return Collections.singleton(new Integer(BLOCK_SIZE)).iterator(); + return Collections.singleton(Integer.valueOf(BLOCK_SIZE)).iterator(); } public Iterator keySizes() { - return Collections.singleton(new Integer(KEY_SIZE)).iterator(); + return Collections.singleton(Integer.valueOf(KEY_SIZE)).iterator(); } public Object makeKey(byte[] kb, int bs) throws InvalidKeyException @@ -740,9 +517,7 @@ public class DES extends BaseCipher if (Properties.checkForWeakKeys() && (isWeak(kb) || isSemiWeak(kb) || isPossibleWeak(kb))) - { - throw new WeakKeyException(); - } + throw new WeakKeyException(); int i, j, l, m, n; long pc1m = 0, pcr = 0; @@ -751,11 +526,9 @@ public class DES extends BaseCipher { l = PC1[i]; pc1m |= ((kb[l >>> 3] & (0x80 >>> (l & 7))) != 0) ? (1L << (55 - i)) - : 0; + : 0; } - Context ctx = new Context(); - // Encryption key first. for (i = 0; i < 16; i++) { @@ -769,7 +542,7 @@ public class DES extends BaseCipher pcr |= ((pc1m & 1L << (55 - l)) != 0) ? (1L << (55 - j)) : 0; else pcr |= ((pc1m & 1L << (55 - (l - 28))) != 0) ? (1L << (55 - j)) - : 0; + : 0; } for (j = 28; j < 56; j++) { @@ -778,7 +551,7 @@ public class DES extends BaseCipher pcr |= ((pc1m & 1L << (55 - l)) != 0) ? (1L << (55 - j)) : 0; else pcr |= ((pc1m & 1L << (55 - (l - 28))) != 0) ? (1L << (55 - j)) - : 0; + : 0; } for (j = 0; j < 24; j++) { @@ -788,36 +561,37 @@ public class DES extends BaseCipher ctx.ek[n] |= 1 << (23 - j); } } - // The decryption key is the same, but in reversed order. for (i = 0; i < Context.EXPANDED_KEY_SIZE; i += 2) { ctx.dk[30 - i] = ctx.ek[i]; ctx.dk[31 - i] = ctx.ek[i + 1]; } - // "Cook" the keys. for (i = 0; i < 32; i += 2) { int x, y; - x = ctx.ek[i]; y = ctx.ek[i + 1]; - - ctx.ek[i] = ((x & 0x00FC0000) << 6) | ((x & 0x00000FC0) << 10) - | ((y & 0x00FC0000) >>> 10) | ((y & 0x00000FC0) >>> 6); - ctx.ek[i + 1] = ((x & 0x0003F000) << 12) | ((x & 0x0000003F) << 16) - | ((y & 0x0003F000) >>> 4) | (y & 0x0000003F); - + ctx.ek[i ] = ((x & 0x00FC0000) << 6) + | ((x & 0x00000FC0) << 10) + | ((y & 0x00FC0000) >>> 10) + | ((y & 0x00000FC0) >>> 6); + ctx.ek[i + 1] = ((x & 0x0003F000) << 12) + | ((x & 0x0000003F) << 16) + | ((y & 0x0003F000) >>> 4) + | (y & 0x0000003F); x = ctx.dk[i]; y = ctx.dk[i + 1]; - - ctx.dk[i] = ((x & 0x00FC0000) << 6) | ((x & 0x00000FC0) << 10) - | ((y & 0x00FC0000) >>> 10) | ((y & 0x00000FC0) >>> 6); - ctx.dk[i + 1] = ((x & 0x0003F000) << 12) | ((x & 0x0000003F) << 16) - | ((y & 0x0003F000) >>> 4) | (y & 0x0000003F); + ctx.dk[i ] = ((x & 0x00FC0000) << 6) + | ((x & 0x00000FC0) << 10) + | ((y & 0x00FC0000) >>> 10) + | ((y & 0x00000FC0) >>> 6); + ctx.dk[i + 1] = ((x & 0x0003F000) << 12) + | ((x & 0x0000003F) << 16) + | ((y & 0x0003F000) >>> 4) + | (y & 0x0000003F); } - return ctx; } @@ -831,19 +605,12 @@ public class DES extends BaseCipher desFunc(in, i, out, o, ((Context) K).dk); } - // Inner classe(s) - // ========================================================================= - /** * Simple wrapper class around the session keys. Package-private so TripleDES * can see it. */ final class Context { - - // Constants and variables - // ---------------------------------------------------------------------- - private static final int EXPANDED_KEY_SIZE = 32; /** The encryption key. */ @@ -852,9 +619,6 @@ public class DES extends BaseCipher /** The decryption key. */ int[] dk; - // Constructor(s) - // ---------------------------------------------------------------------- - /** Default 0-arguments constructor. */ Context() { @@ -862,12 +626,6 @@ public class DES extends BaseCipher dk = new int[EXPANDED_KEY_SIZE]; } - // Class methods - // ---------------------------------------------------------------------- - - // Instance methods - // ---------------------------------------------------------------------- - byte[] getEncryptionKeyBytes() { return toByteArray(ek); @@ -883,12 +641,12 @@ public class DES extends BaseCipher byte[] result = new byte[4 * k.length]; for (int i = 0, j = 0; i < k.length; i++) { - result[j++] = (byte) (k[i] >>> 24); - result[j++] = (byte) (k[i] >>> 16); - result[j++] = (byte) (k[i] >>> 8); + result[j++] = (byte)(k[i] >>> 24); + result[j++] = (byte)(k[i] >>> 16); + result[j++] = (byte)(k[i] >>> 8); result[j++] = (byte) k[i]; } return result; } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java index 238ee280f83..d1e32ef6599 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java @@ -43,109 +43,99 @@ import java.util.Iterator; import java.util.Map; /** - * <p>The basic visible methods of any symmetric key block cipher.</p> - * - * <p>A symmetric key block cipher is a function that maps n-bit plaintext - * blocks to n-bit ciphertext blocks; n being the cipher's <i>block size</i>. - * This encryption function is parameterised by a k-bit key, and is invertible. - * Its inverse is the decryption function.</p> - * - * <p>Possible initialisation values for an instance of this type are:</p> - * + * The basic visible methods of any symmetric key block cipher. + * <p> + * A symmetric key block cipher is a function that maps n-bit plaintext blocks + * to n-bit ciphertext blocks; n being the cipher's <i>block size</i>. This + * encryption function is parameterised by a k-bit key, and is invertible. Its + * inverse is the decryption function. + * <p> + * Possible initialisation values for an instance of this type are: * <ul> - * <li>The block size in which to operate this block cipher instance. This - * value is <b>optional</b>, if unspecified, the block cipher's default - * block size shall be used.</li> - * - * <li>The byte array containing the user supplied key material to use for - * generating the cipher's session key(s). This value is <b>mandatory</b> - * and should be included in the initialisation parameters. If it isn't, - * an {@link IllegalStateException} will be thrown if any method, other than - * <code>reset()</code> is invoked on the instance. Furthermore, the size of - * this key material shall be taken as an indication on the key size in which - * to operate this instance.</li> + * <li>The block size in which to operate this block cipher instance. This + * value is <b>optional</b>, if unspecified, the block cipher's default block + * size shall be used.</li> + * <li>The byte array containing the user supplied key material to use for + * generating the cipher's session key(s). This value is <b>mandatory</b> and + * should be included in the initialisation parameters. If it isn't, an + * {@link IllegalStateException} will be thrown if any method, other than + * <code>reset()</code> is invoked on the instance. Furthermore, the size of + * this key material shall be taken as an indication on the key size in which to + * operate this instance.</li> * </ul> - * - * <p><b>IMPLEMENTATION NOTE</b>: Although all the concrete classes in this + * <p> + * <b>IMPLEMENTATION NOTE</b>: Although all the concrete classes in this * package implement the {@link Cloneable} interface, it is important to note * here that such an operation <b>DOES NOT</b> clone any session key material * that may have been used in initialising the source cipher (the instance to be * cloned). Instead a clone of an already initialised cipher is another instance * that operates with the <b>same block size</b> but without any knowledge of - * neither key material nor key size.</p> + * neither key material nor key size. */ -public interface IBlockCipher extends Cloneable +public interface IBlockCipher + extends Cloneable { - - // Constants - // ------------------------------------------------------------------------- - /** - * <p>Property name of the block size in which to operate a block cipher. - * The value associated with this property name is taken to be an - * {@link Integer}.</p> + * Property name of the block size in which to operate a block cipher. The + * value associated with this property name is taken to be an {@link Integer}. */ String CIPHER_BLOCK_SIZE = "gnu.crypto.cipher.block.size"; - /** - * <p>Property name of the user-supplied key material. The value associated - * to this property name is taken to be a byte array.</p> + * Property name of the user-supplied key material. The value associated to + * this property name is taken to be a byte array. */ String KEY_MATERIAL = "gnu.crypto.cipher.key.material"; - // Methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the canonical name of this instance.</p> - * + * Returns the canonical name of this instance. + * * @return the canonical name of this instance. */ String name(); /** - * <p>Returns the default value, in bytes, of the algorithm's block size.</p> - * + * Returns the default value, in bytes, of the algorithm's block size. + * * @return the default value, in bytes, of the algorithm's block size. */ int defaultBlockSize(); /** - * <p>Returns the default value, in bytes, of the algorithm's key size.</p> - * + * Returns the default value, in bytes, of the algorithm's key size. + * * @return the default value, in bytes, of the algorithm's key size. */ int defaultKeySize(); /** - * <p>Returns an {@link Iterator} over the supported block sizes. Each - * element returned by this object is an {@link Integer}.</p> - * + * Returns an {@link Iterator} over the supported block sizes. Each element + * returned by this object is an {@link Integer}. + * * @return an {@link Iterator} over the supported block sizes. */ Iterator blockSizes(); /** - * <p>Returns an {@link Iterator} over the supported key sizes. Each element - * returned by this object is an {@link Integer}.</p> - * + * Returns an {@link Iterator} over the supported key sizes. Each element + * returned by this object is an {@link Integer}. + * * @return an {@link Iterator} over the supported key sizes. */ Iterator keySizes(); /** - * <p>Returns a clone of this instance.</p> - * + * Returns a clone of this instance. + * * @return a clone copy of this instance. */ Object clone(); /** - * <p>Initialises the algorithm with designated attributes. Permissible names - * and values are described in the class documentation above.</p> - * + * Initialises the algorithm with designated attributes. Permissible names and + * values are described in the class documentation above. + * * @param attributes a set of name-value pairs that describes the desired - * future behaviour of this instance. + * future behaviour of this instance. * @exception InvalidKeyException if the key data is invalid. * @exception IllegalStateException if the instance is already initialised. * @see #KEY_MATERIAL @@ -154,25 +144,25 @@ public interface IBlockCipher extends Cloneable void init(Map attributes) throws InvalidKeyException, IllegalStateException; /** - * <p>Returns the currently set block size for this instance.</p> - * + * Returns the currently set block size for this instance. + * * @return the current block size for this instance. * @exception IllegalStateException if the instance is not initialised. */ int currentBlockSize() throws IllegalStateException; /** - * <p>Resets the algorithm instance for re-initialisation and use with other - * characteristics. This method always succeeds.</p> + * Resets the algorithm instance for re-initialisation and use with other + * characteristics. This method always succeeds. */ void reset(); /** - * <p>Encrypts exactly one block of plaintext.</p> - * + * Encrypts exactly one block of plaintext. + * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering - * data. + * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store result. * @exception IllegalStateException if the instance is not initialised. @@ -181,11 +171,11 @@ public interface IBlockCipher extends Cloneable throws IllegalStateException; /** - * <p>Decrypts exactly one block of ciphertext.</p> - * + * Decrypts exactly one block of ciphertext. + * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering - * data. + * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store result. * @exception IllegalStateException if the instance is not initialised. @@ -194,12 +184,12 @@ public interface IBlockCipher extends Cloneable throws IllegalStateException; /** - * <p>A <i>correctness</i> test that consists of basic symmetric encryption / + * A <i>correctness</i> test that consists of basic symmetric encryption / * decryption test(s) for all supported block and key sizes, as well as one - * (1) variable key Known Answer Test (KAT).</p> - * + * (1) variable key Known Answer Test (KAT). + * * @return <code>true</code> if the implementation passes simple - * <i>correctness</i> tests. Returns <code>false</code> otherwise. + * <i>correctness</i> tests. Returns <code>false</code> otherwise. */ boolean selfTest(); -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java index 6fe07ca7f50..1023b12d812 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java @@ -42,38 +42,32 @@ import java.security.InvalidKeyException; import java.util.Iterator; /** - * <p>Package-private interface exposing mandatory methods to be implemented by - * concrete {@link gnu.crypto.cipher.BaseCipher} sub-classes.</p> + * Package-private interface exposing mandatory methods to be implemented by + * concrete {@link BaseCipher} sub-classes. */ -interface IBlockCipherSpi extends Cloneable +interface IBlockCipherSpi + extends Cloneable { - - // Constants - // ------------------------------------------------------------------------- - - // Methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an {@link java.util.Iterator} over the supported block sizes. - * Each element returned by this object is a {@link java.lang.Integer}.</p> - * + * Returns an {@link Iterator} over the supported block sizes. Each element + * returned by this object is a {@link java.lang.Integer}. + * * @return an <code>Iterator</code> over the supported block sizes. */ Iterator blockSizes(); /** - * <p>Returns an {@link java.util.Iterator} over the supported key sizes. - * Each element returned by this object is a {@link java.lang.Integer}.</p> - * + * Returns an {@link Iterator} over the supported key sizes. Each element + * returned by this object is a {@link java.lang.Integer}. + * * @return an <code>Iterator</code> over the supported key sizes. */ Iterator keySizes(); /** - * <p>Expands a user-supplied key material into a session key for a - * designated <i>block size</i>.</p> - * + * Expands a user-supplied key material into a session key for a designated + * <i>block size</i>. + * * @param k the user-supplied key material. * @param bs the desired block size in bytes. * @return an Object encapsulating the session key. @@ -83,46 +77,48 @@ interface IBlockCipherSpi extends Cloneable Object makeKey(byte[] k, int bs) throws InvalidKeyException; /** - * <p>Encrypts exactly one block of plaintext.</p> - * + * Encrypts exactly one block of plaintext. + * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering - * data. + * data. * @param out the ciphertext. - * @param outOffset index of <code>out</code> from which to store the result. + * @param outOffset index of <code>out</code> from which to store the + * result. * @param k the session key to use. * @param bs the block size to use. * @exception IllegalArgumentException if the block size is invalid. * @exception ArrayIndexOutOfBoundsException if there is not enough room in - * either the plaintext or ciphertext buffers. + * either the plaintext or ciphertext buffers. */ void encrypt(byte[] in, int inOffset, byte[] out, int outOffset, Object k, int bs); /** - * <p>Decrypts exactly one block of ciphertext.</p> - * + * Decrypts exactly one block of ciphertext. + * * @param in the ciphertext. * @param inOffset index of <code>in</code> from which to start considering - * data. + * data. * @param out the plaintext. - * @param outOffset index of <code>out</code> from which to store the result. + * @param outOffset index of <code>out</code> from which to store the + * result. * @param k the session key to use. * @param bs the block size to use. * @exception IllegalArgumentException if the block size is invalid. * @exception ArrayIndexOutOfBoundsException if there is not enough room in - * either the plaintext or ciphertext buffers. + * either the plaintext or ciphertext buffers. */ void decrypt(byte[] in, int inOffset, byte[] out, int outOffset, Object k, int bs); /** - * <p>A <i>correctness</i> test that consists of basic symmetric encryption / + * A <i>correctness</i> test that consists of basic symmetric encryption / * decryption test(s) for all supported block and key sizes, as well as one - * (1) variable key Known Answer Test (KAT).</p> - * + * (1) variable key Known Answer Test (KAT). + * * @return <code>true</code> if the implementation passes simple - * <i>correctness</i> tests. Returns <code>false</code> otherwise. + * <i>correctness</i> tests. Returns <code>false</code> otherwise. */ boolean selfTest(); -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Khazad.java b/libjava/classpath/gnu/javax/crypto/cipher/Khazad.java index 3a95874da98..491301f5aad 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Khazad.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Khazad.java @@ -38,113 +38,79 @@ exception statement from your version. */ package gnu.javax.crypto.cipher; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.Util; -//import java.io.PrintWriter; import java.security.InvalidKeyException; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; +import java.util.logging.Logger; /** - * <p>Khazad is a 64-bit (legacy-level) block cipher that accepts a 128-bit key. + * Khazad is a 64-bit (legacy-level) block cipher that accepts a 128-bit key. * The cipher is a uniform substitution-permutation network whose inverse only * differs from the forward operation in the key schedule. The overall cipher * design follows the Wide Trail strategy, favours component reuse, and permits - * a wide variety of implementation trade-offs.</p> - * - * <p>References:</p> - * + * a wide variety of implementation trade-offs. + * <p> + * References: * <ol> - * <li><a href="http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html">The - * Khazad Block Cipher</a>.<br> - * <a href="mailto:paulo.barreto@terra.com.br">Paulo S.L.M. Barreto</a> and - * <a href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li> + * <li><a + * href="http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html">The + * Khazad Block Cipher</a>.<br> + * <a href="mailto:paulo.barreto@terra.com.br">Paulo S.L.M. Barreto</a> and <a + * href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li> * </ol> */ -public final class Khazad extends BaseCipher +public final class Khazad + extends BaseCipher { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - // private static final String NAME = "khazad"; - private static final boolean DEBUG = false; - - private static final int debuglevel = 9; - - // private static final PrintWriter err = new PrintWriter(System.out, true); - // private static void debug(String s) { - // err.println(">>> "+NAME+": "+s); - // } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(Khazad.class.getName()); private static final int DEFAULT_BLOCK_SIZE = 8; // in bytes - private static final int DEFAULT_KEY_SIZE = 16; // in bytes - private static final int R = 8; // standard number of rounds; para. 3.7 - private static final String Sd = // p. 20 [KHAZAD] - "\uBA54\u2F74\u53D3\uD24D\u50AC\u8DBF\u7052\u9A4C" - + "\uEAD5\u97D1\u3351\u5BA6\uDE48\uA899\uDB32\uB7FC" - + "\uE39E\u919B\uE2BB\u416E\uA5CB\u6B95\uA1F3\uB102" - + "\uCCC4\u1D14\uC363\uDA5D\u5FDC\u7DCD\u7F5A\u6C5C" - + "\uF726\uFFED\uE89D\u6F8E\u19A0\uF089\u0F07\uAFFB" - + "\u0815\u0D04\u0164\uDF76\u79DD\u3D16\u3F37\u6D38" - + "\uB973\uE935\u5571\u7B8C\u7288\uF62A\u3E5E\u2746" - + "\u0C65\u6861\u03C1\u57D6\uD958\uD866\uD73A\uC83C" - + "\uFA96\uA798\uECB8\uC7AE\u694B\uABA9\u670A\u47F2" - + "\uB522\uE5EE\uBE2B\u8112\u831B\u0E23\uF545\u21CE" - + "\u492C\uF9E6\uB628\u1782\u1A8B\uFE8A\u09C9\u874E" - + "\uE12E\uE4E0\uEB90\uA41E\u8560\u0025\uF4F1\u940B" - + "\uE775\uEF34\u31D4\uD086\u7EAD\uFD29\u303B\u9FF8" - + "\uC613\u0605\uC511\u777C\u7A78\u361C\u3959\u1856" - + "\uB3B0\u2420\uB292\uA3C0\u4462\u10B4\u8443\u93C2" - + "\u4ABD\u8F2D\uBC9C\u6A40\uCFA2\u804F\u1FCA\uAA42"; - + "\uBA54\u2F74\u53D3\uD24D\u50AC\u8DBF\u7052\u9A4C" + + "\uEAD5\u97D1\u3351\u5BA6\uDE48\uA899\uDB32\uB7FC" + + "\uE39E\u919B\uE2BB\u416E\uA5CB\u6B95\uA1F3\uB102" + + "\uCCC4\u1D14\uC363\uDA5D\u5FDC\u7DCD\u7F5A\u6C5C" + + "\uF726\uFFED\uE89D\u6F8E\u19A0\uF089\u0F07\uAFFB" + + "\u0815\u0D04\u0164\uDF76\u79DD\u3D16\u3F37\u6D38" + + "\uB973\uE935\u5571\u7B8C\u7288\uF62A\u3E5E\u2746" + + "\u0C65\u6861\u03C1\u57D6\uD958\uD866\uD73A\uC83C" + + "\uFA96\uA798\uECB8\uC7AE\u694B\uABA9\u670A\u47F2" + + "\uB522\uE5EE\uBE2B\u8112\u831B\u0E23\uF545\u21CE" + + "\u492C\uF9E6\uB628\u1782\u1A8B\uFE8A\u09C9\u874E" + + "\uE12E\uE4E0\uEB90\uA41E\u8560\u0025\uF4F1\u940B" + + "\uE775\uEF34\u31D4\uD086\u7EAD\uFD29\u303B\u9FF8" + + "\uC613\u0605\uC511\u777C\u7A78\u361C\u3959\u1856" + + "\uB3B0\u2420\uB292\uA3C0\u4462\u10B4\u8443\u93C2" + + "\u4ABD\u8F2D\uBC9C\u6A40\uCFA2\u804F\u1FCA\uAA42"; private static final byte[] S = new byte[256]; - private static final int[] T0 = new int[256]; - private static final int[] T1 = new int[256]; - private static final int[] T2 = new int[256]; - private static final int[] T3 = new int[256]; - private static final int[] T4 = new int[256]; - private static final int[] T5 = new int[256]; - private static final int[] T6 = new int[256]; - private static final int[] T7 = new int[256]; - private static final int[][] rc = new int[R + 1][2]; // round constants - /** - * KAT vector (from ecb_vk): - * I=120 - * KEY=00000000000000000000000000000100 + * KAT vector (from ecb_vk): I=120 KEY=00000000000000000000000000000100 * CT=A0C86A1BBE2CBF4C */ - private static final byte[] KAT_KEY = Util.toBytesFromString("00000000000000000000000000000100"); - + private static final byte[] KAT_KEY = + Util.toBytesFromString("00000000000000000000000000000100"); private static final byte[] KAT_CT = Util.toBytesFromString("A0C86A1BBE2CBF4C"); - /** caches the result of the correctness test, once executed. */ private static Boolean valid; - // Static code - to intialise lookup tables -------------------------------- - static { long time = System.currentTimeMillis(); - long ROOT = 0x11d; // para. 2.1 [KHAZAD] int i, j; int s, s2, s3, s4, s5, s6, s7, s8, sb; @@ -154,198 +120,177 @@ public final class Khazad extends BaseCipher c = Sd.charAt(i >>> 1); s = ((i & 1) == 0 ? c >>> 8 : c) & 0xFF; S[i] = (byte) s; - s2 = s << 1; if (s2 > 0xFF) s2 ^= ROOT; - s3 = s2 ^ s; s4 = s2 << 1; if (s4 > 0xFF) s4 ^= ROOT; - s5 = s4 ^ s; s6 = s4 ^ s2; s7 = s6 ^ s; s8 = s4 << 1; if (s8 > 0xFF) s8 ^= ROOT; - sb = s8 ^ s2 ^ s; - - T0[i] = s << 24 | s3 << 16 | s4 << 8 | s5; - T1[i] = s3 << 24 | s << 16 | s5 << 8 | s4; - T2[i] = s4 << 24 | s5 << 16 | s << 8 | s3; + T0[i] = s << 24 | s3 << 16 | s4 << 8 | s5; + T1[i] = s3 << 24 | s << 16 | s5 << 8 | s4; + T2[i] = s4 << 24 | s5 << 16 | s << 8 | s3; T3[i] = s5 << 24 | s4 << 16 | s3 << 8 | s; T4[i] = s6 << 24 | s8 << 16 | sb << 8 | s7; T5[i] = s8 << 24 | s6 << 16 | s7 << 8 | sb; T6[i] = sb << 24 | s7 << 16 | s6 << 8 | s8; T7[i] = s7 << 24 | sb << 16 | s8 << 8 | s6; } - - for (i = 0, j = 0; i < R + 1; i++) + for (i = 0, j = 0; i < R + 1; i++) // compute round constant { - // compute round constant - rc[i][0] = S[j++] << 24 | (S[j++] & 0xFF) << 16 - | (S[j++] & 0xFF) << 8 | (S[j++] & 0xFF); - rc[i][1] = S[j++] << 24 | (S[j++] & 0xFF) << 16 - | (S[j++] & 0xFF) << 8 | (S[j++] & 0xFF); + rc[i][0] = S[j++] << 24 + | (S[j++] & 0xFF) << 16 + | (S[j++] & 0xFF) << 8 + | (S[j++] & 0xFF); + rc[i][1] = S[j++] << 24 + | (S[j++] & 0xFF) << 16 + | (S[j++] & 0xFF) << 8 + | (S[j++] & 0xFF); } - time = System.currentTimeMillis() - time; - - if (DEBUG && debuglevel > 8) + if (Configuration.DEBUG) { - System.out.println("=========="); - System.out.println(); - System.out.println("Static data"); - System.out.println(); - - System.out.println(); - System.out.println("T0[]:"); + log.fine("Static data"); + log.fine("T0[]:"); + StringBuilder b; for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T0[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T0[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("T1[]:"); + log.fine("T1[]:"); for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T1[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T1[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("T2[]:"); + log.fine("T2[]:"); for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T2[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T2[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("T3[]:"); + log.fine("T3[]:"); for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T3[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T3[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("T4[]:"); + log.fine("T4[]:"); for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T4[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T4[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("T5[]:"); + log.fine("T5[]:"); for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T5[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T5[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("T6[]:"); + log.fine("T6[]:"); for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T6[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T6[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("T7[]:"); + log.fine("T7[]:"); for (i = 0; i < 64; i++) { + b = new StringBuilder(); for (j = 0; j < 4; j++) - System.out.print("0x" + Util.toString(T7[i * 4 + j]) + ", "); - System.out.println(); + b.append("0x").append(Util.toString(T7[i * 4 + j])).append(", "); + log.fine(b.toString()); } - System.out.println(); - System.out.println("rc[]:"); + log.fine("rc[]:"); for (i = 0; i < R + 1; i++) - System.out.print("0x" + Util.toString(rc[i][0]) - + Util.toString(rc[i][1])); - System.out.println(); - - System.out.println("Total initialization time: " + time + " ms."); - System.out.println(); + log.fine("0x" + Util.toString(rc[i][0]) + Util.toString(rc[i][1])); + log.fine("Total initialization time: " + time + " ms."); } } - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public Khazad() { super(Registry.KHAZAD_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - private static void khazad(byte[] in, int i, byte[] out, int j, int[][] K) { // sigma(K[0]) int k0 = K[0][0]; int k1 = K[0][1]; - int a0 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ k0; - int a1 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i] & 0xFF)) - ^ k1; - + int a0 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ k0; + int a1 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i ] & 0xFF) ) ^ k1; int b0, b1; // round function for (int r = 1; r < R; r++) { k0 = K[r][0]; k1 = K[r][1]; - b0 = T0[a0 >>> 24] ^ T1[(a0 >>> 16) & 0xFF] ^ T2[(a0 >>> 8) & 0xFF] - ^ T3[a0 & 0xFF] ^ T4[a1 >>> 24] ^ T5[(a1 >>> 16) & 0xFF] - ^ T6[(a1 >>> 8) & 0xFF] ^ T7[a1 & 0xFF] ^ k0; - b1 = T0[a1 >>> 24] ^ T1[(a1 >>> 16) & 0xFF] ^ T2[(a1 >>> 8) & 0xFF] - ^ T3[a1 & 0xFF] ^ T4[a0 >>> 24] ^ T5[(a0 >>> 16) & 0xFF] - ^ T6[(a0 >>> 8) & 0xFF] ^ T7[a0 & 0xFF] ^ k1; + b0 = T0[ a0 >>> 24 ] + ^ T1[(a0 >>> 16) & 0xFF] + ^ T2[(a0 >>> 8) & 0xFF] + ^ T3[ a0 & 0xFF] + ^ T4[ a1 >>> 24 ] + ^ T5[(a1 >>> 16) & 0xFF] + ^ T6[(a1 >>> 8) & 0xFF] + ^ T7[ a1 & 0xFF] ^ k0; + b1 = T0[ a1 >>> 24 ] + ^ T1[(a1 >>> 16) & 0xFF] + ^ T2[(a1 >>> 8) & 0xFF] + ^ T3[ a1 & 0xFF] + ^ T4[ a0 >>> 24 ] + ^ T5[(a0 >>> 16) & 0xFF] + ^ T6[(a0 >>> 8) & 0xFF] + ^ T7[ a0 & 0xFF] ^ k1; a0 = b0; a1 = b1; - - if (DEBUG && debuglevel > 6) - { - System.out.println("T" + r + "=" + Util.toString(a0) - + Util.toString(a1)); - } + if (Configuration.DEBUG) + log.fine("T" + r + "=" + Util.toString(a0) + Util.toString(a1)); } - // sigma(K[R]) o gamma applied to previous output k0 = K[R][0]; k1 = K[R][1]; - - out[j++] = (byte) (S[a0 >>> 24] ^ (k0 >>> 24)); - out[j++] = (byte) (S[(a0 >>> 16) & 0xFF] ^ (k0 >>> 16)); - out[j++] = (byte) (S[(a0 >>> 8) & 0xFF] ^ (k0 >>> 8)); - out[j++] = (byte) (S[a0 & 0xFF] ^ k0); - out[j++] = (byte) (S[a1 >>> 24] ^ (k1 >>> 24)); - out[j++] = (byte) (S[(a1 >>> 16) & 0xFF] ^ (k1 >>> 16)); - out[j++] = (byte) (S[(a1 >>> 8) & 0xFF] ^ (k1 >>> 8)); - out[j] = (byte) (S[a1 & 0xFF] ^ k1); - - if (DEBUG && debuglevel > 6) - { - System.out.println("T=" + Util.toString(out, j - 7, 8)); - System.out.println(); - } + out[j++] = (byte)(S[ a0 >>> 24 ] ^ (k0 >>> 24)); + out[j++] = (byte)(S[(a0 >>> 16) & 0xFF] ^ (k0 >>> 16)); + out[j++] = (byte)(S[(a0 >>> 8) & 0xFF] ^ (k0 >>> 8)); + out[j++] = (byte)(S[ a0 & 0xFF] ^ k0 ); + out[j++] = (byte)(S[ a1 >>> 24 ] ^ (k1 >>> 24)); + out[j++] = (byte)(S[(a1 >>> 16) & 0xFF] ^ (k1 >>> 16)); + out[j++] = (byte)(S[(a1 >>> 8) & 0xFF] ^ (k1 >>> 8)); + out[j ] = (byte)(S[ a1 & 0xFF] ^ k1 ); + if (Configuration.DEBUG) + log.fine("T=" + Util.toString(out, j - 7, 8) + "\n"); } - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { Khazad result = new Khazad(); @@ -354,12 +299,10 @@ public final class Khazad extends BaseCipher return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(DEFAULT_BLOCK_SIZE)); + al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE)); return Collections.unmodifiableList(al).iterator(); } @@ -367,15 +310,14 @@ public final class Khazad extends BaseCipher public Iterator keySizes() { ArrayList al = new ArrayList(); - al.add(new Integer(DEFAULT_KEY_SIZE)); - + al.add(Integer.valueOf(DEFAULT_KEY_SIZE)); return Collections.unmodifiableList(al).iterator(); } /** - * <p>Expands a user-supplied key material into a session key for a - * designated <i>block size</i>.</p> - * + * Expands a user-supplied key material into a session key for a designated + * <i>block size</i>. + * * @param uk the 128-bit user-supplied key material. * @param bs the desired block size in bytes. * @return an Object encapsulating the session key. @@ -385,54 +327,58 @@ public final class Khazad extends BaseCipher public Object makeKey(byte[] uk, int bs) throws InvalidKeyException { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); if (uk == null) - { - throw new InvalidKeyException("Empty key"); - } + throw new InvalidKeyException("Empty key"); if (uk.length != 16) - { - throw new InvalidKeyException("Key is not 128-bit."); - } + throw new InvalidKeyException("Key is not 128-bit."); int[][] Ke = new int[R + 1][2]; // encryption round keys int[][] Kd = new int[R + 1][2]; // decryption round keys - int r, i; int k20, k21, k10, k11, rc0, rc1, kr0, kr1; - i = 0; - k20 = uk[i++] << 24 | (uk[i++] & 0xFF) << 16 | (uk[i++] & 0xFF) << 8 - | (uk[i++] & 0xFF); - k21 = uk[i++] << 24 | (uk[i++] & 0xFF) << 16 | (uk[i++] & 0xFF) << 8 - | (uk[i++] & 0xFF); - k10 = uk[i++] << 24 | (uk[i++] & 0xFF) << 16 | (uk[i++] & 0xFF) << 8 - | (uk[i++] & 0xFF); - k11 = uk[i++] << 24 | (uk[i++] & 0xFF) << 16 | (uk[i++] & 0xFF) << 8 - | (uk[i++] & 0xFF); - + k20 = uk[i++] << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); + k21 = uk[i++] << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); + k10 = uk[i++] << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); + k11 = uk[i++] << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); for (r = 0, i = 0; r <= R; r++) { rc0 = rc[r][0]; rc1 = rc[r][1]; - - kr0 = T0[k10 >>> 24] ^ T1[(k10 >>> 16) & 0xFF] ^ T2[(k10 >>> 8) & 0xFF] - ^ T3[k10 & 0xFF] ^ T4[(k11 >>> 24) & 0xFF] - ^ T5[(k11 >>> 16) & 0xFF] ^ T6[(k11 >>> 8) & 0xFF] - ^ T7[k11 & 0xFF] ^ rc0 ^ k20; - kr1 = T0[k11 >>> 24] ^ T1[(k11 >>> 16) & 0xFF] ^ T2[(k11 >>> 8) & 0xFF] - ^ T3[k11 & 0xFF] ^ T4[(k10 >>> 24) & 0xFF] - ^ T5[(k10 >>> 16) & 0xFF] ^ T6[(k10 >>> 8) & 0xFF] - ^ T7[k10 & 0xFF] ^ rc1 ^ k21; - + kr0 = T0[ k10 >>> 24 ] + ^ T1[(k10 >>> 16) & 0xFF] + ^ T2[(k10 >>> 8) & 0xFF] + ^ T3[ k10 & 0xFF] + ^ T4[(k11 >>> 24) & 0xFF] + ^ T5[(k11 >>> 16) & 0xFF] + ^ T6[(k11 >>> 8) & 0xFF] + ^ T7[ k11 & 0xFF] ^ rc0 ^ k20; + kr1 = T0[ k11 >>> 24 ] + ^ T1[(k11 >>> 16) & 0xFF] + ^ T2[(k11 >>> 8) & 0xFF] + ^ T3[ k11 & 0xFF] + ^ T4[(k10 >>> 24) & 0xFF] + ^ T5[(k10 >>> 16) & 0xFF] + ^ T6[(k10 >>> 8) & 0xFF] + ^ T7[ k10 & 0xFF] ^ rc1 ^ k21; Ke[r][0] = kr0; Ke[r][1] = kr1; k20 = k10; k21 = k11; k10 = kr0; k11 = kr1; - if (r == 0 || r == R) { Kd[R - r][0] = kr0; @@ -440,68 +386,52 @@ public final class Khazad extends BaseCipher } else { - Kd[R - r][0] = T0[S[kr0 >>> 24] & 0xFF] - ^ T1[S[(kr0 >>> 16) & 0xFF] & 0xFF] - ^ T2[S[(kr0 >>> 8) & 0xFF] & 0xFF] - ^ T3[S[kr0 & 0xFF] & 0xFF] - ^ T4[S[kr1 >>> 24] & 0xFF] - ^ T5[S[(kr1 >>> 16) & 0xFF] & 0xFF] - ^ T6[S[(kr1 >>> 8) & 0xFF] & 0xFF] - ^ T7[S[kr1 & 0xFF] & 0xFF]; - Kd[R - r][1] = T0[S[kr1 >>> 24] & 0xFF] - ^ T1[S[(kr1 >>> 16) & 0xFF] & 0xFF] - ^ T2[S[(kr1 >>> 8) & 0xFF] & 0xFF] - ^ T3[S[kr1 & 0xFF] & 0xFF] - ^ T4[S[kr0 >>> 24] & 0xFF] - ^ T5[S[(kr0 >>> 16) & 0xFF] & 0xFF] - ^ T6[S[(kr0 >>> 8) & 0xFF] & 0xFF] - ^ T7[S[kr0 & 0xFF] & 0xFF]; + Kd[R - r][0] = T0[S[ kr0 >>> 24 ] & 0xFF] + ^ T1[S[(kr0 >>> 16) & 0xFF] & 0xFF] + ^ T2[S[(kr0 >>> 8) & 0xFF] & 0xFF] + ^ T3[S[ kr0 & 0xFF] & 0xFF] + ^ T4[S[ kr1 >>> 24 ] & 0xFF] + ^ T5[S[(kr1 >>> 16) & 0xFF] & 0xFF] + ^ T6[S[(kr1 >>> 8) & 0xFF] & 0xFF] + ^ T7[S[ kr1 & 0xFF] & 0xFF]; + Kd[R - r][1] = T0[S[ kr1 >>> 24 ] & 0xFF] + ^ T1[S[(kr1 >>> 16) & 0xFF] & 0xFF] + ^ T2[S[(kr1 >>> 8) & 0xFF] & 0xFF] + ^ T3[S[ kr1 & 0xFF] & 0xFF] + ^ T4[S[ kr0 >>> 24 ] & 0xFF] + ^ T5[S[(kr0 >>> 16) & 0xFF] & 0xFF] + ^ T6[S[(kr0 >>> 8) & 0xFF] & 0xFF] + ^ T7[S[ kr0 & 0xFF] & 0xFF]; } } - - if (DEBUG && debuglevel > 8) + if (Configuration.DEBUG) { - System.out.println(); - System.out.println("Key schedule"); - System.out.println(); - System.out.println("Ke[]:"); + log.fine("Key schedule"); + log.fine("Ke[]:"); for (r = 0; r < R + 1; r++) - { - System.out.println("#" + r + ": 0x" + Util.toString(Ke[r][0]) - + Util.toString(Ke[r][1])); - } - System.out.println(); - System.out.println("Kd[]:"); + log.fine("#" + r + ": 0x" + Util.toString(Ke[r][0]) + + Util.toString(Ke[r][1])); + log.fine("Kd[]:"); for (r = 0; r < R + 1; r++) - { - System.out.println("#" + r + ": 0x" + Util.toString(Kd[r][0]) - + Util.toString(Kd[r][1])); - } - System.out.println(); + log.fine("#" + r + ": 0x" + Util.toString(Kd[r][0]) + + Util.toString(Kd[r][1])); } - return new Object[] { Ke, Kd }; } public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - - int[][] K = (int[][]) ((Object[]) k)[0]; + throw new IllegalArgumentException(); + int[][] K = (int[][])((Object[]) k)[0]; khazad(in, i, out, j, K); } public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - - int[][] K = (int[][]) ((Object[]) k)[1]; + throw new IllegalArgumentException(); + int[][] K = (int[][])((Object[]) k)[1]; khazad(in, i, out, j, K); } @@ -511,11 +441,9 @@ public final class Khazad extends BaseCipher { boolean result = super.selfTest(); // do symmetry tests if (result) - { - result = testKat(KAT_KEY, KAT_CT); - } + result = testKat(KAT_KEY, KAT_CT); valid = Boolean.valueOf(result); } return valid.booleanValue(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java b/libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java index 09252db9063..4515559549b 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java @@ -46,53 +46,35 @@ import java.util.Collections; import java.util.Iterator; /** - * <p>The implementation of a Null block cipher.</p> - * - * <p>This cipher does not alter its input at all, claims to process block sizes + * The implementation of a Null block cipher. + * <p> + * This cipher does not alter its input at all, claims to process block sizes * 128-, 192- and 256-bit long, and key sizes from 64- to 512-bit in 8-bit - * increments.</p> + * increments. */ -public final class NullCipher extends BaseCipher +public final class NullCipher + extends BaseCipher { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public NullCipher() { super(Registry.NULL_CIPHER, 16, 16); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { NullCipher result = new NullCipher(); result.currentBlockSize = this.currentBlockSize; - return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(64 / 8)); - al.add(new Integer(128 / 8)); - al.add(new Integer(192 / 8)); - al.add(new Integer(256 / 8)); - + al.add(Integer.valueOf(64 / 8)); + al.add(Integer.valueOf(128 / 8)); + al.add(Integer.valueOf(192 / 8)); + al.add(Integer.valueOf(256 / 8)); return Collections.unmodifiableList(al).iterator(); } @@ -100,10 +82,7 @@ public final class NullCipher extends BaseCipher { ArrayList al = new ArrayList(); for (int n = 8; n < 64; n++) - { - al.add(new Integer(n)); - } - + al.add(Integer.valueOf(n)); return Collections.unmodifiableList(al).iterator(); } @@ -126,4 +105,4 @@ public final class NullCipher extends BaseCipher { return true; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java b/libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java index bcd1872fc1b..d1bc958c323 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java @@ -38,372 +38,274 @@ exception statement from your version. */ package gnu.javax.crypto.cipher; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.Util; -//import java.io.PrintWriter; import java.security.InvalidKeyException; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; +import java.util.logging.Logger; /** - * <p>Rijndael --pronounced Reindaal-- is the AES. It is a variable block-size + * Rijndael --pronounced Reindaal-- is the AES. It is a variable block-size * (128-, 192- and 256-bit), variable key-size (128-, 192- and 256-bit) - * symmetric key block cipher.</p> - * - * <p>References:</p> - * + * symmetric key block cipher. + * <p> + * References: * <ol> - * <li><a href="http://www.esat.kuleuven.ac.be/~rijmen/rijndael/">The - * Rijndael Block Cipher - AES Proposal</a>.<br> - * <a href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a> and - * <a href="mailto:daemen.j@protonworld.com">Joan Daemen</a>.</li> + * <li><a href="http://www.esat.kuleuven.ac.be/~rijmen/rijndael/">The Rijndael + * Block Cipher - AES Proposal</a>.<br> + * <a href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a> and + * <a href="mailto:daemen.j@protonworld.com">Joan Daemen</a>.</li> * </ol> */ -public final class Rijndael extends BaseCipher +public final class Rijndael + extends BaseCipher { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - // private static final String NAME = "rijndael"; - private static final boolean DEBUG = false; - - private static final int debuglevel = 9; - - // private static final PrintWriter err = new PrintWriter(System.out, true); - // private static void debug(String s) { - // err.println(">>> "+NAME+": "+s); - // } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(Rijndael.class.getName()); private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes - private static final int DEFAULT_KEY_SIZE = 16; // in bytes - - private static final String SS = "\u637C\u777B\uF26B\u6FC5\u3001\u672B\uFED7\uAB76" - + "\uCA82\uC97D\uFA59\u47F0\uADD4\uA2AF\u9CA4\u72C0" - + "\uB7FD\u9326\u363F\uF7CC\u34A5\uE5F1\u71D8\u3115" - + "\u04C7\u23C3\u1896\u059A\u0712\u80E2\uEB27\uB275" - + "\u0983\u2C1A\u1B6E\u5AA0\u523B\uD6B3\u29E3\u2F84" - + "\u53D1\u00ED\u20FC\uB15B\u6ACB\uBE39\u4A4C\u58CF" - + "\uD0EF\uAAFB\u434D\u3385\u45F9\u027F\u503C\u9FA8" - + "\u51A3\u408F\u929D\u38F5\uBCB6\uDA21\u10FF\uF3D2" - + "\uCD0C\u13EC\u5F97\u4417\uC4A7\u7E3D\u645D\u1973" - + "\u6081\u4FDC\u222A\u9088\u46EE\uB814\uDE5E\u0BDB" - + "\uE032\u3A0A\u4906\u245C\uC2D3\uAC62\u9195\uE479" - + "\uE7C8\u376D\u8DD5\u4EA9\u6C56\uF4EA\u657A\uAE08" - + "\uBA78\u252E\u1CA6\uB4C6\uE8DD\u741F\u4BBD\u8B8A" - + "\u703E\uB566\u4803\uF60E\u6135\u57B9\u86C1\u1D9E" - + "\uE1F8\u9811\u69D9\u8E94\u9B1E\u87E9\uCE55\u28DF" - + "\u8CA1\u890D\uBFE6\u4268\u4199\u2D0F\uB054\uBB16"; - + private static final String SS = + "\u637C\u777B\uF26B\u6FC5\u3001\u672B\uFED7\uAB76" + + "\uCA82\uC97D\uFA59\u47F0\uADD4\uA2AF\u9CA4\u72C0" + + "\uB7FD\u9326\u363F\uF7CC\u34A5\uE5F1\u71D8\u3115" + + "\u04C7\u23C3\u1896\u059A\u0712\u80E2\uEB27\uB275" + + "\u0983\u2C1A\u1B6E\u5AA0\u523B\uD6B3\u29E3\u2F84" + + "\u53D1\u00ED\u20FC\uB15B\u6ACB\uBE39\u4A4C\u58CF" + + "\uD0EF\uAAFB\u434D\u3385\u45F9\u027F\u503C\u9FA8" + + "\u51A3\u408F\u929D\u38F5\uBCB6\uDA21\u10FF\uF3D2" + + "\uCD0C\u13EC\u5F97\u4417\uC4A7\u7E3D\u645D\u1973" + + "\u6081\u4FDC\u222A\u9088\u46EE\uB814\uDE5E\u0BDB" + + "\uE032\u3A0A\u4906\u245C\uC2D3\uAC62\u9195\uE479" + + "\uE7C8\u376D\u8DD5\u4EA9\u6C56\uF4EA\u657A\uAE08" + + "\uBA78\u252E\u1CA6\uB4C6\uE8DD\u741F\u4BBD\u8B8A" + + "\u703E\uB566\u4803\uF60E\u6135\u57B9\u86C1\u1D9E" + + "\uE1F8\u9811\u69D9\u8E94\u9B1E\u87E9\uCE55\u28DF" + + "\u8CA1\u890D\uBFE6\u4268\u4199\u2D0F\uB054\uBB16"; private static final byte[] S = new byte[256]; - private static final byte[] Si = new byte[256]; - private static final int[] T1 = new int[256]; - private static final int[] T2 = new int[256]; - private static final int[] T3 = new int[256]; - private static final int[] T4 = new int[256]; - private static final int[] T5 = new int[256]; - private static final int[] T6 = new int[256]; - private static final int[] T7 = new int[256]; - private static final int[] T8 = new int[256]; - private static final int[] U1 = new int[256]; - private static final int[] U2 = new int[256]; - private static final int[] U3 = new int[256]; - private static final int[] U4 = new int[256]; - private static final byte[] rcon = new byte[30]; - private static final int[][][] shifts = new int[][][] { - { { 0, 0 }, { 1, 3 }, - { 2, 2 }, { 3, 1 } }, - { { 0, 0 }, { 1, 5 }, - { 2, 4 }, { 3, 3 } }, - { { 0, 0 }, { 1, 7 }, - { 3, 5 }, { 4, 4 } } }; - + { { 0, 0 }, { 1, 3 }, { 2, 2 }, { 3, 1 } }, + { { 0, 0 }, { 1, 5 }, { 2, 4 }, { 3, 3 } }, + { { 0, 0 }, { 1, 7 }, { 3, 5 }, { 4, 4 } } }; /** - * KAT vector (from ecb_vk): - * I=96 + * KAT vector (from ecb_vk): I=96 * KEY=0000000000000000000000010000000000000000000000000000000000000000 * CT=E44429474D6FC3084EB2A6B8B46AF754 */ - private static final byte[] KAT_KEY = Util.toBytesFromString("0000000000000000000000010000000000000000000000000000000000000000"); - - private static final byte[] KAT_CT = Util.toBytesFromString("E44429474D6FC3084EB2A6B8B46AF754"); - + private static final byte[] KAT_KEY = Util.toBytesFromString( + "0000000000000000000000010000000000000000000000000000000000000000"); + private static final byte[] KAT_CT = Util.toBytesFromString( + "E44429474D6FC3084EB2A6B8B46AF754"); /** caches the result of the correctness test, once executed. */ private static Boolean valid; - // Static code - to intialise lookup tables -------------------------------- - static { long time = System.currentTimeMillis(); - int ROOT = 0x11B; int i, j = 0; - // S-box, inverse S-box, T-boxes, U-boxes int s, s2, s3, i2, i4, i8, i9, ib, id, ie, t; char c; for (i = 0; i < 256; i++) { c = SS.charAt(i >>> 1); - S[i] = (byte) (((i & 1) == 0) ? c >>> 8 : c & 0xFF); + S[i] = (byte)(((i & 1) == 0) ? c >>> 8 : c & 0xFF); s = S[i] & 0xFF; Si[s] = (byte) i; s2 = s << 1; if (s2 >= 0x100) - { - s2 ^= ROOT; - } + s2 ^= ROOT; s3 = s2 ^ s; i2 = i << 1; if (i2 >= 0x100) - { - i2 ^= ROOT; - } + i2 ^= ROOT; i4 = i2 << 1; if (i4 >= 0x100) - { - i4 ^= ROOT; - } + i4 ^= ROOT; i8 = i4 << 1; if (i8 >= 0x100) - { - i8 ^= ROOT; - } + i8 ^= ROOT; i9 = i8 ^ i; ib = i9 ^ i2; id = i9 ^ i4; ie = i8 ^ i4 ^ i2; - T1[i] = t = (s2 << 24) | (s << 16) | (s << 8) | s3; - T2[i] = (t >>> 8) | (t << 24); + T2[i] = (t >>> 8) | (t << 24); T3[i] = (t >>> 16) | (t << 16); - T4[i] = (t >>> 24) | (t << 8); - + T4[i] = (t >>> 24) | (t << 8); T5[s] = U1[i] = t = (ie << 24) | (i9 << 16) | (id << 8) | ib; - T6[s] = U2[i] = (t >>> 8) | (t << 24); + T6[s] = U2[i] = (t >>> 8) | (t << 24); T7[s] = U3[i] = (t >>> 16) | (t << 16); - T8[s] = U4[i] = (t >>> 24) | (t << 8); + T8[s] = U4[i] = (t >>> 24) | (t << 8); } - // // round constants - // int r = 1; rcon[0] = 1; for (i = 1; i < 30; i++) { r <<= 1; if (r >= 0x100) - { - r ^= ROOT; - } + r ^= ROOT; rcon[i] = (byte) r; } - time = System.currentTimeMillis() - time; - - if (DEBUG && debuglevel > 8) + if (Configuration.DEBUG) { - System.out.println("=========="); - System.out.println(); - System.out.println("Static Data"); - System.out.println(); - System.out.println("S[]:"); + log.fine("Static Data"); + log.fine("S[]:"); + StringBuilder sb; for (i = 0; i < 16; i++) { + sb = new StringBuilder(); for (j = 0; j < 16; j++) - { - System.out.print("0x" + Util.toString(S[i * 16 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(S[i * 16 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("Si[]:"); + log.fine("Si[]:"); for (i = 0; i < 16; i++) { + sb = new StringBuilder(); for (j = 0; j < 16; j++) - { - System.out.print("0x" + Util.toString(Si[i * 16 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(Si[i * 16 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T1[]:"); + log.fine("T1[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T1[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T1[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T2[]:"); + log.fine("T2[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T2[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T2[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T3[]:"); + log.fine("T3[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T3[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T3[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T4[]:"); + log.fine("T4[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T4[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T4[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T5[]:"); + log.fine("T5[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T5[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T5[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T6[]:"); + log.fine("T6[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T6[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T6[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T7[]:"); + log.fine("T7[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T7[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T7[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("T8[]:"); + log.fine("T8[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(T8[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(T8[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("U1[]:"); + log.fine("U1[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(U1[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(U1[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("U2[]:"); + log.fine("U2[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(U2[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(U2[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("U3[]:"); + log.fine("U3[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(U3[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(U3[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("U4[]:"); + log.fine("U4[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.println("0x" + Util.toString(U4[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(U4[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("rcon[]:"); + log.fine("rcon[]:"); for (i = 0; i < 5; i++) { + sb = new StringBuilder(); for (j = 0; j < 6; j++) - { - System.out.print("0x" + Util.toString(rcon[i * 6 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(rcon[i * 6 + j])).append(", "); + log.fine(sb.toString()); } - - System.out.println(); - System.out.println("Total initialization time: " + time + " ms."); - System.out.println(); + log.fine("Total initialization time: " + time + " ms."); } } - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public Rijndael() { super(Registry.RIJNDAEL_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the number of rounds for a given Rijndael's key and block - * sizes.</p> - * + * Returns the number of rounds for a given Rijndael's key and block sizes. + * * @param ks the size of the user key material in bytes. * @param bs the desired block size in bytes. * @return the number of rounds for a given Rijndael's key and block sizes. @@ -426,7 +328,6 @@ public final class Rijndael extends BaseCipher { Object[] sKey = (Object[]) sessionKey; // extract encryption round keys int[][] Ke = (int[][]) sKey[0]; - int BC = bs / 4; int ROUNDS = Ke.length - 1; int SC = BC == 4 ? 0 : (BC == 6 ? 1 : 2); @@ -436,45 +337,32 @@ public final class Rijndael extends BaseCipher int[] a = new int[BC]; int[] t = new int[BC]; // temporary work array int i, tt; - - for (i = 0; i < BC; i++) - { // plaintext to ints + key - t[i] = (in[inOffset++] << 24 | (in[inOffset++] & 0xFF) << 16 - | (in[inOffset++] & 0xFF) << 8 | (in[inOffset++] & 0xFF)) - ^ Ke[0][i]; - } - - for (int r = 1; r < ROUNDS; r++) - { // apply round transforms + for (i = 0; i < BC; i++) // plaintext to ints + key + t[i] = (in[inOffset++] << 24 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) ) ^ Ke[0][i]; + for (int r = 1; r < ROUNDS; r++) // apply round transforms + { for (i = 0; i < BC; i++) - { - a[i] = (T1[(t[i] >>> 24)] ^ T2[(t[(i + s1) % BC] >>> 16) & 0xFF] - ^ T3[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ T4[t[(i + s3) % BC] & 0xFF]) - ^ Ke[r][i]; - } - + a[i] = (T1[(t[ i ] >>> 24) ] + ^ T2[(t[(i + s1) % BC] >>> 16) & 0xFF] + ^ T3[(t[(i + s2) % BC] >>> 8) & 0xFF] + ^ T4[ t[(i + s3) % BC] & 0xFF]) ^ Ke[r][i]; System.arraycopy(a, 0, t, 0, BC); - - if (DEBUG && debuglevel > 6) - { - System.out.println("CT" + r + "=" + Util.toString(t)); - } + if (Configuration.DEBUG) + log.fine("CT" + r + "=" + Util.toString(t)); } - - for (i = 0; i < BC; i++) - { // last round is special - tt = Ke[ROUNDS][i]; - out[outOffset++] = (byte) (S[(t[i] >>> 24)] ^ (tt >>> 24)); - out[outOffset++] = (byte) (S[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16)); - out[outOffset++] = (byte) (S[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8)); - out[outOffset++] = (byte) (S[t[(i + s3) % BC] & 0xFF] ^ tt); - } - - if (DEBUG && debuglevel > 6) + for (i = 0; i < BC; i++) // last round is special { - System.out.println("CT=" + Util.toString(out, outOffset - bs + 1, bs)); - System.out.println(); + tt = Ke[ROUNDS][i]; + out[outOffset++] = (byte)(S[(t[ i ] >>> 24) ] ^ (tt >>> 24)); + out[outOffset++] = (byte)(S[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16)); + out[outOffset++] = (byte)(S[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8)); + out[outOffset++] = (byte)(S[ t[(i + s3) % BC] & 0xFF] ^ tt ); } + if (Configuration.DEBUG) + log.fine("CT=" + Util.toString(out, outOffset - bs, bs)); } private static void rijndaelDecrypt(byte[] in, int inOffset, byte[] out, @@ -482,7 +370,6 @@ public final class Rijndael extends BaseCipher { Object[] sKey = (Object[]) sessionKey; // extract decryption round keys int[][] Kd = (int[][]) sKey[1]; - int BC = bs / 4; int ROUNDS = Kd.length - 1; int SC = BC == 4 ? 0 : (BC == 6 ? 1 : 2); @@ -492,194 +379,187 @@ public final class Rijndael extends BaseCipher int[] a = new int[BC]; int[] t = new int[BC]; // temporary work array int i, tt; - - for (i = 0; i < BC; i++) - { // ciphertext to ints + key - t[i] = (in[inOffset++] << 24 | (in[inOffset++] & 0xFF) << 16 - | (in[inOffset++] & 0xFF) << 8 | (in[inOffset++] & 0xFF)) - ^ Kd[0][i]; - } - - for (int r = 1; r < ROUNDS; r++) - { // apply round transforms + for (i = 0; i < BC; i++) // ciphertext to ints + key + t[i] = (in[inOffset++] << 24 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) ) ^ Kd[0][i]; + for (int r = 1; r < ROUNDS; r++) // apply round transforms + { for (i = 0; i < BC; i++) - { - a[i] = (T5[(t[i] >>> 24)] ^ T6[(t[(i + s1) % BC] >>> 16) & 0xFF] - ^ T7[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ T8[t[(i + s3) % BC] & 0xFF]) - ^ Kd[r][i]; - } - + a[i] = (T5[(t[ i ] >>> 24) ] + ^ T6[(t[(i + s1) % BC] >>> 16) & 0xFF] + ^ T7[(t[(i + s2) % BC] >>> 8) & 0xFF] + ^ T8[ t[(i + s3) % BC] & 0xFF]) ^ Kd[r][i]; System.arraycopy(a, 0, t, 0, BC); - - if (DEBUG && debuglevel > 6) - { - System.out.println("PT" + r + "=" + Util.toString(t)); - } - } - - for (i = 0; i < BC; i++) - { // last round is special - tt = Kd[ROUNDS][i]; - out[outOffset++] = (byte) (Si[(t[i] >>> 24)] ^ (tt >>> 24)); - out[outOffset++] = (byte) (Si[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16)); - out[outOffset++] = (byte) (Si[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8)); - out[outOffset++] = (byte) (Si[t[(i + s3) % BC] & 0xFF] ^ tt); + if (Configuration.DEBUG) + log.fine("PT" + r + "=" + Util.toString(t)); } - - if (DEBUG && debuglevel > 6) + for (i = 0; i < BC; i++) // last round is special { - System.out.println("PT=" + Util.toString(out, outOffset - bs + 1, bs)); - System.out.println(); + tt = Kd[ROUNDS][i]; + out[outOffset++] = (byte)(Si[(t[ i ] >>> 24) ] ^ (tt >>> 24)); + out[outOffset++] = (byte)(Si[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16)); + out[outOffset++] = (byte)(Si[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8)); + out[outOffset++] = (byte)(Si[ t[(i + s3) % BC] & 0xFF] ^ tt ); } + if (Configuration.DEBUG) + log.fine("PT=" + Util.toString(out, outOffset - bs, bs)); } private static void aesEncrypt(byte[] in, int i, byte[] out, int j, Object key) { - int[][] Ke = (int[][]) ((Object[]) key)[0]; // extract encryption round keys + int[][] Ke = (int[][])((Object[]) key)[0]; // extract encryption round keys int ROUNDS = Ke.length - 1; int[] Ker = Ke[0]; - // plaintext to ints + key - int t0 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Ker[0]; - int t1 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Ker[1]; - int t2 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Ker[2]; - int t3 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Ker[3]; - + int t0 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Ker[0]; + int t1 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Ker[1]; + int t2 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Ker[2]; + int t3 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Ker[3]; int a0, a1, a2, a3; - for (int r = 1; r < ROUNDS; r++) - { // apply round transforms + for (int r = 1; r < ROUNDS; r++) // apply round transforms + { Ker = Ke[r]; - a0 = (T1[(t0 >>> 24)] ^ T2[(t1 >>> 16) & 0xFF] ^ T3[(t2 >>> 8) & 0xFF] ^ T4[t3 & 0xFF]) - ^ Ker[0]; - a1 = (T1[(t1 >>> 24)] ^ T2[(t2 >>> 16) & 0xFF] ^ T3[(t3 >>> 8) & 0xFF] ^ T4[t0 & 0xFF]) - ^ Ker[1]; - a2 = (T1[(t2 >>> 24)] ^ T2[(t3 >>> 16) & 0xFF] ^ T3[(t0 >>> 8) & 0xFF] ^ T4[t1 & 0xFF]) - ^ Ker[2]; - a3 = (T1[(t3 >>> 24)] ^ T2[(t0 >>> 16) & 0xFF] ^ T3[(t1 >>> 8) & 0xFF] ^ T4[t2 & 0xFF]) - ^ Ker[3]; + a0 = (T1[(t0 >>> 24) ] + ^ T2[(t1 >>> 16) & 0xFF] + ^ T3[(t2 >>> 8) & 0xFF] + ^ T4[ t3 & 0xFF]) ^ Ker[0]; + a1 = (T1[(t1 >>> 24) ] + ^ T2[(t2 >>> 16) & 0xFF] + ^ T3[(t3 >>> 8) & 0xFF] + ^ T4[ t0 & 0xFF]) ^ Ker[1]; + a2 = (T1[(t2 >>> 24) ] + ^ T2[(t3 >>> 16) & 0xFF] + ^ T3[(t0 >>> 8) & 0xFF] + ^ T4[ t1 & 0xFF]) ^ Ker[2]; + a3 = (T1[(t3 >>> 24) ] + ^ T2[(t0 >>> 16) & 0xFF] + ^ T3[(t1 >>> 8) & 0xFF] + ^ T4[ t2 & 0xFF]) ^ Ker[3]; t0 = a0; t1 = a1; t2 = a2; t3 = a3; - - if (DEBUG && debuglevel > 6) - { - System.out.println("CT" + r + "=" + Util.toString(t0) - + Util.toString(t1) + Util.toString(t2) - + Util.toString(t3)); - } + if (Configuration.DEBUG) + log.fine("CT" + r + "=" + Util.toString(t0) + Util.toString(t1) + + Util.toString(t2) + Util.toString(t3)); } - // last round is special Ker = Ke[ROUNDS]; int tt = Ker[0]; - out[j++] = (byte) (S[(t0 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (S[(t1 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (S[(t2 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (S[t3 & 0xFF] ^ tt); + out[j++] = (byte)(S[(t0 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(S[(t1 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(S[(t2 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(S[ t3 & 0xFF] ^ tt ); tt = Ker[1]; - out[j++] = (byte) (S[(t1 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (S[t0 & 0xFF] ^ tt); + out[j++] = (byte)(S[(t1 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(S[ t0 & 0xFF] ^ tt ); tt = Ker[2]; - out[j++] = (byte) (S[(t2 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (S[t1 & 0xFF] ^ tt); + out[j++] = (byte)(S[(t2 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(S[ t1 & 0xFF] ^ tt ); tt = Ker[3]; - out[j++] = (byte) (S[(t3 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (S[t2 & 0xFF] ^ tt); - - if (DEBUG && debuglevel > 6) - { - System.out.println("CT=" + Util.toString(out, j - 15, 16)); - System.out.println(); - } + out[j++] = (byte)(S[(t3 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(S[ t2 & 0xFF] ^ tt ); + if (Configuration.DEBUG) + log.fine("CT=" + Util.toString(out, j - 16, 16)); } private static void aesDecrypt(byte[] in, int i, byte[] out, int j, Object key) { - int[][] Kd = (int[][]) ((Object[]) key)[1]; // extract decryption round keys + int[][] Kd = (int[][])((Object[]) key)[1]; // extract decryption round keys int ROUNDS = Kd.length - 1; int[] Kdr = Kd[0]; - // ciphertext to ints + key - int t0 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Kdr[0]; - int t1 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Kdr[1]; - int t2 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Kdr[2]; - int t3 = (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ Kdr[3]; + int t0 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Kdr[0]; + int t1 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Kdr[1]; + int t2 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Kdr[2]; + int t3 = (in[i++] << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ Kdr[3]; int a0, a1, a2, a3; - for (int r = 1; r < ROUNDS; r++) - { // apply round transforms + for (int r = 1; r < ROUNDS; r++) // apply round transforms + { Kdr = Kd[r]; - a0 = (T5[(t0 >>> 24)] ^ T6[(t3 >>> 16) & 0xFF] ^ T7[(t2 >>> 8) & 0xFF] ^ T8[t1 & 0xFF]) - ^ Kdr[0]; - a1 = (T5[(t1 >>> 24)] ^ T6[(t0 >>> 16) & 0xFF] ^ T7[(t3 >>> 8) & 0xFF] ^ T8[t2 & 0xFF]) - ^ Kdr[1]; - a2 = (T5[(t2 >>> 24)] ^ T6[(t1 >>> 16) & 0xFF] ^ T7[(t0 >>> 8) & 0xFF] ^ T8[t3 & 0xFF]) - ^ Kdr[2]; - a3 = (T5[(t3 >>> 24)] ^ T6[(t2 >>> 16) & 0xFF] ^ T7[(t1 >>> 8) & 0xFF] ^ T8[t0 & 0xFF]) - ^ Kdr[3]; + a0 = (T5[(t0 >>> 24) ] + ^ T6[(t3 >>> 16) & 0xFF] + ^ T7[(t2 >>> 8) & 0xFF] + ^ T8[ t1 & 0xFF]) ^ Kdr[0]; + a1 = (T5[(t1 >>> 24) ] + ^ T6[(t0 >>> 16) & 0xFF] + ^ T7[(t3 >>> 8) & 0xFF] + ^ T8[ t2 & 0xFF]) ^ Kdr[1]; + a2 = (T5[(t2 >>> 24) ] + ^ T6[(t1 >>> 16) & 0xFF] + ^ T7[(t0 >>> 8) & 0xFF] + ^ T8[ t3 & 0xFF]) ^ Kdr[2]; + a3 = (T5[(t3 >>> 24) ] + ^ T6[(t2 >>> 16) & 0xFF] + ^ T7[(t1 >>> 8) & 0xFF] + ^ T8[ t0 & 0xFF]) ^ Kdr[3]; t0 = a0; t1 = a1; t2 = a2; t3 = a3; - - if (DEBUG && debuglevel > 6) - { - System.out.println("PT" + r + "=" + Util.toString(t0) - + Util.toString(t1) + Util.toString(t2) - + Util.toString(t3)); - } + if (Configuration.DEBUG) + log.fine("PT" + r + "=" + Util.toString(t0) + Util.toString(t1) + + Util.toString(t2) + Util.toString(t3)); } - // last round is special Kdr = Kd[ROUNDS]; int tt = Kdr[0]; - out[j++] = (byte) (Si[(t0 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (Si[(t3 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (Si[(t2 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (Si[t1 & 0xFF] ^ tt); + out[j++] = (byte)(Si[(t0 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(Si[(t3 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(Si[(t2 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(Si[ t1 & 0xFF] ^ tt ); tt = Kdr[1]; - out[j++] = (byte) (Si[(t1 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (Si[(t0 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (Si[(t3 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (Si[t2 & 0xFF] ^ tt); + out[j++] = (byte)(Si[(t1 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(Si[(t0 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(Si[(t3 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(Si[ t2 & 0xFF] ^ tt ); tt = Kdr[2]; - out[j++] = (byte) (Si[(t2 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (Si[(t1 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (Si[(t0 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (Si[t3 & 0xFF] ^ tt); + out[j++] = (byte)(Si[(t2 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(Si[(t1 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(Si[(t0 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(Si[ t3 & 0xFF] ^ tt ); tt = Kdr[3]; - out[j++] = (byte) (Si[(t3 >>> 24)] ^ (tt >>> 24)); - out[j++] = (byte) (Si[(t2 >>> 16) & 0xFF] ^ (tt >>> 16)); - out[j++] = (byte) (Si[(t1 >>> 8) & 0xFF] ^ (tt >>> 8)); - out[j++] = (byte) (Si[t0 & 0xFF] ^ tt); - - if (DEBUG && debuglevel > 6) - { - System.out.println("PT=" + Util.toString(out, j - 15, 16)); - System.out.println(); - } + out[j++] = (byte)(Si[(t3 >>> 24) ] ^ (tt >>> 24)); + out[j++] = (byte)(Si[(t2 >>> 16) & 0xFF] ^ (tt >>> 16)); + out[j++] = (byte)(Si[(t1 >>> 8) & 0xFF] ^ (tt >>> 8)); + out[j++] = (byte)(Si[ t0 & 0xFF] ^ tt ); + if (Configuration.DEBUG) + log.fine("PT=" + Util.toString(out, j - 16, 16)); } - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { Rijndael result = new Rijndael(); @@ -688,14 +568,12 @@ public final class Rijndael extends BaseCipher return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(128 / 8)); - al.add(new Integer(192 / 8)); - al.add(new Integer(256 / 8)); + al.add(Integer.valueOf(128 / 8)); + al.add(Integer.valueOf(192 / 8)); + al.add(Integer.valueOf(256 / 8)); return Collections.unmodifiableList(al).iterator(); } @@ -703,9 +581,9 @@ public final class Rijndael extends BaseCipher public Iterator keySizes() { ArrayList al = new ArrayList(); - al.add(new Integer(128 / 8)); - al.add(new Integer(192 / 8)); - al.add(new Integer(256 / 8)); + al.add(Integer.valueOf(128 / 8)); + al.add(Integer.valueOf(192 / 8)); + al.add(Integer.valueOf(256 / 8)); return Collections.unmodifiableList(al).iterator(); } @@ -713,7 +591,7 @@ public final class Rijndael extends BaseCipher /** * Expands a user-supplied key material into a session key for a designated * <i>block size</i>. - * + * * @param k the 128/192/256-bit user-key to use. * @param bs the block size in bytes of this Rijndael. * @return an Object encapsulating the session key. @@ -723,18 +601,11 @@ public final class Rijndael extends BaseCipher public Object makeKey(byte[] k, int bs) throws InvalidKeyException { if (k == null) - { - throw new InvalidKeyException("Empty key"); - } - if (!(k.length == 16 || k.length == 24 || k.length == 32)) - { - throw new InvalidKeyException("Incorrect key length"); - } - if (!(bs == 16 || bs == 24 || bs == 32)) - { - throw new IllegalArgumentException(); - } - + throw new InvalidKeyException("Empty key"); + if (! (k.length == 16 || k.length == 24 || k.length == 32)) + throw new InvalidKeyException("Incorrect key length"); + if (! (bs == 16 || bs == 24 || bs == 32)) + throw new IllegalArgumentException(); int ROUNDS = getRounds(k.length, bs); int BC = bs / 4; int[][] Ke = new int[ROUNDS + 1][BC]; // encryption round keys @@ -743,13 +614,12 @@ public final class Rijndael extends BaseCipher int KC = k.length / 4; int[] tk = new int[KC]; int i, j; - // copy user material bytes into temporary ints for (i = 0, j = 0; i < KC;) - { - tk[i++] = k[j++] << 24 | (k[j++] & 0xFF) << 16 | (k[j++] & 0xFF) << 8 - | (k[j++] & 0xFF); - } + tk[i++] = k[j++] << 24 + | (k[j++] & 0xFF) << 16 + | (k[j++] & 0xFF) << 8 + | (k[j++] & 0xFF); // copy values into round key arrays int t = 0; for (j = 0; (j < KC) && (t < ROUND_KEY_COUNT); j++, t++) @@ -763,31 +633,23 @@ public final class Rijndael extends BaseCipher // extrapolate using phi (the round key evolution function) tt = tk[KC - 1]; tk[0] ^= (S[(tt >>> 16) & 0xFF] & 0xFF) << 24 - ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 16 - ^ (S[tt & 0xFF] & 0xFF) << 8 ^ (S[(tt >>> 24)] & 0xFF) - ^ rcon[rconpointer++] << 24; + ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 16 + ^ (S[ tt & 0xFF] & 0xFF) << 8 + ^ (S[(tt >>> 24) ] & 0xFF) ^ rcon[rconpointer++] << 24; if (KC != 8) - { - for (i = 1, j = 0; i < KC;) - { - tk[i++] ^= tk[j++]; - } - } + for (i = 1, j = 0; i < KC;) + tk[i++] ^= tk[j++]; else { for (i = 1, j = 0; i < KC / 2;) - { - tk[i++] ^= tk[j++]; - } + tk[i++] ^= tk[j++]; tt = tk[KC / 2 - 1]; - tk[KC / 2] ^= (S[tt & 0xFF] & 0xFF) - ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 8 - ^ (S[(tt >>> 16) & 0xFF] & 0xFF) << 16 - ^ S[(tt >>> 24) & 0xFF] << 24; + tk[KC / 2] ^= (S[ tt & 0xFF] & 0xFF) + ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 8 + ^ (S[(tt >>> 16) & 0xFF] & 0xFF) << 16 + ^ S[(tt >>> 24) & 0xFF] << 24; for (j = KC / 2, i = j + 1; i < KC;) - { - tk[i++] ^= tk[j++]; - } + tk[i++] ^= tk[j++]; } // copy values into round key arrays for (j = 0; (j < KC) && (t < ROUND_KEY_COUNT); j++, t++) @@ -796,51 +658,36 @@ public final class Rijndael extends BaseCipher Kd[ROUNDS - (t / BC)][t % BC] = tk[j]; } } - for (int r = 1; r < ROUNDS; r++) - { // inverse MixColumn where needed - for (j = 0; j < BC; j++) - { - tt = Kd[r][j]; - Kd[r][j] = U1[(tt >>> 24)] ^ U2[(tt >>> 16) & 0xFF] - ^ U3[(tt >>> 8) & 0xFF] ^ U4[tt & 0xFF]; - } - } - + for (int r = 1; r < ROUNDS; r++) // inverse MixColumn where needed + for (j = 0; j < BC; j++) + { + tt = Kd[r][j]; + Kd[r][j] = U1[(tt >>> 24) ] + ^ U2[(tt >>> 16) & 0xFF] + ^ U3[(tt >>> 8) & 0xFF] + ^ U4[ tt & 0xFF]; + } return new Object[] { Ke, Kd }; } public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { - if (!(bs == 16 || bs == 24 || bs == 32)) - { - throw new IllegalArgumentException(); - } - + if (! (bs == 16 || bs == 24 || bs == 32)) + throw new IllegalArgumentException(); if (bs == DEFAULT_BLOCK_SIZE) - { - aesEncrypt(in, i, out, j, k); - } + aesEncrypt(in, i, out, j, k); else - { - rijndaelEncrypt(in, i, out, j, k, bs); - } + rijndaelEncrypt(in, i, out, j, k, bs); } public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { - if (!(bs == 16 || bs == 24 || bs == 32)) - { - throw new IllegalArgumentException(); - } - + if (! (bs == 16 || bs == 24 || bs == 32)) + throw new IllegalArgumentException(); if (bs == DEFAULT_BLOCK_SIZE) - { - aesDecrypt(in, i, out, j, k); - } + aesDecrypt(in, i, out, j, k); else - { - rijndaelDecrypt(in, i, out, j, k, bs); - } + rijndaelDecrypt(in, i, out, j, k, bs); } public boolean selfTest() @@ -849,11 +696,9 @@ public final class Rijndael extends BaseCipher { boolean result = super.selfTest(); // do symmetry tests if (result) - { - result = testKat(KAT_KEY, KAT_CT); - } + result = testKat(KAT_KEY, KAT_CT); valid = Boolean.valueOf(result); } return valid.booleanValue(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Serpent.java b/libjava/classpath/gnu/javax/crypto/cipher/Serpent.java index 2ed1e4b5593..636e311e7ee 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Serpent.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Serpent.java @@ -47,78 +47,57 @@ import java.util.Collections; import java.util.Iterator; /** - * <p>Serpent is a 32-round substitution-permutation network block cipher, + * Serpent is a 32-round substitution-permutation network block cipher, * operating on 128-bit blocks and accepting keys of 128, 192, and 256 bits in * length. At each round the plaintext is XORed with a 128 bit portion of the * session key -- a 4224 bit key computed from the input key -- then one of * eight S-boxes are applied, and finally a simple linear transformation is * done. Decryption does the exact same thing in reverse order, and using the - * eight inverses of the S-boxes.</p> - * - * <p>Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen as a - * proposed cipher for the Advanced Encryption Standard.</p> - * - * <p>Serpent can be sped up greatly by replacing S-box substitution with a - * sequence of binary operations, and the optimal implementation depends - * upon finding the fastest sequence of binary operations that reproduce this - * substitution. This implementation uses the S-boxes discovered by - * <a href="http://www.ii.uib.no/~osvik/">Dag Arne Osvik</a>, which are - * optimized for the Pentium family of processors.</p> - * - * <p>References:</p> - * + * eight inverses of the S-boxes. + * <p> + * Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen as a + * proposed cipher for the Advanced Encryption Standard. + * <p> + * Serpent can be sped up greatly by replacing S-box substitution with a + * sequence of binary operations, and the optimal implementation depends upon + * finding the fastest sequence of binary operations that reproduce this + * substitution. This implementation uses the S-boxes discovered by <a + * href="http://www.ii.uib.no/~osvik/">Dag Arne Osvik</a>, which are optimized + * for the Pentium family of processors. + * <p> + * References: * <ol> - * <li><a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">Serpent: A - * Candidate Block Cipher for the Advanced Encryption Standard.</a></li> + * <li><a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">Serpent: A + * Candidate Block Cipher for the Advanced Encryption Standard.</a></li> * </ol> */ -public class Serpent extends BaseCipher +public class Serpent + extends BaseCipher { - - // Constants and variables - // ------------------------------------------------------------------------- - private static final int DEFAULT_KEY_SIZE = 16; - private static final int DEFAULT_BLOCK_SIZE = 16; - private static final int ROUNDS = 32; - /** The fractional part of the golden ratio, (sqrt(5)+1)/2. */ private static final int PHI = 0x9e3779b9; - /** - * KAT vector (from ecb_vk): - * I=9 + * KAT vector (from ecb_vk): I=9 * KEY=008000000000000000000000000000000000000000000000 * CT=5587B5BCB9EE5A28BA2BACC418005240 */ - private static final byte[] KAT_KEY = Util.toReversedBytesFromString("008000000000000000000000000000000000000000000000"); - - private static final byte[] KAT_CT = Util.toReversedBytesFromString("5587B5BCB9EE5A28BA2BACC418005240"); - + private static final byte[] KAT_KEY = Util.toReversedBytesFromString( + "008000000000000000000000000000000000000000000000"); + private static final byte[] KAT_CT = + Util.toReversedBytesFromString("5587B5BCB9EE5A28BA2BACC418005240"); /** caches the result of the correctness test, once executed. */ private static Boolean valid; - private int x0, x1, x2, x3, x4; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial zero-argument constructor. */ public Serpent() { super(Registry.SERPENT_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { Serpent result = new Serpent(); @@ -126,20 +105,17 @@ public class Serpent extends BaseCipher return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { - return Collections.singleton(new Integer(DEFAULT_BLOCK_SIZE)).iterator(); + return Collections.singleton(Integer.valueOf(DEFAULT_BLOCK_SIZE)).iterator(); } public Iterator keySizes() { ArrayList keySizes = new ArrayList(); - keySizes.add(new Integer(16)); - keySizes.add(new Integer(24)); - keySizes.add(new Integer(32)); - + keySizes.add(Integer.valueOf(16)); + keySizes.add(Integer.valueOf(24)); + keySizes.add(Integer.valueOf(32)); return Collections.unmodifiableList(keySizes).iterator(); } @@ -148,24 +124,19 @@ public class Serpent extends BaseCipher // Not strictly true, but here to conform with the AES proposal. // This restriction can be removed if deemed necessary. if (kb.length != 16 && kb.length != 24 && kb.length != 32) - { - throw new InvalidKeyException("Key length is not 16, 24, or 32 bytes"); - } + throw new InvalidKeyException("Key length is not 16, 24, or 32 bytes"); Key key = new Key(); - // Here w is our "pre-key". int[] w = new int[4 * (ROUNDS + 1)]; int i, j; for (i = 0, j = 0; i < 8 && j < kb.length; i++) - { - w[i] = (kb[j++] & 0xff) | (kb[j++] & 0xff) << 8 - | (kb[j++] & 0xff) << 16 | (kb[j++] & 0xff) << 24; - } + w[i] = (kb[j++] & 0xff) + | (kb[j++] & 0xff) << 8 + | (kb[j++] & 0xff) << 16 + | (kb[j++] & 0xff) << 24; // Pad key if < 256 bits. if (i != 8) - { - w[i] = 1; - } + w[i] = 1; // Transform using w_i-8 ... w_i-1 for (i = 8, j = 0; i < 16; i++) { @@ -174,16 +145,13 @@ public class Serpent extends BaseCipher } // Translate by 8. for (i = 0; i < 8; i++) - { - w[i] = w[i + 8]; - } + w[i] = w[i + 8]; // Transform the rest of the key. for (; i < w.length; i++) { int t = w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i; w[i] = t << 11 | t >>> 21; } - // After these s-boxes the pre-key (w, above) will become the // session key (key, below). sbox3(w[0], w[1], w[2], w[3]); @@ -351,7 +319,6 @@ public class Serpent extends BaseCipher key.k129 = x1; key.k130 = x2; key.k131 = x3; - return key; } @@ -359,16 +326,22 @@ public class Serpent extends BaseCipher Object K, int bs) { Key key = (Key) K; - - x0 = (in[i] & 0xff) | (in[i + 1] & 0xff) << 8 | (in[i + 2] & 0xff) << 16 - | (in[i + 3] & 0xff) << 24; - x1 = (in[i + 4] & 0xff) | (in[i + 5] & 0xff) << 8 - | (in[i + 6] & 0xff) << 16 | (in[i + 7] & 0xff) << 24; - x2 = (in[i + 8] & 0xff) | (in[i + 9] & 0xff) << 8 - | (in[i + 10] & 0xff) << 16 | (in[i + 11] & 0xff) << 24; - x3 = (in[i + 12] & 0xff) | (in[i + 13] & 0xff) << 8 - | (in[i + 14] & 0xff) << 16 | (in[i + 15] & 0xff) << 24; - + x0 = (in[i ] & 0xff) + | (in[i + 1] & 0xff) << 8 + | (in[i + 2] & 0xff) << 16 + | (in[i + 3] & 0xff) << 24; + x1 = (in[i + 4] & 0xff) + | (in[i + 5] & 0xff) << 8 + | (in[i + 6] & 0xff) << 16 + | (in[i + 7] & 0xff) << 24; + x2 = (in[i + 8] & 0xff) + | (in[i + 9] & 0xff) << 8 + | (in[i + 10] & 0xff) << 16 + | (in[i + 11] & 0xff) << 24; + x3 = (in[i + 12] & 0xff) + | (in[i + 13] & 0xff) << 8 + | (in[i + 14] & 0xff) << 16 + | (in[i + 15] & 0xff) << 24; x0 ^= key.k0; x1 ^= key.k1; x2 ^= key.k2; @@ -412,7 +385,6 @@ public class Serpent extends BaseCipher x0 = x3; x3 = x2; x2 = x4; - x0 ^= key.k32; x1 ^= key.k33; x2 ^= key.k34; @@ -456,7 +428,6 @@ public class Serpent extends BaseCipher x0 = x3; x3 = x2; x2 = x4; - x0 ^= key.k64; x1 ^= key.k65; x2 ^= key.k66; @@ -500,7 +471,6 @@ public class Serpent extends BaseCipher x0 = x3; x3 = x2; x2 = x4; - x0 ^= key.k96; x1 ^= key.k97; x2 ^= key.k98; @@ -548,39 +518,44 @@ public class Serpent extends BaseCipher x1 ^= key.k129; x2 ^= key.k130; x3 ^= key.k131; - - out[o] = (byte) x0; - out[o + 1] = (byte) (x0 >>> 8); - out[o + 2] = (byte) (x0 >>> 16); - out[o + 3] = (byte) (x0 >>> 24); - out[o + 4] = (byte) x1; - out[o + 5] = (byte) (x1 >>> 8); - out[o + 6] = (byte) (x1 >>> 16); - out[o + 7] = (byte) (x1 >>> 24); - out[o + 8] = (byte) x2; - out[o + 9] = (byte) (x2 >>> 8); - out[o + 10] = (byte) (x2 >>> 16); - out[o + 11] = (byte) (x2 >>> 24); + out[o ] = (byte) x0; + out[o + 1] = (byte)(x0 >>> 8); + out[o + 2] = (byte)(x0 >>> 16); + out[o + 3] = (byte)(x0 >>> 24); + out[o + 4] = (byte) x1; + out[o + 5] = (byte)(x1 >>> 8); + out[o + 6] = (byte)(x1 >>> 16); + out[o + 7] = (byte)(x1 >>> 24); + out[o + 8] = (byte) x2; + out[o + 9] = (byte)(x2 >>> 8); + out[o + 10] = (byte)(x2 >>> 16); + out[o + 11] = (byte)(x2 >>> 24); out[o + 12] = (byte) x3; - out[o + 13] = (byte) (x3 >>> 8); - out[o + 14] = (byte) (x3 >>> 16); - out[o + 15] = (byte) (x3 >>> 24); + out[o + 13] = (byte)(x3 >>> 8); + out[o + 14] = (byte)(x3 >>> 16); + out[o + 15] = (byte)(x3 >>> 24); } public synchronized void decrypt(byte[] in, int i, byte[] out, int o, Object K, int bs) { Key key = (Key) K; - - x0 = (in[i] & 0xff) | (in[i + 1] & 0xff) << 8 | (in[i + 2] & 0xff) << 16 - | (in[i + 3] & 0xff) << 24; - x1 = (in[i + 4] & 0xff) | (in[i + 5] & 0xff) << 8 - | (in[i + 6] & 0xff) << 16 | (in[i + 7] & 0xff) << 24; - x2 = (in[i + 8] & 0xff) | (in[i + 9] & 0xff) << 8 - | (in[i + 10] & 0xff) << 16 | (in[i + 11] & 0xff) << 24; - x3 = (in[i + 12] & 0xff) | (in[i + 13] & 0xff) << 8 - | (in[i + 14] & 0xff) << 16 | (in[i + 15] & 0xff) << 24; - + x0 = (in[i ] & 0xff) + | (in[i + 1] & 0xff) << 8 + | (in[i + 2] & 0xff) << 16 + | (in[i + 3] & 0xff) << 24; + x1 = (in[i + 4] & 0xff) + | (in[i + 5] & 0xff) << 8 + | (in[i + 6] & 0xff) << 16 + | (in[i + 7] & 0xff) << 24; + x2 = (in[i + 8] & 0xff) + | (in[i + 9] & 0xff) << 8 + | (in[i + 10] & 0xff) << 16 + | (in[i + 11] & 0xff) << 24; + x3 = (in[i + 12] & 0xff) + | (in[i + 13] & 0xff) << 8 + | (in[i + 14] & 0xff) << 16 + | (in[i + 15] & 0xff) << 24; x0 ^= key.k128; x1 ^= key.k129; x2 ^= key.k130; @@ -629,7 +604,6 @@ public class Serpent extends BaseCipher x1 = x3; x3 = x4; x4 = x2; - x3 ^= key.k92; x0 ^= key.k93; x1 ^= key.k94; @@ -673,7 +647,6 @@ public class Serpent extends BaseCipher x1 = x3; x3 = x4; x4 = x2; - x3 ^= key.k60; x0 ^= key.k61; x1 ^= key.k62; @@ -717,7 +690,6 @@ public class Serpent extends BaseCipher x1 = x3; x3 = x4; x4 = x2; - x3 ^= key.k28; x0 ^= key.k29; x1 ^= key.k30; @@ -756,28 +728,26 @@ public class Serpent extends BaseCipher x2 = x1; x1 = x3; x3 = x4; - x0 ^= key.k0; x1 ^= key.k1; x2 ^= key.k2; x3 ^= key.k3; - - out[o] = (byte) x0; - out[o + 1] = (byte) (x0 >>> 8); - out[o + 2] = (byte) (x0 >>> 16); - out[o + 3] = (byte) (x0 >>> 24); - out[o + 4] = (byte) x1; - out[o + 5] = (byte) (x1 >>> 8); - out[o + 6] = (byte) (x1 >>> 16); - out[o + 7] = (byte) (x1 >>> 24); - out[o + 8] = (byte) x2; - out[o + 9] = (byte) (x2 >>> 8); - out[o + 10] = (byte) (x2 >>> 16); - out[o + 11] = (byte) (x2 >>> 24); + out[o ] = (byte) x0; + out[o + 1] = (byte)(x0 >>> 8); + out[o + 2] = (byte)(x0 >>> 16); + out[o + 3] = (byte)(x0 >>> 24); + out[o + 4] = (byte) x1; + out[o + 5] = (byte)(x1 >>> 8); + out[o + 6] = (byte)(x1 >>> 16); + out[o + 7] = (byte)(x1 >>> 24); + out[o + 8] = (byte) x2; + out[o + 9] = (byte)(x2 >>> 8); + out[o + 10] = (byte)(x2 >>> 16); + out[o + 11] = (byte)(x2 >>> 24); out[o + 12] = (byte) x3; - out[o + 13] = (byte) (x3 >>> 8); - out[o + 14] = (byte) (x3 >>> 16); - out[o + 15] = (byte) (x3 >>> 24); + out[o + 13] = (byte)(x3 >>> 8); + out[o + 14] = (byte)(x3 >>> 16); + out[o + 15] = (byte)(x3 >>> 24); } public boolean selfTest() @@ -786,19 +756,14 @@ public class Serpent extends BaseCipher { boolean result = super.selfTest(); // do symmetry tests if (result) - { - result = testKat(KAT_KEY, KAT_CT); - } + result = testKat(KAT_KEY, KAT_CT); valid = Boolean.valueOf(result); } return valid.booleanValue(); } - // Own methods. ---------------------------------------------------------- - // These first few S-boxes operate directly on the "registers", // x0..x4, and perform the linear transform. - private void sbox0() { x3 ^= x0; @@ -1492,8 +1457,6 @@ public class Serpent extends BaseCipher x2 ^= x1; } - // These S-Box functions are used in the key setup. - /** S-Box 0. */ private void sbox0(int r0, int r1, int r2, int r3) { @@ -1654,15 +1617,9 @@ public class Serpent extends BaseCipher x3 = r0; } - // Inner classes. - // ----------------------------------------------------------------------- - - private class Key implements Cloneable + private class Key + implements Cloneable { - - // Constants and variables. - // -------------------------------------------------------------------- - int k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, k10, k11, k12, k13, k14, k15, k16, k17, k18, k19, k20, k21, k22, k23, k24, k25, k26, k27, k28, k29, k30, k31, k32, k33, k34, k35, k36, k37, k38, k39, k40, k41, k42, k43, @@ -1674,9 +1631,6 @@ public class Serpent extends BaseCipher k112, k113, k114, k115, k116, k117, k118, k119, k120, k121, k122, k123, k124, k125, k126, k127, k128, k129, k130, k131; - // Constructors. - // -------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ Key() { @@ -1819,12 +1773,9 @@ public class Serpent extends BaseCipher this.k131 = that.k131; } - // Cloneable interface implementation. - // -------------------------------------------------------------------- - public Object clone() { return new Key(this); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Square.java b/libjava/classpath/gnu/javax/crypto/cipher/Square.java index a73116eb422..af738da043a 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Square.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Square.java @@ -47,145 +47,74 @@ import java.util.Collections; import java.util.Iterator; /** - * <p>Square is a 128-bit key, 128-bit block cipher algorithm developed by Joan - * Daemen, Lars Knudsen and Vincent Rijmen.</p> - * - * <p>References:</p> - * + * Square is a 128-bit key, 128-bit block cipher algorithm developed by Joan + * Daemen, Lars Knudsen and Vincent Rijmen. + * <p> + * References: * <ol> - * <li><a href="http://www.esat.kuleuven.ac.be/~rijmen/square/">The block - * cipher Square</a>.<br> - * <a href="mailto:daemen.j@protonworld.com">Joan Daemen</a>, - * <a href="mailto:lars.knudsen@esat.kuleuven.ac.be">Lars Knudsen</a> and - * <a href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li> + * <li><a href="http://www.esat.kuleuven.ac.be/~rijmen/square/">The block + * cipher Square</a>.<br> + * <a href="mailto:daemen.j@protonworld.com">Joan Daemen</a>, <a + * href="mailto:lars.knudsen@esat.kuleuven.ac.be">Lars Knudsen</a> and <a + * href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li> * </ol> */ -public final class Square extends BaseCipher +public final class Square + extends BaseCipher { - - // Constants and variables - // ------------------------------------------------------------------------- - private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes - private static final int DEFAULT_KEY_SIZE = 16; // in bytes - private static final int ROUNDS = 8; - private static final int ROOT = 0x1F5; // for generating GF(2**8) - private static final int[] OFFSET = new int[ROUNDS]; - - private static final String Sdata = "\uB1CE\uC395\u5AAD\uE702\u4D44\uFB91\u0C87\uA150" - + "\uCB67\u54DD\u468F\uE14E\uF0FD\uFCEB\uF9C4\u1A6E" - + "\u5EF5\uCC8D\u1C56\u43FE\u0761\uF875\u59FF\u0322" - + "\u8AD1\u13EE\u8800\u0E34\u1580\u94E3\uEDB5\u5323" - + "\u4B47\u17A7\u9035\uABD8\uB8DF\u4F57\u9A92\uDB1B" - + "\u3CC8\u9904\u8EE0\uD77D\u85BB\u402C\u3A45\uF142" - + "\u6520\u4118\u7225\u9370\u3605\uF20B\uA379\uEC08" - + "\u2731\u32B6\u7CB0\u0A73\u5B7B\uB781\uD20D\u6A26" - + "\u9E58\u9C83\u74B3\uAC30\u7A69\u770F\uAE21\uDED0" - + "\u2E97\u10A4\u98A8\uD468\u2D62\u296D\u1649\u76C7" - + "\uE8C1\u9637\uE5CA\uF4E9\u6312\uC2A6\u14BC\uD328" - + "\uAF2F\uE624\u52C6\uA009\uBD8C\uCF5D\u115F\u01C5" - + "\u9F3D\uA29B\uC93B\uBE51\u191F\u3F5C\uB2EF\u4ACD" - + "\uBFBA\u6F64\uD9F3\u3EB4\uAADC\uD506\uC07E\uF666" - + "\u6C84\u7138\uB91D\u7F9D\u488B\u2ADA\uA533\u8239" - + "\uD678\u86FA\uE42B\uA91E\u8960\u6BEA\u554C\uF7E2"; - + private static final String Sdata = + "\uB1CE\uC395\u5AAD\uE702\u4D44\uFB91\u0C87\uA150" + + "\uCB67\u54DD\u468F\uE14E\uF0FD\uFCEB\uF9C4\u1A6E" + + "\u5EF5\uCC8D\u1C56\u43FE\u0761\uF875\u59FF\u0322" + + "\u8AD1\u13EE\u8800\u0E34\u1580\u94E3\uEDB5\u5323" + + "\u4B47\u17A7\u9035\uABD8\uB8DF\u4F57\u9A92\uDB1B" + + "\u3CC8\u9904\u8EE0\uD77D\u85BB\u402C\u3A45\uF142" + + "\u6520\u4118\u7225\u9370\u3605\uF20B\uA379\uEC08" + + "\u2731\u32B6\u7CB0\u0A73\u5B7B\uB781\uD20D\u6A26" + + "\u9E58\u9C83\u74B3\uAC30\u7A69\u770F\uAE21\uDED0" + + "\u2E97\u10A4\u98A8\uD468\u2D62\u296D\u1649\u76C7" + + "\uE8C1\u9637\uE5CA\uF4E9\u6312\uC2A6\u14BC\uD328" + + "\uAF2F\uE624\u52C6\uA009\uBD8C\uCF5D\u115F\u01C5" + + "\u9F3D\uA29B\uC93B\uBE51\u191F\u3F5C\uB2EF\u4ACD" + + "\uBFBA\u6F64\uD9F3\u3EB4\uAADC\uD506\uC07E\uF666" + + "\u6C84\u7138\uB91D\u7F9D\u488B\u2ADA\uA533\u8239" + + "\uD678\u86FA\uE42B\uA91E\u8960\u6BEA\u554C\uF7E2"; /** Substitution boxes for encryption and decryption. */ private static final byte[] Se = new byte[256]; - private static final byte[] Sd = new byte[256]; - /** Transposition boxes for encryption and decryption. */ private static final int[] Te = new int[256]; - private static final int[] Td = new int[256]; - /** - * KAT vector (from ecb_vk): - * I=87 - * KEY=00000000000000000000020000000000 + * KAT vector (from ecb_vk): I=87 KEY=00000000000000000000020000000000 * CT=A9DF031B4E25E89F527EFFF89CB0BEBA */ - private static final byte[] KAT_KEY = Util.toBytesFromString("00000000000000000000020000000000"); - - private static final byte[] KAT_CT = Util.toBytesFromString("A9DF031B4E25E89F527EFFF89CB0BEBA"); - + private static final byte[] KAT_KEY = + Util.toBytesFromString("00000000000000000000020000000000"); + private static final byte[] KAT_CT = + Util.toBytesFromString("A9DF031B4E25E89F527EFFF89CB0BEBA"); /** caches the result of the correctness test, once executed. */ private static Boolean valid; - - // Static code - to intialise lookup tables - // ------------------------------------------------------------------------- - static { int i, j; - /* - // Generate exp and log tables used in multiplication over GF(2 ** m) - byte[] exp = new byte[256]; - byte[] log = new byte[256]; - - exp[0] = 1; - for (i = 1; i < 256; i++) { - j = exp[i - 1] << 1; - if ((j & 0x100) != 0) { - j ^= ROOT; // reduce j (mod ROOT) - } - - exp[i] = (byte) j; - log[j & 0xFF] = (byte) i; - } - - // Compute the substitution box Se[] and its inverse Sd[] based on - // F(x) = x**{-1} plus affine transform of the output. - Se[0] = 0; - Se[1] = 1; - for (i = 2; i < 256; i++) { - Se[i] = exp[(255 - log[i]) & 0xFF]; - } - - // Let Se[i] be represented as an 8-row vector V over GF(2); the affine - // transformation is A * V + T, where the rows of the 8 x 8 matrix A are - // contained in trans[0]...trans[7] and the 8-row vector T is contained - // in 0xB1. - int[] trans = new int[] {0x01, 0x03, 0x05, 0x0F, 0x1F, 0x3D, 0x7B, 0xD6}; - int u, v; - for (i = 0; i < 256; i++) { - v = 0xB1; // affine part of the transform - for (j = 0; j < 8; j++) { - u = Se[i] & trans[j] & 0xFF; // column-wise mult. over GF(2) - u ^= u >>> 4; // sum of all bits of u over GF(2) - u ^= u >>> 2; - u ^= u >>> 1; - u &= 1; - v ^= u << j; // row alignment of the result - } - Se[i] = (byte) v; - Sd[v] = (byte) i; // inverse substitution box - } - - System.out.println("Se="+Util.toUnicodeString(Se)); - System.out.println("Sd="+Util.toUnicodeString(Sd)); - */ - /**/ // re-construct Se box values int limit = Sdata.length(); char c1; for (i = 0, j = 0; i < limit; i++) { c1 = Sdata.charAt(i); - Se[j++] = (byte) (c1 >>> 8); + Se[j++] = (byte)(c1 >>> 8); Se[j++] = (byte) c1; } - // compute Sd box values for (i = 0; i < 256; i++) - { - Sd[Se[i] & 0xFF] = (byte) i; - } - + Sd[Se[i] & 0xFF] = (byte) i; // generate OFFSET values OFFSET[0] = 1; for (i = 1; i < ROUNDS; i++) @@ -193,9 +122,7 @@ public final class Square extends BaseCipher OFFSET[i] = mul(OFFSET[i - 1], 2); OFFSET[i - 1] <<= 24; } - OFFSET[ROUNDS - 1] <<= 24; - // generate Te and Td boxes if we're not reading their values // Notes: // (1) The function mul() computes the product of two elements of GF(2**8) @@ -207,111 +134,122 @@ public final class Square extends BaseCipher for (i = 0; i < 256; i++) { j = Se[i] & 0xFF; - Te[i] = (Se[i & 3] == 0) ? 0 : mul(j, 2) << 24 | j << 16 | j << 8 - | mul(j, 3); - + Te[i] = (Se[i & 3] == 0) ? 0 + : mul(j, 2) << 24 + | j << 16 + | j << 8 + | mul(j, 3); j = Sd[i] & 0xFF; - Td[i] = (Sd[i & 3] == 0) ? 0 : mul(j, 14) << 24 | mul(j, 9) << 16 - | mul(j, 13) << 8 | mul(j, 11); + Td[i] = (Sd[i & 3] == 0) ? 0 + : mul(j, 14) << 24 + | mul(j, 9) << 16 + | mul(j, 13) << 8 + | mul(j, 11); } - /**/ } - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public Square() { super(Registry.SQUARE_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - private static void square(byte[] in, int i, byte[] out, int j, int[][] K, int[] T, byte[] S) { - int a = ((in[i++]) << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ K[0][0]; - int b = ((in[i++]) << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ K[0][1]; - int c = ((in[i++]) << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF)) - ^ K[0][2]; - int d = ((in[i++]) << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i] & 0xFF)) - ^ K[0][3]; - + int a = ((in[i++]) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ K[0][0]; + int b = ((in[i++]) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ K[0][1]; + int c = ((in[i++]) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i++] & 0xFF) ) ^ K[0][2]; + int d = ((in[i++]) << 24 + | (in[i++] & 0xFF) << 16 + | (in[i++] & 0xFF) << 8 + | (in[i ] & 0xFF) ) ^ K[0][3]; int r, aa, bb, cc, dd; for (r = 1; r < ROUNDS; r++) { // R - 1 full rounds - aa = T[(a >>> 24)] ^ rot32R(T[(b >>> 24)], 8) - ^ rot32R(T[(c >>> 24)], 16) ^ rot32R(T[(d >>> 24)], 24) ^ K[r][0]; - bb = T[(a >>> 16) & 0xFF] ^ rot32R(T[(b >>> 16) & 0xFF], 8) - ^ rot32R(T[(c >>> 16) & 0xFF], 16) - ^ rot32R(T[(d >>> 16) & 0xFF], 24) ^ K[r][1]; - cc = T[(a >>> 8) & 0xFF] ^ rot32R(T[(b >>> 8) & 0xFF], 8) - ^ rot32R(T[(c >>> 8) & 0xFF], 16) - ^ rot32R(T[(d >>> 8) & 0xFF], 24) ^ K[r][2]; - dd = T[a & 0xFF] ^ rot32R(T[b & 0xFF], 8) ^ rot32R(T[c & 0xFF], 16) - ^ rot32R(T[d & 0xFF], 24) ^ K[r][3]; - + aa = T[(a >>> 24) ] + ^ rot32R(T[(b >>> 24) ], 8) + ^ rot32R(T[(c >>> 24) ], 16) + ^ rot32R(T[(d >>> 24) ], 24) ^ K[r][0]; + bb = T[(a >>> 16) & 0xFF] + ^ rot32R(T[(b >>> 16) & 0xFF], 8) + ^ rot32R(T[(c >>> 16) & 0xFF], 16) + ^ rot32R(T[(d >>> 16) & 0xFF], 24) ^ K[r][1]; + cc = T[(a >>> 8) & 0xFF] + ^ rot32R(T[(b >>> 8) & 0xFF], 8) + ^ rot32R(T[(c >>> 8) & 0xFF], 16) + ^ rot32R(T[(d >>> 8) & 0xFF], 24) ^ K[r][2]; + dd = T[ a & 0xFF] + ^ rot32R(T[ b & 0xFF], 8) + ^ rot32R(T[ c & 0xFF], 16) + ^ rot32R(T[ d & 0xFF], 24) ^ K[r][3]; a = aa; b = bb; c = cc; d = dd; } - // last round (diffusion becomes only transposition) - aa = ((S[(a >>> 24)]) << 24 | (S[(b >>> 24)] & 0xFF) << 16 - | (S[(c >>> 24)] & 0xFF) << 8 | (S[(d >>> 24)] & 0xFF)) - ^ K[r][0]; - bb = ((S[(a >>> 16) & 0xFF]) << 24 | (S[(b >>> 16) & 0xFF] & 0xFF) << 16 - | (S[(c >>> 16) & 0xFF] & 0xFF) << 8 | (S[(d >>> 16) & 0xFF] & 0xFF)) - ^ K[r][1]; - cc = ((S[(a >>> 8) & 0xFF]) << 24 | (S[(b >>> 8) & 0xFF] & 0xFF) << 16 - | (S[(c >>> 8) & 0xFF] & 0xFF) << 8 | (S[(d >>> 8) & 0xFF] & 0xFF)) - ^ K[r][2]; - dd = ((S[a & 0xFF]) << 24 | (S[b & 0xFF] & 0xFF) << 16 - | (S[c & 0xFF] & 0xFF) << 8 | (S[d & 0xFF] & 0xFF)) - ^ K[r][3]; - - out[j++] = (byte) (aa >>> 24); - out[j++] = (byte) (aa >>> 16); - out[j++] = (byte) (aa >>> 8); + aa = ((S[(a >>> 24) ] ) << 24 + | (S[(b >>> 24) ] & 0xFF) << 16 + | (S[(c >>> 24) ] & 0xFF) << 8 + | (S[(d >>> 24) ] & 0xFF) ) ^ K[r][0]; + bb = ((S[(a >>> 16) & 0xFF] ) << 24 + | (S[(b >>> 16) & 0xFF] & 0xFF) << 16 + | (S[(c >>> 16) & 0xFF] & 0xFF) << 8 + | (S[(d >>> 16) & 0xFF] & 0xFF) ) ^ K[r][1]; + cc = ((S[(a >>> 8) & 0xFF] ) << 24 + | (S[(b >>> 8) & 0xFF] & 0xFF) << 16 + | (S[(c >>> 8) & 0xFF] & 0xFF) << 8 + | (S[(d >>> 8) & 0xFF] & 0xFF) ) ^ K[r][2]; + dd = ((S[ a & 0xFF] ) << 24 + | (S[ b & 0xFF] & 0xFF) << 16 + | (S[ c & 0xFF] & 0xFF) << 8 + | (S[ d & 0xFF] & 0xFF) ) ^ K[r][3]; + out[j++] = (byte)(aa >>> 24); + out[j++] = (byte)(aa >>> 16); + out[j++] = (byte)(aa >>> 8); out[j++] = (byte) aa; - out[j++] = (byte) (bb >>> 24); - out[j++] = (byte) (bb >>> 16); - out[j++] = (byte) (bb >>> 8); + out[j++] = (byte)(bb >>> 24); + out[j++] = (byte)(bb >>> 16); + out[j++] = (byte)(bb >>> 8); out[j++] = (byte) bb; - out[j++] = (byte) (cc >>> 24); - out[j++] = (byte) (cc >>> 16); - out[j++] = (byte) (cc >>> 8); + out[j++] = (byte)(cc >>> 24); + out[j++] = (byte)(cc >>> 16); + out[j++] = (byte)(cc >>> 8); out[j++] = (byte) cc; - out[j++] = (byte) (dd >>> 24); - out[j++] = (byte) (dd >>> 16); - out[j++] = (byte) (dd >>> 8); - out[j] = (byte) dd; + out[j++] = (byte)(dd >>> 24); + out[j++] = (byte)(dd >>> 16); + out[j++] = (byte)(dd >>> 8); + out[j ] = (byte) dd; } /** - * <p>Applies the Theta function to an input <i>in</i> in order to produce in - * <i>out</i> an internal session sub-key.</p> - * - * <p>Both <i>in</i> and <i>out</i> are arrays of four ints.</p> - * - * <p>Pseudo-code is:</p> - * + * Applies the Theta function to an input <i>in</i> in order to produce in + * <i>out</i> an internal session sub-key. + * <p> + * Both <i>in</i> and <i>out</i> are arrays of four ints. + * <p> + * Pseudo-code is: * <pre> - * for (i = 0; i < 4; i++) { - * out[i] = 0; - * for (j = 0, n = 24; j < 4; j++, n -= 8) { - * k = mul(in[i] >>> 24, G[0][j]) ^ - * mul(in[i] >>> 16, G[1][j]) ^ - * mul(in[i] >>> 8, G[2][j]) ^ - * mul(in[i] , G[3][j]); - * out[i] ^= k << n; + * for (i = 0; i < 4; i++) + * { + * out[i] = 0; + * for (j = 0, n = 24; j < 4; j++, n -= 8) + * { + * k = mul(in[i] >>> 24, G[0][j]) ˆ mul(in[i] >>> 16, G[1][j]) + * ˆ mul(in[i] >>> 8, G[2][j]) ˆ mul(in[i], G[3][j]); + * out[i] ˆ= k << n; * } - * } + * } * </pre> */ private static void transform(int[] in, int[] out) @@ -332,8 +270,8 @@ public final class Square extends BaseCipher } /** - * <p>Left rotate a 32-bit chunk.</p> - * + * Left rotate a 32-bit chunk. + * * @param x the 32-bit data to rotate * @param s number of places to left-rotate by * @return the newly permutated value. @@ -344,8 +282,8 @@ public final class Square extends BaseCipher } /** - * <p>Right rotate a 32-bit chunk.</p> - * + * Right rotate a 32-bit chunk. + * * @param x the 32-bit data to rotate * @param s number of places to right-rotate by * @return the newly permutated value. @@ -356,12 +294,12 @@ public final class Square extends BaseCipher } /** - * <p>Returns the product of two binary numbers a and b, using the generator - * ROOT as the modulus: p = (a * b) mod ROOT. ROOT Generates a suitable - * Galois Field in GF(2**8).</p> - * - * <p>For best performance call it with abs(b) < abs(a).</p> - * + * Returns the product of two binary numbers a and b, using the generator ROOT + * as the modulus: p = (a * b) mod ROOT. ROOT Generates a suitable Galois + * Field in GF(2**8). + * <p> + * For best performance call it with abs(b) < abs(a). + * * @param a operand for multiply. * @param b operand for multiply. * @return the result of (a * b) % ROOT. @@ -369,35 +307,22 @@ public final class Square extends BaseCipher private static final int mul(int a, int b) { if (a == 0) - { - return 0; - } - + return 0; a &= 0xFF; b &= 0xFF; int result = 0; while (b != 0) { if ((b & 0x01) != 0) - { - result ^= a; - } - + result ^= a; b >>>= 1; a <<= 1; if (a > 0xFF) - { - a ^= ROOT; - } + a ^= ROOT; } return result & 0xFF; } - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { Square result = new Square(); @@ -406,12 +331,10 @@ public final class Square extends BaseCipher return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(DEFAULT_BLOCK_SIZE)); + al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE)); return Collections.unmodifiableList(al).iterator(); } @@ -419,7 +342,7 @@ public final class Square extends BaseCipher public Iterator keySizes() { ArrayList al = new ArrayList(); - al.add(new Integer(DEFAULT_KEY_SIZE)); + al.add(Integer.valueOf(DEFAULT_KEY_SIZE)); return Collections.unmodifiableList(al).iterator(); } @@ -427,36 +350,35 @@ public final class Square extends BaseCipher public Object makeKey(byte[] uk, int bs) throws InvalidKeyException { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); if (uk == null) - { - throw new InvalidKeyException("Empty key"); - } + throw new InvalidKeyException("Empty key"); if (uk.length != DEFAULT_KEY_SIZE) - { - throw new InvalidKeyException("Key is not 128-bit."); - } - + throw new InvalidKeyException("Key is not 128-bit."); int[][] Ke = new int[ROUNDS + 1][4]; int[][] Kd = new int[ROUNDS + 1][4]; int[][] tK = new int[ROUNDS + 1][4]; int i = 0; - - Ke[0][0] = (uk[i++] & 0xFF) << 24 | (uk[i++] & 0xFF) << 16 - | (uk[i++] & 0xFF) << 8 | (uk[i++] & 0xFF); + Ke[0][0] = (uk[i++] & 0xFF) << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); tK[0][0] = Ke[0][0]; - Ke[0][1] = (uk[i++] & 0xFF) << 24 | (uk[i++] & 0xFF) << 16 - | (uk[i++] & 0xFF) << 8 | (uk[i++] & 0xFF); + Ke[0][1] = (uk[i++] & 0xFF) << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); tK[0][1] = Ke[0][1]; - Ke[0][2] = (uk[i++] & 0xFF) << 24 | (uk[i++] & 0xFF) << 16 - | (uk[i++] & 0xFF) << 8 | (uk[i++] & 0xFF); + Ke[0][2] = (uk[i++] & 0xFF) << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i++] & 0xFF); tK[0][2] = Ke[0][2]; - Ke[0][3] = (uk[i++] & 0xFF) << 24 | (uk[i++] & 0xFF) << 16 - | (uk[i++] & 0xFF) << 8 | (uk[i] & 0xFF); + Ke[0][3] = (uk[i++] & 0xFF) << 24 + | (uk[i++] & 0xFF) << 16 + | (uk[i++] & 0xFF) << 8 + | (uk[i ] & 0xFF); tK[0][3] = Ke[0][3]; - int j; for (i = 1, j = 0; i < ROUNDS + 1; i++, j++) { @@ -464,41 +386,28 @@ public final class Square extends BaseCipher tK[i][1] = tK[j][1] ^ tK[i][0]; tK[i][2] = tK[j][2] ^ tK[i][1]; tK[i][3] = tK[j][3] ^ tK[i][2]; - System.arraycopy(tK[i], 0, Ke[i], 0, 4); - transform(Ke[j], Ke[j]); } - for (i = 0; i < ROUNDS; i++) - { - System.arraycopy(tK[ROUNDS - i], 0, Kd[i], 0, 4); - } - + System.arraycopy(tK[ROUNDS - i], 0, Kd[i], 0, 4); transform(tK[0], Kd[ROUNDS]); - return new Object[] { Ke, Kd }; } public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - - int[][] K = (int[][]) ((Object[]) k)[0]; + throw new IllegalArgumentException(); + int[][] K = (int[][])((Object[]) k)[0]; square(in, i, out, j, K, Te, Se); } public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - - int[][] K = (int[][]) ((Object[]) k)[1]; + throw new IllegalArgumentException(); + int[][] K = (int[][])((Object[]) k)[1]; square(in, i, out, j, K, Td, Sd); } @@ -508,9 +417,7 @@ public final class Square extends BaseCipher { boolean result = super.selfTest(); // do symmetry tests if (result) - { - result = testKat(KAT_KEY, KAT_CT); - } + result = testKat(KAT_KEY, KAT_CT); valid = Boolean.valueOf(result); } return valid.booleanValue(); diff --git a/libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java b/libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java index 9b44c9ca7fb..1e98bfc8342 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java @@ -40,54 +40,50 @@ package gnu.javax.crypto.cipher; import gnu.java.security.Registry; +import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; import java.security.InvalidKeyException; /** - * Triple-DES, 3DES, or DESede is a <i>combined cipher</i> that uses - * three iterations of the Data Encryption Standard cipher to improve - * the security (at the cost of speed) of plain DES. - * - * <p>Triple-DES runs the DES algorithm three times with three - * independent 56 bit keys. To encrypt:</p> - * - * <blockquote><i>C<sub>i</sub> = - * E<sub>k3</sub> ( E<sub>k2</sub><sup>-1</sup> ( E<sub>k1</sub> ( P<sub>i</sub> )))</i></blockquote> - * - * <p>And to decrypt:</p> - * - * <blockquote><i>P<sub>i</sub> = - * E<sub>k1</sub><sup>-1</sup> ( E<sub>k2</sub> ( E<sub>k3</sub><sup>-1</sup> ( C<sub>i</sub> )))</i></blockquote> - * - * <p>(The "ede" comes from the encryption operation, which runs - * Encrypt-Decrypt-Encrypt)</p> - * - * <p>References:</p> + * Triple-DES, 3DES, or DESede is a <i>combined cipher</i> that uses three + * iterations of the Data Encryption Standard cipher to theoretically improve + * the security of plain DES, at the cost of speed. + * <p> + * Triple-DES runs the DES algorithm three times with one, two or three + * independent 56-bit (DES) keys. When used with one DES key, the cipher behaves + * exactly like a (slower) DES. + * <p> + * To encrypt: + * <blockquote><i>C<sub>i</sub> = E<sub>k3</sub> ( E<sub>k2</sub><sup>-1</sup> ( + * E<sub>k1</sub> ( P<sub>i</sub> )))</i> + * </blockquote> + * <p> + * And to decrypt: + * <blockquote><i>P<sub>i</sub> = E<sub>k1</sub><sup>-1</sup> ( + * E<sub>k2</sub> ( E<sub>k3</sub><sup>-1</sup> ( C<sub>i</sub> )))</i> + * </blockquote> + * <p> + * (The "ede" comes from the encryption operation, which runs + * Encrypt-Decrypt-Encrypt) + * <p> + * References: * <ol> - * <li>Bruce Schneier, <i>Applied Cryptography: Protocols, Algorithms, - * and Source Code in C, Second Edition</i>. (1996 John Wiley and Sons) - * ISBN 0-471-11709-9. Page 294--295.</li> + * <li>Bruce Schneier, <i>Applied Cryptography: Protocols, Algorithms, and + * Source Code in C, Second Edition</i>. (1996 John Wiley and Sons) ISBN + * 0-471-11709-9. Page 294--295.</li> * </ol> */ -public class TripleDES extends BaseCipher +public class TripleDES + extends BaseCipher { - - // Constants and variables. - // ----------------------------------------------------------------------- - /** Triple-DES only operates on 64 bit blocks. */ public static final int BLOCK_SIZE = 8; - - /** Triple-DES uses 168 bits of a parity-adjusted 192 bit key. */ + /** By default, Triple-DES uses 168 bits of a parity-adjusted 192 bit key. */ public static final int KEY_SIZE = 24; - /** The underlying DES instance. */ private DES des; - // Constructors. - // ----------------------------------------------------------------------- - /** * Default 0-arguments constructor. */ @@ -97,27 +93,48 @@ public class TripleDES extends BaseCipher des = new DES(); } - // Class methods. - // ----------------------------------------------------------------------- - /** - * Transform a key so it will be parity adjusted. - * - * @param kb The key bytes to adjust. + * Convenience method which calls the method with same name and three + * arguments, passing <code>3</code> as the value of the first parameter. + * + * @param kb The key bytes to adjust. * @param offset The starting offset into the key bytes. - * @see DES#adjustParity(byte[],int) */ public static void adjustParity(byte[] kb, int offset) { + adjustParity(3, kb, offset); + } + + /** + * Adjusts, in-situ, the parity of the designated bytes, so they can be used + * as DES keys for a 3-DES 1-, 2- or 3-key cipher. + * + * @param keyCount the number of independent DES keys. Can be either + * <code>1</code>, <code>2</code> or <code>3</code>. Any other value + * will cause an {@link IllegalArgumentException} to be raised. + * @param kb the array containing the key bytes to adjust. MUST have at least + * <code>8 * keyCount</code> bytes starting at offset position + * <code>offset</code>, otherwise an + * {@link ArrayIndexOutOfBoundsException} will be raised. + * @param offset the starting offset into the array. + * @see DES#adjustParity(byte[],int) + */ + public static void adjustParity(int keyCount, byte[] kb, int offset) + { + if (keyCount < 1 || keyCount > 3) + throw new IllegalArgumentException("Invalid keyCount value: " + keyCount); DES.adjustParity(kb, offset); - DES.adjustParity(kb, offset + 8); - DES.adjustParity(kb, offset + 16); + if (keyCount > 1) + DES.adjustParity(kb, offset + 8); + if (keyCount > 2) + DES.adjustParity(kb, offset + 16); } /** - * Tests if a byte array has already been parity adjusted. - * - * @param kb The key bytes to test. + * Convenience method which calls the method with same name and three + * arguments, passing <code>3</code> as the value of the first parameter. + * + * @param kb The key bytes to test. * @param offset The starting offset into the key bytes. * @return <code>true</code> if the bytes in <i>kb</i> starting at * <i>offset</i> are parity adjusted. @@ -126,13 +143,38 @@ public class TripleDES extends BaseCipher */ public static boolean isParityAdjusted(byte[] kb, int offset) { - return DES.isParityAdjusted(kb, offset) - && DES.isParityAdjusted(kb, offset + 8) - && DES.isParityAdjusted(kb, offset + 16); + return isParityAdjusted(3, kb, offset); } - // Methods implementing BaseCipher. - // ----------------------------------------------------------------------- + /** + * Tests if enough bytes, expected to be used as DES keys for a 3-DES 1-, 2- + * or 3-key cipher, located in a designated byte array, has already been + * parity adjusted. + * + * @param keyCount the number of independent DES keys. Can be either + * <code>1</code>, <code>2</code> or <code>3</code>. Any other value + * will cause an {@link IllegalArgumentException} to be raised. + * @param kb the array containing the key bytes to test. MUST have at least + * <code>8 * keyCount</code> bytes starting at offset position + * <code>offset</code>, otherwise an + * {@link ArrayIndexOutOfBoundsException} will be raised. + * @param offset the starting offset into the array. + * @return <code>true</code> if the bytes in <i>kb</i> starting at + * <i>offset</i> are parity adjusted. + * @see DES#isParityAdjusted(byte[],int) + * @see #adjustParity(int,byte[],int) + */ + public static boolean isParityAdjusted(int keyCount, byte[] kb, int offset) + { + if (keyCount < 1 || keyCount > 3) + throw new IllegalArgumentException("Invalid keyCount value: " + keyCount); + boolean result = DES.isParityAdjusted(kb, offset); + if (keyCount > 1) + result = result && DES.isParityAdjusted(kb, offset + 8); + if (keyCount > 2) + result = result && DES.isParityAdjusted(kb, offset + 16); + return result; + } public Object clone() { @@ -141,32 +183,54 @@ public class TripleDES extends BaseCipher public Iterator blockSizes() { - return Collections.singleton(new Integer(BLOCK_SIZE)).iterator(); + return Collections.singleton(Integer.valueOf(BLOCK_SIZE)).iterator(); } public Iterator keySizes() { - return Collections.singleton(new Integer(KEY_SIZE)).iterator(); + ArrayList al = new ArrayList(); + al.add(Integer.valueOf(8)); + al.add(Integer.valueOf(16)); + al.add(Integer.valueOf(24)); + return Collections.unmodifiableList(al).iterator(); } public Object makeKey(byte[] kb, int bs) throws InvalidKeyException { - if (kb.length != KEY_SIZE) - throw new InvalidKeyException("TripleDES key must be 24 bytes"); - - if (!isParityAdjusted(kb, 0)) - adjustParity(kb, 0); - - byte[] k1 = new byte[DES.KEY_SIZE], k2 = new byte[DES.KEY_SIZE], k3 = new byte[DES.KEY_SIZE]; - System.arraycopy(kb, 0, k1, 0, DES.KEY_SIZE); - System.arraycopy(kb, DES.KEY_SIZE, k2, 0, DES.KEY_SIZE); - System.arraycopy(kb, 2 * DES.KEY_SIZE, k3, 0, DES.KEY_SIZE); + if (kb.length != 8 && kb.length != 16 && kb.length != 24) + throw new InvalidKeyException("TripleDES key must be 8, 16 or 24 bytes: " + + kb.length); Context ctx = new Context(); - + byte[] k1 = new byte[DES.KEY_SIZE]; + System.arraycopy(kb, 0, k1, 0, DES.KEY_SIZE); + if (! DES.isParityAdjusted(k1, 0)) + DES.adjustParity(k1, 0); ctx.k1 = (DES.Context) des.makeKey(k1, bs); - ctx.k2 = (DES.Context) des.makeKey(k2, bs); - ctx.k3 = (DES.Context) des.makeKey(k3, bs); + if (kb.length == 8) + { + ctx.k2 = (DES.Context) des.makeKey(k1, bs); + ctx.k3 = (DES.Context) des.makeKey(k1, bs); + } + else + { + byte[] k2 = new byte[DES.KEY_SIZE]; + System.arraycopy(kb, DES.KEY_SIZE, k2, 0, DES.KEY_SIZE); + if (! DES.isParityAdjusted(k2, 0)) + DES.adjustParity(k2, 0); + ctx.k2 = (DES.Context) des.makeKey(k2, bs); + + byte[] k3 = new byte[DES.KEY_SIZE]; + if (kb.length == 16) + ctx.k3 = (DES.Context) des.makeKey(k1, bs); + else + { + System.arraycopy(kb, 2 * DES.KEY_SIZE, k3, 0, DES.KEY_SIZE); + if (! DES.isParityAdjusted(k3, 0)) + DES.adjustParity(k3, 0); + ctx.k3 = (DES.Context) des.makeKey(k3, bs); + } + } return ctx; } @@ -186,11 +250,8 @@ public class TripleDES extends BaseCipher des.decrypt(temp, 0, out, o, ((Context) K).k1, bs); } - // Inner classes. - // ----------------------------------------------------------------------- - private final class Context { DES.Context k1, k2, k3; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Twofish.java b/libjava/classpath/gnu/javax/crypto/cipher/Twofish.java index f5565d4b46f..b6932442897 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/Twofish.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/Twofish.java @@ -38,204 +38,142 @@ exception statement from your version. */ package gnu.javax.crypto.cipher; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.Util; -//import java.io.PrintWriter; import java.security.InvalidKeyException; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; +import java.util.logging.Logger; /** - * <p>Twofish is a balanced 128-bit Feistel cipher, consisting of 16 rounds. In + * Twofish is a balanced 128-bit Feistel cipher, consisting of 16 rounds. In * each round, a 64-bit S-box value is computed from 64 bits of the block, and * this value is xored into the other half of the block. The two half-blocks are * then exchanged, and the next round begins. Before the first round, all input * bits are xored with key-dependent "whitening" subkeys, and after the final * round the output bits are xored with other key-dependent whitening subkeys; - * these subkeys are not used anywhere else in the algorithm.</p> - * - * <p>Twofish is designed by Bruce Schneier, Doug Whiting, John Kelsey, Chris - * Hall, David Wagner and Niels Ferguson.</p> - * - * <p>References:</p> - * + * these subkeys are not used anywhere else in the algorithm. + * <p> + * Twofish is designed by Bruce Schneier, Doug Whiting, John Kelsey, Chris + * Hall, David Wagner and Niels Ferguson. + * <p> + * References: * <ol> * <li><a href="http://www.counterpane.com/twofish-paper.html">Twofish: A * 128-bit Block Cipher</a>.</li> * </ol> */ -public final class Twofish extends BaseCipher +public final class Twofish + extends BaseCipher { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - // private static final String NAME = "twofish"; - private static final boolean DEBUG = false; - - private static final int debuglevel = 9; - - // private static final PrintWriter err = new PrintWriter(System.out, true); - // private static void debug(String s) { - // err.println(">>> "+NAME+": "+s); - // } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(Twofish.class.getName()); private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes - private static final int DEFAULT_KEY_SIZE = 16; // in bytes - private static final int MAX_ROUNDS = 16; // max # rounds (for allocating subkeys) - private static final int ROUNDS = MAX_ROUNDS; - // subkey array indices private static final int INPUT_WHITEN = 0; - - private static final int OUTPUT_WHITEN = INPUT_WHITEN + DEFAULT_BLOCK_SIZE - / 4; - - private static final int ROUND_SUBKEYS = OUTPUT_WHITEN + DEFAULT_BLOCK_SIZE - / 4; - - // private static final int TOTAL_SUBKEYS = ROUND_SUBKEYS + 2*MAX_ROUNDS; - + private static final int OUTPUT_WHITEN = INPUT_WHITEN + DEFAULT_BLOCK_SIZE / 4; + private static final int ROUND_SUBKEYS = OUTPUT_WHITEN + DEFAULT_BLOCK_SIZE / 4; private static final int SK_STEP = 0x02020202; - private static final int SK_BUMP = 0x01010101; - private static final int SK_ROTL = 9; - private static final String[] Pm = new String[] { - // p0 - "\uA967\uB3E8\u04FD\uA376\u9A92\u8078\uE4DD\uD138" - + "\u0DC6\u3598\u18F7\uEC6C\u4375\u3726\uFA13\u9448" - + "\uF2D0\u8B30\u8454\uDF23\u195B\u3D59\uF3AE\uA282" - + "\u6301\u832E\uD951\u9B7C\uA6EB\uA5BE\u160C\uE361" - + "\uC08C\u3AF5\u732C\u250B\uBB4E\u896B\u536A\uB4F1" - + "\uE1E6\uBD45\uE2F4\uB666\uCC95\u0356\uD41C\u1ED7" - + "\uFBC3\u8EB5\uE9CF\uBFBA\uEA77\u39AF\u33C9\u6271" - + "\u8179\u09AD\u24CD\uF9D8\uE5C5\uB94D\u4408\u86E7" - + "\uA11D\uAAED\u0670\uB2D2\u417B\uA011\u31C2\u2790" - + "\u20F6\u60FF\u965C\uB1AB\u9E9C\u521B\u5F93\u0AEF" - + "\u9185\u49EE\u2D4F\u8F3B\u4787\u6D46\uD63E\u6964" - + "\u2ACE\uCB2F\uFC97\u057A\uAC7F\uD51A\u4B0E\uA75A" - + "\u2814\u3F29\u883C\u4C02\uB8DA\uB017\u551F\u8A7D" - + "\u57C7\u8D74\uB7C4\u9F72\u7E15\u2212\u5807\u9934" - + "\u6E50\uDE68\u65BC\uDBF8\uC8A8\u2B40\uDCFE\u32A4" - + "\uCA10\u21F0\uD35D\u0F00\u6F9D\u3642\u4A5E\uC1E0", - // p1 - "\u75F3\uC6F4\uDB7B\uFBC8\u4AD3\uE66B\u457D\uE84B" - + "\uD632\uD8FD\u3771\uF1E1\u300F\uF81B\u87FA\u063F" - + "\u5EBA\uAE5B\u8A00\uBC9D\u6DC1\uB10E\u805D\uD2D5" - + "\uA084\u0714\uB590\u2CA3\uB273\u4C54\u9274\u3651" - + "\u38B0\uBD5A\uFC60\u6296\u6C42\uF710\u7C28\u278C" - + "\u1395\u9CC7\u2446\u3B70\uCAE3\u85CB\u11D0\u93B8" - + "\uA683\u20FF\u9F77\uC3CC\u036F\u08BF\u40E7\u2BE2" - + "\u790C\uAA82\u413A\uEAB9\uE49A\uA497\u7EDA\u7A17" - + "\u6694\uA11D\u3DF0\uDEB3\u0B72\uA71C\uEFD1\u533E" - + "\u8F33\u265F\uEC76\u2A49\u8188\uEE21\uC41A\uEBD9" - + "\uC539\u99CD\uAD31\u8B01\u1823\uDD1F\u4E2D\uF948" - + "\u4FF2\u658E\u785C\u5819\u8DE5\u9857\u677F\u0564" - + "\uAF63\uB6FE\uF5B7\u3CA5\uCEE9\u6844\uE04D\u4369" - + "\u292E\uAC15\u59A8\u0A9E\u6E47\uDF34\u356A\uCFDC" - + "\u22C9\uC09B\u89D4\uEDAB\u12A2\u0D52\uBB02\u2FA9" - + "\uD761\u1EB4\u5004\uF6C2\u1625\u8656\u5509\uBE91" }; - + // p0 + "\uA967\uB3E8\u04FD\uA376\u9A92\u8078\uE4DD\uD138" + + "\u0DC6\u3598\u18F7\uEC6C\u4375\u3726\uFA13\u9448" + + "\uF2D0\u8B30\u8454\uDF23\u195B\u3D59\uF3AE\uA282" + + "\u6301\u832E\uD951\u9B7C\uA6EB\uA5BE\u160C\uE361" + + "\uC08C\u3AF5\u732C\u250B\uBB4E\u896B\u536A\uB4F1" + + "\uE1E6\uBD45\uE2F4\uB666\uCC95\u0356\uD41C\u1ED7" + + "\uFBC3\u8EB5\uE9CF\uBFBA\uEA77\u39AF\u33C9\u6271" + + "\u8179\u09AD\u24CD\uF9D8\uE5C5\uB94D\u4408\u86E7" + + "\uA11D\uAAED\u0670\uB2D2\u417B\uA011\u31C2\u2790" + + "\u20F6\u60FF\u965C\uB1AB\u9E9C\u521B\u5F93\u0AEF" + + "\u9185\u49EE\u2D4F\u8F3B\u4787\u6D46\uD63E\u6964" + + "\u2ACE\uCB2F\uFC97\u057A\uAC7F\uD51A\u4B0E\uA75A" + + "\u2814\u3F29\u883C\u4C02\uB8DA\uB017\u551F\u8A7D" + + "\u57C7\u8D74\uB7C4\u9F72\u7E15\u2212\u5807\u9934" + + "\u6E50\uDE68\u65BC\uDBF8\uC8A8\u2B40\uDCFE\u32A4" + + "\uCA10\u21F0\uD35D\u0F00\u6F9D\u3642\u4A5E\uC1E0", + // p1 + "\u75F3\uC6F4\uDB7B\uFBC8\u4AD3\uE66B\u457D\uE84B" + + "\uD632\uD8FD\u3771\uF1E1\u300F\uF81B\u87FA\u063F" + + "\u5EBA\uAE5B\u8A00\uBC9D\u6DC1\uB10E\u805D\uD2D5" + + "\uA084\u0714\uB590\u2CA3\uB273\u4C54\u9274\u3651" + + "\u38B0\uBD5A\uFC60\u6296\u6C42\uF710\u7C28\u278C" + + "\u1395\u9CC7\u2446\u3B70\uCAE3\u85CB\u11D0\u93B8" + + "\uA683\u20FF\u9F77\uC3CC\u036F\u08BF\u40E7\u2BE2" + + "\u790C\uAA82\u413A\uEAB9\uE49A\uA497\u7EDA\u7A17" + + "\u6694\uA11D\u3DF0\uDEB3\u0B72\uA71C\uEFD1\u533E" + + "\u8F33\u265F\uEC76\u2A49\u8188\uEE21\uC41A\uEBD9" + + "\uC539\u99CD\uAD31\u8B01\u1823\uDD1F\u4E2D\uF948" + + "\u4FF2\u658E\u785C\u5819\u8DE5\u9857\u677F\u0564" + + "\uAF63\uB6FE\uF5B7\u3CA5\uCEE9\u6844\uE04D\u4369" + + "\u292E\uAC15\u59A8\u0A9E\u6E47\uDF34\u356A\uCFDC" + + "\u22C9\uC09B\u89D4\uEDAB\u12A2\u0D52\uBB02\u2FA9" + + "\uD761\u1EB4\u5004\uF6C2\u1625\u8656\u5509\uBE91" }; /** Fixed 8x8 permutation S-boxes */ private static final byte[][] P = new byte[2][256]; // blank final - /** * Define the fixed p0/p1 permutations used in keyed S-box lookup. By * changing the following constant definitions, the S-boxes will * automatically get changed in the Twofish engine. */ private static final int P_00 = 1; - private static final int P_01 = 0; - private static final int P_02 = 0; - private static final int P_03 = P_01 ^ 1; - private static final int P_04 = 1; - private static final int P_10 = 0; - private static final int P_11 = 0; - private static final int P_12 = 1; - private static final int P_13 = P_11 ^ 1; - private static final int P_14 = 0; - private static final int P_20 = 1; - private static final int P_21 = 1; - private static final int P_22 = 0; - private static final int P_23 = P_21 ^ 1; - private static final int P_24 = 0; - private static final int P_30 = 0; - private static final int P_31 = 1; - private static final int P_32 = 1; - private static final int P_33 = P_31 ^ 1; - private static final int P_34 = 1; - /** Primitive polynomial for GF(256) */ - // private static final int GF256_FDBK = 0x169; private static final int GF256_FDBK_2 = 0x169 / 2; - private static final int GF256_FDBK_4 = 0x169 / 4; - /** MDS matrix */ private static final int[][] MDS = new int[4][256]; // blank final - private static final int RS_GF_FDBK = 0x14D; // field generator - /** * KAT vector (from ecb_vk): * I=183 * KEY=0000000000000000000000000000000000000000000002000000000000000000 * CT=F51410475B33FBD3DB2117B5C17C82D4 */ - private static final byte[] KAT_KEY = Util.toBytesFromString("0000000000000000000000000000000000000000000002000000000000000000"); - - private static final byte[] KAT_CT = Util.toBytesFromString("F51410475B33FBD3DB2117B5C17C82D4"); - + private static final byte[] KAT_KEY = Util.toBytesFromString( + "0000000000000000000000000000000000000000000002000000000000000000"); + private static final byte[] KAT_CT = + Util.toBytesFromString("F51410475B33FBD3DB2117B5C17C82D4"); /** caches the result of the correctness test, once executed. */ private static Boolean valid; - - // Static code - to intialise the MDS matrix and lookup tables ------------- - static { long time = System.currentTimeMillis(); - // expand the P arrays int i; char c; for (i = 0; i < 256; i++) { c = Pm[0].charAt(i >>> 1); - P[0][i] = (byte) ((i & 1) == 0 ? c >>> 8 : c); - + P[0][i] = (byte)((i & 1) == 0 ? c >>> 8 : c); c = Pm[1].charAt(i >>> 1); - P[1][i] = (byte) ((i & 1) == 0 ? c >>> 8 : c); + P[1][i] = (byte)((i & 1) == 0 ? c >>> 8 : c); } - // precompute the MDS matrix int[] m1 = new int[2]; int[] mX = new int[2]; @@ -247,80 +185,65 @@ public final class Twofish extends BaseCipher m1[0] = j; mX[0] = Mx_X(j) & 0xFF; mY[0] = Mx_Y(j) & 0xFF; - j = P[1][i] & 0xFF; m1[1] = j; mX[1] = Mx_X(j) & 0xFF; mY[1] = Mx_Y(j) & 0xFF; - - MDS[0][i] = m1[P_00] << 0 | // fill matrix w/ above elements - mX[P_00] << 8 | mY[P_00] << 16 | mY[P_00] << 24; - MDS[1][i] = mY[P_10] << 0 | mY[P_10] << 8 | mX[P_10] << 16 - | m1[P_10] << 24; - MDS[2][i] = mX[P_20] << 0 | mY[P_20] << 8 | m1[P_20] << 16 - | mY[P_20] << 24; - MDS[3][i] = mX[P_30] << 0 | m1[P_30] << 8 | mY[P_30] << 16 - | mX[P_30] << 24; + MDS[0][i] = m1[P_00] << 0 + | mX[P_00] << 8 + | mY[P_00] << 16 + | mY[P_00] << 24; + MDS[1][i] = mY[P_10] << 0 + | mY[P_10] << 8 + | mX[P_10] << 16 + | m1[P_10] << 24; + MDS[2][i] = mX[P_20] << 0 + | mY[P_20] << 8 + | m1[P_20] << 16 + | mY[P_20] << 24; + MDS[3][i] = mX[P_30] << 0 + | m1[P_30] << 8 + | mY[P_30] << 16 + | mX[P_30] << 24; } - time = System.currentTimeMillis() - time; - - if (DEBUG && debuglevel > 8) + if (Configuration.DEBUG) { - System.out.println("=========="); - System.out.println(); - System.out.println("Static Data"); - System.out.println(); - System.out.println("MDS[0][]:"); + log.fine("Static Data"); + log.fine("MDS[0][]:"); + StringBuilder sb; for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(MDS[0][i * 4 + j]) - + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(MDS[0][i * 4 + j])).append(", "); + log.fine(sb.toString()); } - - System.out.println(); - System.out.println("MDS[1][]:"); + log.fine("MDS[1][]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(MDS[1][i * 4 + j]) - + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(MDS[1][i * 4 + j])).append(", "); + log.fine(sb.toString()); } - - System.out.println(); - System.out.println("MDS[2][]:"); + log.fine("MDS[2][]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(MDS[2][i * 4 + j]) - + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(MDS[2][i * 4 + j])).append(", "); + log.fine(sb.toString()); } - - System.out.println(); - System.out.println("MDS[3][]:"); + log.fine("MDS[3][]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(MDS[3][i * 4 + j]) - + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(MDS[3][i * 4 + j])).append(", "); + log.fine(sb.toString()); } - - System.out.println(); - System.out.println("Total initialization time: " + time + " ms."); - System.out.println(); + log.fine("Total initialization time: " + time + " ms."); } } @@ -331,14 +254,11 @@ public final class Twofish extends BaseCipher private static final int LFSR2(int x) { - return (x >> 2) ^ ((x & 0x02) != 0 ? GF256_FDBK_2 : 0) - ^ ((x & 0x01) != 0 ? GF256_FDBK_4 : 0); + return (x >> 2) + ^ ((x & 0x02) != 0 ? GF256_FDBK_2 : 0) + ^ ((x & 0x01) != 0 ? GF256_FDBK_4 : 0); } - // private static final int Mx_1(int x) { - // return x; - // } - private static final int Mx_X(int x) { // 5B return x ^ LFSR2(x); @@ -349,18 +269,12 @@ public final class Twofish extends BaseCipher return x ^ LFSR1(x) ^ LFSR2(x); } - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public Twofish() { super(Registry.TWOFISH_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE); } - // Class methods - // ------------------------------------------------------------------------- - private static final int b0(int x) { return x & 0xFF; @@ -393,15 +307,11 @@ public final class Twofish extends BaseCipher { int r = k1; int i; - for (i = 0; i < 4; i++) - { // shift 1 byte at a time - r = RS_rem(r); - } + for (i = 0; i < 4; i++) // shift 1 byte at a time + r = RS_rem(r); r ^= k0; for (i = 0; i < 4; i++) - { - r = RS_rem(r); - } + r = RS_rem(r); return r; } @@ -431,15 +341,14 @@ public final class Twofish extends BaseCipher int k1 = k32[1]; int k2 = k32[2]; int k3 = k32[3]; - int result = 0; switch (k64Cnt & 3) { case 1: result = MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)] - ^ MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)] - ^ MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)] - ^ MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)]; + ^ MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)] + ^ MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)] + ^ MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)]; break; case 0: // same as 4 b0 = (P[P_04][b0] & 0xFF) ^ b0(k3); @@ -452,14 +361,10 @@ public final class Twofish extends BaseCipher b2 = (P[P_23][b2] & 0xFF) ^ b2(k2); b3 = (P[P_33][b3] & 0xFF) ^ b3(k2); case 2: // 128-bit keys (optimize for this case) - result = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) - ^ b0(k0)] - ^ MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) - ^ b1(k0)] - ^ MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) - ^ b2(k0)] - ^ MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) ^ b3(k1)] & 0xFF) - ^ b3(k0)]; + result = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) ^ b0(k0)] + ^ MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) ^ b1(k0)] + ^ MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) ^ b2(k0)] + ^ MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) ^ b3(k1)] & 0xFF) ^ b3(k0)]; break; } return result; @@ -467,23 +372,14 @@ public final class Twofish extends BaseCipher private static final int Fe32(int[] sBox, int x, int R) { - return sBox[2 * _b(x, R)] ^ sBox[2 * _b(x, R + 1) + 1] - ^ sBox[0x200 + 2 * _b(x, R + 2)] - ^ sBox[0x200 + 2 * _b(x, R + 3) + 1]; + return sBox[ 2 * _b(x, R ) ] + ^ sBox[ 2 * _b(x, R + 1) + 1] + ^ sBox[0x200 + 2 * _b(x, R + 2) ] + ^ sBox[0x200 + 2 * _b(x, R + 3) + 1]; } private static final int _b(int x, int N) { - // int result = 0; - // switch (N%4) { - // case 0: result = b0(x); break; - // case 1: result = b1(x); break; - // case 2: result = b2(x); break; - // case 3: result = b3(x); break; - // } - // return result; - // profiling shows that the code spends too long in this method. - // following constructs seem to improve, albeit marginally, performance switch (N % 4) { case 0: @@ -497,43 +393,33 @@ public final class Twofish extends BaseCipher } } - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { Twofish result = new Twofish(); result.currentBlockSize = this.currentBlockSize; - return result; } - // IBlockCipherSpi interface implementation -------------------------------- - public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(DEFAULT_BLOCK_SIZE)); - + al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE)); return Collections.unmodifiableList(al).iterator(); } public Iterator keySizes() { ArrayList al = new ArrayList(); - al.add(new Integer(8)); // 64-bit - al.add(new Integer(16)); // 128-bit - al.add(new Integer(24)); // 192-bit - al.add(new Integer(32)); // 256-bit - + al.add(Integer.valueOf(8)); // 64-bit + al.add(Integer.valueOf(16)); // 128-bit + al.add(Integer.valueOf(24)); // 192-bit + al.add(Integer.valueOf(32)); // 256-bit return Collections.unmodifiableList(al).iterator(); } /** - * <p>Expands a user-supplied key material into a session key for a designated - * <i>block size</i>.</p> + * Expands a user-supplied key material into a session key for a designated + * <i>block size</i>. * * @param k the 64/128/192/256-bit user-key to use. * @param bs the desired block size in bytes. @@ -544,35 +430,30 @@ public final class Twofish extends BaseCipher public Object makeKey(byte[] k, int bs) throws InvalidKeyException { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); if (k == null) - { - throw new InvalidKeyException("Empty key"); - } + throw new InvalidKeyException("Empty key"); int length = k.length; - if (!(length == 8 || length == 16 || length == 24 || length == 32)) - { - throw new InvalidKeyException("Incorrect key length"); - } - + if (! (length == 8 || length == 16 || length == 24 || length == 32)) + throw new InvalidKeyException("Incorrect key length"); int k64Cnt = length / 8; int subkeyCnt = ROUND_SUBKEYS + 2 * ROUNDS; int[] k32e = new int[4]; // even 32-bit entities int[] k32o = new int[4]; // odd 32-bit entities int[] sBoxKey = new int[4]; - // // split user key material into even and odd 32-bit entities and // compute S-box keys using (12, 8) Reed-Solomon code over GF(256) - // int i, j, offset = 0; for (i = 0, j = k64Cnt - 1; i < 4 && offset < length; i++, j--) { - k32e[i] = (k[offset++] & 0xFF) | (k[offset++] & 0xFF) << 8 - | (k[offset++] & 0xFF) << 16 | (k[offset++] & 0xFF) << 24; - k32o[i] = (k[offset++] & 0xFF) | (k[offset++] & 0xFF) << 8 - | (k[offset++] & 0xFF) << 16 | (k[offset++] & 0xFF) << 24; + k32e[i] = (k[offset++] & 0xFF) + | (k[offset++] & 0xFF) << 8 + | (k[offset++] & 0xFF) << 16 + | (k[offset++] & 0xFF) << 24; + k32o[i] = (k[offset++] & 0xFF) + | (k[offset++] & 0xFF) << 8 + | (k[offset++] & 0xFF) << 16 + | (k[offset++] & 0xFF) << 24; sBoxKey[j] = RS_MDS_Encode(k32e[i], k32o[i]); // reverse order } // compute the round decryption subkeys for PHT. these same subkeys @@ -589,7 +470,6 @@ public final class Twofish extends BaseCipher A += B; subKeys[2 * i + 1] = A << SK_ROTL | A >>> (32 - SK_ROTL); } - // fully expand the table for speed int k0 = sBoxKey[0]; int k1 = sBoxKey[1]; @@ -603,9 +483,9 @@ public final class Twofish extends BaseCipher switch (k64Cnt & 3) { case 1: - sBox[2 * i] = MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)]; - sBox[2 * i + 1] = MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)]; - sBox[0x200 + 2 * i] = MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)]; + sBox[ 2 * i ] = MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)]; + sBox[ 2 * i + 1] = MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)]; + sBox[0x200 + 2 * i ] = MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)]; sBox[0x200 + 2 * i + 1] = MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)]; break; case 0: // same as 4 @@ -619,77 +499,61 @@ public final class Twofish extends BaseCipher b2 = (P[P_23][b2] & 0xFF) ^ b2(k2); b3 = (P[P_33][b3] & 0xFF) ^ b3(k2); case 2: // 128-bit keys - sBox[2 * i] = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) - ^ b0(k0)]; - sBox[2 * i + 1] = MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) - ^ b1(k0)]; - sBox[0x200 + 2 * i] = MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) - ^ b2(k0)]; + sBox[ 2 * i ] = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) + ^ b0(k1)] & 0xFF) ^ b0(k0)]; + sBox[ 2 * i + 1] = MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) + ^ b1(k1)] & 0xFF) ^ b1(k0)]; + sBox[0x200 + 2 * i ] = MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) + ^ b2(k1)] & 0xFF) ^ b2(k0)]; sBox[0x200 + 2 * i + 1] = MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) - ^ b3(k1)] & 0xFF) - ^ b3(k0)]; + ^ b3(k1)] & 0xFF) ^ b3(k0)]; } } - - if (DEBUG && debuglevel > 7) + if (Configuration.DEBUG) { - System.out.println("S-box[]:"); + StringBuilder sb; + log.fine("S-box[]:"); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(sBox[i * 4 + j]) + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(sBox[i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); + log.fine(""); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(sBox[256 + i * 4 + j]) - + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(sBox[256 + i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); + log.fine(""); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(sBox[512 + i * 4 + j]) - + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(sBox[512 + i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); + log.fine(""); for (i = 0; i < 64; i++) { + sb = new StringBuilder(); for (j = 0; j < 4; j++) - { - System.out.print("0x" + Util.toString(sBox[768 + i * 4 + j]) - + ", "); - } - System.out.println(); + sb.append("0x").append(Util.toString(sBox[768 + i * 4 + j])).append(", "); + log.fine(sb.toString()); } - System.out.println(); - System.out.println("User (odd, even) keys --> S-Box keys:"); + log.fine("User (odd, even) keys --> S-Box keys:"); for (i = 0; i < k64Cnt; i++) - { - System.out.println("0x" + Util.toString(k32o[i]) + " 0x" - + Util.toString(k32e[i]) + " --> 0x" - + Util.toString(sBoxKey[k64Cnt - 1 - i])); - } - System.out.println(); - System.out.println("Round keys:"); + log.fine("0x" + Util.toString(k32o[i]) + + " 0x" + Util.toString(k32e[i]) + + " --> 0x" + Util.toString(sBoxKey[k64Cnt - 1 - i])); + log.fine("Round keys:"); for (i = 0; i < ROUND_SUBKEYS + 2 * ROUNDS; i += 2) - { - System.out.println("0x" + Util.toString(subKeys[i]) + " 0x" - + Util.toString(subKeys[i + 1])); - } - System.out.println(); + log.fine("0x" + Util.toString(subKeys[i]) + + " 0x" + Util.toString(subKeys[i + 1])); } - return new Object[] { sBox, subKeys }; } @@ -697,38 +561,35 @@ public final class Twofish extends BaseCipher Object sessionKey, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - + throw new IllegalArgumentException(); Object[] sk = (Object[]) sessionKey; // extract S-box and session key int[] sBox = (int[]) sk[0]; int[] sKey = (int[]) sk[1]; - - if (DEBUG && debuglevel > 6) - { - System.out.println("PT=" + Util.toString(in, inOffset, bs)); - } - - int x0 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - int x1 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - int x2 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - int x3 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - + if (Configuration.DEBUG) + log.fine("PT=" + Util.toString(in, inOffset, bs)); + int x0 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; + int x1 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; + int x2 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; + int x3 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; x0 ^= sKey[INPUT_WHITEN]; x1 ^= sKey[INPUT_WHITEN + 1]; x2 ^= sKey[INPUT_WHITEN + 2]; x3 ^= sKey[INPUT_WHITEN + 3]; - if (DEBUG && debuglevel > 6) - { - System.out.println("PTw=" + Util.toString(x0) + Util.toString(x1) - + Util.toString(x2) + Util.toString(x3)); - } - + if (Configuration.DEBUG) + log.fine("PTw=" + Util.toString(x0) + Util.toString(x1) + + Util.toString(x2) + Util.toString(x3)); int t0, t1; int k = ROUND_SUBKEYS; for (int R = 0; R < ROUNDS; R += 2) @@ -739,96 +600,79 @@ public final class Twofish extends BaseCipher x2 = x2 >>> 1 | x2 << 31; x3 = x3 << 1 | x3 >>> 31; x3 ^= t0 + 2 * t1 + sKey[k++]; - if (DEBUG && debuglevel > 6) - { - System.out.println("CT" + (R) + "=" + Util.toString(x0) - + Util.toString(x1) + Util.toString(x2) - + Util.toString(x3)); - } - + if (Configuration.DEBUG) + log.fine("CT" + (R) + "=" + Util.toString(x0) + Util.toString(x1) + + Util.toString(x2) + Util.toString(x3)); t0 = Fe32(sBox, x2, 0); t1 = Fe32(sBox, x3, 3); x0 ^= t0 + t1 + sKey[k++]; x0 = x0 >>> 1 | x0 << 31; x1 = x1 << 1 | x1 >>> 31; x1 ^= t0 + 2 * t1 + sKey[k++]; - if (DEBUG && debuglevel > 6) - { - System.out.println("CT" + (R + 1) + "=" + Util.toString(x0) - + Util.toString(x1) + Util.toString(x2) - + Util.toString(x3)); - } + if (Configuration.DEBUG) + log.fine("CT" + (R + 1) + "=" + Util.toString(x0) + Util.toString(x1) + + Util.toString(x2) + Util.toString(x3)); } x2 ^= sKey[OUTPUT_WHITEN]; x3 ^= sKey[OUTPUT_WHITEN + 1]; x0 ^= sKey[OUTPUT_WHITEN + 2]; x1 ^= sKey[OUTPUT_WHITEN + 3]; - if (DEBUG && debuglevel > 6) - { - System.out.println("CTw=" + Util.toString(x0) + Util.toString(x1) - + Util.toString(x2) + Util.toString(x3)); - } - + if (Configuration.DEBUG) + log.fine("CTw=" + Util.toString(x0) + Util.toString(x1) + + Util.toString(x2) + Util.toString(x3)); out[outOffset++] = (byte) x2; - out[outOffset++] = (byte) (x2 >>> 8); - out[outOffset++] = (byte) (x2 >>> 16); - out[outOffset++] = (byte) (x2 >>> 24); + out[outOffset++] = (byte)(x2 >>> 8); + out[outOffset++] = (byte)(x2 >>> 16); + out[outOffset++] = (byte)(x2 >>> 24); out[outOffset++] = (byte) x3; - out[outOffset++] = (byte) (x3 >>> 8); - out[outOffset++] = (byte) (x3 >>> 16); - out[outOffset++] = (byte) (x3 >>> 24); + out[outOffset++] = (byte)(x3 >>> 8); + out[outOffset++] = (byte)(x3 >>> 16); + out[outOffset++] = (byte)(x3 >>> 24); out[outOffset++] = (byte) x0; - out[outOffset++] = (byte) (x0 >>> 8); - out[outOffset++] = (byte) (x0 >>> 16); - out[outOffset++] = (byte) (x0 >>> 24); + out[outOffset++] = (byte)(x0 >>> 8); + out[outOffset++] = (byte)(x0 >>> 16); + out[outOffset++] = (byte)(x0 >>> 24); out[outOffset++] = (byte) x1; - out[outOffset++] = (byte) (x1 >>> 8); - out[outOffset++] = (byte) (x1 >>> 16); - out[outOffset] = (byte) (x1 >>> 24); - - if (DEBUG && debuglevel > 6) - { - System.out.println("CT=" + Util.toString(out, outOffset - 15, 16)); - System.out.println(); - } + out[outOffset++] = (byte)(x1 >>> 8); + out[outOffset++] = (byte)(x1 >>> 16); + out[outOffset ] = (byte)(x1 >>> 24); + if (Configuration.DEBUG) + log.fine("CT=" + Util.toString(out, outOffset - 15, 16) + "\n"); } public void decrypt(byte[] in, int inOffset, byte[] out, int outOffset, Object sessionKey, int bs) { if (bs != DEFAULT_BLOCK_SIZE) - { - throw new IllegalArgumentException(); - } - + throw new IllegalArgumentException(); Object[] sk = (Object[]) sessionKey; // extract S-box and session key int[] sBox = (int[]) sk[0]; int[] sKey = (int[]) sk[1]; - - if (DEBUG && debuglevel > 6) - { - System.out.println("CT=" + Util.toString(in, inOffset, bs)); - } - - int x2 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - int x3 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - int x0 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - int x1 = (in[inOffset++] & 0xFF) | (in[inOffset++] & 0xFF) << 8 - | (in[inOffset++] & 0xFF) << 16 | (in[inOffset++] & 0xFF) << 24; - + if (Configuration.DEBUG) + log.fine("CT=" + Util.toString(in, inOffset, bs)); + int x2 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; + int x3 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; + int x0 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; + int x1 = (in[inOffset++] & 0xFF) + | (in[inOffset++] & 0xFF) << 8 + | (in[inOffset++] & 0xFF) << 16 + | (in[inOffset++] & 0xFF) << 24; x2 ^= sKey[OUTPUT_WHITEN]; x3 ^= sKey[OUTPUT_WHITEN + 1]; x0 ^= sKey[OUTPUT_WHITEN + 2]; x1 ^= sKey[OUTPUT_WHITEN + 3]; - if (DEBUG && debuglevel > 6) - { - System.out.println("CTw=" + Util.toString(x2) + Util.toString(x3) - + Util.toString(x0) + Util.toString(x1)); - } - + if (Configuration.DEBUG) + log.fine("CTw=" + Util.toString(x2) + Util.toString(x3) + + Util.toString(x0) + Util.toString(x1)); int k = ROUND_SUBKEYS + 2 * ROUNDS - 1; int t0, t1; for (int R = 0; R < ROUNDS; R += 2) @@ -839,58 +683,44 @@ public final class Twofish extends BaseCipher x1 = x1 >>> 1 | x1 << 31; x0 = x0 << 1 | x0 >>> 31; x0 ^= t0 + t1 + sKey[k--]; - if (DEBUG && debuglevel > 6) - { - System.out.println("PT" + (ROUNDS - R) + "=" + Util.toString(x2) - + Util.toString(x3) + Util.toString(x0) - + Util.toString(x1)); - } - + if (Configuration.DEBUG) + log.fine("PT" + (ROUNDS - R) + "=" + Util.toString(x2) + + Util.toString(x3) + Util.toString(x0) + Util.toString(x1)); t0 = Fe32(sBox, x0, 0); t1 = Fe32(sBox, x1, 3); x3 ^= t0 + 2 * t1 + sKey[k--]; x3 = x3 >>> 1 | x3 << 31; x2 = x2 << 1 | x2 >>> 31; x2 ^= t0 + t1 + sKey[k--]; - if (DEBUG && debuglevel > 6) - { - System.out.println("PT" + (ROUNDS - R - 1) + "=" - + Util.toString(x2) + Util.toString(x3) - + Util.toString(x0) + Util.toString(x1)); - } + if (Configuration.DEBUG) + log.fine("PT" + (ROUNDS - R - 1) + "=" + Util.toString(x2) + + Util.toString(x3) + Util.toString(x0) + Util.toString(x1)); } x0 ^= sKey[INPUT_WHITEN]; x1 ^= sKey[INPUT_WHITEN + 1]; x2 ^= sKey[INPUT_WHITEN + 2]; x3 ^= sKey[INPUT_WHITEN + 3]; - if (DEBUG && debuglevel > 6) - { - System.out.println("PTw=" + Util.toString(x2) + Util.toString(x3) - + Util.toString(x0) + Util.toString(x1)); - } - + if (Configuration.DEBUG) + log.fine("PTw=" + Util.toString(x2) + Util.toString(x3) + + Util.toString(x0) + Util.toString(x1)); out[outOffset++] = (byte) x0; - out[outOffset++] = (byte) (x0 >>> 8); - out[outOffset++] = (byte) (x0 >>> 16); - out[outOffset++] = (byte) (x0 >>> 24); + out[outOffset++] = (byte)(x0 >>> 8); + out[outOffset++] = (byte)(x0 >>> 16); + out[outOffset++] = (byte)(x0 >>> 24); out[outOffset++] = (byte) x1; - out[outOffset++] = (byte) (x1 >>> 8); - out[outOffset++] = (byte) (x1 >>> 16); - out[outOffset++] = (byte) (x1 >>> 24); + out[outOffset++] = (byte)(x1 >>> 8); + out[outOffset++] = (byte)(x1 >>> 16); + out[outOffset++] = (byte)(x1 >>> 24); out[outOffset++] = (byte) x2; - out[outOffset++] = (byte) (x2 >>> 8); - out[outOffset++] = (byte) (x2 >>> 16); - out[outOffset++] = (byte) (x2 >>> 24); + out[outOffset++] = (byte)(x2 >>> 8); + out[outOffset++] = (byte)(x2 >>> 16); + out[outOffset++] = (byte)(x2 >>> 24); out[outOffset++] = (byte) x3; - out[outOffset++] = (byte) (x3 >>> 8); - out[outOffset++] = (byte) (x3 >>> 16); - out[outOffset] = (byte) (x3 >>> 24); - - if (DEBUG && debuglevel > 6) - { - System.out.println("PT=" + Util.toString(out, outOffset - 15, 16)); - System.out.println(); - } + out[outOffset++] = (byte)(x3 >>> 8); + out[outOffset++] = (byte)(x3 >>> 16); + out[outOffset ] = (byte)(x3 >>> 24); + if (Configuration.DEBUG) + log.fine("PT=" + Util.toString(out, outOffset - 15, 16) + "\n"); } public boolean selfTest() @@ -899,11 +729,9 @@ public final class Twofish extends BaseCipher { boolean result = super.selfTest(); // do symmetry tests if (result) - { - result = testKat(KAT_KEY, KAT_CT); - } + result = testKat(KAT_KEY, KAT_CT); valid = Boolean.valueOf(result); } return valid.booleanValue(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java b/libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java index 4454e0e4502..f89ff54d1ca 100644 --- a/libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java +++ b/libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java @@ -41,18 +41,12 @@ package gnu.javax.crypto.cipher; import java.security.InvalidKeyException; /** - * <p>Checked exception thrown to indicate that a weak key has been generated - * and or specified instead of a valid non-weak value.</p> + * Checked exception thrown to indicate that a weak key has been generated and + * or specified instead of a valid non-weak value. */ -public class WeakKeyException extends InvalidKeyException +public class WeakKeyException + extends InvalidKeyException { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public WeakKeyException() { super(); @@ -62,10 +56,4 @@ public class WeakKeyException extends InvalidKeyException { super(msg); } - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/DiffieHellmanImpl.java b/libjava/classpath/gnu/javax/crypto/jce/DiffieHellmanImpl.java index 02761477a69..4f4d5e47908 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/DiffieHellmanImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/DiffieHellmanImpl.java @@ -46,6 +46,7 @@ import java.security.spec.AlgorithmParameterSpec; import javax.crypto.KeyAgreementSpi; import javax.crypto.SecretKey; +import javax.crypto.ShortBufferException; import javax.crypto.interfaces.DHPrivateKey; import javax.crypto.interfaces.DHPublicKey; import javax.crypto.spec.DHParameterSpec; @@ -63,7 +64,7 @@ public final class DiffieHellmanImpl private DHPrivateKey key; /** The current result. */ - private BigInteger result; + private byte[] result; /** True if the caller told us we are done. */ private boolean last_phase_done; @@ -96,43 +97,49 @@ public final class DiffieHellmanImpl if (! s1.getG().equals(s2.getG()) || ! s1.getP().equals(s2.getP()) || s1.getL() != s2.getL()) throw new InvalidKeyException("Incompatible key"); - - result = pub.getY().modPow(key.getX(), s1.getP()); if (! lastPhase) - throw new IllegalArgumentException("This key-agreement MUST be concluded in one step only"); - + throw new IllegalArgumentException( + "This key-agreement MUST be concluded in one step only"); + BigInteger resultBI = pub.getY().modPow(key.getX(), s1.getP()); + result = resultBI.toByteArray(); + if (result[0] == 0x00) + { + byte[] buf = new byte[result.length - 1]; + System.arraycopy(result, 1, buf, 0, buf.length); + result = buf; + } last_phase_done = true; return null; } protected byte[] engineGenerateSecret() { - if (result == null || ! last_phase_done) - throw new IllegalStateException("Not finished"); - - byte[] buf = result.toByteArray(); - if (buf[0] == 0x00) - { - byte[] buf2 = new byte[buf.length - 1]; - System.arraycopy(buf, 1, buf2, 0, buf2.length); - buf = buf2; - } - - return buf; + checkState(); + byte[] res = (byte[]) result.clone(); + reset(); + return res; } protected int engineGenerateSecret(byte[] secret, int offset) + throws ShortBufferException { - byte[] s = engineGenerateSecret(); - System.arraycopy(s, 0, secret, offset, s.length); - return s.length; + checkState(); + if (result.length > secret.length - offset) + throw new ShortBufferException(); + System.arraycopy(result, 0, secret, offset, result.length); + int res = result.length; + reset(); + return res; } protected SecretKey engineGenerateSecret(String algorithm) throws InvalidKeyException { - byte[] s = engineGenerateSecret(); - return new SecretKeySpec(s, algorithm); + checkState(); + byte[] s = (byte[]) result.clone(); + SecretKey res = new SecretKeySpec(s, algorithm); + reset(); + return res; } protected void engineInit(Key key, SecureRandom random) @@ -140,10 +147,8 @@ public final class DiffieHellmanImpl { if (! (key instanceof DHPrivateKey)) throw new InvalidKeyException("Key MUST be a DHPrivateKey"); - this.key = (DHPrivateKey) key; - result = null; - last_phase_done = false; + reset(); } protected void engineInit(Key key, AlgorithmParameterSpec params, @@ -152,4 +157,16 @@ public final class DiffieHellmanImpl { engineInit(key, random); } + + private void reset() + { + result = null; + last_phase_done = false; + } + + private void checkState() + { + if (result == null || ! last_phase_done) + throw new IllegalStateException("Not finished"); + } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/GnuCrypto.java b/libjava/classpath/gnu/javax/crypto/jce/GnuCrypto.java index b0e73b13256..8099fd13da9 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/GnuCrypto.java +++ b/libjava/classpath/gnu/javax/crypto/jce/GnuCrypto.java @@ -49,24 +49,14 @@ import java.util.HashSet; import java.util.Set; /** - * <p>The GNU Crypto implementation of the Java Cryptographic Extension (JCE) - * Provider.</p> - * + * The additional GNU algorithm implementation as a Java Cryptographic Extension + * (JCE) Provider. + * * @see java.security.Provider */ -public final class GnuCrypto extends Provider +public final class GnuCrypto + extends Provider { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - - /** - * <p>The <a href="http://www.gnu.org/software/gnu-crypto/">GNU Crypto</a> - * Provider.</p> - */ public GnuCrypto() { super(Registry.GNU_CRYPTO, 2.1, "GNU Crypto JCE Provider"); @@ -120,8 +110,7 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.AES.class.getName()); put("Cipher.PBEWithHMacHavalAndAnubis", gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.Anubis.class.getName()); - put( - "Cipher.PBEWithHMacHavalAndBlowfish", + put("Cipher.PBEWithHMacHavalAndBlowfish", gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.Blowfish.class.getName()); put("Cipher.PBEWithHMacHavalAndCast5", gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.Cast5.class.getName()); @@ -133,8 +122,7 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.Serpent.class.getName()); put("Cipher.PBEWithHMacHavalAndSquare", gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.Square.class.getName()); - put( - "Cipher.PBEWithHMacHavalAndTripleDES", + put("Cipher.PBEWithHMacHavalAndTripleDES", gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.TripleDES.class.getName()); put("Cipher.PBEWithHMacHavalAndTwofish", gnu.javax.crypto.jce.cipher.PBES2.HMacHaval.Twofish.class.getName()); @@ -228,8 +216,7 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.AES.class.getName()); put("Cipher.PBEWithHMacSHA256AndAnubis", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.Anubis.class.getName()); - put( - "Cipher.PBEWithHMacSHA256AndBlowfish", + put("Cipher.PBEWithHMacSHA256AndBlowfish", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.Blowfish.class.getName()); put("Cipher.PBEWithHMacSHA256AndCast5", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.Cast5.class.getName()); @@ -237,24 +224,20 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.DES.class.getName()); put("Cipher.PBEWithHMacSHA256AndKhazad", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.Khazad.class.getName()); - put( - "Cipher.PBEWithHMacSHA256AndSerpent", + put("Cipher.PBEWithHMacSHA256AndSerpent", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.Serpent.class.getName()); put("Cipher.PBEWithHMacSHA256AndSquare", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.Square.class.getName()); - put( - "Cipher.PBEWithHMacSHA256AndTripleDES", + put("Cipher.PBEWithHMacSHA256AndTripleDES", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.TripleDES.class.getName()); - put( - "Cipher.PBEWithHMacSHA256AndTwofish", + put("Cipher.PBEWithHMacSHA256AndTwofish", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA256.Twofish.class.getName()); put("Cipher.PBEWithHMacSHA384AndAES", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.AES.class.getName()); put("Cipher.PBEWithHMacSHA384AndAnubis", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.Anubis.class.getName()); - put( - "Cipher.PBEWithHMacSHA384AndBlowfish", + put("Cipher.PBEWithHMacSHA384AndBlowfish", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.Blowfish.class.getName()); put("Cipher.PBEWithHMacSHA384AndCast5", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.Cast5.class.getName()); @@ -262,24 +245,20 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.DES.class.getName()); put("Cipher.PBEWithHMacSHA384AndKhazad", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.Khazad.class.getName()); - put( - "Cipher.PBEWithHMacSHA384AndSerpent", + put("Cipher.PBEWithHMacSHA384AndSerpent", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.Serpent.class.getName()); put("Cipher.PBEWithHMacSHA384AndSquare", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.Square.class.getName()); - put( - "Cipher.PBEWithHMacSHA384AndTripleDES", + put("Cipher.PBEWithHMacSHA384AndTripleDES", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.TripleDES.class.getName()); - put( - "Cipher.PBEWithHMacSHA384AndTwofish", + put("Cipher.PBEWithHMacSHA384AndTwofish", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA384.Twofish.class.getName()); put("Cipher.PBEWithHMacSHA512AndAES", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.AES.class.getName()); put("Cipher.PBEWithHMacSHA512AndAnubis", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.Anubis.class.getName()); - put( - "Cipher.PBEWithHMacSHA512AndBlowfish", + put("Cipher.PBEWithHMacSHA512AndBlowfish", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.Blowfish.class.getName()); put("Cipher.PBEWithHMacSHA512AndCast5", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.Cast5.class.getName()); @@ -287,24 +266,20 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.DES.class.getName()); put("Cipher.PBEWithHMacSHA512AndKhazad", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.Khazad.class.getName()); - put( - "Cipher.PBEWithHMacSHA512AndSerpent", + put("Cipher.PBEWithHMacSHA512AndSerpent", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.Serpent.class.getName()); put("Cipher.PBEWithHMacSHA512AndSquare", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.Square.class.getName()); - put( - "Cipher.PBEWithHMacSHA512AndTripleDES", + put("Cipher.PBEWithHMacSHA512AndTripleDES", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.TripleDES.class.getName()); - put( - "Cipher.PBEWithHMacSHA512AndTwofish", + put("Cipher.PBEWithHMacSHA512AndTwofish", gnu.javax.crypto.jce.cipher.PBES2.HMacSHA512.Twofish.class.getName()); put("Cipher.PBEWithHMacTigerAndAES", gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.AES.class.getName()); put("Cipher.PBEWithHMacTigerAndAnubis", gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.Anubis.class.getName()); - put( - "Cipher.PBEWithHMacTigerAndBlowfish", + put("Cipher.PBEWithHMacTigerAndBlowfish", gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.Blowfish.class.getName()); put("Cipher.PBEWithHMacTigerAndCast5", gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.Cast5.class.getName()); @@ -316,44 +291,44 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.Serpent.class.getName()); put("Cipher.PBEWithHMacTigerAndSquare", gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.Square.class.getName()); - put( - "Cipher.PBEWithHMacTigerAndTripleDES", + put("Cipher.PBEWithHMacTigerAndTripleDES", gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.TripleDES.class.getName()); put("Cipher.PBEWithHMacTigerAndTwofish", gnu.javax.crypto.jce.cipher.PBES2.HMacTiger.Twofish.class.getName()); put("Cipher.PBEWithHMacWhirlpoolAndAES", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.AES.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndAnubis", + put("Cipher.PBEWithHMacWhirlpoolAndAnubis", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.Anubis.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndBlowfish", + put("Cipher.PBEWithHMacWhirlpoolAndBlowfish", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.Blowfish.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndCast5", + put("Cipher.PBEWithHMacWhirlpoolAndCast5", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.Cast5.class.getName()); put("Cipher.PBEWithHMacWhirlpoolAndDES", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.DES.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndKhazad", + put("Cipher.PBEWithHMacWhirlpoolAndKhazad", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.Khazad.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndSerpent", + put("Cipher.PBEWithHMacWhirlpoolAndSerpent", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.Serpent.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndSquare", + put("Cipher.PBEWithHMacWhirlpoolAndSquare", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.Square.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndTripleDES", + put("Cipher.PBEWithHMacWhirlpoolAndTripleDES", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.TripleDES.class.getName()); - put( - "Cipher.PBEWithHMacWhirlpoolAndTwofish", + put("Cipher.PBEWithHMacWhirlpoolAndTwofish", gnu.javax.crypto.jce.cipher.PBES2.HMacWhirlpool.Twofish.class.getName()); + // Key Wrapping Algorithm cipher + put("Cipher." + Registry.AES128_KWA, + gnu.javax.crypto.jce.cipher.AES128KeyWrapSpi.class.getName()); + put("Cipher." + Registry.AES192_KWA, + gnu.javax.crypto.jce.cipher.AES192KeyWrapSpi.class.getName()); + put("Cipher." + Registry.AES256_KWA, + gnu.javax.crypto.jce.cipher.AES256KeyWrapSpi.class.getName()); + put("Cipher." + Registry.TRIPLEDES_KWA, + gnu.javax.crypto.jce.cipher.TripleDESKeyWrapSpi.class.getName()); + // SecretKeyFactory interface to PBKDF2. - put( - "SecretKeyFactory.PBKDF2WithHMacHaval", + put("SecretKeyFactory.PBKDF2WithHMacHaval", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacHaval.class.getName()); put("SecretKeyFactory.PBKDF2WithHMacMD2", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacMD2.class.getName()); @@ -361,30 +336,23 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacMD4.class.getName()); put("SecretKeyFactory.PBKDF2WithHMacMD5", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacMD5.class.getName()); - put( - "SecretKeyFactory.PBKDF2WithHMacSHA1", + put("SecretKeyFactory.PBKDF2WithHMacSHA1", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacSHA1.class.getName()); - put( - "SecretKeyFactory.PBKDF2WithHMacSHA256", + put("SecretKeyFactory.PBKDF2WithHMacSHA256", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacSHA256.class.getName()); - put( - "SecretKeyFactory.PBKDF2WithHMacSHA384", + put("SecretKeyFactory.PBKDF2WithHMacSHA384", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacSHA384.class.getName()); - put( - "SecretKeyFactory.PBKDF2WithHMacSHA512", + put("SecretKeyFactory.PBKDF2WithHMacSHA512", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacSHA512.class.getName()); - put( - "SecretKeyFactory.PBKDF2WithHMacTiger", + put("SecretKeyFactory.PBKDF2WithHMacTiger", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacTiger.class.getName()); - put( - "SecretKeyFactory.PBKDF2WithHMacWhirlpool", + put("SecretKeyFactory.PBKDF2WithHMacWhirlpool", gnu.javax.crypto.jce.PBKDF2SecretKeyFactory.HMacWhirlpool.class.getName()); // Simple SecretKeyFactory implementations. put("SecretKeyFactory.Anubis", gnu.javax.crypto.jce.key.AnubisSecretKeyFactoryImpl.class.getName()); - put( - "SecretKeyFactory.Blowfish", + put("SecretKeyFactory.Blowfish", gnu.javax.crypto.jce.key.BlowfishSecretKeyFactoryImpl.class.getName()); put("SecretKeyFactory.Cast5", gnu.javax.crypto.jce.key.Cast5SecretKeyFactoryImpl.class.getName()); @@ -392,11 +360,9 @@ public final class GnuCrypto extends Provider gnu.javax.crypto.jce.key.DESSecretKeyFactoryImpl.class.getName()); put("SecretKeyFactory.Khazad", gnu.javax.crypto.jce.key.KhazadSecretKeyFactoryImpl.class.getName()); - put( - "SecretKeyFactory.Rijndael", + put("SecretKeyFactory.Rijndael", gnu.javax.crypto.jce.key.RijndaelSecretKeyFactoryImpl.class.getName()); - put( - "SecretKeyFactory.Serpent", + put("SecretKeyFactory.Serpent", gnu.javax.crypto.jce.key.SerpentSecretKeyFactoryImpl.class.getName()); put("SecretKeyFactory.Square", gnu.javax.crypto.jce.key.SquareSecretKeyFactoryImpl.class.getName()); @@ -409,7 +375,19 @@ public final class GnuCrypto extends Provider put("AlgorithmParameters.BlockCipherParameters", gnu.javax.crypto.jce.params.BlockCipherParameters.class.getName()); - + put("Alg.Alias.AlgorithmParameters.Anubis", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.Blowfish", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.Cast5", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.DES", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.Khazad", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.Rijndael", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.AES", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.Serpent", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.Square", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.TripleDES", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.DESede", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.3-DES", "BlockCipherParameters"); + put("Alg.Alias.AlgorithmParameters.3DES", "BlockCipherParameters"); // KeyGenerator Adapter implementations put("KeyGenerator.Anubis", @@ -541,19 +519,25 @@ public final class GnuCrypto extends Provider put("Alg.Alias.Cipher.RSA", "RSAES-PKCS1-v1_5"); // SecureRandom - put("SecureRandom.ARCFOUR", gnu.javax.crypto.jce.prng.ARCFourRandomSpi.class.getName()); + put("SecureRandom.ARCFOUR", + gnu.javax.crypto.jce.prng.ARCFourRandomSpi.class.getName()); put("SecureRandom.ARCFOUR ImplementedIn", "Software"); - put("SecureRandom.CSPRNG", gnu.javax.crypto.jce.prng.CSPRNGSpi.class.getName()); + put("SecureRandom.CSPRNG", + gnu.javax.crypto.jce.prng.CSPRNGSpi.class.getName()); put("SecureRandom.CSPRNG ImplementedIn", "Software"); - put("SecureRandom.ICM", gnu.javax.crypto.jce.prng.ICMRandomSpi.class.getName()); + put("SecureRandom.ICM", + gnu.javax.crypto.jce.prng.ICMRandomSpi.class.getName()); put("SecureRandom.ICM ImplementedIn", "Software"); - put("SecureRandom.UMAC-KDF", gnu.javax.crypto.jce.prng.UMacRandomSpi.class.getName()); + put("SecureRandom.UMAC-KDF", + gnu.javax.crypto.jce.prng.UMacRandomSpi.class.getName()); put("SecureRandom.UMAC-KDF ImplementedIn", "Software"); - put("SecureRandom.Fortuna", gnu.javax.crypto.jce.prng.FortunaImpl.class.getName ()); + put("SecureRandom.Fortuna", + gnu.javax.crypto.jce.prng.FortunaImpl.class.getName()); put("SecureRandom.Fortuna ImplementedIn", "Software"); // KeyStore - put("KeyStore.GKR", gnu.javax.crypto.jce.keyring.GnuKeyring.class.getName()); + put("KeyStore.GKR", + gnu.javax.crypto.jce.keyring.GnuKeyring.class.getName()); put("Alg.Alias.KeyStore.GnuKeyring", "GKR"); // KeyPairGenerator --------------------------------------------------- @@ -587,13 +571,10 @@ public final class GnuCrypto extends Provider }); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a {@link Set} of names of symmetric key block cipher algorithms - * available from this {@link Provider}.</p> - * + * Returns a {@link Set} of names of symmetric key block cipher algorithms + * available from this {@link Provider}. + * * @return a {@link Set} of cipher names (Strings). */ public static final Set getCipherNames() @@ -605,16 +586,13 @@ public final class GnuCrypto extends Provider } /** - * <p>Returns a {@link Set} of names of MAC algorithms available from - * this {@link Provider}.</p> - * + * Returns a {@link Set} of names of MAC algorithms available from this + * {@link Provider}. + * * @return a {@link Set} of MAC names (Strings). */ public static final Set getMacNames() { return MacFactory.getNames(); } - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/jce/GnuSasl.java b/libjava/classpath/gnu/javax/crypto/jce/GnuSasl.java index 6ee86ae19d5..923b40a5f92 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/GnuSasl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/GnuSasl.java @@ -47,53 +47,63 @@ import java.security.PrivilegedAction; import java.security.Provider; import java.util.Set; -public final class GnuSasl extends Provider +public final class GnuSasl + extends Provider { - - // Constructor. - // ------------------------------------------------------------------------- - public GnuSasl() { - super (Registry.GNU_SASL, 2.1, "GNU Crypto SASL Provider"); + super(Registry.GNU_SASL, 2.1, "GNU SASL Provider"); - AccessController.doPrivileged (new PrivilegedAction() + AccessController.doPrivileged(new PrivilegedAction() + { + public Object run() { - public Object run() - { - // SASL Client and Server mechanisms - put("SaslClientFactory.ANONYMOUS", gnu.javax.crypto.sasl.ClientFactory.class.getName()); - put("SaslClientFactory.PLAIN", gnu.javax.crypto.sasl.ClientFactory.class.getName()); - put("SaslClientFactory.CRAM-MD5", gnu.javax.crypto.sasl.ClientFactory.class.getName()); - put("SaslClientFactory.SRP", gnu.javax.crypto.sasl.ClientFactory.class.getName()); - - put("SaslServerFactory.ANONYMOUS", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.PLAIN", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.CRAM-MD5", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.SRP-MD5", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.SRP-SHA-160", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.SRP-RIPEMD128", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.SRP-RIPEMD160", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.SRP-TIGER", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - put("SaslServerFactory.SRP-WHIRLPOOL", gnu.javax.crypto.sasl.ServerFactory.class.getName()); - - put("Alg.Alias.SaslServerFactory.SRP-SHS", "SRP-SHA-160"); - put("Alg.Alias.SaslServerFactory.SRP-SHA", "SRP-SHA-160"); - put("Alg.Alias.SaslServerFactory.SRP-SHA1", "SRP-SHA-160"); - put("Alg.Alias.SaslServerFactory.SRP-SHA-1", "SRP-SHA-160"); - put("Alg.Alias.SaslServerFactory.SRP-SHA160", "SRP-SHA-160"); - put("Alg.Alias.SaslServerFactory.SRP-RIPEMD-128", "SRP-RIPEMD128"); - put("Alg.Alias.SaslServerFactory.SRP-RIPEMD-160", "SRP-RIPEMD160"); - - return null; - } - }); + // SASL Client and Server mechanisms + put("SaslClientFactory.ANONYMOUS", + gnu.javax.crypto.sasl.ClientFactory.class.getName()); + put("SaslClientFactory.PLAIN", + gnu.javax.crypto.sasl.ClientFactory.class.getName()); + put("SaslClientFactory.CRAM-MD5", + gnu.javax.crypto.sasl.ClientFactory.class.getName()); + put("SaslClientFactory.SRP", + gnu.javax.crypto.sasl.ClientFactory.class.getName()); + + put("SaslServerFactory.ANONYMOUS", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.PLAIN", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.CRAM-MD5", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.SRP-MD5", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.SRP-SHA-160", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.SRP-RIPEMD128", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.SRP-RIPEMD160", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.SRP-TIGER", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + put("SaslServerFactory.SRP-WHIRLPOOL", + gnu.javax.crypto.sasl.ServerFactory.class.getName()); + + put("Alg.Alias.SaslServerFactory.SRP-SHS", "SRP-SHA-160"); + put("Alg.Alias.SaslServerFactory.SRP-SHA", "SRP-SHA-160"); + put("Alg.Alias.SaslServerFactory.SRP-SHA1", "SRP-SHA-160"); + put("Alg.Alias.SaslServerFactory.SRP-SHA-1", "SRP-SHA-160"); + put("Alg.Alias.SaslServerFactory.SRP-SHA160", "SRP-SHA-160"); + put("Alg.Alias.SaslServerFactory.SRP-RIPEMD-128", "SRP-RIPEMD128"); + put("Alg.Alias.SaslServerFactory.SRP-RIPEMD-160", "SRP-RIPEMD160"); + + return null; + } + }); } /** - * <p>Returns a {@link Set} of names of SASL Client mechanisms available from - * this {@link Provider}.</p> - * + * Returns a {@link Set} of names of SASL Client mechanisms available from + * this {@link Provider}. + * * @return a {@link Set} of SASL Client mechanisms (Strings). */ public static final Set getSaslClientMechanismNames() @@ -102,9 +112,9 @@ public final class GnuSasl extends Provider } /** - * <p>Returns a {@link Set} of names of SASL Server mechanisms available from - * this {@link Provider}.</p> - * + * Returns a {@link Set} of names of SASL Server mechanisms available from + * this {@link Provider}. + * * @return a {@link Set} of SASL Server mechanisms (Strings). */ public static final Set getSaslServerMechanismNames() diff --git a/libjava/classpath/gnu/javax/crypto/jce/PBKDF2SecretKeyFactory.java b/libjava/classpath/gnu/javax/crypto/jce/PBKDF2SecretKeyFactory.java index 59231c6c71d..be7fb18b0d5 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/PBKDF2SecretKeyFactory.java +++ b/libjava/classpath/gnu/javax/crypto/jce/PBKDF2SecretKeyFactory.java @@ -53,57 +53,38 @@ import gnu.java.security.prng.IRandom; import gnu.java.security.prng.LimitReachedException; import gnu.javax.crypto.prng.PRNGFactory; -public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi +public abstract class PBKDF2SecretKeyFactory + extends SecretKeyFactorySpi { - - // Constants and fields. - // ------------------------------------------------------------------------ - protected String macName; - private static final int DEFAULT_ITERATION_COUNT = 1000; - private static final int DEFAULT_KEY_LEN = 32; - // Constructor. - // ------------------------------------------------------------------------ - protected PBKDF2SecretKeyFactory(String macName) { this.macName = macName; } - // Instance methods. - // ------------------------------------------------------------------------ - protected SecretKey engineGenerateSecret(KeySpec spec) throws InvalidKeySpecException { - if (!(spec instanceof PBEKeySpec)) - { - throw new InvalidKeySpecException("not a PBEKeySpec"); - } + if (! (spec instanceof PBEKeySpec)) + throw new InvalidKeySpecException("not a PBEKeySpec"); IRandom kdf = PRNGFactory.getInstance("PBKDF2-" + macName); HashMap attr = new HashMap(); attr.put(IPBE.PASSWORD, ((PBEKeySpec) spec).getPassword()); byte[] salt = ((PBEKeySpec) spec).getSalt(); if (salt == null) - { - salt = new byte[0]; - } + salt = new byte[0]; attr.put(IPBE.SALT, salt); int ic = ((PBEKeySpec) spec).getIterationCount(); if (ic <= 0) - { - ic = DEFAULT_ITERATION_COUNT; - } - attr.put(IPBE.ITERATION_COUNT, new Integer(ic)); + ic = DEFAULT_ITERATION_COUNT; + attr.put(IPBE.ITERATION_COUNT, Integer.valueOf(ic)); kdf.init(attr); int len = ((PBEKeySpec) spec).getKeyLength(); if (len <= 0) - { - len = DEFAULT_KEY_LEN; - } + len = DEFAULT_KEY_LEN; byte[] dk = new byte[len]; try { @@ -113,7 +94,6 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi { throw new IllegalArgumentException(lre.toString()); } - return new SecretKeySpec(dk, "PBKDF2"); } @@ -128,10 +108,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi return new SecretKeySpec(key.getEncoded(), key.getAlgorithm()); } - // Inner classes. - // ------------------------------------------------------------------------ - - public static class HMacHaval extends PBKDF2SecretKeyFactory + public static class HMacHaval + extends PBKDF2SecretKeyFactory { public HMacHaval() { @@ -139,7 +117,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacMD2 extends PBKDF2SecretKeyFactory + public static class HMacMD2 + extends PBKDF2SecretKeyFactory { public HMacMD2() { @@ -147,7 +126,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacMD4 extends PBKDF2SecretKeyFactory + public static class HMacMD4 + extends PBKDF2SecretKeyFactory { public HMacMD4() { @@ -155,7 +135,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacMD5 extends PBKDF2SecretKeyFactory + public static class HMacMD5 + extends PBKDF2SecretKeyFactory { public HMacMD5() { @@ -163,7 +144,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacRipeMD128 extends PBKDF2SecretKeyFactory + public static class HMacRipeMD128 + extends PBKDF2SecretKeyFactory { public HMacRipeMD128() { @@ -171,7 +153,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacRipeMD160 extends PBKDF2SecretKeyFactory + public static class HMacRipeMD160 + extends PBKDF2SecretKeyFactory { public HMacRipeMD160() { @@ -179,7 +162,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacSHA1 extends PBKDF2SecretKeyFactory + public static class HMacSHA1 + extends PBKDF2SecretKeyFactory { public HMacSHA1() { @@ -187,7 +171,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacSHA256 extends PBKDF2SecretKeyFactory + public static class HMacSHA256 + extends PBKDF2SecretKeyFactory { public HMacSHA256() { @@ -195,7 +180,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacSHA384 extends PBKDF2SecretKeyFactory + public static class HMacSHA384 + extends PBKDF2SecretKeyFactory { public HMacSHA384() { @@ -203,7 +189,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacSHA512 extends PBKDF2SecretKeyFactory + public static class HMacSHA512 + extends PBKDF2SecretKeyFactory { public HMacSHA512() { @@ -211,7 +198,8 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacTiger extends PBKDF2SecretKeyFactory + public static class HMacTiger + extends PBKDF2SecretKeyFactory { public HMacTiger() { @@ -219,11 +207,12 @@ public abstract class PBKDF2SecretKeyFactory extends SecretKeyFactorySpi } } - public static class HMacWhirlpool extends PBKDF2SecretKeyFactory + public static class HMacWhirlpool + extends PBKDF2SecretKeyFactory { public HMacWhirlpool() { super("HMAC-WHIRLPOOL"); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/AES128KeyWrapSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/AES128KeyWrapSpi.java new file mode 100644 index 00000000000..14ce480ae6f --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/AES128KeyWrapSpi.java @@ -0,0 +1,54 @@ +/* AESKeyWrapSpi.java -- AES (128-bit key) Key Wrapping Algorithm JCE Adapter + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.cipher; + +import gnu.java.security.Registry; + +/** + * The JCE Cipher Adapter implementation over the GNU AES Key Wrapping + * Algorithm with a 128-bit key-size. + */ +public final class AES128KeyWrapSpi + extends AESKeyWrapSpi +{ + public AES128KeyWrapSpi() + { + super(Registry.AES128_KWA, 128 / 8, Registry.ECB_MODE); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/AES192KeyWrapSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/AES192KeyWrapSpi.java new file mode 100644 index 00000000000..784fc5a1516 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/AES192KeyWrapSpi.java @@ -0,0 +1,54 @@ +/* AES192KeyWrapSpi.java -- AES (192-bit key) Key Wrapping Algorithm JCE Adapter + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.cipher; + +import gnu.java.security.Registry; + +/** + * The JCE Cipher Adapter implementation over the GNU AES Key Wrapping + * Algorithm with a 192-bit key-size. + */ +public final class AES192KeyWrapSpi + extends AESKeyWrapSpi +{ + public AES192KeyWrapSpi() + { + super(Registry.AES192_KWA, 192 / 8, Registry.ECB_MODE); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/AES256KeyWrapSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/AES256KeyWrapSpi.java new file mode 100644 index 00000000000..dd7357b0e09 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/AES256KeyWrapSpi.java @@ -0,0 +1,54 @@ +/* AES256KeyWrapSpi.java -- AES (256-bit key) Key Wrapping Algorithm JCE Adapter + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.cipher; + +import gnu.java.security.Registry; + +/** + * The JCE Cipher Adapter implementation over the GNU AES Key Wrapping + * Algorithm with a 256-bit key-size. + */ +public final class AES256KeyWrapSpi + extends AESKeyWrapSpi +{ + public AES256KeyWrapSpi() + { + super(Registry.AES256_KWA, 256 / 8, Registry.ECB_MODE); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/AESKeyWrapSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/AESKeyWrapSpi.java new file mode 100644 index 00000000000..973f5890bb4 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/AESKeyWrapSpi.java @@ -0,0 +1,88 @@ +/* AESKeyWrapSpi.java -- Common AES Key Wrapping Algorithm methods + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.cipher; + +/** + * Base abstract class to group common AES Key Wrapping Algorithm Adapter + * methods. + */ +abstract class AESKeyWrapSpi + extends KeyWrappingAlgorithmAdapter +{ + protected AESKeyWrapSpi(String name, int keySize, String supportedMode) + { + super(name, 16, keySize, supportedMode); + } + + /** + * AES Key Wrapping algorithms operate on an 8-byte block; a block half the + * size of the AES block itself. + * <p> + * In wrapping, the number of 8-byte output blocks is ALWAYS one block longer + * than the input. + * + * @param inputLength the size of the plain text. + * @return the size in bytes of <code>n + 1</code> 8-byte blocks where + * <code>n</code> is the smallest number of 8-byte blocks that contain the + * designated number of input bytes. + */ + protected int getOutputSizeForWrap(int inputLength) + { + int n = (inputLength + 7) / 8; + return 8 * (n + 1); + } + + /** + * AES Key Wrapping algorithms operate on an 8-byte block; a block half the + * size of the AES block itself. + * <p> + * In unwrapping, the number of 8-byte output blocks is ALWAYS one block + * shorter than the input. + * + * @param inputLength the size of the cipher text. + * @return the size in bytes of <code>n - 1</code> 8-byte blocks where + * <code>n</code> is the smallest number of 8-byte blocks that contain the + * designated number of input bytes. + */ + protected int getOutputSizeForUnwrap(int inputLength) + { + int n = (inputLength + 7) / 8; + return 8 * (n - 1); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/AESSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/AESSpi.java index 33de6895613..1322e5e8a1a 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/AESSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/AESSpi.java @@ -50,23 +50,17 @@ import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; /** - * The implementation of the AES <i>Service Provider Interface</i> - * (<b>SPI</b>) adapter. + * The implementation of the AES <i>Service Provider Interface</i> (<b>SPI</b>) + * adapter. */ -public final class AESSpi extends CipherAdapter +public final class AESSpi + extends CipherAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public AESSpi() { super(Registry.AES_CIPHER, 16); } - // Methods from CipherAdapter - // ----------------------------------------------------------------------- - protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException @@ -74,10 +68,8 @@ public final class AESSpi extends CipherAdapter if (params instanceof BlockCipherParameterSpec) { if (((BlockCipherParameterSpec) params).getBlockSize() != 16) - { - throw new InvalidAlgorithmParameterException( - "AES block size must be 16 bytes"); - } + throw new InvalidAlgorithmParameterException( + "AES block size must be 16 bytes"); } super.engineInit(opmode, key, params, random); } @@ -90,9 +82,7 @@ public final class AESSpi extends CipherAdapter try { if (params != null) - { - spec = params.getParameterSpec(BlockCipherParameterSpec.class); - } + spec = params.getParameterSpec(BlockCipherParameterSpec.class); } catch (InvalidParameterSpecException ipse) { diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/ARCFourSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/ARCFourSpi.java index 963fa1c0081..abcb486b59b 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/ARCFourSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/ARCFourSpi.java @@ -62,29 +62,20 @@ import javax.crypto.NoSuchPaddingException; import javax.crypto.ShortBufferException; /** - * The <i>Service Provider Interface</i> (<b>SPI</b>) for the ARCFOUR - * stream cipher. + * The <i>Service Provider Interface</i> (<b>SPI</b>) for the ARCFOUR stream + * cipher. */ -public class ARCFourSpi extends CipherSpi +public class ARCFourSpi + extends CipherSpi { - - // Constants and variables. - // ----------------------------------------------------------------------- - private IRandom keystream; - // Constructors. - // ----------------------------------------------------------------------- - public ARCFourSpi() { super(); keystream = PRNGFactory.getInstance(Registry.ARCFOUR_PRNG); } - // Methods implementing CipherSpi. - // ----------------------------------------------------------------------- - protected int engineGetBlockSize() { return 0; // stream cipher. @@ -119,14 +110,10 @@ public class ARCFourSpi extends CipherSpi throws InvalidKeyException { if (mode != Cipher.ENCRYPT_MODE && mode != Cipher.DECRYPT_MODE) - { - throw new IllegalArgumentException( - "arcfour is for encryption or decryption only"); - } - if (key == null || !key.getFormat().equalsIgnoreCase("RAW")) - { - throw new InvalidKeyException("key must be non-null raw bytes"); - } + throw new IllegalArgumentException( + "arcfour is for encryption or decryption only"); + if (key == null || ! key.getFormat().equalsIgnoreCase("RAW")) + throw new InvalidKeyException("key must be non-null raw bytes"); HashMap attrib = new HashMap(); attrib.put(ARCFour.ARCFOUR_KEY_MATERIAL, key.getEncoded()); keystream.init(attrib); @@ -149,16 +136,12 @@ public class ARCFourSpi extends CipherSpi protected byte[] engineUpdate(byte[] in, int offset, int length) { if (length < 0 || offset < 0 || length + offset > in.length) - { - throw new ArrayIndexOutOfBoundsException(); - } + throw new ArrayIndexOutOfBoundsException(); byte[] result = new byte[length]; try { for (int i = 0; i < length; i++) - { - result[i] = (byte) (in[i + offset] ^ keystream.nextByte()); - } + result[i] = (byte)(in[i + offset] ^ keystream.nextByte()); } catch (LimitReachedException wontHappen) { @@ -171,19 +154,13 @@ public class ARCFourSpi extends CipherSpi { if (length < 0 || inOffset < 0 || length + inOffset > in.length || outOffset < 0) - { - throw new ArrayIndexOutOfBoundsException(); - } + throw new ArrayIndexOutOfBoundsException(); if (outOffset + length > out.length) - { - throw new ShortBufferException(); - } + throw new ShortBufferException(); try { for (int i = 0; i < length; i++) - { - out[i + outOffset] = (byte) (in[i + inOffset] ^ keystream.nextByte()); - } + out[i + outOffset] = (byte)(in[i + inOffset] ^ keystream.nextByte()); } catch (LimitReachedException wontHappen) { diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/AnubisSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/AnubisSpi.java index 0fca3b49104..e35e4e724ac 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/AnubisSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/AnubisSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Anubis <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class AnubisSpi extends CipherAdapter +public final class AnubisSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public AnubisSpi() { super(Registry.ANUBIS_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/BlowfishSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/BlowfishSpi.java index d31d7e19390..fec200ca6c9 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/BlowfishSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/BlowfishSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Blowfish <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class BlowfishSpi extends CipherAdapter +public final class BlowfishSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public BlowfishSpi() { super(Registry.BLOWFISH_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/Cast5Spi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/Cast5Spi.java index b1d4cf70374..bf080340001 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/Cast5Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/Cast5Spi.java @@ -43,26 +43,12 @@ import gnu.java.security.Registry; /** * The implementation of the <code>CAST5</code> (a.k.a. CAST-128) <i>Service * Provider Interface</i> (<b>SPI</b>) Adapter. - * - * @version Revision: $ */ -public class Cast5Spi extends CipherAdapter +public class Cast5Spi + extends CipherAdapter { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public Cast5Spi() { super(Registry.CAST5_CIPHER); } - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/CipherAdapter.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/CipherAdapter.java index 5eaa31b779b..b7cd755f5b4 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/CipherAdapter.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/CipherAdapter.java @@ -38,8 +38,9 @@ exception statement from your version. */ package gnu.javax.crypto.jce.cipher; -import gnu.javax.crypto.cipher.IBlockCipher; +import gnu.java.security.Registry; import gnu.javax.crypto.cipher.CipherFactory; +import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.jce.spec.BlockCipherParameterSpec; import gnu.javax.crypto.mode.IMode; import gnu.javax.crypto.mode.ModeFactory; @@ -56,6 +57,7 @@ import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; import java.util.HashMap; +import java.util.Iterator; import java.util.Map; import javax.crypto.BadPaddingException; @@ -67,61 +69,48 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; /** - * <p>The implementation of a generic {@link Cipher} <i>Adapter</i> class to - * wrap GNU Crypto cipher instances.</p> - * - * <p>This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) for + * The implementation of a generic {@link Cipher} <i>Adapter</i> class to wrap + * GNU cipher instances. + * <p> + * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) for * the {@link Cipher} class, which provides the functionality of symmetric-key - * block ciphers, such as the AES.<p> - * - * <p>This base class defines all of the abstract methods in {@link CipherSpi}, + * block ciphers, such as the AES. + * <p> + * This base class defines all of the abstract methods in {@link CipherSpi}, * but does not define the (non-abstract) key wrapping functions that extended * the base cipher SPI, and these methods thus immediately throw an * {@link UnsupportedOperationException}. If a cipher implementation provides * this functionality, or if it in fact accepts parameters other than the key * and the initialization vector, the subclass should override those methods. * Otherwise a subclass need only call the {@link #CipherAdapter(String)} - * constructor with the name of the cipher.</p> + * constructor with the name of the cipher. */ -class CipherAdapter extends CipherSpi +class CipherAdapter + extends CipherSpi { - - // Constants and variables. - // ------------------------------------------------------------------------- - /** Our cipher instance. */ protected IBlockCipher cipher; - /** Our mode instance. */ protected IMode mode; - /** Our padding instance. */ protected IPad pad; - /** The current key size. */ protected int keyLen; - /** Our attributes map. */ protected Map attributes; - /** An incomplete block. */ protected byte[] partBlock; - /** The number of bytes in {@link #partBlock}. */ protected int partLen; - /** The length of blocks we are processing. */ protected int blockLen; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Protected constructor to be called by subclasses. The cipher name - * argument should be the appropriate one listed in {@link gnu.crypto.Registry}. - * The basic cipher instance is created, along with an instance of the - * {@link gnu.crypto.mode.ECB} mode and no padding.</p> - * + * Protected constructor to be called by subclasses. The cipher name argument + * should be the appropriate one listed in {@link Registry}. The basic cipher + * instance is created, along with an instance of the + * {@link gnu.javax.crypto.mode.ECB} mode and no padding. + * * @param cipherName The cipher to instantiate. * @param blockLen The block length to use. */ @@ -131,12 +120,12 @@ class CipherAdapter extends CipherSpi attributes = new HashMap(); this.blockLen = blockLen; mode = ModeFactory.getInstance("ECB", cipher, blockLen); - attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(blockLen)); + attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(blockLen)); } /** - * <p>Creates a new cipher adapter with the default block size.</p> - * + * Creates a new cipher adapter with the default block size. + * * @param cipherName The cipher to instantiate. */ protected CipherAdapter(String cipherName) @@ -145,12 +134,9 @@ class CipherAdapter extends CipherSpi blockLen = cipher.defaultBlockSize(); attributes = new HashMap(); mode = ModeFactory.getInstance("ECB", cipher, blockLen); - attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(blockLen)); + attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(blockLen)); } - // Instance methods implementing javax.crypto.CipherSpi. - // ------------------------------------------------------------------------- - protected void engineSetMode(String modeName) throws NoSuchAlgorithmException { if (modeName.length() >= 3 @@ -161,7 +147,7 @@ class CipherAdapter extends CipherSpi try { int bs = Integer.parseInt(modeName.substring(3)); - attributes.put(IMode.MODE_BLOCK_SIZE, new Integer(bs / 8)); + attributes.put(IMode.MODE_BLOCK_SIZE, Integer.valueOf(bs / 8)); } catch (NumberFormatException nfe) { @@ -171,14 +157,10 @@ class CipherAdapter extends CipherSpi } } else - { - attributes.remove(IMode.MODE_BLOCK_SIZE); - } + attributes.remove(IMode.MODE_BLOCK_SIZE); mode = ModeFactory.getInstance(modeName, cipher, blockLen); if (mode == null) - { - throw new NoSuchAlgorithmException(modeName); - } + throw new NoSuchAlgorithmException(modeName); } protected void engineSetPadding(String padName) throws NoSuchPaddingException @@ -190,17 +172,13 @@ class CipherAdapter extends CipherSpi } pad = PadFactory.getInstance(padName); if (pad == null) - { - throw new NoSuchPaddingException(padName); - } + throw new NoSuchPaddingException(padName); } protected int engineGetBlockSize() { if (cipher != null) - { - return blockLen; - } + return blockLen; return 0; } @@ -214,17 +192,16 @@ class CipherAdapter extends CipherSpi { byte[] iv = (byte[]) attributes.get(IMode.IV); if (iv == null) - { - return null; - } + return null; return (byte[]) iv.clone(); } protected AlgorithmParameters engineGetParameters() { - BlockCipherParameterSpec spec = new BlockCipherParameterSpec( - (byte[]) attributes.get(IMode.IV), - cipher.currentBlockSize(), + byte[] iv = (byte[]) attributes.get(IMode.IV); + int cipherBlockSize = cipher.currentBlockSize(); + BlockCipherParameterSpec spec = new BlockCipherParameterSpec(iv, + cipherBlockSize, keyLen); AlgorithmParameters params; try @@ -246,25 +223,75 @@ class CipherAdapter extends CipherSpi protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { + try + { + engineInit(opmode, key, (AlgorithmParameterSpec) null, random); + } + catch (InvalidAlgorithmParameterException e) + { + throw new InvalidKeyException(e.getMessage(), e); + } + } + + /** + * Executes initialization logic after all parameters have been handled by the + * engineInit()s. + * + * @param opmode the desired mode of operation for this instance. + * @param key the key material to use for initialization. + * @param random a source of randmoness to use if/when needed. + * @throws InvalidKeyException if <code>key</code> is invalid or the cipher + * needs extra parameters which can not be derived from + * <code>key</code>; e.g. an IV. + */ + private void engineInitHandler(int opmode, Key key, SecureRandom random) + throws InvalidKeyException + { switch (opmode) { case Cipher.ENCRYPT_MODE: - attributes.put(IMode.STATE, new Integer(IMode.ENCRYPTION)); + attributes.put(IMode.STATE, Integer.valueOf(IMode.ENCRYPTION)); break; case Cipher.DECRYPT_MODE: - attributes.put(IMode.STATE, new Integer(IMode.DECRYPTION)); + attributes.put(IMode.STATE, Integer.valueOf(IMode.DECRYPTION)); break; } - if (!key.getFormat().equalsIgnoreCase("RAW")) - { - throw new InvalidKeyException("bad key format " + key.getFormat()); - } + if (! key.getFormat().equalsIgnoreCase("RAW")) + throw new InvalidKeyException("bad key format " + key.getFormat()); byte[] kb = key.getEncoded(); + int kbLength = kb.length; if (keyLen == 0) { - keyLen = kb.length; + // no key-size given; instead key-material is provided in kb --which + // can be more than what we need. if we don't cull this down to what + // the cipher likes/wants we may get an InvalidKeyException. + // + // try to find the largest key-size value that is less than or equal + // to kbLength + for (Iterator it = cipher.keySizes(); it.hasNext();) + { + int aKeySize = ((Integer) it.next()).intValue(); + if (aKeySize == kbLength) + { + keyLen = aKeySize; + break; + } + else if (aKeySize < kbLength) + keyLen = aKeySize; + else // all remaining key-sizes are longer than kb.length + break; + } } - else if (keyLen < kb.length) + if (keyLen == 0) + { + // we were unable to find a key-size, among those advertised by the + // cipher, that is less than or equal to the length of the kb array. + // set keyLen to kbLength. either the cipher implementation will throw + // an InvalidKeyException, or it is implemented in a way which can deal + // with an unsupported key-size. + keyLen = kbLength; + } + if (keyLen < kbLength) { byte[] kbb = kb; kb = new byte[keyLen]; @@ -280,31 +307,54 @@ class CipherAdapter extends CipherSpi { if (params == null) { - byte[] iv = new byte[blockLen]; - random.nextBytes(iv); - attributes.put(IMode.IV, iv); + // All cipher modes require parameters (like an IV) except ECB. When + // these cant be derived from the given key then it must be generated + // randomly if in ENCRYPT or WRAP mode. Parameters that have defaults + // for our cipher must be set to these defaults. + if (! mode.name().toLowerCase().startsWith(Registry.ECB_MODE + "(")) + { + switch (opmode) + { + case Cipher.ENCRYPT_MODE: + case Cipher.WRAP_MODE: + byte[] iv = new byte[blockLen]; + random.nextBytes(iv); + attributes.put(IMode.IV, iv); + break; + default: + throw new InvalidAlgorithmParameterException( + "Required algorithm parameters are missing for mode: " + + mode.name()); + } + } + // Add default for block length etc. blockLen = cipher.defaultBlockSize(); - attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(blockLen)); + attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, + Integer.valueOf(blockLen)); keyLen = 0; } else if (params instanceof BlockCipherParameterSpec) { - attributes.put( - IBlockCipher.CIPHER_BLOCK_SIZE, - new Integer( - ((BlockCipherParameterSpec) params).getBlockSize())); - attributes.put(IMode.IV, ((BlockCipherParameterSpec) params).getIV()); - keyLen = ((BlockCipherParameterSpec) params).getKeySize(); - blockLen = ((BlockCipherParameterSpec) params).getBlockSize(); + BlockCipherParameterSpec bcps = (BlockCipherParameterSpec) params; + blockLen = bcps.getBlockSize(); + attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(blockLen)); + attributes.put(IMode.IV, bcps.getIV()); + keyLen = bcps.getKeySize(); } else if (params instanceof IvParameterSpec) { + // The size of the IV must match the block size + if (((IvParameterSpec) params).getIV().length != cipher.defaultBlockSize()) + { + throw new InvalidAlgorithmParameterException(); + } + attributes.put(IMode.IV, ((IvParameterSpec) params).getIV()); blockLen = cipher.defaultBlockSize(); - attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(blockLen)); + attributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(blockLen)); keyLen = 0; } - engineInit(opmode, key, random); + engineInitHandler(opmode, key, random); } protected void engineInit(int opmode, Key key, AlgorithmParameters params, @@ -315,9 +365,7 @@ class CipherAdapter extends CipherSpi try { if (params != null) - { - spec = params.getParameterSpec(BlockCipherParameterSpec.class); - } + spec = params.getParameterSpec(BlockCipherParameterSpec.class); } catch (InvalidParameterSpecException ignored) { @@ -334,91 +382,50 @@ class CipherAdapter extends CipherSpi { engineUpdate(input, off, len, out, 0); } - catch (ShortBufferException x) - { // should not happen + catch (ShortBufferException x) // should not happen + { x.printStackTrace(System.err); } return out; } - // protected int - // engineUpdate(byte[] in, int inOff, int inLen, byte[] out, int outOff) - // throws ShortBufferException - // { - // int blockSize = mode.currentBlockSize(); - // int count = (partLen + inLen) / blockSize; - // if (count * blockSize > out.length - outOff) { - // throw new ShortBufferException(); - // } - // byte[] buf; - // if (partLen > 0 && count > 0) { - // buf = new byte[partLen + inLen]; - // System.arraycopy(partBlock, 0, buf, 0, partLen); - // if (in != null && inLen > 0) { - // System.arraycopy(in, inOff, buf, partLen, inLen); - // } - // partLen = 0; - // inOff = 0; - // } else { - // buf = in; - // } - // for (int i = 0; i < count; i++) { - // mode.update(buf, i * blockSize + inOff, out, i * blockSize + outOff); - // } - // if (inOff + inLen > count * blockSize) { - // partLen = (inOff + inLen) - (count * blockSize); - // System.arraycopy(in, count * blockSize, partBlock, 0, partLen); - // } - // return count * blockSize; - // } - protected int engineUpdate(byte[] in, int inOff, int inLen, byte[] out, int outOff) throws ShortBufferException { - if (inLen == 0) - { // nothing to process - return 0; - } + if (inLen == 0) // nothing to process + return 0; final int blockSize = mode.currentBlockSize(); final int blockCount = (partLen + inLen) / blockSize; final int result = blockCount * blockSize; if (result > out.length - outOff) + throw new ShortBufferException(); + if (blockCount == 0) // not enough bytes for even 1 block { - throw new ShortBufferException(); - } - if (blockCount == 0) - { // not enough bytes for even 1 block System.arraycopy(in, inOff, partBlock, partLen, inLen); partLen += inLen; return 0; } final byte[] buf; // we have enough bytes for at least 1 block - if (partLen == 0) - { // if no cached bytes use input - buf = in; - } - else - { // prefix input with cached bytes + if (partLen == 0) // if no cached bytes use input + buf = in; + else // prefix input with cached bytes + { buf = new byte[partLen + inLen]; System.arraycopy(partBlock, 0, buf, 0, partLen); if (in != null && inLen > 0) - { - System.arraycopy(in, inOff, buf, partLen, inLen); - } + System.arraycopy(in, inOff, buf, partLen, inLen); inOff = 0; } - for (int i = 0; i < blockCount; i++) - { // update blockCount * blockSize + for (int i = 0; i < blockCount; i++) // update blockCount * blockSize + { mode.update(buf, inOff, out, outOff); inOff += blockSize; outOff += blockSize; } partLen += inLen - result; - if (partLen > 0) - { // cache remaining bytes from buf - System.arraycopy(buf, inOff, partBlock, 0, partLen); - } + if (partLen > 0) // cache remaining bytes from buf + System.arraycopy(buf, inOff, partBlock, 0, partLen); return result; } @@ -458,9 +465,7 @@ class CipherAdapter extends CipherSpi else { if (partLen > 0) - { - throw new IllegalBlockSizeException(partLen + " trailing bytes"); - } + throw new IllegalBlockSizeException(partLen + " trailing bytes"); result = buf; } @@ -483,9 +488,7 @@ class CipherAdapter extends CipherSpi { byte[] buf = engineDoFinal(in, inOff, inLen); if (out.length + outOff < buf.length) - { - throw new ShortBufferException(); - } + throw new ShortBufferException(); System.arraycopy(buf, 0, out, outOff, buf.length); return buf.length; } diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/DESSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/DESSpi.java index ff86071c4ee..21f62b4f046 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/DESSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/DESSpi.java @@ -41,15 +41,12 @@ package gnu.javax.crypto.jce.cipher; import gnu.java.security.Registry; /** - * The implementation of the DES <i>Service Provider Interface</i> - * (<b>SPI</b>) adapter. + * The implementation of the DES <i>Service Provider Interface</i> (<b>SPI</b>) + * adapter. */ -public final class DESSpi extends CipherAdapter +public final class DESSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public DESSpi() { super(Registry.DES_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/KeyWrappingAlgorithmAdapter.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/KeyWrappingAlgorithmAdapter.java new file mode 100644 index 00000000000..03356a236f7 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/KeyWrappingAlgorithmAdapter.java @@ -0,0 +1,423 @@ +/* KeyWrappingAlgorithmAdapter.java -- Base Adapter for Key Wrapping algorithms + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.cipher; + +import gnu.java.security.Configuration; +import gnu.java.security.Registry; +import gnu.javax.crypto.jce.spec.BlockCipherParameterSpec; +import gnu.javax.crypto.kwa.IKeyWrappingAlgorithm; +import gnu.javax.crypto.kwa.KeyUnwrappingException; +import gnu.javax.crypto.kwa.KeyWrappingAlgorithmFactory; + +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.InvalidParameterSpecException; +import java.security.spec.X509EncodedKeySpec; +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Logger; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.CipherSpi; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * An abstract base class to facilitate implementations of JCE Adapters for + * symmetric key block ciphers capable of providing key-wrapping functionality. + */ +abstract class KeyWrappingAlgorithmAdapter + extends CipherSpi +{ + private static final Logger log = Logger.getLogger(KeyWrappingAlgorithmAdapter.class.getName()); + /** JCE canonical name of a null-padder. */ + private static final String NO_PADDING = "nopadding"; + /** Concrete Key Wrapping Algorithm SPI. */ + protected IKeyWrappingAlgorithm kwAlgorithm; + /** Size in bytes of the padding block to be provided by external padders. */ + protected int kwaBlockSize; + /** KEK size in bytes. */ + protected int kwaKeySize; + /** Name of the supported mode. */ + protected String supportedMode; + /** Operational mode in which this instance was initialised. */ + protected int opmode = -1; + /** Initialisation Vector if/when user wants to override default one. */ + byte[] iv; + + /** + * Creates a new JCE Adapter for the designated Key Wrapping Algorithm name. + * + * @param name the canonical name of the key-wrapping algorithm. + * @param blockSize the block size in bytes of the underlying symmetric-key + * block cipher algorithm. + * @param keySize the allowed size in bytes of the KEK bytes to initialise the + * underlying symmetric-key block cipher algorithm with. + * @param supportedMode canonical name of the block mode the underlying cipher + * is supporting. + */ + protected KeyWrappingAlgorithmAdapter(String name, int blockSize, int keySize, + String supportedMode) + { + super(); + + this.kwAlgorithm = KeyWrappingAlgorithmFactory.getInstance(name); + this.kwaBlockSize = blockSize; + this.kwaKeySize = keySize; + this.supportedMode = supportedMode; + } + + /** + * Wraps the encoded form of a designated {@link Key}. + * + * @param key the key-material to wrap. + * @return the wrapped key. + * @throws InvalidKeyException If the key cannot be wrapped. + */ + protected byte[] engineWrap(Key key) + throws InvalidKeyException, IllegalBlockSizeException + { + byte[] keyMaterial = key.getEncoded(); + byte[] result = kwAlgorithm.wrap(keyMaterial, 0, keyMaterial.length); + return result; + } + + /** + * Unwraps a previously-wrapped key-material. + * + * @param wrappedKey the wrapped key-material to unwrap. + * @param wrappedKeyAlgorithm the canonical name of the algorithm, which the + * unwrapped key-material represents. This name is used to + * instantiate a concrete instance of a {@link Key} for that + * algorithm. For example, if the value of this parameter is + * <code>DSS</code> and the type (the next parameter) is + * {@link Cipher#PUBLIC_KEY} then an attempt to construct a concrete + * instance of a {@link java.security.interfaces.DSAPublicKey}, + * using the unwrapped key material, shall be made. + * @param wrappedKeyType the type of wrapped key-material. MUST be one of + * {@link Cipher#PRIVATE_KEY}, {@link Cipher#PUBLIC_KEY}, or + * {@link Cipher#SECRET_KEY}. + * @return the unwrapped key-material as an instance of {@link Key} or one of + * its subclasses. + * @throws InvalidKeyException If the key cannot be unwrapped, or if + * <code>wrappedKeyType</code> is an inappropriate type for the + * unwrapped key. + * @throws NoSuchAlgorithmException If the <code>wrappedKeyAlgorithm</code> + * is unknown to every currently installed Security Provider. + */ + protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, + int wrappedKeyType) + throws InvalidKeyException, NoSuchAlgorithmException + { + byte[] keyBytes; + try + { + keyBytes = kwAlgorithm.unwrap(wrappedKey, 0, wrappedKey.length); + } + catch (KeyUnwrappingException x) + { + InvalidKeyException y = new InvalidKeyException("engineUnwrap()"); + y.initCause(x); + throw y; + } + Key result; + switch (wrappedKeyType) + { + case Cipher.SECRET_KEY: + result = new SecretKeySpec(keyBytes, wrappedKeyAlgorithm); + break; + case Cipher.PRIVATE_KEY: + case Cipher.PUBLIC_KEY: + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); + KeyFactory keyFactory = KeyFactory.getInstance(wrappedKeyAlgorithm); + try + { + if (wrappedKeyType == Cipher.PRIVATE_KEY) + result = keyFactory.generatePrivate(keySpec); + else + result = keyFactory.generatePublic(keySpec); + } + catch (InvalidKeySpecException x) + { + InvalidKeyException y = new InvalidKeyException("engineUnwrap()"); + y.initCause(x); + throw y; + } + break; + default: + IllegalArgumentException x = new IllegalArgumentException("Invalid 'wrappedKeyType': " + + wrappedKeyType); + InvalidKeyException y = new InvalidKeyException("engineUnwrap()"); + y.initCause(x); + throw y; + } + return result; + } + + protected int engineGetBlockSize() + { + return kwaBlockSize; + } + + protected byte[] engineGetIV() + { + return iv == null ? null : (byte[]) iv.clone(); + } + + protected int engineGetOutputSize(int inputLength) + { + switch (opmode) + { + case Cipher.WRAP_MODE: + return getOutputSizeForWrap(inputLength); + case Cipher.UNWRAP_MODE: + return getOutputSizeForUnwrap(inputLength); + default: + throw new IllegalStateException(); + } + } + + protected AlgorithmParameters engineGetParameters() + { + BlockCipherParameterSpec spec = new BlockCipherParameterSpec(iv, + kwaBlockSize, + kwaKeySize); + AlgorithmParameters result = null; + try + { + result = AlgorithmParameters.getInstance("BlockCipherParameters"); + result.init(spec); + } + catch (NoSuchAlgorithmException x) + { + if (Configuration.DEBUG) + log.fine("Unable to find BlockCipherParameters. Return null"); + } + catch (InvalidParameterSpecException x) + { + if (Configuration.DEBUG) + log.fine("Unable to initialise BlockCipherParameters. Return null"); + } + return result; + } + + protected void engineInit(int opmode, Key key, SecureRandom random) + throws InvalidKeyException + { + checkOpMode(opmode); + byte[] kekBytes = checkAndGetKekBytes(key); + initAlgorithm(opmode, kekBytes, null, random); + } + + protected void engineInit(int opmode, Key key, AlgorithmParameters params, + SecureRandom random) + throws InvalidAlgorithmParameterException, InvalidKeyException + { + AlgorithmParameterSpec spec = null; + try + { + if (params != null) + spec = params.getParameterSpec(BlockCipherParameterSpec.class); + } + catch (InvalidParameterSpecException x) + { + if (Configuration.DEBUG) + log.fine("Unable to translate algorithm parameters into an instance " + + "of BlockCipherParameterSpec. Discard"); + } + engineInit(opmode, key, spec, random); + } + + protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, + SecureRandom random) + throws InvalidAlgorithmParameterException, InvalidKeyException + { + checkOpMode(opmode); + byte[] kekBytes = checkAndGetKekBytes(key); + byte[] ivBytes = null; + if (params instanceof BlockCipherParameterSpec) + ivBytes = ((BlockCipherParameterSpec) params).getIV(); + else if (params instanceof IvParameterSpec) + ivBytes = ((IvParameterSpec) params).getIV(); + + initAlgorithm(opmode, kekBytes, ivBytes, random); + } + + protected void engineSetMode(String mode) throws NoSuchAlgorithmException + { + if (! supportedMode.equalsIgnoreCase(mode)) + throw new UnsupportedOperationException("Only " + supportedMode + + " is supported"); + } + + /** + * NoPadding is the only padding algorithm supported by Key Wrapping Algorithm + * implementations in RI. + */ + protected void engineSetPadding(String padding) throws NoSuchPaddingException + { + if (! NO_PADDING.equalsIgnoreCase(padding)) + throw new UnsupportedOperationException("Only NoPadding is supported"); + } + + protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLength) + { + throw new UnsupportedOperationException(); + } + + protected int engineUpdate(byte[] input, int inputOffset, int inputLength, + byte[] output, int outputOffset) + throws ShortBufferException + { + throw new UnsupportedOperationException(); + } + + protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLength) + throws IllegalBlockSizeException, BadPaddingException + { + throw new UnsupportedOperationException(); + } + + protected int engineDoFinal(byte[] input, int inputOffset, int inputLength, + byte[] output, int outputOffset) + throws IllegalBlockSizeException, BadPaddingException, ShortBufferException + { + throw new UnsupportedOperationException(); + } + + /** + * Return the minimum size in bytes of a place holder large enough to receive + * the cipher text resulting from a wrap method with the designated size of + * the plain text. + * <p> + * This default implementation ALWAYS returns the smallest multiple of the + * <code>kwaBlockSize</code> --passed to this method through its + * constructor-- greater than or equal to the designated + * <code>inputLength</code>. + * + * @param inputLength the size of a plain text. + * @return an estimate of the size, in bytes, of the place holder to receive + * the resulting bytes of a wrap method. + */ + protected int getOutputSizeForWrap(int inputLength) + { + return kwaBlockSize * (inputLength + kwaBlockSize - 1) / kwaBlockSize; + } + + /** + * Return the minimum size in bytes of a place holder large enough to receive + * the plain text resulting from an unwrap method with the designated size of + * the cipher text. + * <p> + * This default implementation ALWAYS returns the smallest multiple of the + * <code>paddingBlockSize</code> --passed to this method through its + * constructor-- greater than or equal to the designated + * <code>inputLength</code>. + * + * @param inputLength the size of a cipher text. + * @return an estimate of the size, in bytes, of the place holder to receive + * the resulting bytes of an uwrap method. + */ + protected int getOutputSizeForUnwrap(int inputLength) + { + return kwaBlockSize * (inputLength + kwaBlockSize - 1) / kwaBlockSize; + } + + private void checkOpMode(int opmode) + { + switch (opmode) + { + case Cipher.WRAP_MODE: + case Cipher.UNWRAP_MODE: + return; + } + throw new IllegalArgumentException("Unsupported operational mode: " + opmode); + } + + /** + * Returns the key bytes, iff it was in RAW format. + * + * @param key the opaque JCE secret key to use as the KEK. + * @return the bytes of the encoded form of the designated kek, iff it was in + * RAW format. + * @throws InvalidKeyException if the designated key is not in the RAW format. + */ + private byte[] checkAndGetKekBytes(Key key) throws InvalidKeyException + { + if (! Registry.RAW_ENCODING_SHORT_NAME.equalsIgnoreCase(key.getFormat())) + throw new InvalidKeyException("Only RAW key format is supported"); + byte[] result = key.getEncoded(); + int kekSize = result.length; + if (kekSize != kwaKeySize) + throw new InvalidKeyException("Invalid key material size. Expected " + + kwaKeySize + " but found " + kekSize); + return result; + } + + private void initAlgorithm(int opmode, byte[] kek, byte[] ivBytes, + SecureRandom rnd) + throws InvalidKeyException + { + this.opmode = opmode; + Map attributes = new HashMap(); + attributes.put(IKeyWrappingAlgorithm.KEY_ENCRYPTION_KEY_MATERIAL, kek); + if (ivBytes != null) + { + this.iv = (byte[]) ivBytes.clone(); + attributes.put(IKeyWrappingAlgorithm.INITIAL_VALUE, this.iv); + } + else + this.iv = null; + if (rnd != null) + attributes.put(IKeyWrappingAlgorithm.SOURCE_OF_RANDOMNESS, rnd); + + kwAlgorithm.init(attributes); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/KhazadSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/KhazadSpi.java index 397c27d2ed7..6e744a2f2d9 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/KhazadSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/KhazadSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Khazad <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class KhazadSpi extends CipherAdapter +public final class KhazadSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public KhazadSpi() { super(Registry.KHAZAD_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/NullCipherSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/NullCipherSpi.java index e6d78ef393e..e50e00c8eae 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/NullCipherSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/NullCipherSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Null cipher <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class NullCipherSpi extends CipherAdapter +public final class NullCipherSpi + extends CipherAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public NullCipherSpi() { super(Registry.NULL_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/PBES2.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/PBES2.java index 9889ab9fc86..26a6a2c2db9 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/PBES2.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/PBES2.java @@ -55,20 +55,13 @@ import javax.crypto.interfaces.PBEKey; import javax.crypto.spec.SecretKeySpec; /** - * <p>.</p> */ -public abstract class PBES2 extends CipherAdapter +public abstract class PBES2 + extends CipherAdapter { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The HMac (PRF) algorithm name. */ protected String macName; - // Constructor(s) - // ------------------------------------------------------------------------- - protected PBES2(String cipherName, int blockLen, String macName) { super(cipherName, blockLen); @@ -81,15 +74,11 @@ public abstract class PBES2 extends CipherAdapter this.macName = macName; } - // Instance methods - // ------------------------------------------------------------------------- - protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { - if (!(key instanceof PBEKey)) + if (! (key instanceof PBEKey)) throw new InvalidKeyException("not a PBE key"); - super.engineInit(opmode, genkey((PBEKey) key), random); } @@ -97,9 +86,8 @@ public abstract class PBES2 extends CipherAdapter SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { - if (!(key instanceof PBEKey)) + if (! (key instanceof PBEKey)) throw new InvalidKeyException("not a PBE key"); - super.engineInit(opmode, genkey((PBEKey) key), params, random); } @@ -107,9 +95,8 @@ public abstract class PBES2 extends CipherAdapter SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { - if (!(key instanceof PBEKey)) + if (! (key instanceof PBEKey)) throw new InvalidKeyException("not a PBE key"); - super.engineInit(opmode, genkey((PBEKey) key), params, random); } @@ -117,11 +104,9 @@ public abstract class PBES2 extends CipherAdapter { IRandom kdf = PRNGFactory.getInstance("PBKDF2-" + macName); if (kdf == null) - { - throw new IllegalArgumentException("no such KDF: PBKDF2-" + macName); - } + throw new IllegalArgumentException("no such KDF: PBKDF2-" + macName); HashMap attrib = new HashMap(); - attrib.put(IPBE.ITERATION_COUNT, new Integer(key.getIterationCount())); + attrib.put(IPBE.ITERATION_COUNT, Integer.valueOf(key.getIterationCount())); attrib.put(IPBE.PASSWORD, key.getPassword()); attrib.put(IPBE.SALT, key.getSalt()); try @@ -139,21 +124,14 @@ public abstract class PBES2 extends CipherAdapter } catch (LimitReachedException shouldNotHappen) { - // throw new Error(shouldNotHappen); throw new Error(String.valueOf(shouldNotHappen)); } return new SecretKeySpec(dk, cipher.name()); } - // Inner classe(s) - // ========================================================================= - - public static class HMacSHA1 extends PBES2 + public static class HMacSHA1 + extends PBES2 { - - // Constructor(s) - // --------------------------------------------------------------------- - public HMacSHA1(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-SHA1"); @@ -164,10 +142,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-SHA1"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacSHA1 + public static class AES + extends HMacSHA1 { public AES() { @@ -175,7 +151,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacSHA1 + public static class Anubis + extends HMacSHA1 { public Anubis() { @@ -183,7 +160,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacSHA1 + public static class Blowfish + extends HMacSHA1 { public Blowfish() { @@ -191,7 +169,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacSHA1 + public static class Cast5 + extends HMacSHA1 { public Cast5() { @@ -199,7 +178,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacSHA1 + public static class DES + extends HMacSHA1 { public DES() { @@ -207,7 +187,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacSHA1 + public static class Khazad + extends HMacSHA1 { public Khazad() { @@ -215,7 +196,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacSHA1 + public static class Serpent + extends HMacSHA1 { public Serpent() { @@ -223,7 +205,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacSHA1 + public static class Square + extends HMacSHA1 { public Square() { @@ -231,7 +214,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacSHA1 + public static class TripleDES + extends HMacSHA1 { public TripleDES() { @@ -239,7 +223,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacSHA1 + public static class Twofish + extends HMacSHA1 { public Twofish() { @@ -248,12 +233,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacMD5 extends PBES2 + public static class HMacMD5 + extends PBES2 { - - // Constructor(s) - // ---------------------------------------------------------------------- - public HMacMD5(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-MD5"); @@ -264,10 +246,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-MD5"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacMD5 + public static class AES + extends HMacMD5 { public AES() { @@ -275,7 +255,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacMD5 + public static class Anubis + extends HMacMD5 { public Anubis() { @@ -283,7 +264,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacMD5 + public static class Blowfish + extends HMacMD5 { public Blowfish() { @@ -291,7 +273,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacMD5 + public static class Cast5 + extends HMacMD5 { public Cast5() { @@ -299,7 +282,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacMD5 + public static class DES + extends HMacMD5 { public DES() { @@ -307,7 +291,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacMD5 + public static class Khazad + extends HMacMD5 { public Khazad() { @@ -315,7 +300,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacMD5 + public static class Serpent + extends HMacMD5 { public Serpent() { @@ -323,7 +309,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacMD5 + public static class Square + extends HMacMD5 { public Square() { @@ -331,7 +318,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacMD5 + public static class TripleDES + extends HMacMD5 { public TripleDES() { @@ -339,7 +327,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacMD5 + public static class Twofish + extends HMacMD5 { public Twofish() { @@ -348,12 +337,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacMD2 extends PBES2 + public static class HMacMD2 + extends PBES2 { - - // Constructor(s) - // ---------------------------------------------------------------------- - public HMacMD2(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-MD2"); @@ -364,10 +350,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-MD2"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacMD2 + public static class AES + extends HMacMD2 { public AES() { @@ -375,7 +359,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacMD2 + public static class Anubis + extends HMacMD2 { public Anubis() { @@ -383,7 +368,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacMD2 + public static class Blowfish + extends HMacMD2 { public Blowfish() { @@ -391,7 +377,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacMD2 + public static class Cast5 + extends HMacMD2 { public Cast5() { @@ -399,7 +386,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacMD2 + public static class DES + extends HMacMD2 { public DES() { @@ -407,7 +395,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacMD2 + public static class Khazad + extends HMacMD2 { public Khazad() { @@ -415,7 +404,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacMD2 + public static class Serpent + extends HMacMD2 { public Serpent() { @@ -423,7 +413,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacMD2 + public static class Square + extends HMacMD2 { public Square() { @@ -431,7 +422,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacMD2 + public static class TripleDES + extends HMacMD2 { public TripleDES() { @@ -439,7 +431,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacMD2 + public static class Twofish + extends HMacMD2 { public Twofish() { @@ -448,12 +441,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacMD4 extends PBES2 + public static class HMacMD4 + extends PBES2 { - - // Constructor(s) - // ---------------------------------------------------------------------- - public HMacMD4(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-MD4"); @@ -464,10 +454,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-MD4"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacMD4 + public static class AES + extends HMacMD4 { public AES() { @@ -475,7 +463,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacMD4 + public static class Anubis + extends HMacMD4 { public Anubis() { @@ -483,7 +472,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacMD4 + public static class Blowfish + extends HMacMD4 { public Blowfish() { @@ -491,7 +481,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacMD4 + public static class Cast5 + extends HMacMD4 { public Cast5() { @@ -499,7 +490,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacMD4 + public static class DES + extends HMacMD4 { public DES() { @@ -507,7 +499,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacMD4 + public static class Khazad + extends HMacMD4 { public Khazad() { @@ -515,7 +508,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacMD4 + public static class Serpent + extends HMacMD4 { public Serpent() { @@ -523,7 +517,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacMD4 + public static class Square + extends HMacMD4 { public Square() { @@ -531,7 +526,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacMD4 + public static class TripleDES + extends HMacMD4 { public TripleDES() { @@ -539,7 +535,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacMD4 + public static class Twofish + extends HMacMD4 { public Twofish() { @@ -548,12 +545,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacHaval extends PBES2 + public static class HMacHaval + extends PBES2 { - - // Constructor(s) - // --------------------------------------------------------------------- - public HMacHaval(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-HAVAL"); @@ -564,10 +558,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-HAVAL"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacHaval + public static class AES + extends HMacHaval { public AES() { @@ -575,7 +567,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacHaval + public static class Anubis + extends HMacHaval { public Anubis() { @@ -583,7 +576,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacHaval + public static class Blowfish + extends HMacHaval { public Blowfish() { @@ -591,7 +585,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacHaval + public static class Cast5 + extends HMacHaval { public Cast5() { @@ -599,7 +594,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacHaval + public static class DES + extends HMacHaval { public DES() { @@ -607,7 +603,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacHaval + public static class Khazad + extends HMacHaval { public Khazad() { @@ -615,7 +612,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacHaval + public static class Serpent + extends HMacHaval { public Serpent() { @@ -623,7 +621,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacHaval + public static class Square + extends HMacHaval { public Square() { @@ -631,7 +630,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacHaval + public static class TripleDES + extends HMacHaval { public TripleDES() { @@ -639,7 +639,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacHaval + public static class Twofish + extends HMacHaval { public Twofish() { @@ -648,12 +649,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacRipeMD128 extends PBES2 + public static class HMacRipeMD128 + extends PBES2 { - - // Constructor(s) - // ---------------------------------------------------------------------- - public HMacRipeMD128(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-RIPEMD128"); @@ -664,10 +662,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-RIPEMD128"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacRipeMD128 + public static class AES + extends HMacRipeMD128 { public AES() { @@ -675,7 +671,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacRipeMD128 + public static class Anubis + extends HMacRipeMD128 { public Anubis() { @@ -683,7 +680,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacRipeMD128 + public static class Blowfish + extends HMacRipeMD128 { public Blowfish() { @@ -691,7 +689,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacRipeMD128 + public static class Cast5 + extends HMacRipeMD128 { public Cast5() { @@ -699,7 +698,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacRipeMD128 + public static class DES + extends HMacRipeMD128 { public DES() { @@ -707,7 +707,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacRipeMD128 + public static class Khazad + extends HMacRipeMD128 { public Khazad() { @@ -715,7 +716,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacRipeMD128 + public static class Serpent + extends HMacRipeMD128 { public Serpent() { @@ -723,7 +725,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacRipeMD128 + public static class Square + extends HMacRipeMD128 { public Square() { @@ -731,7 +734,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacRipeMD128 + public static class TripleDES + extends HMacRipeMD128 { public TripleDES() { @@ -739,7 +743,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacRipeMD128 + public static class Twofish + extends HMacRipeMD128 { public Twofish() { @@ -748,12 +753,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacRipeMD160 extends PBES2 + public static class HMacRipeMD160 + extends PBES2 { - - // Constructor(s) - // ---------------------------------------------------------------------- - public HMacRipeMD160(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-RIPEMD160"); @@ -764,10 +766,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-RIPEMD160"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacRipeMD160 + public static class AES + extends HMacRipeMD160 { public AES() { @@ -775,7 +775,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacRipeMD160 + public static class Anubis + extends HMacRipeMD160 { public Anubis() { @@ -783,7 +784,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacRipeMD160 + public static class Blowfish + extends HMacRipeMD160 { public Blowfish() { @@ -791,7 +793,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacRipeMD160 + public static class Cast5 + extends HMacRipeMD160 { public Cast5() { @@ -799,7 +802,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacRipeMD160 + public static class DES + extends HMacRipeMD160 { public DES() { @@ -807,7 +811,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacRipeMD160 + public static class Khazad + extends HMacRipeMD160 { public Khazad() { @@ -815,7 +820,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacRipeMD160 + public static class Serpent + extends HMacRipeMD160 { public Serpent() { @@ -823,7 +829,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacRipeMD160 + public static class Square + extends HMacRipeMD160 { public Square() { @@ -831,7 +838,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacRipeMD160 + public static class TripleDES + extends HMacRipeMD160 { public TripleDES() { @@ -839,7 +847,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacRipeMD160 + public static class Twofish + extends HMacRipeMD160 { public Twofish() { @@ -848,12 +857,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacSHA256 extends PBES2 + public static class HMacSHA256 + extends PBES2 { - - // Constructor(s) - // --------------------------------------------------------------------- - public HMacSHA256(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-SHA-256"); @@ -864,10 +870,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-SHA-256"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacSHA256 + public static class AES + extends HMacSHA256 { public AES() { @@ -875,7 +879,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacSHA256 + public static class Anubis + extends HMacSHA256 { public Anubis() { @@ -883,7 +888,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacSHA256 + public static class Blowfish + extends HMacSHA256 { public Blowfish() { @@ -891,7 +897,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacSHA256 + public static class Cast5 + extends HMacSHA256 { public Cast5() { @@ -899,7 +906,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacSHA256 + public static class DES + extends HMacSHA256 { public DES() { @@ -907,7 +915,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacSHA256 + public static class Khazad + extends HMacSHA256 { public Khazad() { @@ -915,7 +924,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacSHA256 + public static class Serpent + extends HMacSHA256 { public Serpent() { @@ -923,7 +933,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacSHA256 + public static class Square + extends HMacSHA256 { public Square() { @@ -931,7 +942,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacSHA256 + public static class TripleDES + extends HMacSHA256 { public TripleDES() { @@ -939,7 +951,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacSHA256 + public static class Twofish + extends HMacSHA256 { public Twofish() { @@ -948,12 +961,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacSHA384 extends PBES2 + public static class HMacSHA384 + extends PBES2 { - - // Constructor(s) - // --------------------------------------------------------------------- - public HMacSHA384(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-SHA-384"); @@ -964,10 +974,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-SHA-384"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacSHA384 + public static class AES + extends HMacSHA384 { public AES() { @@ -975,7 +983,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacSHA384 + public static class Anubis + extends HMacSHA384 { public Anubis() { @@ -983,7 +992,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacSHA384 + public static class Blowfish + extends HMacSHA384 { public Blowfish() { @@ -991,7 +1001,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacSHA384 + public static class Cast5 + extends HMacSHA384 { public Cast5() { @@ -999,7 +1010,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacSHA384 + public static class DES + extends HMacSHA384 { public DES() { @@ -1007,7 +1019,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacSHA384 + public static class Khazad + extends HMacSHA384 { public Khazad() { @@ -1015,7 +1028,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacSHA384 + public static class Serpent + extends HMacSHA384 { public Serpent() { @@ -1023,7 +1037,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacSHA384 + public static class Square + extends HMacSHA384 { public Square() { @@ -1031,7 +1046,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacSHA384 + public static class TripleDES + extends HMacSHA384 { public TripleDES() { @@ -1039,7 +1055,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacSHA384 + public static class Twofish + extends HMacSHA384 { public Twofish() { @@ -1048,12 +1065,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacSHA512 extends PBES2 + public static class HMacSHA512 + extends PBES2 { - - // Constructor(s) - // --------------------------------------------------------------------- - public HMacSHA512(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-SHA-512"); @@ -1064,10 +1078,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-SHA-512"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacSHA512 + public static class AES + extends HMacSHA512 { public AES() { @@ -1075,7 +1087,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacSHA512 + public static class Anubis + extends HMacSHA512 { public Anubis() { @@ -1083,7 +1096,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacSHA512 + public static class Blowfish + extends HMacSHA512 { public Blowfish() { @@ -1091,7 +1105,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacSHA512 + public static class Cast5 + extends HMacSHA512 { public Cast5() { @@ -1099,7 +1114,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacSHA512 + public static class DES + extends HMacSHA512 { public DES() { @@ -1107,7 +1123,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacSHA512 + public static class Khazad + extends HMacSHA512 { public Khazad() { @@ -1115,7 +1132,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacSHA512 + public static class Serpent + extends HMacSHA512 { public Serpent() { @@ -1123,7 +1141,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacSHA512 + public static class Square + extends HMacSHA512 { public Square() { @@ -1131,7 +1150,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacSHA512 + public static class TripleDES + extends HMacSHA512 { public TripleDES() { @@ -1139,7 +1159,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacSHA512 + public static class Twofish + extends HMacSHA512 { public Twofish() { @@ -1148,12 +1169,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacTiger extends PBES2 + public static class HMacTiger + extends PBES2 { - - // Constructor(s) - // --------------------------------------------------------------------- - public HMacTiger(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-TIGER"); @@ -1164,10 +1182,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-TIGER"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacTiger + public static class AES + extends HMacTiger { public AES() { @@ -1175,7 +1191,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacTiger + public static class Anubis + extends HMacTiger { public Anubis() { @@ -1183,7 +1200,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacTiger + public static class Blowfish + extends HMacTiger { public Blowfish() { @@ -1191,7 +1209,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacTiger + public static class Cast5 + extends HMacTiger { public Cast5() { @@ -1199,7 +1218,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacTiger + public static class DES + extends HMacTiger { public DES() { @@ -1207,7 +1227,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacTiger + public static class Khazad + extends HMacTiger { public Khazad() { @@ -1215,7 +1236,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacTiger + public static class Serpent + extends HMacTiger { public Serpent() { @@ -1223,7 +1245,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacTiger + public static class Square + extends HMacTiger { public Square() { @@ -1231,7 +1254,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacTiger + public static class TripleDES + extends HMacTiger { public TripleDES() { @@ -1239,7 +1263,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacTiger + public static class Twofish + extends HMacTiger { public Twofish() { @@ -1248,12 +1273,9 @@ public abstract class PBES2 extends CipherAdapter } } - public static class HMacWhirlpool extends PBES2 + public static class HMacWhirlpool + extends PBES2 { - - // Constructor(s) - // ---------------------------------------------------------------------- - public HMacWhirlpool(String cipher, int blockLen) { super(cipher, blockLen, "HMAC-WHIRLPOOL"); @@ -1264,10 +1286,8 @@ public abstract class PBES2 extends CipherAdapter super(cipher, "HMAC-WHIRLPOOL"); } - // Inner classe(s) - // ====================================================================== - - public static class AES extends HMacWhirlpool + public static class AES + extends HMacWhirlpool { public AES() { @@ -1275,7 +1295,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Anubis extends HMacWhirlpool + public static class Anubis + extends HMacWhirlpool { public Anubis() { @@ -1283,7 +1304,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Blowfish extends HMacWhirlpool + public static class Blowfish + extends HMacWhirlpool { public Blowfish() { @@ -1291,7 +1313,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Cast5 extends HMacWhirlpool + public static class Cast5 + extends HMacWhirlpool { public Cast5() { @@ -1299,7 +1322,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class DES extends HMacWhirlpool + public static class DES + extends HMacWhirlpool { public DES() { @@ -1307,7 +1331,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Khazad extends HMacWhirlpool + public static class Khazad + extends HMacWhirlpool { public Khazad() { @@ -1315,7 +1340,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Serpent extends HMacWhirlpool + public static class Serpent + extends HMacWhirlpool { public Serpent() { @@ -1323,7 +1349,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Square extends HMacWhirlpool + public static class Square + extends HMacWhirlpool { public Square() { @@ -1331,7 +1358,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class TripleDES extends HMacWhirlpool + public static class TripleDES + extends HMacWhirlpool { public TripleDES() { @@ -1339,7 +1367,8 @@ public abstract class PBES2 extends CipherAdapter } } - public static class Twofish extends HMacWhirlpool + public static class Twofish + extends HMacWhirlpool { public Twofish() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/RijndaelSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/RijndaelSpi.java index 137db2c3fa4..ad61bca599d 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/RijndaelSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/RijndaelSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Rijndael <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class RijndaelSpi extends CipherAdapter +public final class RijndaelSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public RijndaelSpi() { super(Registry.RIJNDAEL_CIPHER, 16); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/SerpentSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/SerpentSpi.java index 9df9685cc38..fa65d34a9be 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/SerpentSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/SerpentSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Serpent <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class SerpentSpi extends CipherAdapter +public final class SerpentSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public SerpentSpi() { super(Registry.SERPENT_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/SquareSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/SquareSpi.java index 96e5dee38b1..bdc656eaedb 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/SquareSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/SquareSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Square <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class SquareSpi extends CipherAdapter +public final class SquareSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public SquareSpi() { super(Registry.SQUARE_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/TripleDESKeyWrapSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/TripleDESKeyWrapSpi.java new file mode 100644 index 00000000000..55087755e21 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/TripleDESKeyWrapSpi.java @@ -0,0 +1,54 @@ +/* TripleDESKeyWrapSpi.java -- DES-EDE Key Wrapping Algorithm JCE Adapter + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.cipher; + +import gnu.java.security.Registry; + +/** + * The JCE Cipher Adapter implementation over the GNU TripleDES Key Wrapping + * Algorithm. + */ +public final class TripleDESKeyWrapSpi + extends KeyWrappingAlgorithmAdapter +{ + public TripleDESKeyWrapSpi() + { + super(Registry.TRIPLEDES_KWA, 8, 192 / 8, Registry.CBC_MODE); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/TripleDESSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/TripleDESSpi.java index 5c58ea5515e..b9ec12b5110 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/TripleDESSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/TripleDESSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Triple-DES <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class TripleDESSpi extends CipherAdapter +public final class TripleDESSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public TripleDESSpi() { super(Registry.TRIPLEDES_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/cipher/TwofishSpi.java b/libjava/classpath/gnu/javax/crypto/jce/cipher/TwofishSpi.java index 31df5ea4068..206e0d9f877 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/cipher/TwofishSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/cipher/TwofishSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Twofish <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class TwofishSpi extends CipherAdapter +public final class TwofishSpi + extends CipherAdapter { - - // Constructors. - // -------------------------------------------------------------------- - public TwofishSpi() { super(Registry.TWOFISH_CIPHER); diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/AnubisKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/AnubisKeyGeneratorImpl.java index e8d7788e8b7..a1cc8fd7f84 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/AnubisKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/AnubisKeyGeneratorImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class AnubisKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class AnubisKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public AnubisKeyGeneratorImpl () + public AnubisKeyGeneratorImpl() { - super (Registry.ANUBIS_CIPHER); + super(Registry.ANUBIS_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/AnubisSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/AnubisSecretKeyFactoryImpl.java index f9725eae033..bea65a6c63e 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/AnubisSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/AnubisSecretKeyFactoryImpl.java @@ -38,14 +38,8 @@ exception statement from your version. */ package gnu.javax.crypto.jce.key; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; - -public class AnubisSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class AnubisSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public AnubisSecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishKeyGeneratorImpl.java index a0e687acdf8..2297980fb47 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishKeyGeneratorImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class BlowfishKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class BlowfishKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public BlowfishKeyGeneratorImpl () + public BlowfishKeyGeneratorImpl() { - super (Registry.BLOWFISH_CIPHER); + super(Registry.BLOWFISH_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishSecretKeyFactoryImpl.java index 4b3620bc17d..53fe8b0b49b 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/BlowfishSecretKeyFactoryImpl.java @@ -38,14 +38,8 @@ exception statement from your version. */ package gnu.javax.crypto.jce.key; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; - -public class BlowfishSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class BlowfishSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public BlowfishSecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/Cast5KeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/Cast5KeyGeneratorImpl.java index 18d26e67fdb..b328e48b37a 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/Cast5KeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/Cast5KeyGeneratorImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class Cast5KeyGeneratorImpl extends SecretKeyGeneratorImpl +public class Cast5KeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public Cast5KeyGeneratorImpl () + public Cast5KeyGeneratorImpl() { - super (Registry.CAST5_CIPHER); + super(Registry.CAST5_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/Cast5SecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/Cast5SecretKeyFactoryImpl.java index 4bd31711eea..fcebb528e70 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/Cast5SecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/Cast5SecretKeyFactoryImpl.java @@ -38,14 +38,8 @@ exception statement from your version. */ package gnu.javax.crypto.jce.key; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; - -public class Cast5SecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class Cast5SecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public Cast5SecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/DESKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/DESKeyGeneratorImpl.java index 19c54653a07..2cd29a67f61 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/DESKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/DESKeyGeneratorImpl.java @@ -35,6 +35,7 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; @@ -43,31 +44,25 @@ import gnu.javax.crypto.cipher.DES; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; -public class DESKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class DESKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public DESKeyGeneratorImpl () + public DESKeyGeneratorImpl() { - super (Registry.DES_CIPHER); + super(Registry.DES_CIPHER); } - // Instance methods. - // ------------------------------------------------------------------------- - - protected SecretKey engineGenerateKey () + protected SecretKey engineGenerateKey() { - if (!init) - throw new IllegalStateException ("not initialized"); - byte[] buf = new byte [currentKeySize]; + if (! init) + throw new IllegalStateException("not initialized"); + byte[] buf = new byte[currentKeySize]; do { - random.nextBytes (buf); + random.nextBytes(buf); } - while (DES.isWeak (buf) || DES.isSemiWeak (buf)); - DES.adjustParity (buf, 0); - return new SecretKeySpec (buf, algorithm); + while (DES.isWeak(buf) || DES.isSemiWeak(buf)); + DES.adjustParity(buf, 0); + return new SecretKeySpec(buf, algorithm); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/DESSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/DESSecretKeyFactoryImpl.java index e0f1c586096..a138e290228 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/DESSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/DESSecretKeyFactoryImpl.java @@ -35,6 +35,7 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import java.security.InvalidKeyException; @@ -45,36 +46,37 @@ import javax.crypto.SecretKey; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.SecretKeySpec; -public class DESSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class DESSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public DESSecretKeyFactoryImpl() { } - protected SecretKey engineGenerateSecret (KeySpec spec) - throws InvalidKeySpecException + protected SecretKey engineGenerateSecret(KeySpec spec) + throws InvalidKeySpecException { if (spec instanceof DESKeySpec) - return new SecretKeySpec (((DESKeySpec) spec).getKey(), "DES"); - return super.engineGenerateSecret (spec); + return new SecretKeySpec(((DESKeySpec) spec).getKey(), "DES"); + return super.engineGenerateSecret(spec); } - protected KeySpec engineGetKeySpec (SecretKey key, Class spec) - throws InvalidKeySpecException + protected KeySpec engineGetKeySpec(SecretKey key, Class spec) + throws InvalidKeySpecException { - if (spec.isAssignableFrom (DESKeySpec.class)) + if (spec.isAssignableFrom(DESKeySpec.class)) try { - return new DESKeySpec (key.getEncoded()); + return new DESKeySpec(key.getEncoded()); } catch (InvalidKeyException ike) { - InvalidKeySpecException ikse = new InvalidKeySpecException - ("can't create DES key spec"); - ikse.initCause (ike); + InvalidKeySpecException ikse = new InvalidKeySpecException( + "can't create DES key spec"); + ikse.initCause(ike); throw ikse; } - return super.engineGetKeySpec (key, spec); + return super.engineGetKeySpec(key, spec); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/DESedeSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/DESedeSecretKeyFactoryImpl.java index 15e10994020..f380603e44e 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/DESedeSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/DESedeSecretKeyFactoryImpl.java @@ -35,6 +35,7 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import java.security.InvalidKeyException; @@ -45,36 +46,37 @@ import javax.crypto.SecretKey; import javax.crypto.spec.DESedeKeySpec; import javax.crypto.spec.SecretKeySpec; -public class DESedeSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class DESedeSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public DESedeSecretKeyFactoryImpl() { } - protected SecretKey engineGenerateSecret (KeySpec spec) - throws InvalidKeySpecException + protected SecretKey engineGenerateSecret(KeySpec spec) + throws InvalidKeySpecException { if (spec instanceof DESedeKeySpec) - return new SecretKeySpec (((DESedeKeySpec) spec).getKey(), "DESede"); - return super.engineGenerateSecret (spec); + return new SecretKeySpec(((DESedeKeySpec) spec).getKey(), "DESede"); + return super.engineGenerateSecret(spec); } - protected KeySpec engineGetKeySpec (SecretKey key, Class spec) - throws InvalidKeySpecException + protected KeySpec engineGetKeySpec(SecretKey key, Class spec) + throws InvalidKeySpecException { - if (spec.equals (DESedeKeySpec.class)) + if (spec.equals(DESedeKeySpec.class)) try { - return new DESedeKeySpec (key.getEncoded()); + return new DESedeKeySpec(key.getEncoded()); } catch (InvalidKeyException ike) { - InvalidKeySpecException ikse = new InvalidKeySpecException - ("can't create DESede key spec"); - ikse.initCause (ike); + InvalidKeySpecException ikse = new InvalidKeySpecException( + "can't create DESede key spec"); + ikse.initCause(ike); throw ikse; } - return super.engineGetKeySpec (key, spec); + return super.engineGetKeySpec(key, spec); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/KhazadKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/KhazadKeyGeneratorImpl.java index c01391e4486..21ae627ebac 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/KhazadKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/KhazadKeyGeneratorImpl.java @@ -35,18 +35,16 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class KhazadKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class KhazadKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public KhazadKeyGeneratorImpl () + public KhazadKeyGeneratorImpl() { - super (Registry.KHAZAD_CIPHER); + super(Registry.KHAZAD_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/KhazadSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/KhazadSecretKeyFactoryImpl.java index c86e01110c5..19315d22ec3 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/KhazadSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/KhazadSecretKeyFactoryImpl.java @@ -35,16 +35,11 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package gnu.javax.crypto.jce.key; - -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; +package gnu.javax.crypto.jce.key; -public class KhazadSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class KhazadSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public KhazadSecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelKeyGeneratorImpl.java index 535e573ad8e..b60f7d6d02c 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelKeyGeneratorImpl.java @@ -35,18 +35,16 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class RijndaelKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class RijndaelKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public RijndaelKeyGeneratorImpl () + public RijndaelKeyGeneratorImpl() { - super (Registry.RIJNDAEL_CIPHER); + super(Registry.RIJNDAEL_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelSecretKeyFactoryImpl.java index 4aab584a2cc..f88b077520b 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/RijndaelSecretKeyFactoryImpl.java @@ -35,16 +35,11 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package gnu.javax.crypto.jce.key; - -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; +package gnu.javax.crypto.jce.key; -public class RijndaelSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class RijndaelSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public RijndaelSecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyFactoryImpl.java index 72defe1d7f2..4bba171f9c1 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyFactoryImpl.java @@ -35,6 +35,7 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import java.security.InvalidKeyException; @@ -45,43 +46,42 @@ import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactorySpi; import javax.crypto.spec.SecretKeySpec; -public abstract class SecretKeyFactoryImpl extends SecretKeyFactorySpi +public abstract class SecretKeyFactoryImpl + extends SecretKeyFactorySpi { protected SecretKeyFactoryImpl() { } - protected SecretKey engineGenerateSecret (KeySpec spec) - throws InvalidKeySpecException + protected SecretKey engineGenerateSecret(KeySpec spec) + throws InvalidKeySpecException { if (spec instanceof SecretKeySpec) return (SecretKey) spec; - throw new InvalidKeySpecException ("unknown key spec: " + - spec.getClass().getName()); + throw new InvalidKeySpecException("unknown key spec: " + + spec.getClass().getName()); } - protected KeySpec engineGetKeySpec (SecretKey key, Class spec) - throws InvalidKeySpecException + protected KeySpec engineGetKeySpec(SecretKey key, Class spec) + throws InvalidKeySpecException { - if (spec.equals (SecretKeySpec.class)) + if (spec.equals(SecretKeySpec.class)) { if (key instanceof SecretKeySpec) return (KeySpec) key; else - return new SecretKeySpec (key.getEncoded(), key.getAlgorithm()); + return new SecretKeySpec(key.getEncoded(), key.getAlgorithm()); } - throw new InvalidKeySpecException ("unsupported key spec: " + - spec.getName()); + throw new InvalidKeySpecException("unsupported key spec: " + spec.getName()); } - protected SecretKey engineTranslateKey (SecretKey key) - throws InvalidKeyException + protected SecretKey engineTranslateKey(SecretKey key) + throws InvalidKeyException { - if (!"RAW".equals (key.getFormat())) - throw new InvalidKeyException ("only raw keys are supported"); - + if (! "RAW".equals(key.getFormat())) + throw new InvalidKeyException("only raw keys are supported"); // SecretKeySpec is good enough for our purposes. - return new SecretKeySpec (key.getEncoded(), key.getAlgorithm()); + return new SecretKeySpec(key.getEncoded(), key.getAlgorithm()); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.java index 0a62655734c..319b0eaebe8 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.java @@ -35,6 +35,7 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.javax.crypto.cipher.CipherFactory; @@ -53,12 +54,9 @@ import javax.crypto.KeyGeneratorSpi; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; -public class SecretKeyGeneratorImpl extends KeyGeneratorSpi +public class SecretKeyGeneratorImpl + extends KeyGeneratorSpi { - - // Fields. - // ------------------------------------------------------------------------- - protected final int defaultKeySize; protected final List keySizes; protected final String algorithm; @@ -66,55 +64,47 @@ public class SecretKeyGeneratorImpl extends KeyGeneratorSpi protected int currentKeySize; protected SecureRandom random; - // Constructors. - // ------------------------------------------------------------------------- - - protected SecretKeyGeneratorImpl (final String algorithm) + protected SecretKeyGeneratorImpl(final String algorithm) { this.algorithm = algorithm; - IBlockCipher cipher = CipherFactory.getInstance (algorithm); + IBlockCipher cipher = CipherFactory.getInstance(algorithm); if (cipher == null) - throw new IllegalArgumentException ("no such cipher: "+algorithm); - defaultKeySize = cipher.defaultKeySize (); + throw new IllegalArgumentException("no such cipher: " + algorithm); + defaultKeySize = cipher.defaultKeySize(); keySizes = new LinkedList(); - for (Iterator it = cipher.keySizes (); it.hasNext (); ) - { - keySizes.add (it.next ()); - } + for (Iterator it = cipher.keySizes(); it.hasNext();) + keySizes.add(it.next()); init = false; } - // Instance methods. - // ------------------------------------------------------------------------- - - protected SecretKey engineGenerateKey () + protected SecretKey engineGenerateKey() { - if (!init) - throw new IllegalStateException ("not initialized"); - byte[] buf = new byte [currentKeySize]; - random.nextBytes (buf); - return new SecretKeySpec (buf, algorithm); + if (! init) + throw new IllegalStateException("not initialized"); + byte[] buf = new byte[currentKeySize]; + random.nextBytes(buf); + return new SecretKeySpec(buf, algorithm); } - protected void engineInit (AlgorithmParameterSpec params, SecureRandom random) - throws InvalidAlgorithmParameterException + protected void engineInit(AlgorithmParameterSpec params, SecureRandom random) + throws InvalidAlgorithmParameterException { - throw new InvalidAlgorithmParameterException (algorithm + - " does not support algorithm paramaters"); + throw new InvalidAlgorithmParameterException( + algorithm + " does not support algorithm paramaters"); } - protected void engineInit (int keySize, SecureRandom random) + protected void engineInit(int keySize, SecureRandom random) { keySize >>>= 3; // Use bytes. - if (!keySizes.contains (new Integer (keySize))) - throw new InvalidParameterException ("unsupported key size: " + keySize); + if (! keySizes.contains(Integer.valueOf(keySize))) + throw new InvalidParameterException("unsupported key size: " + keySize); currentKeySize = keySize; this.random = random; init = true; } - protected void engineInit (SecureRandom random) + protected void engineInit(SecureRandom random) { - engineInit (defaultKeySize << 3, random); + engineInit(defaultKeySize << 3, random); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/SerpentKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/SerpentKeyGeneratorImpl.java index 766860a96b0..c5319051414 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/SerpentKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/SerpentKeyGeneratorImpl.java @@ -35,18 +35,16 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class SerpentKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class SerpentKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public SerpentKeyGeneratorImpl () + public SerpentKeyGeneratorImpl() { - super (Registry.SERPENT_CIPHER); + super(Registry.SERPENT_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/SerpentSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/SerpentSecretKeyFactoryImpl.java index 6e80671fac7..5d5ac88dfe7 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/SerpentSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/SerpentSecretKeyFactoryImpl.java @@ -35,16 +35,11 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package gnu.javax.crypto.jce.key; - -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; +package gnu.javax.crypto.jce.key; -public class SerpentSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class SerpentSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public SerpentSecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/SquareKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/SquareKeyGeneratorImpl.java index 4bfbeb66833..3d496e8a984 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/SquareKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/SquareKeyGeneratorImpl.java @@ -35,18 +35,16 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class SquareKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class SquareKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public SquareKeyGeneratorImpl () + public SquareKeyGeneratorImpl() { - super (Registry.SQUARE_CIPHER); + super(Registry.SQUARE_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/SquareSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/SquareSecretKeyFactoryImpl.java index d1d5d551432..f35835912b8 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/SquareSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/SquareSecretKeyFactoryImpl.java @@ -35,16 +35,11 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package gnu.javax.crypto.jce.key; - -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; +package gnu.javax.crypto.jce.key; -public class SquareSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class SquareSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public SquareSecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/TripleDESKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/TripleDESKeyGeneratorImpl.java index eb423fcd19c..6fd557ccbcf 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/TripleDESKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/TripleDESKeyGeneratorImpl.java @@ -35,18 +35,16 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class TripleDESKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class TripleDESKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public TripleDESKeyGeneratorImpl () + public TripleDESKeyGeneratorImpl() { - super (Registry.TRIPLEDES_CIPHER); + super(Registry.TRIPLEDES_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/TwofishKeyGeneratorImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/TwofishKeyGeneratorImpl.java index ae7e22feec3..9dd5a8f30e6 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/TwofishKeyGeneratorImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/TwofishKeyGeneratorImpl.java @@ -35,18 +35,16 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ + package gnu.javax.crypto.jce.key; import gnu.java.security.Registry; -public class TwofishKeyGeneratorImpl extends SecretKeyGeneratorImpl +public class TwofishKeyGeneratorImpl + extends SecretKeyGeneratorImpl { - - // Constructors. - // ------------------------------------------------------------------------- - - public TwofishKeyGeneratorImpl () + public TwofishKeyGeneratorImpl() { - super (Registry.TWOFISH_CIPHER); + super(Registry.TWOFISH_CIPHER); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/key/TwofishSecretKeyFactoryImpl.java b/libjava/classpath/gnu/javax/crypto/jce/key/TwofishSecretKeyFactoryImpl.java index e6ca80b6363..0767d4cacdc 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/key/TwofishSecretKeyFactoryImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/key/TwofishSecretKeyFactoryImpl.java @@ -35,16 +35,11 @@ this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package gnu.javax.crypto.jce.key; - -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; +package gnu.javax.crypto.jce.key; -public class TwofishSecretKeyFactoryImpl extends SecretKeyFactoryImpl +public class TwofishSecretKeyFactoryImpl + extends SecretKeyFactoryImpl { public TwofishSecretKeyFactoryImpl() { diff --git a/libjava/classpath/gnu/javax/crypto/jce/keyring/GnuKeyring.java b/libjava/classpath/gnu/javax/crypto/jce/keyring/GnuKeyring.java index d2501f89374..4fcf2fde78b 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/keyring/GnuKeyring.java +++ b/libjava/classpath/gnu/javax/crypto/jce/keyring/GnuKeyring.java @@ -38,6 +38,7 @@ exception statement from your version. */ package gnu.javax.crypto.jce.keyring; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.javax.crypto.keyring.GnuPrivateKeyring; import gnu.javax.crypto.keyring.GnuPublicKeyring; @@ -90,79 +91,100 @@ public class GnuKeyring public Enumeration engineAliases() { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineAliases"); ensureLoaded(); Enumeration result; if (privateKR == null) result = Collections.enumeration(Collections.EMPTY_SET); - else - { - Set aliases = new HashSet(); - for (Enumeration e = privateKR.aliases(); e.hasMoreElements();) - { - String alias = (String) e.nextElement(); - if (alias != null) - aliases.add(alias); - } - - for (Enumeration e = publicKR.aliases(); e.hasMoreElements();) - { - String alias = (String) e.nextElement(); - if (alias != null) - aliases.add(alias); - } - - result = Collections.enumeration(aliases); - } - + else + { + Set aliases = new HashSet(); + for (Enumeration e = privateKR.aliases(); e.hasMoreElements();) + { + String alias = (String) e.nextElement(); + if (alias != null) + { + alias = alias.trim(); + if (alias.length() > 0) + { + if (Configuration.DEBUG) + log.fine("Adding alias (from private keyring): " + alias); + aliases.add(alias); + } + } + } + for (Enumeration e = publicKR.aliases(); e.hasMoreElements();) + { + String alias = (String) e.nextElement(); + if (alias != null) + { + alias = alias.trim(); + if (alias.length() > 0) + { + if (Configuration.DEBUG) + log.fine("Adding alias (from public keyring): " + alias); + aliases.add(alias); + } + } + } + if (Configuration.DEBUG) + log.fine("Will enumerate: " + aliases); + result = Collections.enumeration(aliases); + } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineAliases"); return result; } public boolean engineContainsAlias(String alias) { - log.entering(this.getClass().getName(), "engineContainsAlias", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineContainsAlias", alias); ensureLoaded(); boolean inPrivateKR = privateKR.containsAlias(alias); - log.finest("inPrivateKR=" + inPrivateKR); + if (Configuration.DEBUG) + log.fine("inPrivateKR=" + inPrivateKR); boolean inPublicKR = publicKR.containsAlias(alias); - log.finest("inPublicKR=" + inPublicKR); + if (Configuration.DEBUG) + log.fine("inPublicKR=" + inPublicKR); boolean result = inPrivateKR || inPublicKR; - - log.exiting(this.getClass().getName(), "engineContainsAlias", - Boolean.valueOf(result)); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineContainsAlias", + Boolean.valueOf(result)); return result; } public void engineDeleteEntry(String alias) { - log.entering(this.getClass().getName(), "engineDeleteEntry", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineDeleteEntry", alias); ensureLoaded(); if (privateKR.containsAlias(alias)) privateKR.remove(alias); else if (publicKR.containsAlias(alias)) publicKR.remove(alias); - else - log.finer("Unknwon alias: " + alias); - - log.exiting(this.getClass().getName(), "engineDeleteEntry"); + else if (Configuration.DEBUG) + log.fine("Unknwon alias: " + alias); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineDeleteEntry"); } public Certificate engineGetCertificate(String alias) { - log.entering(this.getClass().getName(), "engineGetCertificate", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineGetCertificate", alias); ensureLoaded(); Certificate result = publicKR.getCertificate(alias); - - log.exiting(this.getClass().getName(), "engineGetCertificate", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineGetCertificate", result); return result; } public String engineGetCertificateAlias(Certificate cert) { - log.entering(this.getClass().getName(), "engineGetCertificateAlias", cert); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineGetCertificateAlias", cert); ensureLoaded(); String result = null; for (Enumeration aliases = publicKR.aliases(); aliases.hasMoreElements();) @@ -175,52 +197,64 @@ public class GnuKeyring break; } } - - log.exiting(this.getClass().getName(), "engineGetCertificateAlias", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineGetCertificateAlias", result); return result; } public void engineSetCertificateEntry(String alias, Certificate cert) + throws KeyStoreException { - log.entering(this.getClass().getName(), "engineSetCertificateEntry", - new Object[] { alias, cert }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineSetCertificateEntry", + new Object[] { alias, cert }); ensureLoaded(); + if (privateKR.containsAlias(alias)) + throw new KeyStoreException("Alias [" + alias + + "] already exists and DOES NOT identify a " + + "Trusted Certificate Entry"); + if (publicKR.containsCertificate(alias)) + { + if (Configuration.DEBUG) + log.fine("Public keyring already contains Alias [" + alias + + "]. Will remove it"); + publicKR.remove(alias); + } publicKR.putCertificate(alias, cert); - - log.exiting(this.getClass().getName(), "engineSetCertificateEntry"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineSetCertificateEntry"); } public Certificate[] engineGetCertificateChain(String alias) { - log.entering(this.getClass().getName(), "engineGetCertificateChain", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineGetCertificateChain", alias); ensureLoaded(); Certificate[] result = privateKR.getCertPath(alias); - - log.exiting(this.getClass().getName(), "engineGetCertificateChain", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineGetCertificateChain", result); return result; } public Date engineGetCreationDate(String alias) { - log.entering(this.getClass().getName(), "engineGetCreationDate", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineGetCreationDate", alias); ensureLoaded(); Date result = getCreationDate(alias, privateKR); if (result == null) result = getCreationDate(alias, publicKR); - log.exiting(this.getClass().getName(), "engineGetCreationDate", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineGetCreationDate", result); return result; } public Key engineGetKey(String alias, char[] password) throws UnrecoverableKeyException { - log.entering(this.getClass().getName(), "engineGetKey", - String.valueOf(password)); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineGetKey", alias); ensureLoaded(); Key result = null; if (password == null) @@ -231,7 +265,9 @@ public class GnuKeyring else if (privateKR.containsPrivateKey(alias)) result = privateKR.getPrivateKey(alias, password); - log.exiting(this.getClass().getName(), "engineGetKey", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineGetKey", + result == null ? "null" : result.getClass().getName()); return result; } @@ -239,60 +275,73 @@ public class GnuKeyring Certificate[] chain) throws KeyStoreException { - log.entering(this.getClass().getName(), "engineSetKeyEntry", - new Object[] { alias, key, password, chain }); + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineSetKeyEntry", + new Object[] { alias, key.getClass().getName(), chain }); ensureLoaded(); + if (publicKR.containsAlias(alias)) + throw new KeyStoreException("Alias [" + alias + + "] already exists and DOES NOT identify a " + + "Key Entry"); if (key instanceof PublicKey) - privateKR.putPublicKey(alias, (PublicKey) key); + { + privateKR.remove(alias); + PublicKey pk = (PublicKey) key; + privateKR.putPublicKey(alias, pk); + } else { if (! (key instanceof PrivateKey) && ! (key instanceof SecretKey)) throw new KeyStoreException("cannot store keys of type " + key.getClass().getName()); + privateKR.remove(alias); privateKR.putCertPath(alias, chain); - log.finest("About to put private key in keyring..."); + if (Configuration.DEBUG) + log.fine("About to put private key in keyring..."); privateKR.putPrivateKey(alias, key, password); } - - log.exiting(this.getClass().getName(), "engineSetKeyEntry"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineSetKeyEntry"); } public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException { KeyStoreException x = new KeyStoreException("method not supported"); - log.throwing(this.getClass().getName(), "engineSetKeyEntry(3)", x); + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "engineSetKeyEntry(3)", x); throw x; } public boolean engineIsCertificateEntry(String alias) { - log.entering(this.getClass().getName(), "engineIsCertificateEntry", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineIsCertificateEntry", alias); ensureLoaded(); boolean result = publicKR.containsCertificate(alias); - - log.exiting(this.getClass().getName(), "engineIsCertificateEntry", - Boolean.valueOf(result)); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineIsCertificateEntry", + Boolean.valueOf(result)); return result; } public boolean engineIsKeyEntry(String alias) { - log.entering(this.getClass().getName(), "engineIsKeyEntry", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineIsKeyEntry", alias); ensureLoaded(); boolean result = privateKR.containsPublicKey(alias) || privateKR.containsPrivateKey(alias); - - log.exiting(this.getClass().getName(), "engineIsKeyEntry", - Boolean.valueOf(result)); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineIsKeyEntry", + Boolean.valueOf(result)); return result; } public void engineLoad(InputStream in, char[] password) throws IOException { - log.entering(this.getClass().getName(), "engineLoad", String.valueOf(password)); + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineLoad"); if (in != null) { if (! in.markSupported()) @@ -305,14 +354,14 @@ public class GnuKeyring createNewKeyrings(); loaded = true; - - log.exiting(this.getClass().getName(), "engineLoad"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineLoad"); } public void engineStore(OutputStream out, char[] password) throws IOException { - log.entering(this.getClass().getName(), "engineStore", String.valueOf(password)); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineStore"); ensureLoaded(); HashMap attr = new HashMap(); attr.put(IKeyring.KEYRING_DATA_OUT, out); @@ -320,14 +369,21 @@ public class GnuKeyring privateKR.store(attr); publicKR.store(attr); - - log.exiting(this.getClass().getName(), "engineStore"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineStore"); } public int engineSize() { - ensureLoaded(); - return privateKR.size() + publicKR.size(); + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineSize"); + int result = 0; + for (Enumeration e = engineAliases(); e.hasMoreElements(); result++) + e.nextElement(); + + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineSize", Integer.valueOf(result)); + return result; } /** @@ -353,8 +409,8 @@ public class GnuKeyring private void loadPrivateKeyring(InputStream in, char[] password) throws MalformedKeyringException, IOException { - log.entering(this.getClass().getName(), "loadPrivateKeyring"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "loadPrivateKeyring"); in.mark(5); for (int i = 0; i < 4; i++) if (in.read() != Registry.GKR_MAGIC[i]) @@ -363,15 +419,16 @@ public class GnuKeyring int usage = in.read(); in.reset(); if (usage != GnuPrivateKeyring.USAGE) - throw new MalformedKeyringException("Was expecting a private keyring but got a wrong USAGE: " - + Integer.toBinaryString(usage)); + throw new MalformedKeyringException( + "Was expecting a private keyring but got a wrong USAGE: " + + Integer.toBinaryString(usage)); HashMap attr = new HashMap(); attr.put(IKeyring.KEYRING_DATA_IN, in); attr.put(IKeyring.KEYRING_PASSWORD, password); privateKR = new GnuPrivateKeyring(); privateKR.load(attr); - - log.exiting(this.getClass().getName(), "loadPrivateKeyring"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "loadPrivateKeyring"); } /** @@ -385,8 +442,8 @@ public class GnuKeyring private void loadPublicKeyring(InputStream in, char[] password) throws MalformedKeyringException, IOException { - log.entering(this.getClass().getName(), "loadPublicKeyring"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "loadPublicKeyring"); in.mark(5); for (int i = 0; i < 4; i++) if (in.read() != Registry.GKR_MAGIC[i]) @@ -395,15 +452,16 @@ public class GnuKeyring int usage = in.read(); in.reset(); if (usage != GnuPublicKeyring.USAGE) - throw new MalformedKeyringException("Was expecting a public keyring but got a wrong USAGE: " - + Integer.toBinaryString(usage)); + throw new MalformedKeyringException( + "Was expecting a public keyring but got a wrong USAGE: " + + Integer.toBinaryString(usage)); HashMap attr = new HashMap(); attr.put(IKeyring.KEYRING_DATA_IN, in); attr.put(IKeyring.KEYRING_PASSWORD, password); publicKR = new GnuPublicKeyring(); publicKR.load(attr); - - log.exiting(this.getClass().getName(), "loadPublicKeyring"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "loadPublicKeyring"); } /** @@ -417,9 +475,9 @@ public class GnuKeyring */ private Date getCreationDate(String alias, IKeyring keyring) { - log.entering(this.getClass().getName(), "getCreationDate", - new Object[] { alias, keyring }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "getCreationDate", + new Object[] { alias, keyring }); Date result = null; if (keyring != null) for (Iterator it = keyring.get(alias).iterator(); it.hasNext();) @@ -431,19 +489,19 @@ public class GnuKeyring break; } } - - log.exiting(this.getClass().getName(), "getCreationDate", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "getCreationDate", result); return result; } /** Create empty keyrings. */ private void createNewKeyrings() { - log.entering(this.getClass().getName(), "createNewKeyrings"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "createNewKeyrings"); privateKR = new GnuPrivateKeyring("HMAC-SHA-1", 20, "AES", "OFB", 16); publicKR = new GnuPublicKeyring("HMAC-SHA-1", 20); - - log.exiting(this.getClass().getName(), "createNewKeyrings"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "createNewKeyrings"); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacHavalSpi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacHavalSpi.java index df1319cbfdb..2967ee900ce 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacHavalSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacHavalSpi.java @@ -37,31 +37,18 @@ exception statement from your version. */ package gnu.javax.crypto.jce.mac; + import gnu.java.security.Registry; /** * The implementation of the HMAC-HAVAL <i>Service Provider Interface</i> * (<b>SPI</b>) Adapter. - * - * @version Revision: $ */ -public class HMacHavalSpi extends MacAdapter +public class HMacHavalSpi + extends MacAdapter { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public HMacHavalSpi() { super(Registry.HMAC_NAME_PREFIX + Registry.HAVAL_HASH); } - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD2Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD2Spi.java index dd489639f29..dd648586657 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD2Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD2Spi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the HMAC-MD2 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacMD2Spi extends MacAdapter +public final class HMacMD2Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacMD2Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.MD2_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD4Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD4Spi.java index 6fadf02621b..939851ff537 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD4Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD4Spi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the HMAC-MD4 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacMD4Spi extends MacAdapter +public final class HMacMD4Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacMD4Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.MD4_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD5Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD5Spi.java index 2ef43974f82..e89fbfdbac9 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD5Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacMD5Spi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the HMAC-MD5 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacMD5Spi extends MacAdapter +public final class HMacMD5Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacMD5Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.MD5_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD128Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD128Spi.java index ad7a2340eed..834ec849a71 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD128Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD128Spi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the HMAC-RIPEMD-128 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacRipeMD128Spi extends MacAdapter +public final class HMacRipeMD128Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacRipeMD128Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.RIPEMD128_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD160Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD160Spi.java index c14e3b3bf24..b973ea18678 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD160Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacRipeMD160Spi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the HMAC-RIPEMD-160 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacRipeMD160Spi extends MacAdapter +public final class HMacRipeMD160Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacRipeMD160Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.RIPEMD160_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA160Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA160Spi.java index f102c9ebcde..524aa823386 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA160Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA160Spi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the HMAC-SHA-160 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacSHA160Spi extends MacAdapter +public final class HMacSHA160Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacSHA160Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.SHA160_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA256Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA256Spi.java index cadad1cf5fa..4b0493bc63b 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA256Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA256Spi.java @@ -37,29 +37,18 @@ exception statement from your version. */ package gnu.javax.crypto.jce.mac; + import gnu.java.security.Registry; /** - * <p>The implementation of the HMAC-SHA-256 <i>Service Provider Interface</i> - * (<b>SPI</b>) adapter.</p> + * The implementation of the HMAC-SHA-256 <i>Service Provider Interface</i> + * (<b>SPI</b>) adapter. */ -public final class HMacSHA256Spi extends MacAdapter +public final class HMacSHA256Spi + extends MacAdapter { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ----------------------------------------------------------------------- - public HMacSHA256Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.SHA256_HASH); } - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA384Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA384Spi.java index 69ef38e50f6..92a5c9d2c69 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA384Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA384Spi.java @@ -37,29 +37,18 @@ exception statement from your version. */ package gnu.javax.crypto.jce.mac; + import gnu.java.security.Registry; /** - * <p>The implementation of the HMAC-SHA-384 <i>Service Provider Interface</i> - * (<b>SPI</b>) adapter.</p> + * The implementation of the HMAC-SHA-384 <i>Service Provider Interface</i> + * (<b>SPI</b>) adapter. */ -public class HMacSHA384Spi extends MacAdapter +public class HMacSHA384Spi + extends MacAdapter { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ----------------------------------------------------------------------- - public HMacSHA384Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.SHA384_HASH); } - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA512Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA512Spi.java index abceb4a92c9..f1ecd02e5a7 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA512Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacSHA512Spi.java @@ -37,29 +37,18 @@ exception statement from your version. */ package gnu.javax.crypto.jce.mac; + import gnu.java.security.Registry; /** - * <p>The implementation of the HMAC-SHA-512 <i>Service Provider Interface</i> - * (<b>SPI</b>) adapter.</p> + * The implementation of the HMAC-SHA-512 <i>Service Provider Interface</i> + * (<b>SPI</b>) adapter. */ -public class HMacSHA512Spi extends MacAdapter +public class HMacSHA512Spi + extends MacAdapter { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ----------------------------------------------------------------------- - public HMacSHA512Spi() { super(Registry.HMAC_NAME_PREFIX + Registry.SHA512_HASH); } - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacTigerSpi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacTigerSpi.java index 511993ea413..2d417ef4c58 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacTigerSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacTigerSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the Tiger <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacTigerSpi extends MacAdapter +public final class HMacTigerSpi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacTigerSpi() { super(Registry.HMAC_NAME_PREFIX + Registry.TIGER_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacWhirlpoolSpi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacWhirlpoolSpi.java index 706e0cd5a6b..1b936d71a2e 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/HMacWhirlpoolSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/HMacWhirlpoolSpi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the HMAC-Whirlpool <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class HMacWhirlpoolSpi extends MacAdapter +public final class HMacWhirlpoolSpi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public HMacWhirlpoolSpi() { super(Registry.HMAC_NAME_PREFIX + Registry.WHIRLPOOL_HASH); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/MacAdapter.java b/libjava/classpath/gnu/javax/crypto/jce/mac/MacAdapter.java index dc019ca20f4..d8c800ac728 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/MacAdapter.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/MacAdapter.java @@ -50,32 +50,26 @@ import java.util.Map; import javax.crypto.MacSpi; /** - * <p>The implementation of a generic {@link javax.crypto.Mac} adapter class - * to wrap GNU Crypto MAC instances.</p> - * - * <p>This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) for + * The implementation of a generic {@link javax.crypto.Mac} adapter class to + * wrap GNU MAC instances. + * <p> + * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) for * the {@link javax.crypto.Mac} class, which provides the functionality of a * message authentication code algorithm, such as the <i>Hashed Message - * Authentication Code</i> (<b>HMAC</b>) algorithms.</p> + * Authentication Code</i> (<b>HMAC</b>) algorithms. */ -class MacAdapter extends MacSpi implements Cloneable +class MacAdapter + extends MacSpi + implements Cloneable { - - // Constants and variables - // ----------------------------------------------------------------------- - /** Our MAC instance. */ protected IMac mac; - /** Our MAC attributes. */ protected Map attributes; - // Constructor(s) - // ----------------------------------------------------------------------- - /** - * <p>Creates a new Mac instance for the given name.</p> - * + * Creates a new Mac instance for the given name. + * * @param name The name of the mac to create. */ protected MacAdapter(String name) @@ -88,7 +82,7 @@ class MacAdapter extends MacSpi implements Cloneable * Private constructor for cloning purposes. * * @param mac a clone of the internal {@link IMac} instance. - * @param attributes a clone of the current {@link Map} of attributes. + * @param attributes a clone of the current {@link Map} of attributes. */ private MacAdapter(IMac mac, Map attributes) { @@ -98,21 +92,11 @@ class MacAdapter extends MacSpi implements Cloneable this.attributes = attributes; } - // Class methods - // ----------------------------------------------------------------------- - - // Instance methods - // ----------------------------------------------------------------------- - - // Cloneable interface implementation ------------------------------------ - public Object clone() throws CloneNotSupportedException { return new MacAdapter((IMac) mac.clone(), new HashMap(attributes)); } - // Instance methods implementing javax.crypto.MacSpi --------------------- - protected byte[] engineDoFinal() { byte[] result = mac.digest(); @@ -128,10 +112,8 @@ class MacAdapter extends MacSpi implements Cloneable protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { - if (!key.getFormat().equalsIgnoreCase("RAW")) - { - throw new InvalidKeyException("unknown key format " + key.getFormat()); - } + if (! key.getFormat().equalsIgnoreCase("RAW")) + throw new InvalidKeyException("unknown key format " + key.getFormat()); attributes.put(IMac.MAC_KEY_MATERIAL, key.getEncoded()); mac.reset(); mac.init(attributes); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacAnubisImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacAnubisImpl.java index 4bfda4fd6cc..566e56fd1d1 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacAnubisImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacAnubisImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacAnubisImpl extends MacAdapter +public class OMacAnubisImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacAnubisImpl() { super(Registry.OMAC_PREFIX + Registry.ANUBIS_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacBlowfishImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacBlowfishImpl.java index 8d168e57be5..55768166f8a 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacBlowfishImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacBlowfishImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacBlowfishImpl extends MacAdapter +public class OMacBlowfishImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacBlowfishImpl() { super(Registry.OMAC_PREFIX + Registry.BLOWFISH_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacCast5Impl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacCast5Impl.java index 3385d116bc4..535352c3908 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacCast5Impl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacCast5Impl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacCast5Impl extends MacAdapter +public class OMacCast5Impl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacCast5Impl() { super(Registry.OMAC_PREFIX + Registry.CAST5_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacDESImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacDESImpl.java index 3fb23bdefde..a01c0ac872a 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacDESImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacDESImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacDESImpl extends MacAdapter +public class OMacDESImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacDESImpl() { super(Registry.OMAC_PREFIX + Registry.DES_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacImpl.java index f91902ae543..960c68aaf07 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacImpl.java @@ -39,23 +39,17 @@ exception statement from your version. */ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -import javax.crypto.MacSpi; -public abstract class OMacImpl extends MacAdapter +public abstract class OMacImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - protected OMacImpl(String name) { super(Registry.OMAC_PREFIX + name); } - // Inner classes. - // ------------------------------------------------------------------------- - - public class Anubis extends OMacImpl + public class Anubis + extends OMacImpl { public Anubis() { @@ -63,7 +57,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class Blowfish extends OMacImpl + public class Blowfish + extends OMacImpl { public Blowfish() { @@ -71,7 +66,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class Cast5 extends OMacImpl + public class Cast5 + extends OMacImpl { public Cast5() { @@ -79,7 +75,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class DES extends OMacImpl + public class DES + extends OMacImpl { public DES() { @@ -87,7 +84,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class Khazad extends OMacImpl + public class Khazad + extends OMacImpl { public Khazad() { @@ -95,7 +93,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class Rijndael extends OMacImpl + public class Rijndael + extends OMacImpl { public Rijndael() { @@ -103,7 +102,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class Serpent extends OMacImpl + public class Serpent + extends OMacImpl { public Serpent() { @@ -111,7 +111,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class Square extends OMacImpl + public class Square + extends OMacImpl { public Square() { @@ -119,7 +120,8 @@ public abstract class OMacImpl extends MacAdapter } } - public class TripleDES extends OMacImpl + public class TripleDES + extends OMacImpl { public TripleDES() { @@ -127,11 +129,12 @@ public abstract class OMacImpl extends MacAdapter } } - public class Twofish extends OMacImpl + public class Twofish + extends OMacImpl { public Twofish() { super(Registry.TWOFISH_CIPHER); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacKhazadImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacKhazadImpl.java index 82c047c25a3..c349f9f5e0d 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacKhazadImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacKhazadImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacKhazadImpl extends MacAdapter +public class OMacKhazadImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacKhazadImpl() { super(Registry.OMAC_PREFIX + Registry.KHAZAD_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacRijndaelImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacRijndaelImpl.java index 47d3f6aae70..d63b777a32a 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacRijndaelImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacRijndaelImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacRijndaelImpl extends MacAdapter +public class OMacRijndaelImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacRijndaelImpl() { super(Registry.OMAC_PREFIX + Registry.RIJNDAEL_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSerpentImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSerpentImpl.java index bec2c1f5c74..5c1b8a9b99e 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSerpentImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSerpentImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacSerpentImpl extends MacAdapter +public class OMacSerpentImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacSerpentImpl() { super(Registry.OMAC_PREFIX + Registry.SERPENT_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSquareImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSquareImpl.java index 0442b7caf25..c9d1b1aca07 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSquareImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacSquareImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacSquareImpl extends MacAdapter +public class OMacSquareImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacSquareImpl() { super(Registry.OMAC_PREFIX + Registry.SQUARE_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTripleDESImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTripleDESImpl.java index 0defdd1fd36..4f58723d3f7 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTripleDESImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTripleDESImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacTripleDESImpl extends MacAdapter +public class OMacTripleDESImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacTripleDESImpl() { super(Registry.OMAC_PREFIX + Registry.TRIPLEDES_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTwofishImpl.java b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTwofishImpl.java index a12f9f30e85..4c816a09658 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTwofishImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/OMacTwofishImpl.java @@ -40,14 +40,11 @@ package gnu.javax.crypto.jce.mac; import gnu.java.security.Registry; -public class OMacTwofishImpl extends MacAdapter +public class OMacTwofishImpl + extends MacAdapter { - - // Constructor. - // ------------------------------------------------------------------------- - public OMacTwofishImpl() { super(Registry.OMAC_PREFIX + Registry.TWOFISH_CIPHER); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/TMMH16Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/TMMH16Spi.java index 1734e1e695b..8a40f6e7082 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/TMMH16Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/TMMH16Spi.java @@ -51,27 +51,19 @@ import java.security.spec.AlgorithmParameterSpec; * The implementation of the TMMH16 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class TMMH16Spi extends MacAdapter +public final class TMMH16Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public TMMH16Spi() { super(Registry.TMMH16); } - // Instance methods overriding MacAdapter. - // ----------------------------------------------------------------------- - protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { - if (!(params instanceof TMMHParameterSpec)) - { - throw new InvalidAlgorithmParameterException(); - } + if (! (params instanceof TMMHParameterSpec)) + throw new InvalidAlgorithmParameterException(); TMMHParameterSpec spec = (TMMHParameterSpec) params; attributes.put(TMMH16.TAG_LENGTH, spec.getTagLength()); attributes.put(TMMH16.KEYSTREAM, spec.getKeystream()); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/UHash32Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/UHash32Spi.java index af678c0fa8a..825edc1739c 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/UHash32Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/UHash32Spi.java @@ -44,12 +44,9 @@ import gnu.java.security.Registry; * The implementation of the UHash-32 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class UHash32Spi extends MacAdapter +public final class UHash32Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public UHash32Spi() { super(Registry.UHASH32); diff --git a/libjava/classpath/gnu/javax/crypto/jce/mac/UMac32Spi.java b/libjava/classpath/gnu/javax/crypto/jce/mac/UMac32Spi.java index 4e90468b10c..fc05e532106 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/mac/UMac32Spi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/mac/UMac32Spi.java @@ -51,32 +51,22 @@ import java.security.spec.AlgorithmParameterSpec; * The implementation of the UMAC-32 <i>Service Provider Interface</i> * (<b>SPI</b>) adapter. */ -public final class UMac32Spi extends MacAdapter +public final class UMac32Spi + extends MacAdapter { - - // Constructors. - // ----------------------------------------------------------------------- - public UMac32Spi() { super(Registry.UMAC32); } - // Instance methods overriding MacAdapter. - // ----------------------------------------------------------------------- - protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { - if (!(params instanceof UMac32ParameterSpec)) - { - throw new InvalidAlgorithmParameterException(); - } + if (! (params instanceof UMac32ParameterSpec)) + throw new InvalidAlgorithmParameterException(); if (params != null) - { - attributes.put(UMac32.NONCE_MATERIAL, - ((UMac32ParameterSpec) params).getNonce()); - } + attributes.put(UMac32.NONCE_MATERIAL, + ((UMac32ParameterSpec) params).getNonce()); try { super.engineInit(key, null); diff --git a/libjava/classpath/gnu/javax/crypto/jce/params/BlockCipherParameters.java b/libjava/classpath/gnu/javax/crypto/jce/params/BlockCipherParameters.java index bae7cbf88f4..a85c962235e 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/params/BlockCipherParameters.java +++ b/libjava/classpath/gnu/javax/crypto/jce/params/BlockCipherParameters.java @@ -38,6 +38,7 @@ exception statement from your version. */ package gnu.javax.crypto.jce.params; +import gnu.java.security.Configuration; import gnu.javax.crypto.jce.spec.BlockCipherParameterSpec; import java.io.IOException; @@ -46,40 +47,34 @@ import java.math.BigInteger; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; +import java.util.logging.Logger; + +import javax.crypto.spec.IvParameterSpec; /** - * An implementation of algorithm parameters for the GNU Crypto block - * ciphers. This encompasses the cipher's block size, its key size, and - * an optional initialization vector (IV). + * An implementation of algorithm parameters for the GNU block ciphers. This + * encompasses the cipher's block size, its key size, and an optional + * initialization vector (IV). */ -public class BlockCipherParameters extends AlgorithmParametersSpi +public class BlockCipherParameters + extends AlgorithmParametersSpi { - - // Constants and variables. - // ----------------------------------------------------------------------- - - /** - * The underlying block cipher specification. - */ + private static final Logger log = Logger.getLogger(BlockCipherParameters.class.getName()); + /** The underlying block cipher specification. */ protected BlockCipherParameterSpec cipherSpec; - private static final String DEFAULT_FORMAT = "ASN.1"; - // Instance methods implementing AlgorithmParametersSpi. - // ----------------------------------------------------------------------- - /** * Return these parameters encoded in ASN.1 (DER). - * - * <p>For GNU Crypto block ciphers we will define these parameters as - * - * <blockquote> - * <pre>BlockCipherParameters ::= SEQUENCE { - * blockSize INTEGER, - * keySize INTEGER, - * initializationVector OCTET STRING OPTIONAL }</pre> - * </blockquote> - * + * <p> + * For GNU block ciphers we will define these parameters as + * <pre> + * BlockCipherParameters ::= SEQUENCE { + * blockSize INTEGER, + * keySize INTEGER, + * initializationVector OCTET STRING OPTIONAL } + * </pre> + * * @return The parameters, encoded an an ASN.1 DER sequence. * @throws java.io.IOException If encoding these parameters fails. */ @@ -90,114 +85,59 @@ public class BlockCipherParameters extends AlgorithmParametersSpi protected byte[] engineGetEncoded(String format) throws IOException { - if (!format.equalsIgnoreCase(DEFAULT_FORMAT) - && !format.equalsIgnoreCase("asn1")) - { - throw new IOException("unknown format \"" + format + "\""); - } - // This is probably a bad idea. - /* - int len = 12 + ((cipherSpec.getIV() != null) - ? cipherSpec.getIV().length + 2 : 0); - ByteArrayOutputStream out = new ByteArrayOutputStream(); - out.write(0x30); - out.write(len); - out.write(0x02); - out.write(4); - out.write(cipherSpec.getBlockSize() >>> 24 & 0xff); - out.write(cipherSpec.getBlockSize() >>> 16 & 0xff); - out.write(cipherSpec.getBlockSize() >>> 8 & 0xff); - out.write(cipherSpec.getBlockSize() & 0xff); - out.write(0x02); - out.write(4); - out.write(cipherSpec.getKeySize() >>> 24 & 0xff); - out.write(cipherSpec.getKeySize() >>> 16 & 0xff); - out.write(cipherSpec.getKeySize() >>> 8 & 0xff); - out.write(cipherSpec.getKeySize() & 0xff); - if (cipherSpec.getIV() != null) { - out.write(0x04); - len = cipherSpec.getIV().length; - out.write(len & 0xff); - out.write(cipherSpec.getIV()); - } - out.write(0); out.write(0); - return out.toByteArray();*/ + if (! format.equalsIgnoreCase(DEFAULT_FORMAT) + && ! format.equalsIgnoreCase("asn1")) + throw new IOException("unknown format \"" + format + "\""); DERWriter writer = new DERWriter(); + int cipherBlockSize = cipherSpec.getBlockSize(); + int cipherKeySize = cipherSpec.getKeySize(); + byte[] iv = cipherSpec.getIV(); return writer.joinarrays( - writer.writeBigInteger(BigInteger.valueOf(cipherSpec.getBlockSize())), - writer.writeBigInteger(BigInteger.valueOf(cipherSpec.getKeySize())), - (cipherSpec.getIV() != null) ? writer.writeBigInteger(new BigInteger( - cipherSpec.getIV())) - : new byte[0]); + writer.writeBigInteger(BigInteger.valueOf(cipherBlockSize)), + writer.writeBigInteger(BigInteger.valueOf(cipherKeySize)), + (iv != null) ? writer.writeBigInteger(new BigInteger(iv)) + : new byte[0]); } protected void engineInit(AlgorithmParameterSpec spec) throws InvalidParameterSpecException { if (spec instanceof BlockCipherParameterSpec) - { - cipherSpec = (BlockCipherParameterSpec) spec; - } + cipherSpec = (BlockCipherParameterSpec) spec; else - { - throw new InvalidParameterSpecException(); - } + throw new InvalidParameterSpecException(); } protected void engineInit(byte[] encoded, String format) throws IOException { - if (!format.equalsIgnoreCase(DEFAULT_FORMAT) - && !format.equalsIgnoreCase("ASN1")) - { - throw new IOException("invalid format: only accepts ASN.1"); - } + if (! format.equalsIgnoreCase(DEFAULT_FORMAT) + && ! format.equalsIgnoreCase("ASN1")) + throw new IOException("invalid format: only accepts ASN.1"); engineInit(encoded); } protected void engineInit(byte[] encoded) throws IOException { - // This is probably an equally bad idea. - /*if (encoded[0] != 0x30) { - throw new IOException("malformed ASN.1 sequence"); - } - if (encoded[2] != 0x02 || encoded[3] != 4) { - throw new IOException("malformed ASN.1 sequence"); - } - int blockSize = encoded[4] << 24 | encoded[5] << 16 - | encoded[6] << 8 | encoded[7]; - if (encoded[8] != 0x02 || encoded[9] != 4) { - throw new IOException("malformed ASN.1 sequence"); - } - int keySize = encoded[10] << 24 | encoded[11] << 16 - | encoded[12] << 8 | encoded[13]; - if (encoded[14] == 0x04) { - int len = encoded[15] & 0xff; - byte[] iv = new byte[len]; - System.arraycopy(encoded, 16, iv, 0, len); - cipherSpec = new BlockCipherParameterSpec(iv, blockSize, keySize); - } else if (encoded[14] == 0) { - cipherSpec = new BlockCipherParameterSpec(blockSize, keySize); - } else { - throw new IOException("malformed ASN.1 sequence"); - }*/ DERReader reader = new DERReader(encoded); int bs = reader.getBigInteger().intValue(); int ks = reader.getBigInteger().intValue(); byte[] iv = null; if (reader.hasMorePrimitives()) - { - iv = reader.getBigInteger().toByteArray(); - } + iv = reader.getBigInteger().toByteArray(); cipherSpec = new BlockCipherParameterSpec(iv, bs, ks); - System.out.println(cipherSpec); + if (Configuration.DEBUG) + log.fine("cipherSpec: " + cipherSpec); } protected AlgorithmParameterSpec engineGetParameterSpec(Class c) throws InvalidParameterSpecException { if (c.isInstance(cipherSpec)) + return cipherSpec; + if (IvParameterSpec.class.isAssignableFrom(c)) { - return cipherSpec; + IvParameterSpec result = new IvParameterSpec(cipherSpec.getIV()); + return result; } throw new InvalidParameterSpecException(); } @@ -206,4 +146,4 @@ public class BlockCipherParameters extends AlgorithmParametersSpi { return cipherSpec.toString(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/params/DEREncodingException.java b/libjava/classpath/gnu/javax/crypto/jce/params/DEREncodingException.java index ddfa6e1dee7..b89ceda9fa2 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/params/DEREncodingException.java +++ b/libjava/classpath/gnu/javax/crypto/jce/params/DEREncodingException.java @@ -38,7 +38,8 @@ exception statement from your version. */ package gnu.javax.crypto.jce.params; -class DEREncodingException extends java.io.IOException +class DEREncodingException + extends java.io.IOException { public DEREncodingException() @@ -50,4 +51,4 @@ class DEREncodingException extends java.io.IOException { super(msg); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/params/DERReader.java b/libjava/classpath/gnu/javax/crypto/jce/params/DERReader.java index f61423255fc..68c68027966 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/params/DERReader.java +++ b/libjava/classpath/gnu/javax/crypto/jce/params/DERReader.java @@ -43,15 +43,10 @@ import java.math.BigInteger; class DERReader { byte source[]; - int pos; - static final int UNIVERSAL = 1; - static final int APPLICATION = 2; - static final int CONTEXT_SPECIFIC = 3; - static final int PRIVATE = 4; public DERReader() @@ -86,53 +81,37 @@ class DERReader return new BigInteger(getPrimitive()); } - //Reads Primitive, definite-length method + // Reads Primitive, definite-length method private byte[] getPrimitive() throws DEREncodingException { int tmp = pos; - - //Read Identifier + // Read Identifier byte identifier = source[tmp++]; if ((0x20 & identifier) != 0) throw new DEREncodingException(); int type = translateLeadIdentifierByte(identifier); - //System.out.println("Type: " + type); - - //get tag + // get tag int tag = (0x1f & identifier); - //if( tag == 0x1f) - // tag = getIdentifier(tmp); - //System.out.println("Tag: " + tag); - - //get length - byte len = source[tmp]; //may be length of length parameter + // get length + byte len = source[tmp]; // may be length of length parameter long length = 0x7f & len; int i; if ((0x80 & len) != 0) { - //System.out.println("Extra Long Length"); len &= 0x7f; - //System.out.println("Length of Length: " + len); - //get length here + // get length here length = 0; for (i = 0; i < len; i++) { tmp++; length <<= 8; length += (source[tmp] < 0) ? (256 + source[tmp]) : source[tmp]; - //System.out.println("Length of Length: " + length); } tmp++; } else tmp++; - /*System.out.println("Position: " + tmp); - System.out.println("Length: " + length); - for( i = 0; i < 10; i++) - System.out.print(source[tmp + i] + " "); - System.out.println();*/ - byte tmpb[] = new byte[(int) length]; System.arraycopy(source, tmp, tmpb, 0, (int) length); pos = (int) (tmp + length); @@ -157,4 +136,4 @@ class DERReader tpos++; return tpos; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/params/DERWriter.java b/libjava/classpath/gnu/javax/crypto/jce/params/DERWriter.java index 876c2cd6caa..7bdea10c5f4 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/params/DERWriter.java +++ b/libjava/classpath/gnu/javax/crypto/jce/params/DERWriter.java @@ -43,11 +43,8 @@ import java.math.BigInteger; class DERWriter { static final int UNIVERSAL = 1; - static final int APPLICATION = 2; - static final int CONTEXT_SPECIFIC = 3; - static final int PRIVATE = 4; public DERWriter() @@ -56,7 +53,8 @@ class DERWriter public byte[] writeBigInteger(BigInteger i) { - return writePrimitive(0x02, UNIVERSAL, + return writePrimitive(0x02, + UNIVERSAL, (int) Math.ceil((double) i.bitLength() / 8), i.toByteArray()); } @@ -71,7 +69,7 @@ class DERWriter public byte[] joinarrays(byte a[], byte b[]) { byte d[] = new byte[a.length + b.length]; - System.arraycopy(a, 0, d, 0, a.length); + System.arraycopy(a, 0, d, 0, a.length); System.arraycopy(b, 0, d, a.length, b.length); return d; } @@ -92,7 +90,7 @@ class DERWriter { int count = (int) (Math.log(identifier) / Math.log(256)); b = new byte[count + 1]; - b[0] = (byte) (translateLeadIdentifierByte(identifierencoding) | 0x1f); + b[0] = (byte)(translateLeadIdentifierByte(identifierencoding) | 0x1f); int i; for (i = 1; i < (count + 1); i++) { @@ -100,14 +98,13 @@ class DERWriter b[i] |= 0x80; } b[i - 1] ^= 0x80; - //System.out.println("Identifier1: " + b[0]); return b; } else { b = new byte[1]; - b[0] = (byte) ((translateLeadIdentifierByte(identifierencoding) | (byte) (identifier & 0x1f)) & 0xdf); - //System.out.println("Identifier2: " + b[0]); + b[0] = (byte)((translateLeadIdentifierByte(identifierencoding) + | (byte)(identifier & 0x1f)) & 0xdf); return b; } } @@ -130,25 +127,17 @@ class DERWriter if (length > 127) { int count = (int) Math.ceil(Math.log(length) / Math.log(256)); - //System.out.println("Length byte count: " + count); b = new byte[count + 1]; - b[0] = (byte) ((count & 0x7f) | 0x80); + b[0] = (byte)((count & 0x7f) | 0x80); for (int i = 1; i < (count + 1); i++) - { - b[i] = (byte) (length >>> (8 * (count - i))); - //System.out.println("Length1 byte1: " + (length >>> (8 * ( count - i) ))); - //System.out.println("Length1 byte2: " + b[i]); - } - - //System.out.println("Length1: " + length); + b[i] = (byte) (length >>> (8 * (count - i))); return b; } else { b = new byte[1]; b[0] = (byte) (length & 0x7f); - //System.out.println("Length2: " + length); return b; } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/ARCFourRandomSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/ARCFourRandomSpi.java index 0c071561b6f..652793b04ff 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/prng/ARCFourRandomSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/ARCFourRandomSpi.java @@ -48,24 +48,17 @@ import java.security.SecureRandomSpi; import java.util.HashMap; /** - * Implementation of the <i>Service Provider Interface</i> (<b>SPI</b>) - * for the ARCFOUR keystream generator. + * Implementation of the <i>Service Provider Interface</i> (<b>SPI</b>) for + * the ARCFOUR keystream generator. */ -public class ARCFourRandomSpi extends SecureRandomSpi +public class ARCFourRandomSpi + extends SecureRandomSpi { - - // Constants and variables - // ------------------------------------------------------------------------- - /** Our underlying prng instance. */ private IRandom adaptee; - /** Have we been initialized? */ private boolean virgin; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Default 0-arguments constructor. */ @@ -76,20 +69,10 @@ public class ARCFourRandomSpi extends SecureRandomSpi virgin = true; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.SecureRandomSpi interface implementation ------------------ - public byte[] engineGenerateSeed(int numBytes) { if (numBytes < 1) - { - return new byte[0]; - } + return new byte[0]; byte[] result = new byte[numBytes]; this.engineNextBytes(result); return result; @@ -98,9 +81,7 @@ public class ARCFourRandomSpi extends SecureRandomSpi public void engineNextBytes(byte[] bytes) { if (virgin) - { - this.engineSetSeed(new byte[0]); - } + this.engineSetSeed(new byte[0]); try { adaptee.nextBytes(bytes, 0, bytes.length); @@ -117,4 +98,4 @@ public class ARCFourRandomSpi extends SecureRandomSpi adaptee.init(attributes); virgin = false; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/CSPRNGSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/CSPRNGSpi.java index c0aa015b065..6ded636aaf3 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/prng/CSPRNGSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/CSPRNGSpi.java @@ -38,29 +38,22 @@ exception statement from your version. */ package gnu.javax.crypto.jce.prng; -import gnu.java.security.Registry; -import gnu.javax.crypto.prng.CSPRNG; import gnu.java.security.prng.IRandom; import gnu.java.security.prng.LimitReachedException; +import gnu.javax.crypto.prng.CSPRNG; import java.net.MalformedURLException; import java.security.SecureRandomSpi; /** - * The implementation of the continuously-seeded SecureRandom - * <i>Service Provider Interface</i> (<b>SPI</b>) adapter.<p> + * The implementation of the continuously-seeded SecureRandom <i>Service + * Provider Interface</i> (<b>SPI</b>) adapter. */ -public class CSPRNGSpi extends SecureRandomSpi +public class CSPRNGSpi + extends SecureRandomSpi { - - // Constants and variables - // ------------------------------------------------------------------------- - private final IRandom adaptee; - // Constructor(s) - // ------------------------------------------------------------------------- - public CSPRNGSpi() throws ClassNotFoundException, MalformedURLException, NumberFormatException { @@ -69,20 +62,13 @@ public class CSPRNGSpi extends SecureRandomSpi adaptee = CSPRNG.getSystemInstance(); } - // Instance methods - // ------------------------------------------------------------------------- - protected byte[] engineGenerateSeed(final int count) { if (count < 0) - { - throw new IllegalArgumentException("count must be nonnegative"); - } + throw new IllegalArgumentException("count must be nonnegative"); byte[] buf = new byte[count]; if (count == 0) - { - return buf; - } + return buf; engineNextBytes(buf); return buf; } @@ -90,9 +76,7 @@ public class CSPRNGSpi extends SecureRandomSpi protected void engineNextBytes(final byte[] buffer) { if (buffer == null) - { - throw new NullPointerException(); - } + throw new NullPointerException(); try { adaptee.nextBytes(buffer, 0, buffer.length); @@ -106,9 +90,7 @@ public class CSPRNGSpi extends SecureRandomSpi protected void engineSetSeed(final byte[] seed) { if (seed == null) - { - throw new NullPointerException(); - } + throw new NullPointerException(); adaptee.addRandomBytes(seed, 0, seed.length); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/FortunaImpl.java b/libjava/classpath/gnu/javax/crypto/jce/prng/FortunaImpl.java index 7006bbbaddc..8e3782ef055 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/prng/FortunaImpl.java +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/FortunaImpl.java @@ -40,24 +40,26 @@ package gnu.javax.crypto.jce.prng; import gnu.java.security.prng.LimitReachedException; import gnu.javax.crypto.prng.Fortuna; + import java.security.SecureRandomSpi; import java.util.Collections; -public final class FortunaImpl extends SecureRandomSpi +public final class FortunaImpl + extends SecureRandomSpi { private final Fortuna adaptee; - public FortunaImpl () + public FortunaImpl() { - adaptee = new Fortuna (); - adaptee.init (Collections.singletonMap (Fortuna.SEED, new byte[0])); + adaptee = new Fortuna(); + adaptee.init(Collections.singletonMap(Fortuna.SEED, new byte[0])); } - - protected void engineSetSeed (byte[] seed) + + protected void engineSetSeed(byte[] seed) { synchronized (adaptee) { - adaptee.addRandomBytes (seed); + adaptee.addRandomBytes(seed); } } @@ -67,19 +69,19 @@ public final class FortunaImpl extends SecureRandomSpi { try { - adaptee.nextBytes (buffer); + adaptee.nextBytes(buffer); } catch (LimitReachedException shouldNotHappen) { - throw new Error (shouldNotHappen); + throw new Error(shouldNotHappen); } } } - protected byte[] engineGenerateSeed (int numbytes) + protected byte[] engineGenerateSeed(int numbytes) { byte[] seed = new byte[numbytes]; - engineNextBytes (seed); + engineNextBytes(seed); return seed; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/ICMRandomSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/ICMRandomSpi.java index d04b782f9f5..9855f95bd98 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/prng/ICMRandomSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/ICMRandomSpi.java @@ -38,44 +38,27 @@ exception statement from your version. */ package gnu.javax.crypto.jce.prng; +import gnu.java.security.Configuration; import gnu.java.security.Registry; +import gnu.java.security.prng.LimitReachedException; import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.prng.ICMGenerator; -import gnu.java.security.prng.LimitReachedException; -import java.io.PrintWriter; import java.math.BigInteger; import java.security.SecureRandomSpi; import java.util.HashMap; import java.util.Random; +import java.util.logging.Logger; /** - * <p>An <em>Adapter</em> class around {@link ICMGenerator} to allow using this - * algorithm as a JCE {@link java.security.SecureRandom}.</p> + * An <em>Adapter</em> class around {@link ICMGenerator} to allow using this + * algorithm as a JCE {@link java.security.SecureRandom}. */ -public class ICMRandomSpi extends SecureRandomSpi +public class ICMRandomSpi + extends SecureRandomSpi { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "ICMRandomSpi"; - - private static final boolean DEBUG = false; - - private static final int debuglevel = 0; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- - - /** Class-wide prng to generate random material for the underlying prng.*/ + private static final Logger log = Logger.getLogger(ICMRandomSpi.class.getName()); + /** Class-wide prng to generate random material for the underlying prng. */ private static final ICMGenerator prng; // blank final static { @@ -86,28 +69,18 @@ public class ICMRandomSpi extends SecureRandomSpi // error messages private static final String MSG = "Exception while setting up an " + Registry.ICM_PRNG + " SPI: "; - private static final String RETRY = "Retry..."; - private static final String LIMIT_REACHED_MSG = "Limit reached: "; - private static final String RESEED = "Re-seed..."; - /** Our underlying prng instance. */ private ICMGenerator adaptee = new ICMGenerator(); - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - private static void resetLocalPRNG() { - if (DEBUG && debuglevel > 8) - debug(">>> resetLocalPRNG()"); + if (Configuration.DEBUG) + log.entering(ICMRandomSpi.class.getName(), "resetLocalPRNG"); HashMap attributes = new HashMap(); attributes.put(ICMGenerator.CIPHER, Registry.AES_CIPHER); byte[] key = new byte[128 / 8]; // AES default key size @@ -122,50 +95,39 @@ public class ICMRandomSpi extends SecureRandomSpi // choose a random value between 1 and aesBlockSize / 2 int limit = aesBlockSize / 2; while (ndxLen < 1 || ndxLen > limit) - { - ndxLen = rand.nextInt(limit + 1); - } - attributes.put(ICMGenerator.SEGMENT_INDEX_LENGTH, new Integer(ndxLen)); + ndxLen = rand.nextInt(limit + 1); + attributes.put(ICMGenerator.SEGMENT_INDEX_LENGTH, Integer.valueOf(ndxLen)); byte[] index = new byte[ndxLen]; rand.nextBytes(index); attributes.put(ICMGenerator.SEGMENT_INDEX, new BigInteger(1, index)); - prng.setup(attributes); - if (DEBUG && debuglevel > 8) - debug("<<< resetLocalPRNG()"); + if (Configuration.DEBUG) + log.exiting(ICMRandomSpi.class.getName(), "resetLocalPRNG"); } - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.SecureRandomSpi interface implementation ------------------ - public byte[] engineGenerateSeed(int numBytes) { - if (DEBUG && debuglevel > 8) - debug(">>> engineGenerateSeed()"); + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineGenerateSeed"); if (numBytes < 1) { - if (DEBUG && debuglevel > 8) - debug("<<< engineGenerateSeed()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineGenerateSeed"); return new byte[0]; } byte[] result = new byte[numBytes]; this.engineNextBytes(result); - if (DEBUG && debuglevel > 8) - debug("<<< engineGenerateSeed()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineGenerateSeed"); return result; } public void engineNextBytes(byte[] bytes) { - if (DEBUG && debuglevel > 8) - debug(">>> engineNextBytes()"); - if (!adaptee.isInitialised()) - { - this.engineSetSeed(new byte[0]); - } - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineNextBytes"); + if (! adaptee.isInitialised()) + this.engineSetSeed(new byte[0]); while (true) { try @@ -175,30 +137,28 @@ public class ICMRandomSpi extends SecureRandomSpi } catch (LimitReachedException x) { // reseed the generator - if (DEBUG) + if (Configuration.DEBUG) { - debug(LIMIT_REACHED_MSG + String.valueOf(x)); - x.printStackTrace(err); - debug(RESEED); + log.fine(LIMIT_REACHED_MSG + String.valueOf(x)); + log.fine(RESEED); } resetLocalPRNG(); } } - if (DEBUG && debuglevel > 8) - debug("<<< engineNextBytes()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineNextBytes"); } public void engineSetSeed(byte[] seed) { - if (DEBUG && debuglevel > 8) - debug(">>> engineSetSeed()"); + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineSetSeed"); // compute the total number of random bytes required to setup adaptee int materialLength = 0; materialLength += 16; // key material size materialLength += 16; // offset size materialLength += 8; // index size == half of an AES block byte[] material = new byte[materialLength]; - // use as much as possible bytes from the seed int materialOffset = 0; int materialLeft = material.length; @@ -209,8 +169,8 @@ public class ICMRandomSpi extends SecureRandomSpi materialOffset += lenToCopy; materialLeft -= lenToCopy; } - if (materialOffset > 0) - { // generate the rest + if (materialOffset > 0) // generate the rest + { while (true) { try @@ -224,22 +184,20 @@ public class ICMRandomSpi extends SecureRandomSpi } catch (LimitReachedException x) { - if (DEBUG) + if (Configuration.DEBUG) { - debug(MSG + String.valueOf(x)); - debug(RETRY); + log.fine(MSG + String.valueOf(x)); + log.fine(RETRY); } } } } - // setup the underlying adaptee instance HashMap attributes = new HashMap(); - // use AES cipher with 128-bit block size attributes.put(ICMGenerator.CIPHER, Registry.AES_CIPHER); // use an index the size of quarter of an AES block - attributes.put(ICMGenerator.SEGMENT_INDEX_LENGTH, new Integer(4)); + attributes.put(ICMGenerator.SEGMENT_INDEX_LENGTH, Integer.valueOf(4)); // specify the key byte[] key = new byte[16]; System.arraycopy(material, 0, key, 0, 16); @@ -252,9 +210,8 @@ public class ICMRandomSpi extends SecureRandomSpi byte[] index = new byte[8]; System.arraycopy(material, 32, index, 0, 8); attributes.put(ICMGenerator.SEGMENT_INDEX, new BigInteger(1, index)); - adaptee.init(attributes); - if (DEBUG && debuglevel > 8) - debug("<<< engineSetSeed()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineSetSeed"); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/UMacRandomSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/UMacRandomSpi.java index 7dad68b2f95..f6949dd8d71 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/prng/UMacRandomSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/UMacRandomSpi.java @@ -38,65 +38,41 @@ exception statement from your version. */ package gnu.javax.crypto.jce.prng; +import gnu.java.security.Configuration; import gnu.java.security.Registry; -import gnu.javax.crypto.cipher.IBlockCipher; import gnu.java.security.prng.LimitReachedException; +import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.prng.UMacGenerator; -import java.io.PrintWriter; import java.security.SecureRandomSpi; import java.util.HashMap; import java.util.Random; +import java.util.logging.Logger; /** - * <p>An <em>Adapter</em> class around {@link UMacGenerator} to allow using this - * algorithm as a JCE {@link java.security.SecureRandom}.</p> + * An <em>Adapter</em> class around {@link UMacGenerator} to allow using this + * algorithm as a JCE {@link java.security.SecureRandom}. */ -public class UMacRandomSpi extends SecureRandomSpi +public class UMacRandomSpi + extends SecureRandomSpi { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "UMacRandomSpi"; - - private static final boolean DEBUG = false; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- - - /** Class-wide prng to generate random material for the underlying prng.*/ + private static final Logger log = Logger.getLogger(UMacRandomSpi.class.getName()); + /** Class-wide prng to generate random material for the underlying prng. */ private static final UMacGenerator prng; // blank final static { prng = new UMacGenerator(); resetLocalPRNG(); } - // error messages private static final String MSG = "Exception while setting up a " + Registry.UMAC_PRNG + " SPI: "; - private static final String RETRY = "Retry..."; - /** Our underlying prng instance. */ private UMacGenerator adaptee = new UMacGenerator(); - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - private static void resetLocalPRNG() { HashMap attributes = new HashMap(); @@ -106,22 +82,14 @@ public class UMacRandomSpi extends SecureRandomSpi rand.nextBytes(key); attributes.put(IBlockCipher.KEY_MATERIAL, key); int index = rand.nextInt() & 0xFF; - attributes.put(UMacGenerator.INDEX, new Integer(index)); - + attributes.put(UMacGenerator.INDEX, Integer.valueOf(index)); prng.setup(attributes); } - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.SecureRandomSpi interface implementation ------------------ - public byte[] engineGenerateSeed(int numBytes) { if (numBytes < 1) - { - return new byte[0]; - } + return new byte[0]; byte[] result = new byte[numBytes]; this.engineNextBytes(result); return result; @@ -129,11 +97,8 @@ public class UMacRandomSpi extends SecureRandomSpi public void engineNextBytes(byte[] bytes) { - if (!adaptee.isInitialised()) - { - this.engineSetSeed(new byte[0]); - } - + if (! adaptee.isInitialised()) + this.engineSetSeed(new byte[0]); while (true) { try @@ -155,7 +120,6 @@ public class UMacRandomSpi extends SecureRandomSpi materialLength += 16; // key material size materialLength++; // index size byte[] material = new byte[materialLength]; - // use as much as possible bytes from the seed int materialOffset = 0; int materialLeft = material.length; @@ -166,8 +130,8 @@ public class UMacRandomSpi extends SecureRandomSpi materialOffset += lenToCopy; materialLeft -= lenToCopy; } - if (materialOffset > 0) - { // generate the rest + if (materialOffset > 0) // generate the rest + { while (true) { try @@ -175,24 +139,22 @@ public class UMacRandomSpi extends SecureRandomSpi prng.nextBytes(material, materialOffset, materialLeft); break; } - catch (IllegalStateException x) - { // should not happen + catch (IllegalStateException x) // should not happen + { throw new InternalError(MSG + String.valueOf(x)); } catch (LimitReachedException x) { - if (DEBUG) + if (Configuration.DEBUG) { - debug(MSG + String.valueOf(x)); - debug(RETRY); + log.fine(MSG + String.valueOf(x)); + log.fine(RETRY); } } } } - // setup the underlying adaptee instance HashMap attributes = new HashMap(); - // use AES cipher with 128-bit block size attributes.put(UMacGenerator.CIPHER, Registry.AES_CIPHER); // specify the key @@ -200,8 +162,7 @@ public class UMacRandomSpi extends SecureRandomSpi System.arraycopy(material, 0, key, 0, 16); attributes.put(IBlockCipher.KEY_MATERIAL, key); // use a 1-byte index - attributes.put(UMacGenerator.INDEX, new Integer(material[16] & 0xFF)); - + attributes.put(UMacGenerator.INDEX, Integer.valueOf(material[16] & 0xFF)); adaptee.init(attributes); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyFactory.java b/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyFactory.java index 701191adc34..98b265dd36c 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyFactory.java +++ b/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyFactory.java @@ -79,7 +79,6 @@ public class DHKeyFactory BigInteger y = spec.getY(); return new GnuDHPublicKey(Registry.X509_ENCODING_ID, null, p, g, y); } - if (keySpec instanceof X509EncodedKeySpec) { X509EncodedKeySpec spec = (X509EncodedKeySpec) keySpec; @@ -97,7 +96,6 @@ public class DHKeyFactory throw y; } } - throw new InvalidKeySpecException("Unsupported (public) key specification"); } @@ -112,7 +110,6 @@ public class DHKeyFactory BigInteger x = spec.getX(); return new GnuDHPrivateKey(Registry.PKCS8_ENCODING_ID, null, p, g, x); } - if (keySpec instanceof PKCS8EncodedKeySpec) { PKCS8EncodedKeySpec spec = (PKCS8EncodedKeySpec) keySpec; @@ -130,7 +127,6 @@ public class DHKeyFactory throw y; } } - throw new InvalidKeySpecException("Unsupported (private) key specification"); } @@ -147,7 +143,6 @@ public class DHKeyFactory BigInteger y = dssKey.getY(); return new DHPublicKeySpec(y, p, g); } - if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)) { if (key instanceof GnuDHPublicKey) @@ -156,19 +151,16 @@ public class DHKeyFactory byte[] encoded = dhKey.getEncoded(Registry.X509_ENCODING_ID); return new X509EncodedKeySpec(encoded); } - if (Registry.X509_ENCODING_SORT_NAME.equalsIgnoreCase(key.getFormat())) { byte[] encoded = key.getEncoded(); return new X509EncodedKeySpec(encoded); } - - throw new InvalidKeySpecException("Wrong key type or unsupported (public) key specification"); + throw new InvalidKeySpecException( + "Wrong key type or unsupported (public) key specification"); } - throw new InvalidKeySpecException("Unsupported (public) key specification"); } - if (key instanceof DHPrivateKey) { if (keySpec.isAssignableFrom(DHPrivateKeySpec.class)) @@ -179,7 +171,6 @@ public class DHKeyFactory BigInteger x = dhKey.getX(); return new DHPrivateKeySpec(x, p, g); } - if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)) { if (key instanceof GnuDHPrivateKey) @@ -188,27 +179,25 @@ public class DHKeyFactory byte[] encoded = dhKey.getEncoded(Registry.PKCS8_ENCODING_ID); return new PKCS8EncodedKeySpec(encoded); } - if (Registry.PKCS8_ENCODING_SHORT_NAME.equalsIgnoreCase(key.getFormat())) { byte[] encoded = key.getEncoded(); return new PKCS8EncodedKeySpec(encoded); } - - throw new InvalidKeySpecException("Wrong key type or unsupported (private) key specification"); + throw new InvalidKeySpecException( + "Wrong key type or unsupported (private) key specification"); } - - throw new InvalidKeySpecException("Unsupported (private) key specification"); + throw new InvalidKeySpecException( + "Unsupported (private) key specification"); } - - throw new InvalidKeySpecException("Wrong key type or unsupported key specification"); + throw new InvalidKeySpecException( + "Wrong key type or unsupported key specification"); } protected Key engineTranslateKey(Key key) throws InvalidKeyException { if ((key instanceof GnuDHPublicKey) || (key instanceof GnuDHPrivateKey)) return key; - if (key instanceof DHPublicKey) { DHPublicKey dsaKey = (DHPublicKey) key; @@ -217,7 +206,6 @@ public class DHKeyFactory BigInteger y = dsaKey.getY(); return new GnuDHPublicKey(Registry.X509_ENCODING_ID, null, p, g, y); } - if (key instanceof DHPrivateKey) { DHPrivateKey dsaKey = (DHPrivateKey) key; @@ -226,7 +214,6 @@ public class DHKeyFactory BigInteger x = dsaKey.getX(); return new GnuDHPrivateKey(Registry.PKCS8_ENCODING_ID, null, p, g, x); } - throw new InvalidKeyException("Wrong key type"); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyPairGeneratorSpi.java b/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyPairGeneratorSpi.java index 0d09d5cef2c..e26f0712479 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyPairGeneratorSpi.java +++ b/libjava/classpath/gnu/javax/crypto/jce/sig/DHKeyPairGeneratorSpi.java @@ -61,12 +61,12 @@ public class DHKeyPairGeneratorSpi public void initialize(int keysize, SecureRandom random) { HashMap attributes = new HashMap(); - attributes.put(GnuDHKeyPairGenerator.PRIME_SIZE, new Integer(keysize)); + attributes.put(GnuDHKeyPairGenerator.PRIME_SIZE, Integer.valueOf(keysize)); if (random != null) attributes.put(GnuDHKeyPairGenerator.SOURCE_OF_RANDOMNESS, random); attributes.put(GnuDHKeyPairGenerator.PREFERRED_ENCODING_FORMAT, - new Integer(Registry.ASN1_ENCODING_ID)); + Integer.valueOf(Registry.ASN1_ENCODING_ID)); adaptee.setup(attributes); } @@ -87,7 +87,7 @@ public class DHKeyPairGeneratorSpi attributes.put(GnuDHKeyPairGenerator.SOURCE_OF_RANDOMNESS, random); attributes.put(GnuDHKeyPairGenerator.PREFERRED_ENCODING_FORMAT, - new Integer(Registry.ASN1_ENCODING_ID)); + Integer.valueOf(Registry.ASN1_ENCODING_ID)); adaptee.setup(attributes); } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/spec/BlockCipherParameterSpec.java b/libjava/classpath/gnu/javax/crypto/jce/spec/BlockCipherParameterSpec.java index 63e7740ec02..321b4779597 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/spec/BlockCipherParameterSpec.java +++ b/libjava/classpath/gnu/javax/crypto/jce/spec/BlockCipherParameterSpec.java @@ -43,40 +43,26 @@ import gnu.java.security.util.Util; import java.security.spec.AlgorithmParameterSpec; /** - * Block cipher parameters in GNU Crypto are the cipher's name, its block - * and key sizes, and an optional initialization vector. + * Block cipher parameters in GNU are the cipher's name, its block and key + * sizes, and an optional initialization vector. */ -public class BlockCipherParameterSpec implements AlgorithmParameterSpec +public class BlockCipherParameterSpec + implements AlgorithmParameterSpec { - - // Constants and variables. - // ----------------------------------------------------------------------- - - /** - * The initialization vector. - */ + /** The initialization vector. */ protected byte[] iv; - - /** - * The cipher's block size, in bytes. - */ + /** The cipher's block size, in bytes. */ protected int blockSize; - - /** - * The cipher's key size, in bytes. - */ + /** The cipher's key size, in bytes. */ protected int keySize; - // Constructors. - // ----------------------------------------------------------------------- - /** * Create a new parameter specification. - * - * @param iv The initialization vector, or <code>null</code> if - * there is no IV. + * + * @param iv The initialization vector, or <code>null</code> if there is no + * IV. * @param blockSize The cipher's block size, in bytes. - * @param keySize The cipher's key size, in bytes. + * @param keySize The cipher's key size, in bytes. */ public BlockCipherParameterSpec(byte[] iv, int blockSize, int keySize) { @@ -87,22 +73,19 @@ public class BlockCipherParameterSpec implements AlgorithmParameterSpec /** * Create a new parameter specification with no IV. - * + * * @param blockSize The cipher's block size, in bytes. - * @param keySize The cipher's key size, in bytes. + * @param keySize The cipher's key size, in bytes. */ public BlockCipherParameterSpec(int blockSize, int keySize) { this(null, blockSize, keySize); } - // Instance methods. - // ----------------------------------------------------------------------- - /** - * Get the initialization vector for the cipher, or <code>null</code> - * if there is no IV. - * + * Get the initialization vector for the cipher, or <code>null</code> if + * there is no IV. + * * @return The IV. */ public byte[] getIV() @@ -112,7 +95,7 @@ public class BlockCipherParameterSpec implements AlgorithmParameterSpec /** * Get the block size of the cipher these parameters are for. - * + * * @return The block size. */ public int getBlockSize() @@ -122,7 +105,7 @@ public class BlockCipherParameterSpec implements AlgorithmParameterSpec /** * Get the key size of the cipher these parameters are for. - * + * * @return The block size. */ public int getKeySize() @@ -133,7 +116,7 @@ public class BlockCipherParameterSpec implements AlgorithmParameterSpec public String toString() { return getClass().getName() + " { " - + ((iv != null) ? ("IV=" + Util.toString(iv)) + ", " : "") + "BS=" - + blockSize + ", KS=" + keySize + " }"; + + ((iv != null) ? ("IV=" + Util.toString(iv)) + ", " : "") + + "BS=" + blockSize + ", KS=" + keySize + " }"; } } diff --git a/libjava/classpath/gnu/javax/crypto/jce/spec/TMMHParameterSpec.java b/libjava/classpath/gnu/javax/crypto/jce/spec/TMMHParameterSpec.java index 0ebec099107..35643728873 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/spec/TMMHParameterSpec.java +++ b/libjava/classpath/gnu/javax/crypto/jce/spec/TMMHParameterSpec.java @@ -45,35 +45,27 @@ import java.security.spec.AlgorithmParameterSpec; /** * This class represents the algorithm parameters for the Truncated * Multi-Modular Hash function for use with JCE-derived instances of - * {@link gnu.crypto.mac.TMMH16}. - * - * <p>This class is little more than a container for the key stream, tag - * length, and prefix parameters for the TMMH algorithm. + * {@link gnu.javax.crypto.mac.TMMH16}. + * <p> + * This class is little more than a container for the key stream, tag length, + * and prefix parameters for the TMMH algorithm. */ -public class TMMHParameterSpec implements AlgorithmParameterSpec +public class TMMHParameterSpec + implements AlgorithmParameterSpec { - - // Constants and variables. - // ----------------------------------------------------------------------- - /** The keystream. */ protected IRandom keystream; - /** The tag length. */ protected Integer tagLength; - /** The prefix. */ protected byte[] prefix; - // Constructors. - // ----------------------------------------------------------------------- - /** * Create a new parameter specification. - * + * * @param keystream The (PRNG) key stream. * @param tagLength The tag length. - * @param prefix The prefix. + * @param prefix The prefix. */ public TMMHParameterSpec(IRandom keystream, Integer tagLength, byte[] prefix) { @@ -84,7 +76,7 @@ public class TMMHParameterSpec implements AlgorithmParameterSpec /** * Create a new parameter specification with no prefix. - * + * * @param keystream The (PRNG) key stream. * @param tagLength The tag length. */ @@ -93,12 +85,9 @@ public class TMMHParameterSpec implements AlgorithmParameterSpec this(keystream, tagLength, null); } - // Instance methods. - // ----------------------------------------------------------------------- - /** * Return the key stream this specification was initialized with. - * + * * @return The key stream. */ public IRandom getKeystream() @@ -108,7 +97,7 @@ public class TMMHParameterSpec implements AlgorithmParameterSpec /** * Return the tag length this specification was initialized with. - * + * * @return The tag length. */ public Integer getTagLength() @@ -117,13 +106,12 @@ public class TMMHParameterSpec implements AlgorithmParameterSpec } /** - * Return the prefix, or <code>null</code> if no prefix was - * specified. - * + * Return the prefix, or <code>null</code> if no prefix was specified. + * * @return The prefix. */ public byte[] getPrefix() { return prefix; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/spec/UMac32ParameterSpec.java b/libjava/classpath/gnu/javax/crypto/jce/spec/UMac32ParameterSpec.java index 47d807d4970..0990cc6d477 100644 --- a/libjava/classpath/gnu/javax/crypto/jce/spec/UMac32ParameterSpec.java +++ b/libjava/classpath/gnu/javax/crypto/jce/spec/UMac32ParameterSpec.java @@ -41,25 +41,19 @@ package gnu.javax.crypto.jce.spec; import java.security.spec.AlgorithmParameterSpec; /** - * This class represents the parameters for the UMAC-32 message - * authentication code algorithm. In practice this means the - * <i>Nonce</i> material used to initialize the algorithm. + * This class represents the parameters for the UMAC-32 message authentication + * code algorithm. In practice this means the <i>Nonce</i> material used to + * initialize the algorithm. */ -public class UMac32ParameterSpec implements AlgorithmParameterSpec +public class UMac32ParameterSpec + implements AlgorithmParameterSpec { - - // Constants and variables. - // ----------------------------------------------------------------------- - /** The <i>Nonce</i> material. */ protected byte[] nonce; - // Constructors. - // ----------------------------------------------------------------------- - /** * Create a new parameter instance. - * + * * @param nonce The nonce material. */ public UMac32ParameterSpec(byte[] nonce) @@ -67,16 +61,13 @@ public class UMac32ParameterSpec implements AlgorithmParameterSpec this.nonce = nonce; } - // Instance methods. - // ----------------------------------------------------------------------- - /** * Return the nonce material. - * + * * @return The nonce material. */ public byte[] getNonce() { return nonce; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/BaseKeyAgreementParty.java b/libjava/classpath/gnu/javax/crypto/key/BaseKeyAgreementParty.java index bfd9378d2fc..fc5ddb7145f 100644 --- a/libjava/classpath/gnu/javax/crypto/key/BaseKeyAgreementParty.java +++ b/libjava/classpath/gnu/javax/crypto/key/BaseKeyAgreementParty.java @@ -47,41 +47,28 @@ import java.security.SecureRandom; import java.util.Map; /** - * <p>A base abstract class to facilitate implementations of concrete key - * agreement protocol handlers.</p> + * A base abstract class to facilitate implementations of concrete key agreement + * protocol handlers. */ -public abstract class BaseKeyAgreementParty implements IKeyAgreementParty +public abstract class BaseKeyAgreementParty + implements IKeyAgreementParty { - - // Constants and variables - // ------------------------------------------------------------------------- - protected static final BigInteger TWO = BigInteger.valueOf(2L); - /** The canonical name of the protocol. */ protected String name; - /** Whether the instance is initialised or not. */ protected boolean initialised = false; - /** The current step index of the protocol exchange. */ protected int step = -1; - /** Whether the exchange has concluded or not. */ protected boolean complete = false; - /** The optional {@link SecureRandom} instance to use. */ protected SecureRandom rnd = null; - /** The optional {@link IRandom} instance to use. */ protected IRandom irnd = null; - /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - protected BaseKeyAgreementParty(String name) { super(); @@ -89,12 +76,6 @@ public abstract class BaseKeyAgreementParty implements IKeyAgreementParty this.name = name; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public String name() { return name; @@ -103,12 +84,8 @@ public abstract class BaseKeyAgreementParty implements IKeyAgreementParty public void init(Map attributes) throws KeyAgreementException { if (initialised) - { - throw new IllegalStateException("already initialised"); - } - + throw new IllegalStateException("already initialised"); this.engineInit(attributes); - initialised = true; this.step = -1; this.complete = false; @@ -117,15 +94,10 @@ public abstract class BaseKeyAgreementParty implements IKeyAgreementParty public OutgoingMessage processMessage(IncomingMessage in) throws KeyAgreementException { - if (!initialised) - { - throw new IllegalStateException("not initialised"); - } + if (! initialised) + throw new IllegalStateException("not initialised"); if (complete) - { - throw new IllegalStateException("exchange has already concluded"); - } - + throw new IllegalStateException("exchange has already concluded"); step++; return this.engineProcessMessage(in); } @@ -137,14 +109,10 @@ public abstract class BaseKeyAgreementParty implements IKeyAgreementParty public byte[] getSharedSecret() throws KeyAgreementException { - if (!initialised) - { - throw new KeyAgreementException("not yet initialised"); - } - if (!isComplete()) - { - throw new KeyAgreementException("not yet computed"); - } + if (! initialised) + throw new KeyAgreementException("not yet initialised"); + if (! isComplete()) + throw new KeyAgreementException("not yet computed"); return engineSharedSecret(); } @@ -157,8 +125,6 @@ public abstract class BaseKeyAgreementParty implements IKeyAgreementParty } } - // abstract methods to be implemented by concrete subclasses --------------- - protected abstract void engineInit(Map attributes) throws KeyAgreementException; @@ -169,31 +135,25 @@ public abstract class BaseKeyAgreementParty implements IKeyAgreementParty protected abstract void engineReset(); - // helper methods ---------------------------------------------------------- - /** * Fills the designated byte array with random data. - * + * * @param buffer the byte array to fill with random data. */ protected void nextRandomBytes(byte[] buffer) { if (rnd != null) - { - rnd.nextBytes(buffer); - } + rnd.nextBytes(buffer); else if (irnd != null) - { - try - { - irnd.nextBytes(buffer, 0, buffer.length); - } - catch (LimitReachedException lre) - { - irnd = null; - getDefaultPRNG().nextBytes(buffer); - } - } + try + { + irnd.nextBytes(buffer, 0, buffer.length); + } + catch (LimitReachedException lre) + { + irnd = null; + getDefaultPRNG().nextBytes(buffer); + } else getDefaultPRNG().nextBytes(buffer); } @@ -205,4 +165,4 @@ public abstract class BaseKeyAgreementParty implements IKeyAgreementParty return prng; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/GnuSecretKey.java b/libjava/classpath/gnu/javax/crypto/key/GnuSecretKey.java index 93b21a67cc3..3063fe406d1 100644 --- a/libjava/classpath/gnu/javax/crypto/key/GnuSecretKey.java +++ b/libjava/classpath/gnu/javax/crypto/key/GnuSecretKey.java @@ -42,27 +42,20 @@ import gnu.java.security.util.Util; import java.security.Key; /** - * A secret key composed of a sequence of raw, unformatted octets. This class - * is analogous to the {@link javax.crypto.spec.SecretKeySpec} class, but is + * A secret key composed of a sequence of raw, unformatted octets. This class is + * analogous to the {@link javax.crypto.spec.SecretKeySpec} class, but is * provided for platforms that do not or cannot contain that class. */ -public class GnuSecretKey implements Key +public class GnuSecretKey + implements Key { - - // Field. - // ------------------------------------------------------------------------ - private final byte[] key; - private final String algorithm; - // Constructors. - // ------------------------------------------------------------------------ - /** * Creates a new secret key. The supplied byte array is copied by this * constructor. - * + * * @param key The raw, secret key. * @param algorithm The algorithm name, which can be null or empty. */ @@ -73,7 +66,7 @@ public class GnuSecretKey implements Key /** * Creates a new secret key from a portion of a byte array. - * + * * @param key The raw, secret key. * @param offset The offset at which the key begins. * @param length The number of bytes that comprise the key. @@ -86,12 +79,9 @@ public class GnuSecretKey implements Key this.algorithm = algorithm; } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Returns the algorithm name, if any. - * + * * @return The algorithm name. */ public String getAlgorithm() @@ -103,7 +93,7 @@ public class GnuSecretKey implements Key * Returns the encoded key, which is merely the byte array this class was * created with. A reference to the internal byte array is returned, so the * caller can delete this key from memory by modifying the returned array. - * + * * @return The raw key. */ public byte[] getEncoded() @@ -113,7 +103,7 @@ public class GnuSecretKey implements Key /** * Returns the string "RAW". - * + * * @return The string "RAW". */ public String getFormat() @@ -123,22 +113,14 @@ public class GnuSecretKey implements Key public boolean equals(Object o) { - if (!(o instanceof GnuSecretKey)) - { - return false; - } + if (! (o instanceof GnuSecretKey)) + return false; if (key.length != ((GnuSecretKey) o).key.length) - { - return false; - } + return false; byte[] key2 = ((GnuSecretKey) o).key; for (int i = 0; i < key.length; i++) - { - if (key[i] != key2[i]) - { - return false; - } - } + if (key[i] != key2[i]) + return false; return true; } @@ -146,4 +128,4 @@ public class GnuSecretKey implements Key { return "GnuSecretKey [ " + algorithm + " " + Util.toString(key) + " ]"; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/IKeyAgreementParty.java b/libjava/classpath/gnu/javax/crypto/key/IKeyAgreementParty.java index 05aef5e51d7..280f3f33d97 100644 --- a/libjava/classpath/gnu/javax/crypto/key/IKeyAgreementParty.java +++ b/libjava/classpath/gnu/javax/crypto/key/IKeyAgreementParty.java @@ -41,65 +41,60 @@ package gnu.javax.crypto.key; import java.util.Map; /** - * <p>The visible methods of an key agreement protocol participating party.</p> + * The visible methods of an key agreement protocol participating party. */ public interface IKeyAgreementParty { - - // Constants - // ------------------------------------------------------------------------- - - // Methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the canonical name of the key agreement protocol.</p> - * + * Returns the canonical name of the key agreement protocol. + * * @return the canonical name of the key agreement protocol. */ String name(); /** - * <p>Sets up the instance to operate with specific attributes.</p> - * + * Sets up the instance to operate with specific attributes. + * * @param attributes a map of name-values used by concrete implementations. * @throws KeyAgreementException if an exception occurs during the setup. */ void init(Map attributes) throws KeyAgreementException; /** - * <p>Processes an incoming message at one end, generating a message that - * will be processed by the other party(ies).</p> - * + * Processes an incoming message at one end, generating a message that will be + * processed by the other party(ies). + * * @param in the incoming message. * @return an outgoing message, or <code>null</code> if this is an - * intermediary step that does not cause any output. + * intermediary step that does not cause any output. * @throws KeyAgreementException if an exception occurs during the processing - * of the incoming message, or during the generation of the outgoing message. + * of the incoming message, or during the generation of the outgoing + * message. */ OutgoingMessage processMessage(IncomingMessage in) throws KeyAgreementException; /** - * <p>Returns <code>true</code> if the party in the key agreement protocol + * Returns <code>true</code> if the party in the key agreement protocol * exchange has completed its part of the exchange. If this is the case an * {@link IllegalStateException} is thrown for any method invocation except * <code>init()</code> or <code>reset()</code>. + * * @return <code>true</code> if this party has completed its part of the key - * agreement protocol exchange; <code>false</code> otherwise. + * agreement protocol exchange; <code>false</code> otherwise. */ boolean isComplete(); /** - * <p>Returns the byte array containing the shared secret as generated by - * this party.</p> - * + * Returns the byte array containing the shared secret as generated by this + * party. + * * @return the generated shared secret. * @throws KeyAgreementException if the key agreement is not yet initialised, - * or is initialised but the exchange is still in progress. + * or is initialised but the exchange is still in progress. */ byte[] getSharedSecret() throws KeyAgreementException; /** Resets this instance for re-use with another set of attributes. */ void reset(); -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/IncomingMessage.java b/libjava/classpath/gnu/javax/crypto/key/IncomingMessage.java index e04c85399fc..9701d80a79d 100644 --- a/libjava/classpath/gnu/javax/crypto/key/IncomingMessage.java +++ b/libjava/classpath/gnu/javax/crypto/key/IncomingMessage.java @@ -58,30 +58,22 @@ import java.security.PrivateKey; import java.security.PublicKey; /** - * <p>An implementation of an incoming message for use with key agreement - * protocols.</p> + * An implementation of an incoming message for use with key agreement + * protocols. */ public class IncomingMessage { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The internal buffer stream containing the message's contents. */ protected ByteArrayInputStream in; - /** The length of the message contents, according to its 4-byte header. */ protected int length; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Constructs an incoming message given the message's encoded form, - * including its header bytes.</p> - * + * Constructs an incoming message given the message's encoded form, including + * its header bytes. + * * @param b the encoded form, including the header bytes, of an incoming - * message. + * message. * @throws KeyAgreementException if the buffer is malformed. */ public IncomingMessage(byte[] b) throws KeyAgreementException @@ -89,15 +81,13 @@ public class IncomingMessage this(); if (b.length < 4) - { - throw new KeyAgreementException("message header too short"); - } - length = b[0] << 24 | (b[1] & 0xFF) << 16 | (b[2] & 0xFF) << 8 - | (b[3] & 0xFF); + throw new KeyAgreementException("message header too short"); + length = b[0] << 24 + | (b[1] & 0xFF) << 16 + | (b[2] & 0xFF) << 8 + | (b[3] & 0xFF); if (length > Registry.SASL_BUFFER_MAX_LIMIT || length < 0) - { - throw new KeyAgreementException("message size limit exceeded"); - } + throw new KeyAgreementException("message size limit exceeded"); in = new ByteArrayInputStream(b, 4, length); } @@ -107,16 +97,13 @@ public class IncomingMessage super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a message given its encoded contents, excluding - * the message's header bytes.</p> - * - * <p>Calls the method with the same name and three arguments as: + * Returns an instance of a message given its encoded contents, excluding the + * message's header bytes. + * <p> + * Calls the method with the same name and three arguments as: * <code>getInstance(raw, 0, raw.length)</code>. - * + * * @param raw the encoded form, excluding the header bytes. * @return a new instance of <code>IncomingMessage</code>. */ @@ -126,9 +113,9 @@ public class IncomingMessage } /** - * <p>Returns an instance of a message given its encoded contents, excluding - * the message's header bytes.</p> - * + * Returns an instance of a message given its encoded contents, excluding the + * message's header bytes. + * * @param raw the encoded form, excluding the header bytes. * @param offset offset where to start using raw bytes from. * @param len number of bytes to use. @@ -142,8 +129,8 @@ public class IncomingMessage } /** - * <p>Converts two octets into the number that they represent.</p> - * + * Converts two octets into the number that they represent. + * * @param b the two octets. * @return the length. */ @@ -151,32 +138,27 @@ public class IncomingMessage { int result = (b[0] & 0xFF) << 8 | (b[1] & 0xFF); if (result > Registry.SASL_TWO_BYTE_MAX_LIMIT) - { - throw new KeyAgreementException("encoded MPI size limit exceeded"); - } + throw new KeyAgreementException("encoded MPI size limit exceeded"); return result; } /** - * <p>Converts four octets into the number that they represent.</p> - * + * Converts four octets into the number that they represent. + * * @param b the four octets. * @return the length. */ public static int fourBytesToLength(byte[] b) throws KeyAgreementException { - int result = b[0] << 24 | (b[1] & 0xFF) << 16 | (b[2] & 0xFF) << 8 - | (b[3] & 0xFF); + int result = b[0] << 24 + | (b[1] & 0xFF) << 16 + | (b[2] & 0xFF) << 8 + | (b[3] & 0xFF); if (result > Registry.SASL_FOUR_BYTE_MAX_LIMIT || result < 0) - { - throw new KeyAgreementException("encoded entity size limit exceeded"); - } + throw new KeyAgreementException("encoded entity size limit exceeded"); return result; } - // Instance methods - // ------------------------------------------------------------------------- - public boolean hasMoreElements() { return (in.available() > 0); @@ -195,18 +177,15 @@ public class IncomingMessage { if (in.available() < 5) throw new KeyAgreementException("not enough bytes for a public key in message"); - byte[] elementLengthBytes = new byte[4]; in.read(elementLengthBytes, 0, 4); int elementLength = fourBytesToLength(elementLengthBytes); if (in.available() < elementLength) throw new KeyAgreementException("illegal public key encoding"); - int keyTypeAndFormatID = in.read() & 0xFF; elementLength--; byte[] kb = new byte[elementLength]; in.read(kb, 0, elementLength); - // instantiate the right codec and decode IKeyPairCodec kpc = getKeyPairCodec(keyTypeAndFormatID); return kpc.decodePublicKey(kb); @@ -225,66 +204,50 @@ public class IncomingMessage { if (in.available() < 5) throw new KeyAgreementException("not enough bytes for a private key in message"); - byte[] elementLengthBytes = new byte[4]; in.read(elementLengthBytes, 0, 4); int elementLength = fourBytesToLength(elementLengthBytes); if (in.available() < elementLength) throw new KeyAgreementException("illegal private key encoding"); - int keyTypeAndFormatID = in.read() & 0xFF; elementLength--; byte[] kb = new byte[elementLength]; in.read(kb, 0, elementLength); - // instantiate the right codec and decode IKeyPairCodec kpc = getKeyPairCodec(keyTypeAndFormatID); return kpc.decodePrivateKey(kb); } /** - * <p>Decodes an MPI from the current message's contents.</p> - * + * Decodes an MPI from the current message's contents. + * * @return a native representation of an MPI. * @throws KeyAgreementException if an encoding exception occurs during the - * operation. + * operation. */ public BigInteger readMPI() throws KeyAgreementException { if (in.available() < 2) - { - throw new KeyAgreementException( - "not enough bytes for an MPI in message"); - } + throw new KeyAgreementException("not enough bytes for an MPI in message"); byte[] elementLengthBytes = new byte[2]; in.read(elementLengthBytes, 0, 2); int elementLength = twoBytesToLength(elementLengthBytes); if (in.available() < elementLength) - { - throw new KeyAgreementException("illegal MPI encoding"); - } - + throw new KeyAgreementException("illegal MPI encoding"); byte[] element = new byte[elementLength]; in.read(element, 0, element.length); - return new BigInteger(1, element); } public String readString() throws KeyAgreementException { if (in.available() < 2) - { - throw new KeyAgreementException( - "not enough bytes for a text in message"); - } + throw new KeyAgreementException("not enough bytes for a text in message"); byte[] elementLengthBytes = new byte[2]; in.read(elementLengthBytes, 0, 2); int elementLength = twoBytesToLength(elementLengthBytes); if (in.available() < elementLength) - { - throw new KeyAgreementException("illegal text encoding"); - } - + throw new KeyAgreementException("illegal text encoding"); byte[] element = new byte[elementLength]; in.read(element, 0, element.length); String result = null; @@ -296,7 +259,6 @@ public class IncomingMessage { throw new KeyAgreementException("unxupported UTF8 encoding", x); } - return result; } @@ -353,4 +315,4 @@ public class IncomingMessage + formatID); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/KeyAgreementException.java b/libjava/classpath/gnu/javax/crypto/key/KeyAgreementException.java index c2fa434a224..f0fb1bb83f9 100644 --- a/libjava/classpath/gnu/javax/crypto/key/KeyAgreementException.java +++ b/libjava/classpath/gnu/javax/crypto/key/KeyAgreementException.java @@ -44,26 +44,19 @@ import java.io.Serializable; import java.security.KeyManagementException; /** - * A generic exception indicating that an unexpected condition has - * been detected during the setup and/or processing of a key agreement - * protocol exchange. + * A generic exception indicating that an unexpected condition has been detected + * during the setup and/or processing of a key agreement protocol exchange. */ -public class KeyAgreementException extends KeyManagementException implements - Serializable +public class KeyAgreementException + extends KeyManagementException + implements Serializable { - - // Constants and variables - // ------------------------------------------------------------------------- - /** @serial The possibly <code>null</code> <i>root</i> cause exception. */ private Throwable cause = null; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Constructs a new instance of <code>KeyAgreementException</code>. The - * root exception and the detailed message are <code>null</code>.</p> + * Constructs a new instance of <code>KeyAgreementException</code>. The + * root exception and the detailed message are <code>null</code>. */ public KeyAgreementException() { @@ -71,11 +64,11 @@ public class KeyAgreementException extends KeyManagementException implements } /** - * <p>Constructs a new instance of <code>KeyAgreementException</code> with a - * detailed message. The <i>root</i> exception is <code>null</code>.</p> - * + * Constructs a new instance of <code>KeyAgreementException</code> with a + * detailed message. The <i>root</i> exception is <code>null</code>. + * * @param detail a possibly <code>null</code> string containing details of - * the exception. + * the exception. * @see Throwable#getMessage() */ public KeyAgreementException(String detail) @@ -84,13 +77,13 @@ public class KeyAgreementException extends KeyManagementException implements } /** - * <p>Constructs a new instance of <code>KeyAgreementException</code> with a - * detailed message and a <i>root</i> exception.</p> - * + * Constructs a new instance of <code>KeyAgreementException</code> with a + * detailed message and a <i>root</i> exception. + * * @param detail a possibly <code>null</code> string containing details of - * the exception. + * the exception. * @param cause a possibly <code>null</code> root exception that caused this - * exception. + * exception. * @see Throwable#getMessage() * @see #getCause() */ @@ -100,17 +93,11 @@ public class KeyAgreementException extends KeyManagementException implements this.cause = cause; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the cause of this throwable or <code>null</code> if the cause - * is nonexistent or unknown. The <i>cause</i> is the throwable that caused - * this exception to be thrown.</p> - * + * Returns the cause of this throwable or <code>null</code> if the cause is + * nonexistent or unknown. The <i>cause</i> is the throwable that caused this + * exception to be thrown. + * * @return the possibly <code>null</code> exception that caused this one. */ public Throwable getCause() @@ -119,69 +106,61 @@ public class KeyAgreementException extends KeyManagementException implements } /** - * <p>Prints this exception's stack trace to <code>System.err</code>. If this + * Prints this exception's stack trace to <code>System.err</code>. If this * exception has a <i>root</i> exception; the stack trace of the <i>root</i> - * exception is also printed to <code>System.err</code>.</p> + * exception is also printed to <code>System.err</code>. */ public void printStackTrace() { super.printStackTrace(); if (cause != null) - { - cause.printStackTrace(); - } + cause.printStackTrace(); } /** - * <p>Prints this exception's stack trace to a print stream. If this - * exception has a <i>root</i> exception; the stack trace of the <i>root</i> - * exception is also printed to the print stream.</p> - * + * Prints this exception's stack trace to a print stream. If this exception + * has a <i>root</i> exception; the stack trace of the <i>root</i> exception + * is also printed to the print stream. + * * @param ps the non-null print stream to which to print. */ public void printStackTrace(PrintStream ps) { super.printStackTrace(ps); if (cause != null) - { - cause.printStackTrace(ps); - } + cause.printStackTrace(ps); } /** - * <p>Prints this exception's stack trace to a print writer. If this - * exception has a <i>root</i> exception; the stack trace of the <i>root</i> - * exception is also printed to the print writer.</p> - * + * Prints this exception's stack trace to a print writer. If this exception + * has a <i>root</i> exception; the stack trace of the <i>root</i> exception + * is also printed to the print writer. + * * @param pw the non-null print writer to use for output. */ public void printStackTrace(PrintWriter pw) { super.printStackTrace(pw); if (cause != null) - { - cause.printStackTrace(pw); - } + cause.printStackTrace(pw); } /** - * <p>Returns the string representation of this exception. The string - * representation contains this exception's class name, its detailed - * messsage, and if it has a <i>root</i> exception, the string representation - * of the root exception. This string representation is meant for debugging - * and is not meant to be interpreted programmatically.</p> - * + * Returns the string representation of this exception. The string + * representation contains this exception's class name, its detailed messsage, + * and if it has a <i>root</i> exception, the string representation of the + * root exception. This string representation is meant for debugging and is + * not meant to be interpreted programmatically. + * * @return the non-null string representation of this exception. * @see Throwable#getMessage() */ public String toString() { - StringBuffer sb = new StringBuffer(this.getClass().getName()).append(": ").append( - super.toString()); + StringBuffer sb = new StringBuffer(this.getClass().getName()).append(": ") + .append(super.toString()); if (cause != null) - { - sb.append("; caused by: ").append(cause.toString()); - } + sb.append("; caused by: ").append(cause.toString()); return sb.toString(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/KeyAgreementFactory.java b/libjava/classpath/gnu/javax/crypto/key/KeyAgreementFactory.java index e2a7faba18a..ae9bf36ff3a 100644 --- a/libjava/classpath/gnu/javax/crypto/key/KeyAgreementFactory.java +++ b/libjava/classpath/gnu/javax/crypto/key/KeyAgreementFactory.java @@ -56,115 +56,77 @@ import java.util.HashSet; import java.util.Set; /** - * <p>A <i>Factory</i> class to generate key agreement protocol handlers.</p> + * A <i>Factory</i> class to generate key agreement protocol handlers. */ public class KeyAgreementFactory { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor to enforce <i>Singleton</i> pattern. */ private KeyAgreementFactory() { super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a key agreeent protocol handler, for party + * Returns an instance of a key agreeent protocol handler, for party * <code>A</code> in a two-party <code>A..B</code> exchange, given the * canonical name of this protocol. Party <code>A</code> is usually the - * initiator of the exchange.</p> - * + * initiator of the exchange. + * * @param name the case-insensitive key agreement protocol name. * @return an instance of the key agreement protocol handler for party - * <code>A</code>, or <code>null</code> if none found. + * <code>A</code>, or <code>null</code> if none found. */ public static IKeyAgreementParty getPartyAInstance(String name) { if (name == null) - { - return null; - } - + return null; name = name.trim(); IKeyAgreementParty result = null; if (name.equalsIgnoreCase(Registry.DH_KA)) - { - result = new DiffieHellmanSender(); - } + result = new DiffieHellmanSender(); else if (name.equalsIgnoreCase(Registry.ELGAMAL_KA)) - { - result = new ElGamalSender(); - } + result = new ElGamalSender(); else if (name.equalsIgnoreCase(Registry.SRP6_KA)) - { - result = new SRP6User(); - } + result = new SRP6User(); else if (name.equalsIgnoreCase(Registry.SRP_SASL_KA)) - { - result = new SRP6SaslClient(); - } + result = new SRP6SaslClient(); else if (name.equalsIgnoreCase(Registry.SRP_TLS_KA)) - { - result = new SRP6TLSClient(); - } - + result = new SRP6TLSClient(); return result; } /** - * <p>Returns an instance of a key agreeent protocol handler, for party + * Returns an instance of a key agreeent protocol handler, for party * <code>B</code> in a two-party <code>A..B</code> exchange, given the - * canonical name of this protocol.</p> - * + * canonical name of this protocol. + * * @param name the case-insensitive key agreement protocol name. * @return an instance of the key agreement protocol handler for party - * <code>B</code>, or <code>null</code> if none found. + * <code>B</code>, or <code>null</code> if none found. */ public static IKeyAgreementParty getPartyBInstance(String name) { if (name == null) - { - return null; - } - + return null; name = name.trim(); IKeyAgreementParty result = null; if (name.equalsIgnoreCase(Registry.DH_KA)) - { - result = new DiffieHellmanReceiver(); - } + result = new DiffieHellmanReceiver(); else if (name.equalsIgnoreCase(Registry.ELGAMAL_KA)) - { - result = new ElGamalReceiver(); - } + result = new ElGamalReceiver(); else if (name.equalsIgnoreCase(Registry.SRP6_KA)) - { - result = new SRP6Host(); - } + result = new SRP6Host(); else if (name.equalsIgnoreCase(Registry.SRP_SASL_KA)) - { - result = new SRP6SaslServer(); - } + result = new SRP6SaslServer(); else if (name.equalsIgnoreCase(Registry.SRP_TLS_KA)) - { - result = new SRP6TLSServer(); - } - + result = new SRP6TLSServer(); return result; } /** - * <p>Returns a {@link Set} of key agreement protocol names supported by this - * <i>Factory</i>.</p> - * + * Returns a {@link Set} of key agreement protocol names supported by this + * <i>Factory</i>. + * * @return a {@link Set} of key agreement protocol names (Strings). */ public static final Set getNames() @@ -178,4 +140,4 @@ public class KeyAgreementFactory return Collections.unmodifiableSet(hs); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/OutgoingMessage.java b/libjava/classpath/gnu/javax/crypto/key/OutgoingMessage.java index 588012120ce..563b3ef5ae6 100644 --- a/libjava/classpath/gnu/javax/crypto/key/OutgoingMessage.java +++ b/libjava/classpath/gnu/javax/crypto/key/OutgoingMessage.java @@ -53,21 +53,13 @@ import java.security.PublicKey; import java.math.BigInteger; /** - * <p>An implementation of outgoing messages for use with key agreement - * protocols.</p> + * An implementation of outgoing messages for use with key agreement protocols. */ public class OutgoingMessage { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The internal output stream. */ private ByteArrayOutputStream out; - // Constructor(s) - // ------------------------------------------------------------------------- - public OutgoingMessage() { super(); @@ -75,16 +67,10 @@ public class OutgoingMessage out = new ByteArrayOutputStream(); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the encoded form of the current message including the 4-byte - * length header.</p> - * + * Returns the encoded form of the current message including the 4-byte length + * header. + * * @throws KeyAgreementException if an encoding size constraint is violated. */ public byte[] toByteArray() throws KeyAgreementException @@ -92,28 +78,25 @@ public class OutgoingMessage byte[] buffer = wrap(); int length = buffer.length; byte[] result = new byte[length + 4]; - result[0] = (byte) (length >>> 24); - result[1] = (byte) (length >>> 16); - result[2] = (byte) (length >>> 8); + result[0] = (byte)(length >>> 24); + result[1] = (byte)(length >>> 16); + result[2] = (byte)(length >>> 8); result[3] = (byte) length; System.arraycopy(buffer, 0, result, 4, length); - return result; } /** - * <p>Returns the encoded form of the current message excluding the 4-byte - * length header.</p> - * + * Returns the encoded form of the current message excluding the 4-byte length + * header. + * * @throws KeyAgreementException if an encoding size constraint is violated. */ public byte[] wrap() throws KeyAgreementException { int length = out.size(); if (length > Registry.SASL_BUFFER_MAX_LIMIT || length < 0) - { - throw new KeyAgreementException("message content is too long"); - } + throw new KeyAgreementException("message content is too long"); return out.toByteArray(); } @@ -128,9 +111,8 @@ public class OutgoingMessage * representing the total length, excluding these 4 bytes, of the bytes * representing the encoded key and the one-byte representing the key-type and * format; i.e. - * * <pre> - * key --> 4-byte-length || 1-byte-type-and-format || encoded-key-bytes + * key --> 4-byte-length || 1-byte-type-and-format || encoded-key-bytes * </pre> * * @param k the public key to encode. @@ -152,9 +134,8 @@ public class OutgoingMessage * representing the total length, excluding these 4 bytes, of the bytes * representing the encoded key and the one-byte representing the key-type and * format; i.e. - * * <pre> - * key --> 4-byte-length || 1-byte-type-and-format || encoded-key-bytes + * key --> 4-byte-length || 1-byte-type-and-format || encoded-key-bytes * </pre> * * @param k the private key to encode. @@ -166,8 +147,8 @@ public class OutgoingMessage } /** - * <p>Encodes an MPI into the message.</p> - * + * Encodes an MPI into the message. + * * @param val the MPI to encode. * @throws KeyAgreementException if an encoding size constraint is violated. */ @@ -176,20 +157,18 @@ public class OutgoingMessage byte[] b = val.toByteArray(); int length = b.length; if (length > Registry.SASL_TWO_BYTE_MAX_LIMIT) - { - throw new KeyAgreementException("MPI is too long"); - } - byte[] lengthBytes = { (byte) (length >>> 8), (byte) length }; + throw new KeyAgreementException("MPI is too long"); + byte[] lengthBytes = { (byte)(length >>> 8), (byte) length }; out.write(lengthBytes, 0, 2); out.write(b, 0, b.length); } /** - * <p>Encodes a string into the message.</p> - * + * Encodes a string into the message. + * * @param s the string to encode. - * @throws KeyAgreementException if the UTF8 encoding is not supported on - * this platform, or if an encoding size constraint is violated. + * @throws KeyAgreementException if the UTF8 encoding is not supported on this + * platform, or if an encoding size constraint is violated. */ public void writeString(String s) throws KeyAgreementException { @@ -204,10 +183,8 @@ public class OutgoingMessage } int length = b.length; if (length > Registry.SASL_TWO_BYTE_MAX_LIMIT) - { - throw new KeyAgreementException("text too long"); - } - byte[] lengthBytes = { (byte) (length >>> 8), (byte) length }; + throw new KeyAgreementException("text too long"); + byte[] lengthBytes = { (byte)(length >>> 8), (byte) length }; out.write(lengthBytes, 0, 2); out.write(b, 0, b.length); } @@ -224,9 +201,11 @@ public class OutgoingMessage int length = b.length + 1; if (length > Registry.SASL_FOUR_BYTE_MAX_LIMIT) throw new KeyAgreementException("Encoded key is too long"); - - byte[] lengthBytes = { (byte) (length >>> 24), (byte) (length >>> 16), - (byte) (length >>> 8), (byte) length }; + byte[] lengthBytes = { + (byte)(length >>> 24), + (byte)(length >>> 16), + (byte)(length >>> 8), + (byte) length }; out.write(lengthBytes, 0, 4); out.write(((keyType & 0x0F) << 4) | (formatID & 0x0F)); out.write(b, 0, b.length); @@ -252,4 +231,4 @@ public class OutgoingMessage throw new KeyAgreementException("Unknown or unsupported key type: " + k.getClass().getName()); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java b/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java index 34fb007066b..98ea4765375 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java @@ -98,6 +98,13 @@ public class DHKeyPairPKCS8Codec * q INTEGER -- factor of p-1 * } * </pre> + * <p> + * <b>IMPORTANT</b>: with RI's {@link javax.crypto.spec.DHGenParameterSpec} + * and {@link javax.crypto.spec.DHParameterSpec} classes, we may end up with + * Diffie-Hellman keys that have a <code>null</code> for the <code>q</code> + * parameter. RFC-2631 DOES NOT allow for an <i>optional</i> value for that + * parameter, hence we replace such null values with <code>0</code>, and do + * the reverse in the corresponding decode method. * * @return the DER encoded form of the ASN.1 representation of the * <i>PrivateKeyInfo</i> field in an X.509 certificate. @@ -117,6 +124,8 @@ public class DHKeyPairPKCS8Codec BigInteger p = pk.getParams().getP(); BigInteger g = pk.getParams().getG(); BigInteger q = pk.getQ(); + if (q == null) + q = BigInteger.ZERO; BigInteger x = pk.getX(); ArrayList params = new ArrayList(3); @@ -212,6 +221,8 @@ public class DHKeyPairPKCS8Codec val = der.read(); DerUtil.checkIsBigInteger(val, "Wrong Q field"); q = (BigInteger) val.getValue(); + if (q.compareTo(BigInteger.ZERO) == 0) + q = null; val = der.read(); byte[] xBytes = (byte[]) val.getValue(); diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairRawCodec.java b/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairRawCodec.java index c0ff82bea52..aefcd5ff4fb 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairRawCodec.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairRawCodec.java @@ -47,62 +47,49 @@ import java.security.PrivateKey; import java.security.PublicKey; /** - * <p>An object that implements the {@link IKeyPairCodec} operations for the - * <i>Raw</i> format to use with Diffie-Hellman keypairs.</p> + * An object that implements the {@link IKeyPairCodec} operations for the + * <i>Raw</i> format to use with Diffie-Hellman keypairs. */ -public class DHKeyPairRawCodec implements IKeyPairCodec +public class DHKeyPairRawCodec + implements IKeyPairCodec { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - - // implicit 0-arguments ctor - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.keys.IKeyPairCodec interface implementation ------------------- - public int getFormatID() { return RAW_FORMAT; } /** - * <p>Returns the encoded form of the designated Diffie-Hellman public key - * according to the <i>Raw</i> format supported by this library.</p> - * - * <p>The <i>Raw</i> format for a DH public key, in this implementation, is - * a byte sequence consisting of the following:</p> - * + * Returns the encoded form of the designated Diffie-Hellman public key + * according to the <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for a DH public key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_DH_PUBLIC_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>q</code> in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>q</code>,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>p</code> in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>p</code>,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>g</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>g</code>,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>y</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>y</code>,</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_DH_PUBLIC_KEY},</li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>q</code> in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>q</code>, + * </li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>p</code> in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>p</code>, + * </li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>g</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>g</code>, + * </li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>y</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>y</code>, + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. * @throws IllegalArgumentException if the designated key is not a DH one. @@ -110,59 +97,49 @@ public class DHKeyPairRawCodec implements IKeyPairCodec */ public byte[] encodePublicKey(PublicKey key) { - if (!(key instanceof GnuDHPublicKey)) - { - throw new IllegalArgumentException("key"); - } - + if (! (key instanceof GnuDHPublicKey)) + throw new IllegalArgumentException("key"); GnuDHPublicKey dhKey = (GnuDHPublicKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_DH_PUBLIC_KEY[0]); baos.write(Registry.MAGIC_RAW_DH_PUBLIC_KEY[1]); baos.write(Registry.MAGIC_RAW_DH_PUBLIC_KEY[2]); baos.write(Registry.MAGIC_RAW_DH_PUBLIC_KEY[3]); - // version baos.write(0x01); - // q byte[] buffer = dhKey.getQ().toByteArray(); int length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // p buffer = dhKey.getParams().getP().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // g buffer = dhKey.getParams().getG().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // y buffer = dhKey.getY().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - return baos.toByteArray(); } @@ -173,83 +150,84 @@ public class DHKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_DH_PUBLIC_KEY[1] || k[2] != Registry.MAGIC_RAW_DH_PUBLIC_KEY[2] || k[3] != Registry.MAGIC_RAW_DH_PUBLIC_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } - + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } + throw new IllegalArgumentException("version"); int i = 5; int l; byte[] buffer; - // q - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger q = new BigInteger(1, buffer); - // p - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger p = new BigInteger(1, buffer); - // g - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger g = new BigInteger(1, buffer); - // y - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger y = new BigInteger(1, buffer); - return new GnuDHPublicKey(q, p, g, y); } /** - * <p>Returns the encoded form of the designated Diffie-Hellman private key - * according to the <i>Raw</i> format supported by this library.</p> - * - * <p>The <i>Raw</i> format for a DH private key, in this implementation, is - * a byte sequence consisting of the following:</p> - * + * Returns the encoded form of the designated Diffie-Hellman private key + * according to the <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for a DH private key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_DH_PRIVATE_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>q</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>q</code>,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>p</code> in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>p</code>,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>g</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>g</code>,</li> - * <li>4-byte count of following bytes representing the DH parameter - * <code>x</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DH parameter <code>x</code>,</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_DH_PRIVATE_KEY},</li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>q</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>q</code>, + * </li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>p</code> in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>p</code>, + * </li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>g</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>g</code>, + * </li> + * <li>4-byte count of following bytes representing the DH parameter + * <code>x</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DH parameter <code>x</code>, + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. * @throws IllegalArgumentException if the designated key is not a DH one. @@ -257,59 +235,49 @@ public class DHKeyPairRawCodec implements IKeyPairCodec */ public byte[] encodePrivateKey(PrivateKey key) { - if (!(key instanceof GnuDHPrivateKey)) - { - throw new IllegalArgumentException("key"); - } - + if (! (key instanceof GnuDHPrivateKey)) + throw new IllegalArgumentException("key"); GnuDHPrivateKey dhKey = (GnuDHPrivateKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_DH_PRIVATE_KEY[0]); baos.write(Registry.MAGIC_RAW_DH_PRIVATE_KEY[1]); baos.write(Registry.MAGIC_RAW_DH_PRIVATE_KEY[2]); baos.write(Registry.MAGIC_RAW_DH_PRIVATE_KEY[3]); - // version baos.write(0x01); - // q byte[] buffer = dhKey.getQ().toByteArray(); int length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // p buffer = dhKey.getParams().getP().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // g buffer = dhKey.getParams().getG().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // x buffer = dhKey.getX().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - return baos.toByteArray(); } @@ -320,51 +288,49 @@ public class DHKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_DH_PRIVATE_KEY[1] || k[2] != Registry.MAGIC_RAW_DH_PRIVATE_KEY[2] || k[3] != Registry.MAGIC_RAW_DH_PRIVATE_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } - + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } + throw new IllegalArgumentException("version"); int i = 5; int l; byte[] buffer; - // q - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger q = new BigInteger(1, buffer); - // p - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger p = new BigInteger(1, buffer); - // g - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger g = new BigInteger(1, buffer); - // x - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger x = new BigInteger(1, buffer); - return new GnuDHPrivateKey(q, p, g, x); } } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java b/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java index 7e8688bd3a4..5da396a1da6 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java @@ -97,6 +97,13 @@ public class DHKeyPairX509Codec * <pre> * DHPublicKey ::= INTEGER -- public key, y = g^x mod p * </pre> + * <p> + * <b>IMPORTANT</b>: with RI's {@link javax.crypto.spec.DHGenParameterSpec} + * and {@link javax.crypto.spec.DHParameterSpec} classes, we may end up with + * Diffie-Hellman keys that have a <code>null</code> for the <code>q</code> + * parameter. RFC-2631 DOES NOT allow for an <i>optional</i> value for that + * parameter, hence we replace such null values with <code>0</code>, and do + * the reverse in the corresponding decode method. * * @param key the {@link PublicKey} instance to encode. MUST be an instance of * {@link GnuDHPublicKey}. @@ -117,6 +124,8 @@ public class DHKeyPairX509Codec BigInteger p = dhKey.getParams().getP(); BigInteger g = dhKey.getParams().getG(); BigInteger q = dhKey.getQ(); + if (q == null) + q = BigInteger.ZERO; BigInteger y = dhKey.getY(); DERValue derP = new DERValue(DER.INTEGER, p); @@ -212,6 +221,8 @@ public class DHKeyPairX509Codec val = der.read(); DerUtil.checkIsBigInteger(val, "Wrong Q field"); q = (BigInteger) val.getValue(); + if (q.compareTo(BigInteger.ZERO) == 0) + q = null; val = der.read(); if (! (val.getValue() instanceof BitString)) diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanKeyAgreement.java b/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanKeyAgreement.java index 5b1caa7d1b5..2443950549a 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanKeyAgreement.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanKeyAgreement.java @@ -49,78 +49,63 @@ import java.math.BigInteger; import javax.crypto.interfaces.DHPrivateKey; /** - * <p>The basic version of the Diffie-Hellman key agreement is described in the - * Handbook of Applied Cryptography [HAC] as follows:</p> + * The basic version of the Diffie-Hellman key agreement is described in the + * Handbook of Applied Cryptography [HAC] as follows: * <ul> - * <li>An appropriate prime p and generator g of Z<sub>p</sub><sup>*</sup> - * (2 <= g <= p-2) are selected and published.</li> - * <li>A and B each send the other one message over an open channel; as a - * result, they both can then compute a shared secret key K which they can - * use to protect their future communication.</li> - * <li>A chooses a random secret x, 1 <= x <= p-2, and sends B message - * (1) which is g^x mod p.</li> - * <li>B chooses a random secret y, 1 <= y <= p-2, and sends A message - * (2) which is g^y mod p.</li> - * <li>B receives message (1) and computes the shared key as K = (g^x)^y mod - * p.</li> - * <li>A receives message (2) and computes the shared key as K = (g^y)^x mod - * p.</li> + * <li>An appropriate prime p and generator g of Z<sub>p</sub><sup>*</sup> + * (2 <= g <= p-2) are selected and published.</li> + * <li>A and B each send the other one message over an open channel; as a + * result, they both can then compute a shared secret key K which they can use + * to protect their future communication.</li> + * <li>A chooses a random secret x, 1 <= x <= p-2, and sends B message + * (1) which is g^x mod p.</li> + * <li>B chooses a random secret y, 1 <= y <= p-2, and sends A message + * (2) which is g^y mod p.</li> + * <li>B receives message (1) and computes the shared key as K = (g^x)^y mod p. + * </li> + * <li>A receives message (2) and computes the shared key as K = (g^y)^x mod p. + * </li> * </ul> - * - * <p>RFC-2631 describes a <i>Static-Static Mode</i> of operations with - * Diffie-Hellman keypairs as follows:</p> + * <p> + * RFC-2631 describes a <i>Static-Static Mode</i> of operations with + * Diffie-Hellman keypairs as follows: * <pre> - * "In Static-Static mode, both the sender and the recipient have a - static (and certified) key pair. Since the sender's and recipient's - keys are therefore the same for each message, ZZ will be the same for - each message. Thus, partyAInfo MUST be used (and different for each - message) in order to ensure that different messages use different - KEKs. Implementations MAY implement Static-Static mode." + * "In Static-Static mode, both the sender and the recipient have a + * static (and certified) key pair. Since the sender's and recipient's + * keys are therefore the same for each message, ZZ will be the same for + * each message. Thus, partyAInfo MUST be used (and different for each + * message) in order to ensure that different messages use different + * KEKs. Implementations MAY implement Static-Static mode." * </pre> - * - * <p>Reference:</p> + * + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key - * Agreement Method</a><br> - * Eric Rescorla.</li> - * <li><a href="http://www.cacr.math.uwaterloo.ca/hac">[HAC]</a>: Handbook of - * Applied Cryptography.<br> - * CRC Press, Inc. ISBN 0-8493-8523-7, 1997<br> - * Menezes, A., van Oorschot, P. and S. Vanstone.</li> + * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key + * Agreement Method</a><br> + * Eric Rescorla.</li> + * <li><a href="http://www.cacr.math.uwaterloo.ca/hac">[HAC]</a>: Handbook of + * Applied Cryptography.<br> + * CRC Press, Inc. ISBN 0-8493-8523-7, 1997<br> + * Menezes, A., van Oorschot, P. and S. Vanstone.</li> * </ol> */ -public abstract class DiffieHellmanKeyAgreement extends BaseKeyAgreementParty +public abstract class DiffieHellmanKeyAgreement + extends BaseKeyAgreementParty { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.dh.ka.prng"; - - public static final String KA_DIFFIE_HELLMAN_OWNER_PRIVATE_KEY = "gnu.crypto.dh.ka.owner.private.key"; - + public static final String KA_DIFFIE_HELLMAN_OWNER_PRIVATE_KEY = + "gnu.crypto.dh.ka.owner.private.key"; /** The key agreement party's private key. */ protected DHPrivateKey ownerKey; - /** The shared secret key. */ protected BigInteger ZZ; - // Constructor(s) - // ------------------------------------------------------------------------- - protected DiffieHellmanKeyAgreement() { super(Registry.DH_KA); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of common abstract methods in BaseKeyAGreementParty ------ - protected byte[] engineSharedSecret() throws KeyAgreementException { return Util.trim(ZZ); diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanReceiver.java b/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanReceiver.java index 4a3664d6a8d..ab1023ad3b5 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanReceiver.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanReceiver.java @@ -51,50 +51,30 @@ import java.util.Map; import javax.crypto.interfaces.DHPrivateKey; /** - * <p>This implementation is the receiver's part of the basic version of the - * Diffie-Hellman key agreement exchange (B in [HAC]).</p> - * + * This implementation is the receiver's part of the basic version of the + * Diffie-Hellman key agreement exchange (B in [HAC]). + * * @see DiffieHellmanKeyAgreement */ -public class DiffieHellmanReceiver extends DiffieHellmanKeyAgreement +public class DiffieHellmanReceiver + extends DiffieHellmanKeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - private BigInteger y; // the receiver's random secret - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(Map attributes) throws KeyAgreementException { Object random = attributes.get(SOURCE_OF_RANDOMNESS); rnd = null; irnd = null; if (random instanceof SecureRandom) - { - rnd = (SecureRandom) random; - } + rnd = (SecureRandom) random; else if (random instanceof IRandom) - { - irnd = (IRandom) random; - } + irnd = (IRandom) random; ownerKey = (DHPrivateKey) attributes.get(KA_DIFFIE_HELLMAN_OWNER_PRIVATE_KEY); if (ownerKey == null) - { - throw new KeyAgreementException("missing owner's private key"); - } + throw new KeyAgreementException("missing owner's private key"); } protected OutgoingMessage engineProcessMessage(IncomingMessage in) @@ -109,20 +89,14 @@ public class DiffieHellmanReceiver extends DiffieHellmanKeyAgreement } } - // own methods ------------------------------------------------------------- - private OutgoingMessage computeSharedSecret(IncomingMessage in) throws KeyAgreementException { BigInteger m1 = in.readMPI(); if (m1 == null) - { - throw new KeyAgreementException("missing message (1)"); - } - + throw new KeyAgreementException("missing message (1)"); BigInteger p = ownerKey.getParams().getP(); BigInteger g = ownerKey.getParams().getG(); - // B chooses a random integer y, 1 <= y <= p-2 // rfc-2631 restricts y to only be in [2, p-1] BigInteger p_minus_2 = p.subtract(TWO); @@ -132,16 +106,12 @@ public class DiffieHellmanReceiver extends DiffieHellmanKeyAgreement nextRandomBytes(xBytes); y = new BigInteger(1, xBytes); } - while (!(y.compareTo(TWO) >= 0 && y.compareTo(p_minus_2) <= 0)); - + while (! (y.compareTo(TWO) >= 0 && y.compareTo(p_minus_2) <= 0)); ZZ = m1.modPow(y, p); // ZZ = (yb ^ xa) mod p - complete = true; - // B sends A the message: g^y mod p OutgoingMessage result = new OutgoingMessage(); result.writeMPI(g.modPow(y, p)); // message (2) - return result; } } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanSender.java b/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanSender.java index 0be82bfb492..52a030d678c 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanSender.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/DiffieHellmanSender.java @@ -51,50 +51,30 @@ import java.util.Map; import javax.crypto.interfaces.DHPrivateKey; /** - * <p>This implementation is the sender's part of the basic version of the - * Diffie-Hellman key agreement exchange (A in [HAC]).</p> - * + * This implementation is the sender's part of the basic version of the + * Diffie-Hellman key agreement exchange (A in [HAC]). + * * @see DiffieHellmanKeyAgreement */ -public class DiffieHellmanSender extends DiffieHellmanKeyAgreement +public class DiffieHellmanSender + extends DiffieHellmanKeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - private BigInteger x; // the sender's random secret - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(Map attributes) throws KeyAgreementException { Object random = attributes.get(SOURCE_OF_RANDOMNESS); rnd = null; irnd = null; if (random instanceof SecureRandom) - { - rnd = (SecureRandom) random; - } + rnd = (SecureRandom) random; else if (random instanceof IRandom) - { - irnd = (IRandom) random; - } + irnd = (IRandom) random; ownerKey = (DHPrivateKey) attributes.get(KA_DIFFIE_HELLMAN_OWNER_PRIVATE_KEY); if (ownerKey == null) - { - throw new KeyAgreementException("missing owner's private key"); - } + throw new KeyAgreementException("missing owner's private key"); } protected OutgoingMessage engineProcessMessage(IncomingMessage in) @@ -111,14 +91,11 @@ public class DiffieHellmanSender extends DiffieHellmanKeyAgreement } } - // own methods ------------------------------------------------------------- - private OutgoingMessage sendRandomSecret(IncomingMessage in) throws KeyAgreementException { BigInteger p = ownerKey.getParams().getP(); BigInteger g = ownerKey.getParams().getG(); - // A chooses a random integer x, 1 <= x <= p-2 // rfc-2631 restricts x to only be in [2, p-1] BigInteger p_minus_2 = p.subtract(TWO); @@ -128,12 +105,10 @@ public class DiffieHellmanSender extends DiffieHellmanKeyAgreement nextRandomBytes(xBytes); x = new BigInteger(1, xBytes); } - while (!(x.compareTo(TWO) >= 0 && x.compareTo(p_minus_2) <= 0)); - + while (! (x.compareTo(TWO) >= 0 && x.compareTo(p_minus_2) <= 0)); // A sends B the message: g^x mod p OutgoingMessage result = new OutgoingMessage(); result.writeMPI(g.modPow(x, p)); - return result; } @@ -142,13 +117,9 @@ public class DiffieHellmanSender extends DiffieHellmanKeyAgreement { BigInteger m1 = in.readMPI(); if (m1 == null) - { - throw new KeyAgreementException("missing message (2)"); - } - + throw new KeyAgreementException("missing message (2)"); BigInteger p = ownerKey.getParams().getP(); - ZZ = m1.modPow(x, p); // ZZ = (yb ^ xa) mod p - + ZZ = m1.modPow(x, p); // ZZ = (yb ^ xa) mod p complete = true; return null; } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalKeyAgreement.java b/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalKeyAgreement.java index 1c4e11ce26b..967eda3f508 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalKeyAgreement.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalKeyAgreement.java @@ -47,77 +47,62 @@ import gnu.javax.crypto.key.KeyAgreementException; import java.math.BigInteger; /** - * <p>The ElGamal key agreement, also known as the half-certified Diffie-Hellman + * The ElGamal key agreement, also known as the half-certified Diffie-Hellman * key agreement, is described in the Handbook of Applied Cryptography [HAC] as - * follows:</p> + * follows: * <ul> - * <li>A sends to B a single message allowing one-pass key agreement.</li> - * <li>A obtains an authentic copy of B's public key (p, g, yb), where - * yb = g**xb.</li> - * <li>A chooses a random integer x, 1 <= x <= p-2, and sends B the - * message g**x. A computes the shared secret key K as yb**x.</li> - * <li>B computes the same key K on receipt of the previous message as - * (g**x)**xb.</li> + * <li>A sends to B a single message allowing one-pass key agreement.</li> + * <li>A obtains an authentic copy of B's public key (p, g, yb), where yb = + * g**xb.</li> + * <li>A chooses a random integer x, 1 <= x <= p-2, and sends B the + * message g**x. A computes the shared secret key K as yb**x.</li> + * <li>B computes the same key K on receipt of the previous message as + * (g**x)**xb.</li> * </ul> - * - * <p>RFC-2631 describes an <i>Ephemeral-Static Mode</i> of operations with - * Diffie-Hellman keypairs as follows:</p> + * <p> + * RFC-2631 describes an <i>Ephemeral-Static Mode</i> of operations with + * Diffie-Hellman keypairs as follows: * <pre> - * "In Ephemeral-Static mode, the recipient has a static (and certified) - * key pair, but the sender generates a new key pair for each message - * and sends it using the originatorKey production. If the sender's key - * is freshly generated for each message, the shared secret ZZ will be - * similarly different for each message and partyAInfo MAY be omitted, - * since it serves merely to decouple multiple KEKs generated by the - * same set of pairwise keys. If, however, the same ephemeral sender key - * is used for multiple messages (e.g. it is cached as a performance - * optimization) then a separate partyAInfo MUST be used for each - * message. All implementations of this standard MUST implement - * Ephemeral-Static mode." + * "In Ephemeral-Static mode, the recipient has a static (and certified) + * key pair, but the sender generates a new key pair for each message + * and sends it using the originatorKey production. If the sender's key + * is freshly generated for each message, the shared secret ZZ will be + * similarly different for each message and partyAInfo MAY be omitted, + * since it serves merely to decouple multiple KEKs generated by the + * same set of pairwise keys. If, however, the same ephemeral sender key + * is used for multiple messages (e.g. it is cached as a performance + * optimization) then a separate partyAInfo MUST be used for each + * message. All implementations of this standard MUST implement + * Ephemeral-Static mode." * </pre> - * - * <p>Reference:</p> + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key - * Agreement Method</a><br> - * Eric Rescorla.</li> - * <li><a href="http://www.cacr.math.uwaterloo.ca/hac">[HAC]</a>: Handbook of - * Applied Cryptography.<br> - * CRC Press, Inc. ISBN 0-8493-8523-7, 1997<br> - * Menezes, A., van Oorschot, P. and S. Vanstone.</li> + * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key + * Agreement Method</a><br> + * Eric Rescorla.</li> + * <li><a href="http://www.cacr.math.uwaterloo.ca/hac">[HAC]</a>: Handbook of + * Applied Cryptography.<br> + * CRC Press, Inc. ISBN 0-8493-8523-7, 1997<br> + * Menezes, A., van Oorschot, P. and S. Vanstone.</li> * </ol> */ -public abstract class ElGamalKeyAgreement extends BaseKeyAgreementParty +public abstract class ElGamalKeyAgreement + extends BaseKeyAgreementParty { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.elgamal.ka.prng"; - - public static final String KA_ELGAMAL_RECIPIENT_PRIVATE_KEY = "gnu.crypto.elgamal.ka.recipient.private.key"; - - public static final String KA_ELGAMAL_RECIPIENT_PUBLIC_KEY = "gnu.crypto.elgamal.ka.recipient.public.key"; - + public static final String KA_ELGAMAL_RECIPIENT_PRIVATE_KEY = + "gnu.crypto.elgamal.ka.recipient.private.key"; + public static final String KA_ELGAMAL_RECIPIENT_PUBLIC_KEY = + "gnu.crypto.elgamal.ka.recipient.public.key"; /** The shared secret key. */ protected BigInteger ZZ; - // Constructor(s) - // ------------------------------------------------------------------------- - protected ElGamalKeyAgreement() { super(Registry.ELGAMAL_KA); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of common abstract methods in BaseKeyAGreementParty ------ - protected byte[] engineSharedSecret() throws KeyAgreementException { return Util.trim(ZZ); diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalReceiver.java b/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalReceiver.java index 24776cba174..bf9b4fb1f0f 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalReceiver.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalReceiver.java @@ -49,33 +49,19 @@ import java.util.Map; import javax.crypto.interfaces.DHPrivateKey; /** - * <p>This implementation is the receiver's part of the ElGamal key agreement - * exchange (B in [HAC]).</p> - * + * This implementation is the receiver's part of the ElGamal key agreement + * exchange (B in [HAC]). + * * @see ElGamalKeyAgreement */ -public class ElGamalReceiver extends ElGamalKeyAgreement +public class ElGamalReceiver + extends ElGamalKeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The recipient's private key. */ private DHPrivateKey B; - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(Map attributes) throws KeyAgreementException { rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); @@ -83,9 +69,7 @@ public class ElGamalReceiver extends ElGamalKeyAgreement // a keypair and publishes its public key B = (DHPrivateKey) attributes.get(KA_ELGAMAL_RECIPIENT_PRIVATE_KEY); if (B == null) - { - throw new KeyAgreementException("missing recipient private key"); - } + throw new KeyAgreementException("missing recipient private key"); } protected OutgoingMessage engineProcessMessage(IncomingMessage in) @@ -100,8 +84,6 @@ public class ElGamalReceiver extends ElGamalKeyAgreement } } - // own methods ------------------------------------------------------------- - private OutgoingMessage computeSharedSecret(IncomingMessage in) throws KeyAgreementException { @@ -109,12 +91,8 @@ public class ElGamalReceiver extends ElGamalKeyAgreement // K = (g^x)^xb mod p BigInteger m1 = in.readMPI(); if (m1 == null) - { - throw new KeyAgreementException("missing message (1)"); - } - + throw new KeyAgreementException("missing message (1)"); ZZ = m1.modPow(B.getX(), B.getParams().getP()); // ZZ = (ya ^ xb) mod p - complete = true; return null; } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalSender.java b/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalSender.java index a2de80a6766..cdd1ef0dac0 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalSender.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/ElGamalSender.java @@ -49,33 +49,19 @@ import java.util.Map; import javax.crypto.interfaces.DHPublicKey; /** - * <p>This implementation is the sender's part of the ElGamal key agreement - * exchange (A in [HAC]).</p> - * + * This implementation is the sender's part of the ElGamal key agreement + * exchange (A in [HAC]). + * * @see ElGamalKeyAgreement */ -public class ElGamalSender extends ElGamalKeyAgreement +public class ElGamalSender + extends ElGamalKeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The recipient's public key. */ private DHPublicKey B; - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(Map attributes) throws KeyAgreementException { rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); @@ -83,9 +69,7 @@ public class ElGamalSender extends ElGamalKeyAgreement // a keypair and publishes its public key B = (DHPublicKey) attributes.get(KA_ELGAMAL_RECIPIENT_PUBLIC_KEY); if (B == null) - { - throw new KeyAgreementException("missing recipient public key"); - } + throw new KeyAgreementException("missing recipient public key"); } protected OutgoingMessage engineProcessMessage(IncomingMessage in) @@ -100,15 +84,12 @@ public class ElGamalSender extends ElGamalKeyAgreement } } - // own methods ------------------------------------------------------------- - private OutgoingMessage computeSharedSecret(IncomingMessage in) throws KeyAgreementException { BigInteger p = B.getParams().getP(); BigInteger g = B.getParams().getG(); BigInteger yb = B.getY(); - // A chooses a random integer x, 1 <= x <= p-2 // rfc-2631 restricts x to only be in [2, p-1] BigInteger p_minus_2 = p.subtract(TWO); @@ -120,14 +101,11 @@ public class ElGamalSender extends ElGamalKeyAgreement x = new BigInteger(1, xBytes); } while (x.compareTo(TWO) >= 0 && x.compareTo(p_minus_2) <= 0); - // A sends B the message: g^x mod p OutgoingMessage result = new OutgoingMessage(); result.writeMPI(g.modPow(x, p)); - // A computes the key as K = (yb)^x mod p ZZ = yb.modPow(x, p); // ZZ = (yb ^ xa) mod p - complete = true; return result; } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKey.java b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKey.java index f1e42d93a3e..1066830c322 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKey.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKey.java @@ -39,55 +39,50 @@ exception statement from your version. */ package gnu.javax.crypto.key.dh; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.util.FormatUtil; import java.math.BigInteger; +import java.security.AccessController; import java.security.Key; import javax.crypto.interfaces.DHKey; import javax.crypto.spec.DHParameterSpec; /** - * <p>A base asbtract class for both public and private Diffie-Hellman keys. It - * encapsulates the two DH numbers: <code>p</code>, and <code>g</code>.</p> - * - * <p>According to the JDK, cryptographic <i>Keys</i> all have a <i>format</i>. + * A base asbtract class for both public and private Diffie-Hellman keys. It + * encapsulates the two DH numbers: <code>p</code>, and <code>g</code>. + * <p> + * According to the JDK, cryptographic <i>Keys</i> all have a <i>format</i>. * The format used in this implementation is called <i>Raw</i>, and basically * consists of the raw byte sequences of algorithm parameters. The exact order - * of the byte sequences and the implementation details are given in each of - * the relevant <code>getEncoded()</code> methods of each of the private and - * public keys.</p> - * - * <p>Reference:</p> + * of the byte sequences and the implementation details are given in each of the + * relevant <code>getEncoded()</code> methods of each of the private and + * public keys. + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key - * Agreement Method</a><br> - * Eric Rescorla.</li> + * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key + * Agreement Method</a><br> + * Eric Rescorla.</li> * </ol> */ -public abstract class GnuDHKey implements Key, DHKey +public abstract class GnuDHKey + implements Key, DHKey { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The public prime q. A prime divisor of p-1. */ protected BigInteger q; - /** The public prime p. */ protected BigInteger p; - /** The generator g. */ protected BigInteger g; - /** - * Identifier of the default encoding format to use when externalizing the - * key material. + * Identifier of the default encoding format to use when externalizing the key + * material. */ protected final int defaultFormat; - - // Constructor(s) - // ------------------------------------------------------------------------- + /** String representation of this key. Cached for speed. */ + private transient String str; /** * Trivial protected constructor. @@ -109,28 +104,13 @@ public abstract class GnuDHKey implements Key, DHKey this.g = g; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // javax.crypto.interfaces.DHKey interface implementation ------------------ - public DHParameterSpec getParams() { if (q == null) - { - return new DHParameterSpec(p, g); - } - else - { - return new DHParameterSpec(p, g, q.bitLength()); - } + return new DHParameterSpec(p, g); + return new DHParameterSpec(p, g, q.bitLength()); } - // java.security.Key interface implementation ------------------------------ - public String getAlgorithm() { return Registry.DH_KPG; @@ -147,38 +127,48 @@ public abstract class GnuDHKey implements Key, DHKey return FormatUtil.getEncodingShortName(defaultFormat); } - // Other instance methods -------------------------------------------------- - public BigInteger getQ() { return q; } /** - * <p>Returns <code>true</code> if the designated object is an instance of - * {@link DHKey} and has the same Diffie-Hellman parameter values as this - * one.</p> - * + * Returns <code>true</code> if the designated object is an instance of + * {@link DHKey} and has the same Diffie-Hellman parameter values as this one. + * * @param obj the other non-null DH key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof DHKey)) - { - return false; - } + return false; + if (! (obj instanceof DHKey)) + return false; DHKey that = (DHKey) obj; return p.equals(that.getParams().getP()) && g.equals(that.getParams().getG()); } - // abstract methods to be implemented by subclasses ------------------------ + public String toString() + { + if (str == null) + { + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); + StringBuilder sb = new StringBuilder(ls) + .append("defaultFormat=").append(defaultFormat).append(",").append(ls); + if (q == null) + sb.append("q=null,"); + else + sb.append("q=0x").append(q.toString(16)).append(","); + sb.append(ls).append("p=0x").append(p.toString(16)).append(",").append(ls) + .append("g=0x").append(g.toString(16)); + str = sb.toString(); + } + return str; + } public abstract byte[] getEncoded(int format); } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java index 5626a2979a8..13cfd9014a9 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java @@ -38,132 +38,84 @@ exception statement from your version. */ package gnu.javax.crypto.key.dh; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.hash.Sha160; import gnu.java.security.key.IKeyPairGenerator; import gnu.java.security.util.PRNG; -import java.io.PrintWriter; import java.math.BigInteger; import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.util.Map; +import java.util.logging.Logger; import javax.crypto.spec.DHGenParameterSpec; import javax.crypto.spec.DHParameterSpec; /** - * <p>An implementation of a Diffie-Hellman keypair generator.</p> - * - * <p>Reference:</p> + * An implementation of a Diffie-Hellman keypair generator. + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key - * Agreement Method</a><br> - * Eric Rescorla.</li> + * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key + * Agreement Method</a><br> + * Eric Rescorla.</li> * </ol> */ -public class GnuDHKeyPairGenerator implements IKeyPairGenerator +public class GnuDHKeyPairGenerator + implements IKeyPairGenerator { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "dh"; - - private static final boolean DEBUG = false; - - private static final int debuglevel = 5; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(GnuDHKeyPairGenerator.class.getName()); /** * Property name of an optional {@link SecureRandom} instance to use. The * default is to use a classloader singleton from {@link PRNG}. */ public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.dh.prng"; - /** * Property name of an optional {@link DHGenParameterSpec} or * {@link DHParameterSpec} instance to use for this generator. */ public static final String DH_PARAMETERS = "gnu.crypto.dh.params"; - /** Property name of the size in bits (Integer) of the public prime (p). */ public static final String PRIME_SIZE = "gnu.crypto.dh.L"; - /** Property name of the size in bits (Integer) of the private exponent (x). */ public static final String EXPONENT_SIZE = "gnu.crypto.dh.m"; - /** * Property name of the preferred encoding format to use when externalizing * generated instance of key-pairs from this generator. The property is taken * to be an {@link Integer} that encapsulates an encoding format identifier. */ public static final String PREFERRED_ENCODING_FORMAT = "gnu.crypto.dh.encoding"; - /** Default value for the size in bits of the public prime (p). */ - // private static final int DEFAULT_PRIME_SIZE = 1024; public static final int DEFAULT_PRIME_SIZE = 512; - /** Default value for the size in bits of the private exponent (x). */ public static final int DEFAULT_EXPONENT_SIZE = 160; - /** Default encoding format to use when none was specified. */ private static final int DEFAULT_ENCODING_FORMAT = Registry.RAW_ENCODING_ID; - /** The SHA instance to use. */ private Sha160 sha = new Sha160(); - /** The optional {@link SecureRandom} instance to use. */ private SecureRandom rnd = null; - /** The desired size in bits of the public prime (p). */ private int l; - /** The desired size in bits of the private exponent (x). */ private int m; - private BigInteger seed; - private BigInteger counter; - private BigInteger q; - private BigInteger p; - private BigInteger j; - private BigInteger g; - /** Our default source of randomness. */ private PRNG prng = null; - /** Preferred encoding format of generated keys. */ private int preferredFormat; - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.keys.IKeyPairGenerator interface implementation --------------- - public String name() { return Registry.DH_KPG; @@ -173,11 +125,9 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator { // do we have a SecureRandom, or should we use our own? rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); - // are we given a set of Diffie-Hellman generation parameters or we shall // use our own? Object params = attributes.get(DH_PARAMETERS); - // find out the desired sizes if (params instanceof DHGenParameterSpec) { @@ -195,7 +145,6 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator g = jceSpec.getG(); l = p.bitLength(); m = jceSpec.getL(); - // If no exponent size was given, generate an exponent as // large as the prime. if (m == 0) @@ -208,21 +157,12 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator bi = (Integer) attributes.get(EXPONENT_SIZE); m = (bi == null ? DEFAULT_EXPONENT_SIZE : bi.intValue()); } - - // if ((L % 256) != 0 || L < 1024) { if ((l % 256) != 0 || l < DEFAULT_PRIME_SIZE) - { - throw new IllegalArgumentException("invalid modulus size"); - } + throw new IllegalArgumentException("invalid modulus size"); if ((m % 8) != 0 || m < DEFAULT_EXPONENT_SIZE) - { - throw new IllegalArgumentException("invalid exponent size"); - } + throw new IllegalArgumentException("invalid exponent size"); if (m > l) - { - throw new IllegalArgumentException("exponent size > modulus size"); - } - + throw new IllegalArgumentException("exponent size > modulus size"); // what is the preferred encoding format Integer formatID = (Integer) attributes.get(PREFERRED_ENCODING_FORMAT); preferredFormat = formatID == null ? DEFAULT_ENCODING_FORMAT @@ -240,22 +180,20 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator p = params[RFC2631.DH_PARAMS_P]; j = params[RFC2631.DH_PARAMS_J]; g = params[RFC2631.DH_PARAMS_G]; - if (DEBUG && debuglevel > 0) + if (Configuration.DEBUG) { - debug("seed: 0x" + seed.toString(16)); - debug("counter: " + counter.intValue()); - debug("q: 0x" + q.toString(16)); - debug("p: 0x" + p.toString(16)); - debug("j: 0x" + j.toString(16)); - debug("g: 0x" + g.toString(16)); + log.fine("seed: 0x" + seed.toString(16)); + log.fine("counter: " + counter.intValue()); + log.fine("q: 0x" + q.toString(16)); + log.fine("p: 0x" + p.toString(16)); + log.fine("j: 0x" + j.toString(16)); + log.fine("g: 0x" + g.toString(16)); } } - // generate a private number x of length m such as: 1 < x < q - 1 BigInteger q_minus_1 = null; if (q != null) q_minus_1 = q.subtract(BigInteger.ONE); - // We already check if m is modulo 8 in `setup.' This could just // be m >>> 3. byte[] mag = new byte[(m + 7) / 8]; @@ -266,31 +204,23 @@ public class GnuDHKeyPairGenerator implements IKeyPairGenerator x = new BigInteger(1, mag); if (x.bitLength() == m && x.compareTo(BigInteger.ONE) > 0 && (q_minus_1 == null || x.compareTo(q_minus_1) < 0)) - { - break; - } + break; } BigInteger y = g.modPow(x, p); - PrivateKey secK = new GnuDHPrivateKey(preferredFormat, q, p, g, x); PublicKey pubK = new GnuDHPublicKey(preferredFormat, q, p, g, y); - return new KeyPair(pubK, secK); } - // other methods ----------------------------------------------------------- - /** - * <p>Fills the designated byte array with random data.</p> - * + * Fills the designated byte array with random data. + * * @param buffer the byte array to fill with random data. */ private void nextRandomBytes(byte[] buffer) { if (rnd != null) - { - rnd.nextBytes(buffer); - } + rnd.nextBytes(buffer); else getDefaultPRNG().nextBytes(buffer); } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPrivateKey.java b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPrivateKey.java index 0e71623b9f7..d8150dcdf02 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPrivateKey.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPrivateKey.java @@ -38,34 +38,34 @@ exception statement from your version. */ package gnu.javax.crypto.key.dh; +import gnu.java.security.Configuration; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.key.IKeyPairCodec; import java.math.BigInteger; +import java.security.AccessController; import javax.crypto.interfaces.DHPrivateKey; /** - * <p>An implementation of the Diffie-Hellman private key.</p> - * - * <p>Reference:</p> + * An implementation of the Diffie-Hellman private key. + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key - * Agreement Method</a><br> - * Eric Rescorla.</li> + * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key + * Agreement Method</a><br> + * Eric Rescorla.</li> * </ol> */ -public class GnuDHPrivateKey extends GnuDHKey implements DHPrivateKey +public class GnuDHPrivateKey + extends GnuDHKey + implements DHPrivateKey { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The private exponent. */ private final BigInteger x; - - // Constructor(s) - // ------------------------------------------------------------------------- + /** String representation of this key. Cached for speed. */ + private transient String str; /** * Convenience constructor. Calls the constructor with five arguments passing @@ -92,31 +92,27 @@ public class GnuDHPrivateKey extends GnuDHKey implements DHPrivateKey * @param g the generator of the group. * @param x the private value x. */ - public GnuDHPrivateKey(int preferredFormat, - BigInteger q, BigInteger p, BigInteger g, BigInteger x) + public GnuDHPrivateKey(int preferredFormat, BigInteger q, BigInteger p, + BigInteger g, BigInteger x) { super(preferredFormat == Registry.ASN1_ENCODING_ID ? Registry.PKCS8_ENCODING_ID : preferredFormat, q, p, g); - this.x = x; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>A class method that takes the output of the <code>encodePrivateKey()</code> + * A class method that takes the output of the <code>encodePrivateKey()</code> * method of a DH keypair codec object (an instance implementing * {@link IKeyPairCodec} for DH keys, and re-constructs an instance of this - * object.</p> - * + * object. + * * @param k the contents of a previously encoded instance of this object. - * @exception ArrayIndexOutOfBoundsException if there is not enough bytes, - * in <code>k</code>, to represent a valid encoding of an instance of - * this object. - * @exception IllegalArgumentException if the byte sequence does not - * represent a valid encoding of an instance of this object. + * @exception ArrayIndexOutOfBoundsException if there is not enough bytes, in + * <code>k</code>, to represent a valid encoding of an + * instance of this object. + * @exception IllegalArgumentException if the byte sequence does not represent + * a valid encoding of an instance of this object. */ public static GnuDHPrivateKey valueOf(byte[] k) { @@ -129,32 +125,24 @@ public class GnuDHPrivateKey extends GnuDHKey implements DHPrivateKey catch (IllegalArgumentException ignored) { } - // try PKCS#8 codec return (GnuDHPrivateKey) new DHKeyPairPKCS8Codec().decodePrivateKey(k); } - // Instance methods - // ------------------------------------------------------------------------- - - // javax.crypto.interfaces.DHPrivateKey interface implementation ----------- - public BigInteger getX() { return x; } - // other methods ----------------------------------------------------------- - /** - * <p>Returns the encoded form of this private key according to the - * designated format.</p> - * + * Returns the encoded form of this private key according to the designated + * format. + * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @exception IllegalArgumentException if the format is not supported. - * @see gnu.crypto.key.dh.DHKeyPairRawCodec + * @see DHKeyPairRawCodec */ public byte[] getEncoded(int format) { @@ -193,4 +181,20 @@ public class GnuDHPrivateKey extends GnuDHKey implements DHPrivateKey DHPrivateKey that = (DHPrivateKey) obj; return super.equals(that) && x.equals(that.getX()); } + + public String toString() + { + if (str == null) + { + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); + str = new StringBuilder(this.getClass().getName()).append("(") + .append(super.toString()).append(",").append(ls) + .append("x=0x").append(Configuration.DEBUG ? x.toString(16) + : "**...*").append(ls) + .append(")") + .toString(); + } + return str; + } } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPublicKey.java b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPublicKey.java index 56516c9d0ea..5fb31f38364 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPublicKey.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/GnuDHPublicKey.java @@ -39,32 +39,31 @@ exception statement from your version. */ package gnu.javax.crypto.key.dh; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.key.IKeyPairCodec; import java.math.BigInteger; +import java.security.AccessController; import javax.crypto.interfaces.DHPublicKey; /** - * <p>An implementation of the Diffie-Hellman public key.</p> - * - * <p>Reference:</p> + * An implementation of the Diffie-Hellman public key. + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key - * Agreement Method</a><br> - * Eric Rescorla.</li> + * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key + * Agreement Method</a><br> + * Eric Rescorla.</li> * </ol> */ -public class GnuDHPublicKey extends GnuDHKey implements DHPublicKey +public class GnuDHPublicKey + extends GnuDHKey + implements DHPublicKey { - - // Constants and variables - // ------------------------------------------------------------------------- - private BigInteger y; - - // Constructor(s) - // ------------------------------------------------------------------------- + /** String representation of this key. Cached for speed. */ + private transient String str; /** * Convenience constructor. Calls the constructor with five arguments passing @@ -91,31 +90,27 @@ public class GnuDHPublicKey extends GnuDHKey implements DHPublicKey * @param g the generator of the group. * @param y the public value y. */ - public GnuDHPublicKey(int preferredFormat, - BigInteger q, BigInteger p, BigInteger g, BigInteger y) + public GnuDHPublicKey(int preferredFormat, BigInteger q, BigInteger p, + BigInteger g, BigInteger y) { super(preferredFormat == Registry.ASN1_ENCODING_ID ? Registry.X509_ENCODING_ID : preferredFormat, q, p, g); - this.y = y; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>A class method that takes the output of the <code>encodePublicKey()</code> + * A class method that takes the output of the <code>encodePublicKey()</code> * method of a DH keypair codec object (an instance implementing * {@link IKeyPairCodec} for DSS keys, and re-constructs an instance of this - * object.</p> - * - * @param k the contents of a previously encoded instance of this object. - * @exception ArrayIndexOutOfBoundsException if there is not enough bytes, - * in <code>k</code>, to represent a valid encoding of an instance of this * object. - * @exception IllegalArgumentException if the byte sequence does not - * represent a valid encoding of an instance of this object. + * + * @param k the contents of a previously encoded instance of this object. + * @exception ArrayIndexOutOfBoundsException if there is not enough bytes, in + * <code>k</code>, to represent a valid encoding of an + * instance of this object. + * @exception IllegalArgumentException if the byte sequence does not represent + * a valid encoding of an instance of this object. */ public static GnuDHPublicKey valueOf(byte[] k) { @@ -128,30 +123,22 @@ public class GnuDHPublicKey extends GnuDHKey implements DHPublicKey catch (IllegalArgumentException ignored) { } - // try X.509 codec return (GnuDHPublicKey) new DHKeyPairX509Codec().decodePublicKey(k); } - // Instance methods - // ------------------------------------------------------------------------- - - // javax.crypto.interfaces.DHPublicKey interface implementation ------------ - public BigInteger getY() { return y; } - // other methods ----------------------------------------------------------- - /** - * <p>Returns the encoded form of this public key according to the designated - * format.</p> - * + * Returns the encoded form of this public key according to the designated + * format. + * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @exception IllegalArgumentException if the format is not supported. */ public byte[] getEncoded(int format) @@ -191,4 +178,19 @@ public class GnuDHPublicKey extends GnuDHKey implements DHPublicKey DHPublicKey that = (DHPublicKey) obj; return super.equals(that) && y.equals(that.getY()); } + + public String toString() + { + if (str == null) + { + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); + str = new StringBuilder(this.getClass().getName()).append("(") + .append(super.toString()).append(",").append(ls) + .append("y=0x").append(y.toString(16)).append(ls) + .append(")") + .toString(); + } + return str; + } } diff --git a/libjava/classpath/gnu/javax/crypto/key/dh/RFC2631.java b/libjava/classpath/gnu/javax/crypto/key/dh/RFC2631.java index d6e30b4bc52..673e44864b5 100644 --- a/libjava/classpath/gnu/javax/crypto/key/dh/RFC2631.java +++ b/libjava/classpath/gnu/javax/crypto/key/dh/RFC2631.java @@ -40,60 +40,41 @@ package gnu.javax.crypto.key.dh; import gnu.java.security.hash.Sha160; import gnu.java.security.util.PRNG; -import gnu.java.security.util.Prime2; import java.math.BigInteger; import java.security.SecureRandom; /** - * <p>An implementation of the Diffie-Hellman parameter generation as defined in - * RFC-2631.</p> - * - * <p>Reference:</p> + * An implementation of the Diffie-Hellman parameter generation as defined in + * RFC-2631. + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key - * Agreement Method</a><br> - * Eric Rescorla.</li> + * <li><a href="http://www.ietf.org/rfc/rfc2631.txt">Diffie-Hellman Key + * Agreement Method</a><br> + * Eric Rescorla.</li> * </ol> */ public class RFC2631 { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final int DH_PARAMS_SEED = 0; - public static final int DH_PARAMS_COUNTER = 1; - public static final int DH_PARAMS_Q = 2; - public static final int DH_PARAMS_P = 3; - public static final int DH_PARAMS_J = 4; - public static final int DH_PARAMS_G = 5; - private static final BigInteger TWO = BigInteger.valueOf(2L); - /** The SHA instance to use. */ private Sha160 sha = new Sha160(); - /** Length of private modulus and of q. */ private int m; - /** Length of public modulus p. */ private int L; - /** The optional {@link SecureRandom} instance to use. */ private SecureRandom rnd = null; - /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public RFC2631(int m, int L, SecureRandom rnd) { super(); @@ -103,12 +84,6 @@ public class RFC2631 this.rnd = rnd; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public BigInteger[] generateParameters() { int i, j, counter; @@ -127,15 +102,16 @@ public class RFC2631 { step4: while (true) { - // 4. Select an arbitrary bit string SEED such that length of SEED >= m + // 4. Select an arbitrary bit string SEED such that length of + // SEED >= m nextRandomBytes(seedBytes); SEED = new BigInteger(1, seedBytes).setBit(m - 1).setBit(0); // 5. Set U = 0 U = BigInteger.ZERO; // 6. For i = 0 to m' - 1 - // U = U + (SHA1[SEED + i] XOR SHA1[(SEED + m' + i)) * 2^(160 * i) - // Note that for m=160, this reduces to the algorithm of [FIPS-186] - // U = SHA1[SEED] XOR SHA1[(SEED+1) mod 2^160 ]. + // U = U + (SHA1[SEED + i] XOR SHA1[(SEED + m' + i)) * 2^(160 * i) + // Note that for m=160, this reduces to the algorithm of FIPS-186 + // U = SHA1[SEED] XOR SHA1[(SEED+1) mod 2^160 ]. for (i = 0; i < m_; i++) { u1 = SEED.add(BigInteger.valueOf(i)).toByteArray(); @@ -145,31 +121,27 @@ public class RFC2631 sha.update(u2, 0, u2.length); u2 = sha.digest(); for (j = 0; j < u1.length; j++) - { - u1[j] ^= u2[j]; - } + u1[j] ^= u2[j]; U = U.add(new BigInteger(1, u1).multiply(TWO.pow(160 * i))); } // 5. Form q from U by computing U mod (2^m) and setting the most - // significant bit (the 2^(m-1) bit) and the least significant bit to - // 1. In terms of boolean operations, q = U OR 2^(m-1) OR 1. Note - // that 2^(m-1) < q < 2^m + // significant bit (the 2^(m-1) bit) and the least significant + // bit to 1. In terms of boolean operations, q = U OR 2^(m-1) OR + // 1. Note that 2^(m-1) < q < 2^m q = U.setBit(m - 1).setBit(0); // 6. Use a robust primality algorithm to test whether q is prime. // 7. If q is not prime then go to 4. - if (Prime2.isProbablePrime(q)) - { - break step4; - } + if (q.isProbablePrime(80)) + break step4; } // 8. Let counter = 0 counter = 0; step9: while (true) { // 9. Set R = seed + 2*m' + (L' * counter) - R = SEED.add(BigInteger.valueOf(2 * m_)).add( - BigInteger.valueOf(L_ - * counter)); + R = SEED + .add(BigInteger.valueOf(2 * m_)) + .add(BigInteger.valueOf(L_ * counter)); // 10. Set V = 0 V = BigInteger.ZERO; // 12. For i = 0 to L'-1 do: V = V + SHA1(R + i) * 2^(160 * i) @@ -187,10 +159,10 @@ public class RFC2631 X = W.setBit(L - 1); // 15. Set p = X - (X mod (2*q)) + 1 p = X.add(BigInteger.ONE).subtract(X.mod(TWO.multiply(q))); - // 16. If p > 2^(L-1) use a robust primality test to test whether p is - // prime. Else go to 18. - //17. If p is prime output p, q, seed, counter and stop. - if (Prime2.isProbablePrime(p)) + // 16. If p > 2^(L-1) use a robust primality test to test whether p + // is prime. Else go to 18. + // 17. If p is prime output p, q, seed, counter and stop. + if (p.isProbablePrime(80)) { break algorithm; } @@ -199,12 +171,9 @@ public class RFC2631 // 19. If counter < (4096 * N) then go to 8. // 20. Output "failure" if (counter >= 4096 * N_) - { - continue algorithm; - } + continue algorithm; } } - // compute g. from FIPS-186, Appendix 4: // 1. Generate p and q as specified in Appendix 2. // 2. Let e = (p - 1) / q @@ -219,28 +188,21 @@ public class RFC2631 // 4. Set g = h**e mod p g = h.modPow(e, p); // 5. If g = 1, go to step 3 - if (!g.equals(BigInteger.ONE)) - { - break; - } + if (! g.equals(BigInteger.ONE)) + break; } - return new BigInteger[] { SEED, BigInteger.valueOf(counter), q, p, e, g }; } - // helper methods ---------------------------------------------------------- - /** - * <p>Fills the designated byte array with random data.</p> + * Fills the designated byte array with random data. * * @param buffer the byte array to fill with random data. */ private void nextRandomBytes(byte[] buffer) { if (rnd != null) - { - rnd.nextBytes(buffer); - } + rnd.nextBytes(buffer); else getDefaultPRNG().nextBytes(buffer); } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6Host.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6Host.java index 192e877b7ed..44f99467319 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6Host.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6Host.java @@ -56,65 +56,41 @@ import java.util.HashMap; import java.util.Map; /** - * <p>The implementation of the Host in the SRP-6 key agreement protocol.</p> - * - * <p>Reference:</p> + * The implementation of the Host in the SRP-6 key agreement protocol. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRP6Host extends SRP6KeyAgreement +public class SRP6Host + extends SRP6KeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The user's ephemeral key pair. */ private KeyPair hostKeyPair; /** The SRP password database. */ private SRPAuthInfoProvider passwordDB; - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(final Map attributes) throws KeyAgreementException { rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); N = (BigInteger) attributes.get(SHARED_MODULUS); if (N == null) - { - throw new KeyAgreementException("missing shared modulus"); - } + throw new KeyAgreementException("missing shared modulus"); g = (BigInteger) attributes.get(GENERATOR); if (g == null) - { - throw new KeyAgreementException("missing generator"); - } - + throw new KeyAgreementException("missing generator"); final String md = (String) attributes.get(HASH_FUNCTION); - if (md == null || "".equals(md.trim())) - { - throw new KeyAgreementException("missing hash function"); - } + if (md == null || md.trim().length() == 0) + throw new KeyAgreementException("missing hash function"); srp = SRP.instance(md); - passwordDB = (SRPAuthInfoProvider) attributes.get(HOST_PASSWORD_DB); if (passwordDB == null) - { - throw new KeyAgreementException("missing SRP password database"); - } + throw new KeyAgreementException("missing SRP password database"); } protected OutgoingMessage engineProcessMessage(final IncomingMessage in) @@ -135,14 +111,11 @@ public class SRP6Host extends SRP6KeyAgreement super.engineReset(); } - // own methods ------------------------------------------------------------- - private OutgoingMessage computeSharedSecret(final IncomingMessage in) throws KeyAgreementException { final String I = in.readString(); final BigInteger A = in.readMPI(); - // get s and v for user identified by I // ---------------------------------------------------------------------- final Map credentials; @@ -157,56 +130,31 @@ public class SRP6Host extends SRP6KeyAgreement { throw new KeyAgreementException("computeSharedSecret()", x); } - final BigInteger s = new BigInteger( - 1, - Util.fromBase64((String) credentials.get(SRPRegistry.SALT_FIELD))); + 1,Util.fromBase64((String) credentials.get(SRPRegistry.SALT_FIELD))); final BigInteger v = new BigInteger( - 1, - Util.fromBase64((String) credentials.get(SRPRegistry.USER_VERIFIER_FIELD))); - - // Map configuration = null; - // try { - // String mode = (String) credentials.get(SRPRegistry.CONFIG_NDX_FIELD); - // configuration = passwordDB.getConfiguration(mode); - // } catch (IOException x) { - // throw new KeyAgreementException("computeSharedSecret()", x); - // } - // - // BigInteger N = new BigInteger(1, Util.fromBase64( - // (String) configuration.get(SRPRegistry.SHARED_MODULUS))); - // BigInteger g = new BigInteger(1, Util.fromBase64( - // (String) configuration.get(SRPRegistry.FIELD_GENERATOR))); - // ---------------------------------------------------------------------- - + 1, Util.fromBase64((String) credentials.get(SRPRegistry.USER_VERIFIER_FIELD))); final SRPKeyPairGenerator kpg = new SRPKeyPairGenerator(); final Map attributes = new HashMap(); if (rnd != null) - { - attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); - } + attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); attributes.put(SRPKeyPairGenerator.SHARED_MODULUS, N); attributes.put(SRPKeyPairGenerator.GENERATOR, g); attributes.put(SRPKeyPairGenerator.USER_VERIFIER, v); kpg.setup(attributes); hostKeyPair = kpg.generate(); - final BigInteger B = ((SRPPublicKey) hostKeyPair.getPublic()).getY(); final BigInteger u = uValue(A, B); // u = H(A | B) - // compute S = (Av^u) ^ b final BigInteger b = ((SRPPrivateKey) hostKeyPair.getPrivate()).getX(); final BigInteger S = A.multiply(v.modPow(u, N)).modPow(b, N); - final byte[] sBytes = Util.trim(S); final IMessageDigest hash = srp.newDigest(); hash.update(sBytes, 0, sBytes.length); K = new BigInteger(1, hash.digest()); - final OutgoingMessage result = new OutgoingMessage(); result.writeMPI(s); result.writeMPI(B); - complete = true; return result; } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6KeyAgreement.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6KeyAgreement.java index 63c981d80ef..b4264184e5e 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6KeyAgreement.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6KeyAgreement.java @@ -49,98 +49,72 @@ import gnu.javax.crypto.sasl.srp.SRP; import java.math.BigInteger; /** - * <p>The Secure Remote Password (SRP) key agreement protocol, also known as - * SRP-6, is designed by Thomas J. Wu (see references). The protocol, and its - * elements are described as follows:</p> - * + * The Secure Remote Password (SRP) key agreement protocol, also known as SRP-6, + * is designed by Thomas J. Wu (see references). The protocol, and its elements + * are described as follows: * <pre> - * N A large safe prime (N = 2q+1, where q is prime) - * All arithmetic is done modulo N. - * g A generator modulo N - * s User's salt - * I Username - * p Cleartext Password - * H() One-way hash function - * ^ (Modular) Exponentiation - * u Random scrambling parameter - * a,b Secret ephemeral values - * A,B Public ephemeral values - * x Private key (derived from p and s) - * v Password verifier - * - * The host stores passwords using the following formula: - * x = H(s | H(I ":" p)) (s is chosen randomly) - * v = g^x (computes password verifier) - * - * The host then keeps {I, s, v} in its password database. - * - * The authentication protocol itself goes as follows: - * User -> Host: I, A = g^a (identifies self, a = random number) - * Host -> User: s, B = 3v + g^b (sends salt, b = random number) - * - * Both: u = H(A, B) - * - * User: x = H(s, p) (user enters password) - * User: S = (B - 3g^x) ^ (a + ux) (computes session key) - * User: K = H(S) - * - * Host: S = (Av^u) ^ b (computes session key) - * Host: K = H(S) + * N A large safe prime (N = 2q+1, where q is prime) + * All arithmetic is done modulo N. + * g A generator modulo N + * s User's salt + * I Username + * p Cleartext Password + * H() One-way hash function + * ˆ (Modular) Exponentiation + * u Random scrambling parameter + * a,b Secret ephemeral values + * A,B Public ephemeral values + * x Private key (derived from p and s) + * v Password verifier + * + * The host stores passwords using the following formula: + * x = H(s | H(I ":" p)) (s is chosen randomly) + * v = gˆx (computes password verifier) + * + * The host then keeps {I, s, v} in its password database. + * + * The authentication protocol itself goes as follows: + * User -> Host: I, A = gˆa (identifies self, a = random number) + * Host -> User: s, B = 3v + gˆb (sends salt, b = random number) + * + * Both: u = H(A, B) + * + * User: x = H(s, p) (user enters password) + * User: S = (B - 3gˆx) ˆ (a + ux) (computes session key) + * User: K = H(S) + * + * Host: S = (Avˆu) ˆ b (computes session key) + * Host: K = H(S) * </pre> - * - * <p>Reference:</p> + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public abstract class SRP6KeyAgreement extends BaseKeyAgreementParty +public abstract class SRP6KeyAgreement + extends BaseKeyAgreementParty { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.srp6.ka.prng"; - public static final String SHARED_MODULUS = "gnu.crypto.srp6.ka.N"; - public static final String GENERATOR = "gnu.crypto.srp6.ka.g"; - public static final String HASH_FUNCTION = "gnu.crypto.srp6.ka.H"; - public static final String USER_IDENTITY = "gnu.crypto.srp6.ka.I"; - public static final String USER_PASSWORD = "gnu.crypto.srp6.ka.p"; - public static final String HOST_PASSWORD_DB = "gnu.crypto.srp6.ka.password.db"; - protected static final BigInteger THREE = BigInteger.valueOf(3L); - protected SRP srp; - protected BigInteger N; - protected BigInteger g; - /** The shared secret key. */ protected BigInteger K; - // Constructor(s) - // ------------------------------------------------------------------------- - protected SRP6KeyAgreement() { super(Registry.SRP6_KA); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of common abstract methods in BaseKeyAGreementParty ------ - protected byte[] engineSharedSecret() throws KeyAgreementException { return Util.trim(K); @@ -148,25 +122,20 @@ public abstract class SRP6KeyAgreement extends BaseKeyAgreementParty protected void engineReset() { - // mda = null; srp = null; N = null; g = null; K = null; } - // helper methods ---------------------------------------------------------- - protected BigInteger uValue(final BigInteger A, final BigInteger B) { - // IMessageDigest hash = (IMessageDigest) mda.clone(); final IMessageDigest hash = srp.newDigest(); byte[] b; b = Util.trim(A); hash.update(b, 0, b.length); b = Util.trim(B); hash.update(b, 0, b.length); - return new BigInteger(1, hash.digest()); } } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslClient.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslClient.java index ef460b13bc7..f5969f0c195 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslClient.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslClient.java @@ -48,54 +48,43 @@ import gnu.javax.crypto.key.OutgoingMessage; import java.math.BigInteger; /** - * <p>A variation of the SRP-6 protocol as used in the SASL-SRP mechanism, for - * the User (client side).</p> - * - * <p>In this alternative, the exchange goes as follows:</p> + * A variation of the SRP-6 protocol as used in the SASL-SRP mechanism, for the + * User (client side). + * <p> + * In this alternative, the exchange goes as follows: + * * <pre> - * C -> S: I (identifies self) - * S -> C: N, g, s, B = 3v + g^b (sends salt, b = random number) - * C -> S: A = g^a (a = random number) + * C -> S: I (identifies self) + * S -> C: N, g, s, B = 3v + gˆb (sends salt, b = random number) + * C -> S: A = gˆa (a = random number) * </pre> - * - * <p>All elements are computed the same way as in the standard version.</p> - * - * <p>Reference:</p> + * + * <p> + * All elements are computed the same way as in the standard version. + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> - * Secure Remote Password Authentication Mechanism</a><br> - * K. Burdis, R. Naffah.</li> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a + * href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> + * Secure Remote Password Authentication Mechanism</a><br> + * K. Burdis, R. Naffah.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRP6SaslClient extends SRP6TLSClient +public class SRP6SaslClient + extends SRP6TLSClient { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - protected OutgoingMessage computeSharedSecret(final IncomingMessage in) throws KeyAgreementException { final OutgoingMessage result = super.computeSharedSecret(in); - final byte[] sBytes = Util.trim(K); final IMessageDigest hash = srp.newDigest(); hash.update(sBytes, 0, sBytes.length); K = new BigInteger(1, hash.digest()); - return result; } } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslServer.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslServer.java index 5e759964e08..7e68c99c437 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslServer.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6SaslServer.java @@ -48,54 +48,43 @@ import gnu.javax.crypto.key.OutgoingMessage; import java.math.BigInteger; /** - * <p>A variation of the SRP-6 protocol as used in the SASL-SRP mechanism, for - * the Host (server side).</p> - * - * <p>In this alternative, the exchange goes as follows:</p> + * A variation of the SRP-6 protocol as used in the SASL-SRP mechanism, for the + * Host (server side). + * <p> + * In this alternative, the exchange goes as follows: + * * <pre> - * C -> S: I (identifies self) - * S -> C: N, g, s, B = 3v + g^b (sends salt, b = random number) - * C -> S: A = g^a (a = random number) + * C -> S: I (identifies self) + * S -> C: N, g, s, B = 3v + gˆb (sends salt, b = random number) + * C -> S: A = gˆa (a = random number) * </pre> - * - * <p>All elements are computed the same way as in the standard version.</p> - * - * <p>Reference:</p> + * + * <p> + * All elements are computed the same way as in the standard version. + * <p> + * Reference: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> - * Secure Remote Password Authentication Mechanism</a><br> - * K. Burdis, R. Naffah.</li> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a + * href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> + * Secure Remote Password Authentication Mechanism</a><br> + * K. Burdis, R. Naffah.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRP6SaslServer extends SRP6TLSServer +public class SRP6SaslServer + extends SRP6TLSServer { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - protected OutgoingMessage computeSharedSecret(final IncomingMessage in) throws KeyAgreementException { super.computeSharedSecret(in); - final byte[] sBytes = Util.trim(K); final IMessageDigest hash = srp.newDigest(); hash.update(sBytes, 0, sBytes.length); K = new BigInteger(1, hash.digest()); - return null; } } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSClient.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSClient.java index 5474a1e8eb9..af0be02dfe0 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSClient.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSClient.java @@ -51,62 +51,38 @@ import java.util.HashMap; import java.util.Map; /** - * <p>A variation of the SRP6 key agreement protocol, for the client-side as - * proposed in - * <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt">Using + * A variation of the SRP6 key agreement protocol, for the client-side as + * proposed in <a + * href="http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt">Using * SRP for TLS Authentication</a>. The only difference between it and the SASL * variant is that the shared secret is the entity <code>S</code> and not - * <code>H(S)</code>.</p> + * <code>H(S)</code>. */ -public class SRP6TLSClient extends SRP6KeyAgreement +public class SRP6TLSClient + extends SRP6KeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The user's identity. */ private String I; - /** The user's cleartext password. */ private byte[] p; - /** The user's ephemeral key pair. */ private KeyPair userKeyPair; - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(final Map attributes) throws KeyAgreementException { rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); - final String md = (String) attributes.get(HASH_FUNCTION); - if (md == null || "".equals(md.trim())) - { - throw new KeyAgreementException("missing hash function"); - } + if (md == null || md.trim().length() == 0) + throw new KeyAgreementException("missing hash function"); srp = SRP.instance(md); - I = (String) attributes.get(USER_IDENTITY); if (I == null) - { - throw new KeyAgreementException("missing user identity"); - } + throw new KeyAgreementException("missing user identity"); p = (byte[]) attributes.get(USER_PASSWORD); if (p == null) - { - throw new KeyAgreementException("missing user password"); - } + throw new KeyAgreementException("missing user password"); } protected OutgoingMessage engineProcessMessage(final IncomingMessage in) @@ -131,14 +107,11 @@ public class SRP6TLSClient extends SRP6KeyAgreement super.engineReset(); } - // own methods ------------------------------------------------------------- - private OutgoingMessage sendIdentity(final IncomingMessage in) throws KeyAgreementException { final OutgoingMessage result = new OutgoingMessage(); result.writeString(I); - return result; } @@ -149,19 +122,15 @@ public class SRP6TLSClient extends SRP6KeyAgreement g = in.readMPI(); final BigInteger s = in.readMPI(); final BigInteger B = in.readMPI(); - // generate an ephemeral keypair final SRPKeyPairGenerator kpg = new SRPKeyPairGenerator(); final Map attributes = new HashMap(); if (rnd != null) - { - attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); - } + attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); attributes.put(SRPKeyPairGenerator.SHARED_MODULUS, N); attributes.put(SRPKeyPairGenerator.GENERATOR, g); kpg.setup(attributes); userKeyPair = kpg.generate(); - final BigInteger A = ((SRPPublicKey) userKeyPair.getPublic()).getY(); final BigInteger u = uValue(A, B); // u = H(A | B) final BigInteger x; @@ -173,18 +142,13 @@ public class SRP6TLSClient extends SRP6KeyAgreement { throw new KeyAgreementException("computeSharedSecret()", e); } - // compute S = (B - 3g^x) ^ (a + ux) final BigInteger a = ((SRPPrivateKey) userKeyPair.getPrivate()).getX(); - final BigInteger S = B.subtract(THREE.multiply(g.modPow(x, N))).modPow( - a.add(u.multiply(x)), - N); - + final BigInteger S = B.subtract(THREE.multiply(g.modPow(x, N))) + .modPow(a.add(u.multiply(x)), N); K = S; - final OutgoingMessage result = new OutgoingMessage(); result.writeMPI(A); - complete = true; return result; } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSServer.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSServer.java index ecbe36f62b1..f91cffd00f6 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSServer.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6TLSServer.java @@ -55,54 +55,33 @@ import java.util.HashMap; import java.util.Map; /** - * <p>A variation of the SRP6 key agreement protocol, for the server-side as - * proposed in - * <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt">Using + * A variation of the SRP6 key agreement protocol, for the server-side as + * proposed in <a + * href="http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt">Using * SRP for TLS Authentication</a>. The only difference between it and the SASL * variant is that the shared secret is the entity <code>S</code> and not - * <code>H(S)</code>.</p> + * <code>H(S)</code>. */ -public class SRP6TLSServer extends SRP6KeyAgreement +public class SRP6TLSServer + extends SRP6KeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The user's ephemeral key pair. */ private KeyPair hostKeyPair; - /** The SRP password database. */ private SRPAuthInfoProvider passwordDB; - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(final Map attributes) throws KeyAgreementException { rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); - final String md = (String) attributes.get(HASH_FUNCTION); - if (md == null || "".equals(md.trim())) - { - throw new KeyAgreementException("missing hash function"); - } + if (md == null || md.trim().length() == 0) + throw new KeyAgreementException("missing hash function"); srp = SRP.instance(md); - passwordDB = (SRPAuthInfoProvider) attributes.get(HOST_PASSWORD_DB); if (passwordDB == null) - { - throw new KeyAgreementException("missing SRP password database"); - } + throw new KeyAgreementException("missing SRP password database"); } protected OutgoingMessage engineProcessMessage(final IncomingMessage in) @@ -125,13 +104,10 @@ public class SRP6TLSServer extends SRP6KeyAgreement super.engineReset(); } - // own methods ------------------------------------------------------------- - private OutgoingMessage sendParameters(final IncomingMessage in) throws KeyAgreementException { final String I = in.readString(); - // get s and v for user identified by I // ---------------------------------------------------------------------- final Map credentials; @@ -148,12 +124,9 @@ public class SRP6TLSServer extends SRP6KeyAgreement } final BigInteger s = new BigInteger( - 1, - Util.fromBase64((String) credentials.get(SRPRegistry.SALT_FIELD))); + 1, Util.fromBase64((String) credentials.get(SRPRegistry.SALT_FIELD))); final BigInteger v = new BigInteger( - 1, - Util.fromBase64((String) credentials.get(SRPRegistry.USER_VERIFIER_FIELD))); - + 1, Util.fromBase64((String) credentials.get(SRPRegistry.USER_VERIFIER_FIELD))); final Map configuration; try { @@ -164,36 +137,26 @@ public class SRP6TLSServer extends SRP6KeyAgreement { throw new KeyAgreementException("computeSharedSecret()", x); } - N = new BigInteger( - 1, - Util.fromBase64((String) configuration.get(SRPRegistry.SHARED_MODULUS))); + 1, Util.fromBase64((String) configuration.get(SRPRegistry.SHARED_MODULUS))); g = new BigInteger( - 1, - Util.fromBase64((String) configuration.get(SRPRegistry.FIELD_GENERATOR))); - // ---------------------------------------------------------------------- - + 1, Util.fromBase64((String) configuration.get(SRPRegistry.FIELD_GENERATOR))); // generate an ephemeral keypair final SRPKeyPairGenerator kpg = new SRPKeyPairGenerator(); final Map attributes = new HashMap(); if (rnd != null) - { - attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); - } + attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); attributes.put(SRPKeyPairGenerator.SHARED_MODULUS, N); attributes.put(SRPKeyPairGenerator.GENERATOR, g); attributes.put(SRPKeyPairGenerator.USER_VERIFIER, v); kpg.setup(attributes); hostKeyPair = kpg.generate(); - final BigInteger B = ((SRPPublicKey) hostKeyPair.getPublic()).getY(); - final OutgoingMessage result = new OutgoingMessage(); result.writeMPI(N); result.writeMPI(g); result.writeMPI(s); result.writeMPI(B); - return result; } @@ -201,17 +164,13 @@ public class SRP6TLSServer extends SRP6KeyAgreement throws KeyAgreementException { final BigInteger A = in.readMPI(); - final BigInteger B = ((SRPPublicKey) hostKeyPair.getPublic()).getY(); final BigInteger u = uValue(A, B); // u = H(A | B) - // compute S = (Av^u) ^ b final BigInteger b = ((SRPPrivateKey) hostKeyPair.getPrivate()).getX(); final BigInteger v = ((SRPPrivateKey) hostKeyPair.getPrivate()).getV(); final BigInteger S = A.multiply(v.modPow(u, N)).modPow(b, N); - K = S; - complete = true; return null; } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6User.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6User.java index d300d6f7664..7c97e76976e 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6User.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRP6User.java @@ -52,73 +52,45 @@ import java.util.HashMap; import java.util.Map; /** - * <p>The implementation of the User in the SRP-6 protocol.</p> - * - * <p>Reference:</p> + * The implementation of the User in the SRP-6 protocol. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRP6User extends SRP6KeyAgreement +public class SRP6User + extends SRP6KeyAgreement { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The user's identity. */ private String I; - /** The user's cleartext password. */ private byte[] p; - /** The user's ephemeral key pair. */ private KeyPair userKeyPair; - // Constructor(s) - // ------------------------------------------------------------------------- - // default 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // implementation of abstract methods in base class ------------------------ - protected void engineInit(final Map attributes) throws KeyAgreementException { rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); N = (BigInteger) attributes.get(SHARED_MODULUS); if (N == null) - { - throw new KeyAgreementException("missing shared modulus"); - } + throw new KeyAgreementException("missing shared modulus"); g = (BigInteger) attributes.get(GENERATOR); if (g == null) - { - throw new KeyAgreementException("missing generator"); - } - + throw new KeyAgreementException("missing generator"); final String md = (String) attributes.get(HASH_FUNCTION); - if (md == null || "".equals(md.trim())) - { - throw new KeyAgreementException("missing hash function"); - } + if (md == null || md.trim().length() == 0) + throw new KeyAgreementException("missing hash function"); srp = SRP.instance(md); - I = (String) attributes.get(USER_IDENTITY); if (I == null) - { - throw new KeyAgreementException("missing user identity"); - } + throw new KeyAgreementException("missing user identity"); p = (byte[]) attributes.get(USER_PASSWORD); if (p == null) - { - throw new KeyAgreementException("missing user password"); - } + throw new KeyAgreementException("missing user password"); } protected OutgoingMessage engineProcessMessage(final IncomingMessage in) @@ -143,8 +115,6 @@ public class SRP6User extends SRP6KeyAgreement super.engineReset(); } - // own methods ------------------------------------------------------------- - private OutgoingMessage sendIdentity(final IncomingMessage in) throws KeyAgreementException { @@ -152,18 +122,14 @@ public class SRP6User extends SRP6KeyAgreement final SRPKeyPairGenerator kpg = new SRPKeyPairGenerator(); final Map attributes = new HashMap(); if (rnd != null) - { - attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); - } + attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd); attributes.put(SRPKeyPairGenerator.SHARED_MODULUS, N); attributes.put(SRPKeyPairGenerator.GENERATOR, g); kpg.setup(attributes); userKeyPair = kpg.generate(); - final OutgoingMessage result = new OutgoingMessage(); result.writeString(I); result.writeMPI(((SRPPublicKey) userKeyPair.getPublic()).getY()); - return result; } @@ -172,10 +138,8 @@ public class SRP6User extends SRP6KeyAgreement { final BigInteger s = in.readMPI(); final BigInteger B = in.readMPI(); - final BigInteger A = ((SRPPublicKey) userKeyPair.getPublic()).getY(); final BigInteger u = uValue(A, B); // u = H(A | B) - final BigInteger x; try { @@ -185,18 +149,14 @@ public class SRP6User extends SRP6KeyAgreement { throw new KeyAgreementException("computeSharedSecret()", e); } - // compute S = (B - 3g^x) ^ (a + ux) final BigInteger a = ((SRPPrivateKey) userKeyPair.getPrivate()).getX(); - final BigInteger S = B.subtract(THREE.multiply(g.modPow(x, N))).modPow( - a.add(u.multiply(x)), - N); - + final BigInteger S = B.subtract(THREE.multiply(g.modPow(x, N))) + .modPow(a.add(u.multiply(x)), N); final byte[] sBytes = Util.trim(S); final IMessageDigest hash = srp.newDigest(); hash.update(sBytes, 0, sBytes.length); K = new BigInteger(1, hash.digest()); - complete = true; return null; } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPAlgorithm.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPAlgorithm.java index b068863ed0a..85b3b1139dc 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPAlgorithm.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPAlgorithm.java @@ -38,15 +38,14 @@ exception statement from your version. */ package gnu.javax.crypto.key.srp6; -import gnu.java.security.util.Prime2; import gnu.javax.crypto.sasl.srp.SRPRegistry; import java.math.BigInteger; /** - * <p>Utilities for use with SRP-6 based methods and protocols.</p> - * - * <p>Reference:</p> + * Utilities for use with SRP-6 based methods and protocols. + * <p> + * Reference: * <ol> * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> * Thomas J. Wu.</li> @@ -54,122 +53,79 @@ import java.math.BigInteger; */ public class SRPAlgorithm { - - // Constants and variables - // ------------------------------------------------------------------------- - // lifted from draft-burdis-cat-srp-sasl-09 public static final BigInteger N_2048 = new BigInteger( - "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050" - + "A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50" - + "E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B8" - + "55F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773B" - + "CA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748" - + "544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6" - + "AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB6" - + "94B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73", - 16); - + "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050" + + "A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50" + + "E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B8" + + "55F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773B" + + "CA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748" + + "544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6" + + "AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB6" + + "94B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73", 16); public static final BigInteger N_1536 = new BigInteger( - "9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D" - + "5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DC" - + "DF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC" - + "764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C486" - + "65772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E" - + "5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB", - 16); - + "9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D" + + "5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DC" + + "DF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC" + + "764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C486" + + "65772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E" + + "5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB", 16); public static final BigInteger N_1280 = new BigInteger( - "D77946826E811914B39401D56A0A7843A8E7575D738C672A090AB1187D690DC4" - + "3872FC06A7B6A43F3B95BEAEC7DF04B9D242EBDC481111283216CE816E004B78" - + "6C5FCE856780D41837D95AD787A50BBE90BD3A9C98AC0F5FC0DE744B1CDE1891" - + "690894BC1F65E00DE15B4B2AA6D87100C9ECC2527E45EB849DEB14BB2049B163" - + "EA04187FD27C1BD9C7958CD40CE7067A9C024F9B7C5A0B4F5003686161F0605B", - 16); - + "D77946826E811914B39401D56A0A7843A8E7575D738C672A090AB1187D690DC4" + + "3872FC06A7B6A43F3B95BEAEC7DF04B9D242EBDC481111283216CE816E004B78" + + "6C5FCE856780D41837D95AD787A50BBE90BD3A9C98AC0F5FC0DE744B1CDE1891" + + "690894BC1F65E00DE15B4B2AA6D87100C9ECC2527E45EB849DEB14BB2049B163" + + "EA04187FD27C1BD9C7958CD40CE7067A9C024F9B7C5A0B4F5003686161F0605B", 16); public static final BigInteger N_1024 = new BigInteger( - "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576" - + "D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD1" - + "5DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC" - + "68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", - 16); - + "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576" + + "D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD1" + + "5DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC" + + "68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", 16); public static final BigInteger N_768 = new BigInteger( - "B344C7C4F8C495031BB4E04FF8F84EE95008163940B9558276744D91F7CC9F40" - + "2653BE7147F00F576B93754BCDDF71B636F2099E6FFF90E79575F3D0DE694AFF" - + "737D9BE9713CEF8D837ADA6380B1093E94B6A529A8C6C2BE33E0867C60C3262B", - 16); - + "B344C7C4F8C495031BB4E04FF8F84EE95008163940B9558276744D91F7CC9F40" + + "2653BE7147F00F576B93754BCDDF71B636F2099E6FFF90E79575F3D0DE694AFF" + + "737D9BE9713CEF8D837ADA6380B1093E94B6A529A8C6C2BE33E0867C60C3262B", 16); public static final BigInteger N_640 = new BigInteger( - "C94D67EB5B1A2346E8AB422FC6A0EDAEDA8C7F894C9EEEC42F9ED250FD7F0046" - + "E5AF2CF73D6B2FA26BB08033DA4DE322E144E7A8E9B12A0E4637F6371F34A207" - + "1C4B3836CBEEAB15034460FAA7ADF483", - 16); - + "C94D67EB5B1A2346E8AB422FC6A0EDAEDA8C7F894C9EEEC42F9ED250FD7F0046" + + "E5AF2CF73D6B2FA26BB08033DA4DE322E144E7A8E9B12A0E4637F6371F34A207" + + "1C4B3836CBEEAB15034460FAA7ADF483", 16); public static final BigInteger N_512 = new BigInteger( - "D4C7F8A2B32C11B8FBA9581EC4BA4F1B04215642EF7355E37C0FC0443EF756EA" - + "2C6B8EEB755A1C723027663CAA265EF785B8FF6A9B35227A52D86633DBDFCA43", - 16); - + "D4C7F8A2B32C11B8FBA9581EC4BA4F1B04215642EF7355E37C0FC0443EF756EA" + + "2C6B8EEB755A1C723027663CAA265EF785B8FF6A9B35227A52D86633DBDFCA43", 16); public static final BigInteger N_384 = new BigInteger( - "8025363296FB943FCE54BE717E0E2958A02A9672EF561953B2BAA3BAACC3ED57" - + "54EB764C7AB7184578C57D5949CCB41B", - 16); - + "8025363296FB943FCE54BE717E0E2958A02A9672EF561953B2BAA3BAACC3ED57" + + "54EB764C7AB7184578C57D5949CCB41B", 16); public static final BigInteger N_264 = new BigInteger( - "115B8B692E0E045692CF280B436735C77A5A9E8A9E7ED56C965F87DB5B2A2ECE3", - 16); - + "115B8B692E0E045692CF280B436735C77A5A9E8A9E7ED56C965F87DB5B2A2ECE3", 16); private static final BigInteger ZERO = BigInteger.ZERO; - private static final BigInteger ONE = BigInteger.ONE; - private static final BigInteger TWO = BigInteger.valueOf(2L); - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor to enforce usage through class methods. */ private SRPAlgorithm() { super(); } - // Class methods - // ------------------------------------------------------------------------- - public static void checkParams(final BigInteger N, final BigInteger g) { // 1. N should be at least 512-bit long final int blen = N.bitLength(); if (blen < SRPRegistry.MINIMUM_MODULUS_BITLENGTH) - { - throw new IllegalArgumentException( - "Bit length of N (" - + blen - + ") is too low. Should be at least " - + SRPRegistry.MINIMUM_MODULUS_BITLENGTH); - } + throw new IllegalArgumentException("Bit length of N (" + + blen + + ") is too low. Should be at least " + + SRPRegistry.MINIMUM_MODULUS_BITLENGTH); // 2. N should be a prime - if (!Prime2.passEulerCriterion(N)) - { - throw new IllegalArgumentException("N should be prime but isn't"); - } + if (! N.isProbablePrime(80)) + throw new IllegalArgumentException("N should be prime but isn't"); // 3. N should be of the form 2*q + 1, where q is prime final BigInteger q = N.subtract(ONE).divide(TWO); - if (!Prime2.passEulerCriterion(q)) - { - throw new IllegalArgumentException("(N-1)/2 should be prime but isn't"); - } + if (! q.isProbablePrime(80)) + throw new IllegalArgumentException("(N-1)/2 should be prime but isn't"); // 4. g**q should be -1 mod N final BigInteger gq = g.modPow(q, N).add(ONE).mod(N); if (gq.compareTo(ZERO) != 0) - { - throw new IllegalArgumentException( - "g**q should be -1 (mod N) but isn't"); - } + throw new IllegalArgumentException("g**q should be -1 (mod N) but isn't"); } - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKey.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKey.java index 202ef33b7e2..06ba47a9fb3 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKey.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKey.java @@ -46,37 +46,30 @@ import java.math.BigInteger; import java.security.Key; /** - * <p>An abstract representation of a base SRP ephemeral key.</p> - * - * <p>This object encapsulates the two numbers:</p> + * An abstract representation of a base SRP ephemeral key. + * <p> + * This object encapsulates the two numbers: * <ul> - * <li><b>N</b>: A large safe prime (N = 2q+1, where q is prime).</li> - * <li><b>g</b>: A generator modulo N.</li> + * <li><b>N</b>: A large safe prime (N = 2q+1, where q is prime).</li> + * <li><b>g</b>: A generator modulo N.</li> * </ul> - * - * <p>Note that in SRP, all arithmetic is done modulo N.</p> - * - * <p>Reference:</p> + * <p> + * Note that in SRP, all arithmetic is done modulo N. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public abstract class SRPKey implements Key, Serializable +public abstract class SRPKey + implements Key, Serializable { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The public, Germaine prime, shared modulus. */ protected final BigInteger N; - /** The generator. */ protected final BigInteger g; - // Constructor(s) - // ------------------------------------------------------------------------- - protected SRPKey(BigInteger N, BigInteger g) { super(); @@ -85,17 +78,9 @@ public abstract class SRPKey implements Key, Serializable this.g = g; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.Key interface implementation ------------------------------ - /** - * <p>Returns the standard algorithm name for this key.</p> - * + * Returns the standard algorithm name for this key. + * * @return the standard algorithm name for this key. */ public String getAlgorithm() @@ -112,7 +97,7 @@ public abstract class SRPKey implements Key, Serializable /** * Returns {@link Registry#RAW_ENCODING_SHORT_NAME} which is the sole format * supported for this type of keys. - * + * * @return {@link Registry#RAW_ENCODING_SHORT_NAME} ALWAYS. */ public String getFormat() @@ -120,11 +105,9 @@ public abstract class SRPKey implements Key, Serializable return Registry.RAW_ENCODING_SHORT_NAME; } - // other methods ----------------------------------------------------------- - /** - * <p>Returns the public shared modulus.</p> - * + * Returns the public shared modulus. + * * @return <code>N</code>. */ public BigInteger getN() @@ -133,8 +116,8 @@ public abstract class SRPKey implements Key, Serializable } /** - * <p>Returns the generator.</p> - * + * Returns the generator. + * * @return <code>g</code>. */ public BigInteger getG() @@ -143,28 +126,22 @@ public abstract class SRPKey implements Key, Serializable } /** - * <p>Returns <code>true</code> if the designated object is an instance of - * <code>SRPKey</code> and has the same SRP parameter values as this one.</p> - * + * Returns <code>true</code> if the designated object is an instance of + * <code>SRPKey</code> and has the same SRP parameter values as this one. + * * @param obj the other non-null SRP key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof SRPKey)) - { - return false; - } + return false; + if (! (obj instanceof SRPKey)) + return false; SRPKey that = (SRPKey) obj; return N.equals(that.getN()) && g.equals(that.getG()); } - // abstract methods to be implemented by subclasses ------------------------ - public abstract byte[] getEncoded(int format); } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairGenerator.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairGenerator.java index 2957fc3c855..8d50c9b71cb 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairGenerator.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairGenerator.java @@ -38,111 +38,64 @@ exception statement from your version. */ package gnu.javax.crypto.key.srp6; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.key.IKeyPairGenerator; import gnu.java.security.util.PRNG; -import gnu.java.security.util.Prime2; -import java.io.PrintWriter; import java.math.BigInteger; import java.security.KeyPair; import java.security.SecureRandom; import java.util.Map; +import java.util.logging.Logger; /** - * - * - * <p>Reference:</p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRPKeyPairGenerator implements IKeyPairGenerator +public class SRPKeyPairGenerator + implements IKeyPairGenerator { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "srp"; - - private static final boolean DEBUG = false; - - private static final int debuglevel = 5; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SRPKeyPairGenerator.class.getName()); private static final BigInteger ZERO = BigInteger.ZERO; - private static final BigInteger ONE = BigInteger.ONE; - private static final BigInteger TWO = BigInteger.valueOf(2L); - private static final BigInteger THREE = BigInteger.valueOf(3L); - /** Property name of the length (Integer) of the modulus (N) of an SRP key. */ public static final String MODULUS_LENGTH = "gnu.crypto.srp.L"; - /** Property name of the Boolean indicating wether or not to use defaults. */ public static final String USE_DEFAULTS = "gnu.crypto.srp.use.defaults"; - /** Property name of the modulus (N) of an SRP key. */ public static final String SHARED_MODULUS = "gnu.crypto.srp.N"; - /** Property name of the generator (g) of an SRP key. */ public static final String GENERATOR = "gnu.crypto.srp.g"; - /** Property name of the user's verifier (v) for a Server SRP key. */ public static final String USER_VERIFIER = "gnu.crypto.srp.v"; - /** * Property name of an optional {@link SecureRandom} instance to use. The * default is to use a classloader singleton from {@link PRNG}. */ public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.srp.prng"; - /** Default value for the modulus length. */ private static final int DEFAULT_MODULUS_LENGTH = 1024; - /** The optional {@link SecureRandom} instance to use. */ private SecureRandom rnd = null; - /** Bit length of the shared modulus. */ private int l; - /** The shared public modulus. */ private BigInteger N; - /** The Field generator. */ private BigInteger g; - /** The user's verifier MPI. */ private BigInteger v; - /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.key.IKeyPairGenerator interface implementation --------------- - public String name() { return Registry.SRP_KPG; @@ -152,25 +105,20 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator { // do we have a SecureRandom, or should we use our own? rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); - N = (BigInteger) attributes.get(SHARED_MODULUS); if (N != null) { l = N.bitLength(); g = (BigInteger) attributes.get(GENERATOR); if (g == null) - { - g = TWO; - } + g = TWO; SRPAlgorithm.checkParams(N, g); } else { // generate or use default values for N and g Boolean useDefaults = (Boolean) attributes.get(USE_DEFAULTS); if (useDefaults == null) - { - useDefaults = Boolean.TRUE; - } + useDefaults = Boolean.TRUE; Integer L = (Integer) attributes.get(MODULUS_LENGTH); l = DEFAULT_MODULUS_LENGTH; if (useDefaults.equals(Boolean.TRUE)) @@ -203,26 +151,23 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator break; default: throw new IllegalArgumentException( - "unknown default shared modulus bit length"); + "unknown default shared modulus bit length"); } g = TWO; l = N.bitLength(); } } - else - { // generate new N and g + else // generate new N and g + { if (L != null) { l = L.intValue(); if ((l % 256) != 0 || l < 512 || l > 2048) - { - throw new IllegalArgumentException( - "invalid shared modulus bit length"); - } + throw new IllegalArgumentException( + "invalid shared modulus bit length"); } } } - // are we using this generator on the server side, or the client side? v = (BigInteger) attributes.get(USER_VERIFIER); } @@ -235,23 +180,20 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator BigInteger q = params[0]; N = params[1]; g = params[2]; - if (DEBUG && debuglevel > 0) + if (Configuration.DEBUG) { - debug("q: " + q.toString(16)); - debug("N: " + N.toString(16)); - debug("g: " + g.toString(16)); + log.fine("q: " + q.toString(16)); + log.fine("N: " + N.toString(16)); + log.fine("g: " + g.toString(16)); } } - return (v != null ? hostKeyPair() : userKeyPair()); } - // helper methods ---------------------------------------------------------- - private synchronized BigInteger[] generateParameters() { - // N A large safe prime (N = 2q+1, where q is prime) - // g A generator modulo N + // N A large safe prime (N = 2q+1, where q is prime) + // g A generator modulo N BigInteger q, p, g; byte[] qBytes = new byte[l / 8]; do @@ -262,11 +204,10 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator q = new BigInteger(1, qBytes); q = q.setBit(0).setBit(l - 2).clearBit(l - 1); } - while (!Prime2.isProbablePrime(q)); + while (! q.isProbablePrime(80)); p = q.multiply(TWO).add(ONE); } - while (p.bitLength() != l || !Prime2.isProbablePrime(p)); - + while (p.bitLength() != l || ! p.isProbablePrime(80)); // compute g. from FIPS-186, Appendix 4: e == 2 BigInteger p_minus_1 = p.subtract(ONE); g = TWO; @@ -277,12 +218,9 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator // Set g = h**2 mod p g = h.modPow(TWO, p); // If g = 1, go to step 3 - if (!g.equals(ONE)) - { - break; - } + if (! g.equals(ONE)) + break; } - return new BigInteger[] { q, p, g }; } @@ -301,11 +239,8 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator B = THREE.multiply(v).add(g.modPow(b, N)).mod(N); } while (B.compareTo(ZERO) == 0 || B.compareTo(N) >= 0); - - KeyPair result = new KeyPair( - new SRPPublicKey(new BigInteger[] { N, g, B }), - new SRPPrivateKey(new BigInteger[] { N, g, b, - v })); + KeyPair result = new KeyPair(new SRPPublicKey(new BigInteger[] { N, g, B }), + new SRPPrivateKey(new BigInteger[] { N, g, b, v })); return result; } @@ -324,9 +259,7 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator A = g.modPow(a, N); } while (A.compareTo(ZERO) == 0 || A.compareTo(N) >= 0); - - KeyPair result = new KeyPair( - new SRPPublicKey(new BigInteger[] { N, g, A }), + KeyPair result = new KeyPair(new SRPPublicKey(new BigInteger[] { N, g, A }), new SRPPrivateKey(new BigInteger[] { N, g, a })); return result; } @@ -334,9 +267,7 @@ public class SRPKeyPairGenerator implements IKeyPairGenerator private void nextRandomBytes(byte[] buffer) { if (rnd != null) - { - rnd.nextBytes(buffer); - } + rnd.nextBytes(buffer); else getDefaultPRNG().nextBytes(buffer); } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairRawCodec.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairRawCodec.java index 39234b6271f..555dc23cf1a 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairRawCodec.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairRawCodec.java @@ -47,116 +47,93 @@ import java.security.PrivateKey; import java.security.PublicKey; /** - * <p>An object that implements the {@link IKeyPairCodec} operations for the - * <i>Raw</i> format to use with SRP keypairs.</p> - * - * <p>Reference:</p> + * An object that implements the {@link IKeyPairCodec} operations for the + * <i>Raw</i> format to use with SRP keypairs. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRPKeyPairRawCodec implements IKeyPairCodec +public class SRPKeyPairRawCodec + implements IKeyPairCodec { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.keys.IKeyPairCodec interface implementation ------------------ - public int getFormatID() { return RAW_FORMAT; } /** - * <p>Returns the encoded form of the designated SRP public key according to - * the <i>Raw</i> format supported by this library.</p> - * - * <p>The <i>Raw</i> format for an SRP public key, in this implementation, is - * a byte sequence consisting of the following:</p> + * Returns the encoded form of the designated SRP public key according to the + * <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for an SRP public key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_SRP_PUBLIC_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the SRP parameter - * <code>N</code> in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the SRP parameter - * <code>N</code>,</li> - * <li>4-byte count of following bytes representing the SRP parameter - * <code>g</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the SRP parameter - * <code>g</code>,</li> - * <li>4-byte count of following bytes representing the SRP parameter - * <code>y</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the SRP parameter - * <code>y</code>,</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_SRP_PUBLIC_KEY},</li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the SRP parameter + * <code>N</code> in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the SRP parameter <code>N</code>, + * </li> + * <li>4-byte count of following bytes representing the SRP parameter + * <code>g</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the SRP parameter <code>g</code>, + * </li> + * <li>4-byte count of following bytes representing the SRP parameter + * <code>y</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the SRP parameter <code>y</code>, + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. * @throws IllegalArgumentException if the designated key is not an SRP one. */ public byte[] encodePublicKey(PublicKey key) { - if (!(key instanceof SRPPublicKey)) - { - throw new IllegalArgumentException("key"); - } - + if (! (key instanceof SRPPublicKey)) + throw new IllegalArgumentException("key"); SRPPublicKey srpKey = (SRPPublicKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_SRP_PUBLIC_KEY[0]); baos.write(Registry.MAGIC_RAW_SRP_PUBLIC_KEY[1]); baos.write(Registry.MAGIC_RAW_SRP_PUBLIC_KEY[2]); baos.write(Registry.MAGIC_RAW_SRP_PUBLIC_KEY[3]); - // version baos.write(0x01); - // N byte[] buffer = srpKey.getN().toByteArray(); int length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // g buffer = srpKey.getG().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // y buffer = srpKey.getY().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - return baos.toByteArray(); } @@ -167,150 +144,133 @@ public class SRPKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_SRP_PUBLIC_KEY[1] || k[2] != Registry.MAGIC_RAW_SRP_PUBLIC_KEY[2] || k[3] != Registry.MAGIC_RAW_SRP_PUBLIC_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } - + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } + throw new IllegalArgumentException("version"); int i = 5; - int l; byte[] buffer; - // N - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger N = new BigInteger(1, buffer); - // g - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger g = new BigInteger(1, buffer); - // y - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger y = new BigInteger(1, buffer); - return new SRPPublicKey(N, g, y); } /** - * <p>Returns the encoded form of the designated SRP private key according to - * the <i>Raw</i> format supported by this library.</p> - * - * <p>The <i>Raw</i> format for an SRP private key, in this implementation, - * is a byte sequence consisting of the following:</p> + * Returns the encoded form of the designated SRP private key according to the + * <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for an SRP private key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_SRP_PRIVATE_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the SRP parameter - * <code>N</code> in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the SRP parameter - * <code>N</code>,</li> - * <li>4-byte count of following bytes representing the SRP parameter - * <code>g</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the SRP parameter - * <code>g</code>,</li> - * <li>4-byte count of following bytes representing the SRP parameter - * <code>x</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the SRP parameter - * <code>x</code>,</li> - * <li>one byte which indicates whether the SRP parameter <code>v</code> - * is included in this encoding (value <code>0x01</code>) or not - * (value <code>0x00</code>).</li> - * <li>4-byte count of following bytes representing the SRP parameter - * <code>v</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the SRP parameter - * <code>v</code>,</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_SRP_PRIVATE_KEY},</li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the SRP parameter + * <code>N</code> in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the SRP parameter <code>N</code>, + * </li> + * <li>4-byte count of following bytes representing the SRP parameter + * <code>g</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the SRP parameter <code>g</code>, + * </li> + * <li>4-byte count of following bytes representing the SRP parameter + * <code>x</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the SRP parameter <code>x</code>, + * </li> + * <li>one byte which indicates whether the SRP parameter <code>v</code> is + * included in this encoding (value <code>0x01</code>) or not (value + * <code>0x00</code>).</li> + * <li>4-byte count of following bytes representing the SRP parameter + * <code>v</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the SRP parameter <code>v</code>, + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. * @throws IllegalArgumentException if the designated key is not an SRP one. */ public byte[] encodePrivateKey(PrivateKey key) { - if (!(key instanceof SRPPrivateKey)) - { - throw new IllegalArgumentException("key"); - } - + if (! (key instanceof SRPPrivateKey)) + throw new IllegalArgumentException("key"); SRPPrivateKey srpKey = (SRPPrivateKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_SRP_PRIVATE_KEY[0]); baos.write(Registry.MAGIC_RAW_SRP_PRIVATE_KEY[1]); baos.write(Registry.MAGIC_RAW_SRP_PRIVATE_KEY[2]); baos.write(Registry.MAGIC_RAW_SRP_PRIVATE_KEY[3]); - // version baos.write(0x01); - // N byte[] buffer = srpKey.getN().toByteArray(); int length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // g buffer = srpKey.getG().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // x buffer = srpKey.getX().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); - // v if (srpKey.getV() != null) { baos.write(0x01); - buffer = srpKey.getV().toByteArray(); length = buffer.length; - baos.write(length >>> 24); + baos.write( length >>> 24); baos.write((length >>> 16) & 0xFF); - baos.write((length >>> 8) & 0xFF); - baos.write(length & 0xFF); + baos.write((length >>> 8) & 0xFF); + baos.write( length & 0xFF); baos.write(buffer, 0, length); } else - { - baos.write(0x00); - } - + baos.write(0x00); return baos.toByteArray(); } @@ -321,60 +281,54 @@ public class SRPKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_SRP_PRIVATE_KEY[1] || k[2] != Registry.MAGIC_RAW_SRP_PRIVATE_KEY[2] || k[3] != Registry.MAGIC_RAW_SRP_PRIVATE_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } - + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } + throw new IllegalArgumentException("version"); int i = 5; - int l; byte[] buffer; - // N - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger N = new BigInteger(1, buffer); - // g - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger g = new BigInteger(1, buffer); - // x - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger x = new BigInteger(1, buffer); - // v l = k[i++]; if (l == 0x01) { - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger v = new BigInteger(1, buffer); - return new SRPPrivateKey(N, g, x, v); } - else - { - return new SRPPrivateKey(N, g, x); - } + return new SRPPrivateKey(N, g, x); } } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPrivateKey.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPrivateKey.java index d9f7a19a6cf..d5ade07d765 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPrivateKey.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPrivateKey.java @@ -45,39 +45,33 @@ import java.math.BigInteger; import java.security.PrivateKey; /** - * <p>A representation of an SRP ephemeral private key.</p> - * - * <p>Reference:</p> + * A representation of an SRP ephemeral private key. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRPPrivateKey extends SRPKey implements PrivateKey +public class SRPPrivateKey + extends SRPKey + implements PrivateKey { - - // Constants and variables - // ------------------------------------------------------------------------- - /** - * The private exponent for either the server or the client engaged in the - * SRP protocol exchange. + * The private exponent for either the server or the client engaged in the SRP + * protocol exchange. */ private final BigInteger X; - /** - * The user's verifier (v) --for the server-- also computed at the client - * side as g.modPow(x, N), where x is the hashed output of the user name and + * The user's verifier (v) --for the server-- also computed at the client side + * as g.modPow(x, N), where x is the hashed output of the user name and * password . */ private final BigInteger v; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Public constructor for use from outside this package.</p> - * + * Public constructor for use from outside this package. + * * @param N the public shared modulus. * @param g the generator. * @param x the private exponent of the ephemeral key. @@ -88,8 +82,8 @@ public class SRPPrivateKey extends SRPKey implements PrivateKey } /** - * <p>Public constructor for use from outside this package.</p> - * + * Public constructor for use from outside this package. + * * @param N the public shared modulus. * @param g the generator. * @param x the private exponent of the ephemeral key. @@ -105,15 +99,16 @@ public class SRPPrivateKey extends SRPKey implements PrivateKey } /** - * <p>Default constructor. Assumes N and g are already validated.</p> - * + * Default constructor. Assumes N and g are already validated. + * * @param params an array of either 3 or 4 values representing N, g, and - * either v and X for the server, or just X for the client. Those values - * represent the following: - * <ol> - * <li>v (server side): the user's verifier.</li> - * <li>X (both sides): the server's or client's ephemeral private exponent.</li> - * </ol> + * either v and X for the server, or just X for the client. Those + * values represent the following: + * <ol> + * <li>v (server side): the user's verifier.</li> + * <li>X (both sides): the server's or client's ephemeral private + * exponent.</li> + * </ol> */ SRPPrivateKey(BigInteger[] params) { @@ -130,31 +125,27 @@ public class SRPPrivateKey extends SRPKey implements PrivateKey v = params[3]; } else - { - throw new IllegalArgumentException("invalid number of SRP parameters"); - } + throw new IllegalArgumentException("invalid number of SRP parameters"); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>A class method that takes the output of the <code>encodePrivateKey()</code> + * A class method that takes the output of the <code>encodePrivateKey()</code> * method of an SRP keypair codec object (an instance implementing * {@link IKeyPairCodec} for DSS keys, and re-constructs an instance of this - * object.</p> - * + * object. + * * @param k the contents of a previously encoded instance of this object. * @throws ArrayIndexOutOfBoundsException if there is not enough bytes, in - * <code>k</code>, to represent a valid encoding of an instance of this object. + * <code>k</code>, to represent a valid encoding of an instance + * of this object. * @throws IllegalArgumentException if the byte sequence does not represent a - * valid encoding of an instance of this object. + * valid encoding of an instance of this object. */ public static SRPPrivateKey valueOf(byte[] k) { // check magic... // we should parse here enough bytes to know which codec to use, and - // direct the byte array to the appropriate codec. since we only have one + // direct the byte array to the appropriate codec. since we only have one // codec, we could have immediately tried it; nevertheless since testing // one byte is cheaper than instatiating a codec that will fail we test // the first byte before we carry on. @@ -164,18 +155,12 @@ public class SRPPrivateKey extends SRPKey implements PrivateKey IKeyPairCodec codec = new SRPKeyPairRawCodec(); return (SRPPrivateKey) codec.decodePrivateKey(k); } - else - { - throw new IllegalArgumentException("magic"); - } + throw new IllegalArgumentException("magic"); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the private exponent of the key as a {@link BigInteger}.</p> - * + * Returns the private exponent of the key as a {@link BigInteger}. + * * @return the private exponent of the key as a {@link BigInteger}. */ public BigInteger getX() @@ -184,26 +169,24 @@ public class SRPPrivateKey extends SRPKey implements PrivateKey } /** - * <p>Returns the user's verifier as a {@link BigInteger}.</p> - * + * Returns the user's verifier as a {@link BigInteger}. + * * @return the user's verifier as a {@link BigInteger} if this is an SRP - * private key of a Host, or <code>null</code> if this is a private SRP key - * for a User. + * private key of a Host, or <code>null</code> if this is a private + * SRP key for a User. */ public BigInteger getV() { return v; } - // Other instance methods -------------------------------------------------- - /** - * <p>Returns the encoded form of this private key according to the - * designated format.</p> - * + * Returns the encoded form of this private key according to the designated + * format. + * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @throws IllegalArgumentException if the format is not supported. */ public byte[] getEncoded(int format) @@ -221,30 +204,24 @@ public class SRPPrivateKey extends SRPKey implements PrivateKey } /** - * <p>Returns <code>true</code> if the designated object is an instance of + * Returns <code>true</code> if the designated object is an instance of * <code>SRPPrivateKey</code> and has the same SRP parameter values as this - * one.</p> - * + * one. + * * @param obj the other non-null SRP key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof SRPPrivateKey)) - { - return false; - } + return false; + if (! (obj instanceof SRPPrivateKey)) + return false; SRPPrivateKey that = (SRPPrivateKey) obj; boolean result = super.equals(that) && X.equals(that.getX()); if (v != null) - { - result = result && v.equals(that.getV()); - } + result = result && v.equals(that.getV()); return result; } } diff --git a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPublicKey.java b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPublicKey.java index 7283fd3dae2..04a949211b9 100644 --- a/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPublicKey.java +++ b/libjava/classpath/gnu/javax/crypto/key/srp6/SRPPublicKey.java @@ -45,32 +45,27 @@ import java.math.BigInteger; import java.security.PublicKey; /** - * <p>A representation of an SRP ephemeral public key.</p> - * - * <p>Reference:</p> + * A representation of an SRP ephemeral public key. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ -public class SRPPublicKey extends SRPKey implements PublicKey +public class SRPPublicKey + extends SRPKey + implements PublicKey { - - // Constants and variables - // ------------------------------------------------------------------------- - /** - * The public exponent for either the server or the client engaged in the - * SRP protocol exchange. + * The public exponent for either the server or the client engaged in the SRP + * protocol exchange. */ private final BigInteger Y; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Public constructor for use from outside this package.</p> - * + * Public constructor for use from outside this package. + * * @param N the public shared modulus. * @param g the generator. * @param Y the public exponent of the ephemeral key. @@ -84,10 +79,10 @@ public class SRPPublicKey extends SRPKey implements PublicKey } /** - * <p>Default constructor. Assumes that N and g are already validated.</p> - * + * Default constructor. Assumes that N and g are already validated. + * * @param params an array of 3 values representing N, g and Y; the latter - * being the client's or server's public exponent. + * being the client's or server's public exponent. */ SRPPublicKey(BigInteger[] params) { @@ -96,26 +91,24 @@ public class SRPPublicKey extends SRPKey implements PublicKey this.Y = params[2]; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>A class method that takes the output of the <code>encodePublicKey()</code> + * A class method that takes the output of the <code>encodePublicKey()</code> * method of an SRP keypair codec object (an instance implementing * {@link IKeyPairCodec} for SRP keys, and re-constructs an instance of this - * object.</p> - * + * object. + * * @param k the contents of a previously encoded instance of this object. * @throws ArrayIndexOutOfBoundsException if there is not enough bytes, in - * <code>k</code>, to represent a valid encoding of an instance of this object. + * <code>k</code>, to represent a valid encoding of an instance + * of this object. * @throws IllegalArgumentException if the byte sequence does not represent a - * valid encoding of an instance of this object. + * valid encoding of an instance of this object. */ public static SRPPublicKey valueOf(byte[] k) { // check magic... // we should parse here enough bytes to know which codec to use, and - // direct the byte array to the appropriate codec. since we only have one + // direct the byte array to the appropriate codec. since we only have one // codec, we could have immediately tried it; nevertheless since testing // one byte is cheaper than instatiating a codec that will fail we test // the first byte before we carry on. @@ -125,18 +118,12 @@ public class SRPPublicKey extends SRPKey implements PublicKey IKeyPairCodec codec = new SRPKeyPairRawCodec(); return (SRPPublicKey) codec.decodePublicKey(k); } - else - { - throw new IllegalArgumentException("magic"); - } + throw new IllegalArgumentException("magic"); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the public exponent of the key as a {@link BigInteger}.</p> - * + * Returns the public exponent of the key as a {@link BigInteger}. + * * @return the public exponent of the key as a {@link BigInteger}. */ public BigInteger getY() @@ -144,15 +131,13 @@ public class SRPPublicKey extends SRPKey implements PublicKey return Y; } - // Other instance methods -------------------------------------------------- - /** - * <p>Returns the encoded form of this public key according to the designated - * format.</p> - * + * Returns the encoded form of this public key according to the designated + * format. + * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @throws IllegalArgumentException if the format is not supported. */ public byte[] getEncoded(int format) @@ -170,24 +155,20 @@ public class SRPPublicKey extends SRPKey implements PublicKey } /** - * <p>Returns <code>true</code> if the designated object is an instance of - * <code>SRPPublicKey</code>and has the same SRP parameter values as this one. - * </p> - * + * Returns <code>true</code> if the designated object is an instance of + * <code>SRPPublicKey</code>and has the same SRP parameter values as this + * one. + * * @param obj the other non-null SRP key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof SRPPublicKey)) - { - return false; - } + return false; + if (! (obj instanceof SRPPublicKey)) + return false; SRPPublicKey that = (SRPPublicKey) obj; return super.equals(that) && Y.equals(that.getY()); } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/AuthenticatedEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/AuthenticatedEntry.java index 22b42b3ea0b..cd2e5868db9 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/AuthenticatedEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/AuthenticatedEntry.java @@ -38,46 +38,32 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Registry; +import gnu.javax.crypto.mac.IMac; +import gnu.javax.crypto.mac.MacFactory; +import gnu.javax.crypto.mac.MacOutputStream; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; - import java.security.InvalidKeyException; - import java.util.Arrays; -import java.util.Date; -import java.util.Iterator; import java.util.HashMap; -import java.util.List; - -import gnu.java.security.Registry; -import gnu.javax.crypto.mac.IMac; -import gnu.javax.crypto.mac.MacFactory; -import gnu.javax.crypto.mac.MacInputStream; -import gnu.javax.crypto.mac.MacOutputStream; +import java.util.Iterator; -public final class AuthenticatedEntry extends MaskableEnvelopeEntry implements - Registry +public final class AuthenticatedEntry + extends MaskableEnvelopeEntry + implements Registry { - - // Constants and fields. - // ------------------------------------------------------------------------ - public static final int TYPE = 2; - // Constructor. - // ------------------------------------------------------------------------ - public AuthenticatedEntry(String mac, int macLen, Properties properties) { super(TYPE, properties); - if (macLen <= 0) - { - throw new IllegalArgumentException("invalid mac length"); - } + throw new IllegalArgumentException("invalid mac length"); this.properties.put("mac", mac); this.properties.put("maclen", String.valueOf(macLen)); setMasked(false); @@ -89,32 +75,22 @@ public final class AuthenticatedEntry extends MaskableEnvelopeEntry implements setMasked(true); } - // Class methods. - // ------------------------------------------------------------------------ - public static AuthenticatedEntry decode(DataInputStream in) throws IOException { AuthenticatedEntry entry = new AuthenticatedEntry(); entry.properties.decode(in); - if (!entry.properties.containsKey("mac")) - { - throw new MalformedKeyringException("no mac specified"); - } - if (!entry.properties.containsKey("maclen")) - { - throw new MalformedKeyringException("no mac length specified"); - } + if (! entry.properties.containsKey("mac")) + throw new MalformedKeyringException("no mac specified"); + if (! entry.properties.containsKey("maclen")) + throw new MalformedKeyringException("no mac length specified"); return entry; } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Computes the mac over this envelope's data. This method <b>must</b> be * called before this entry in encoded. - * + * * @param key The key to authenticate with. * @throws IOException If encoding fails. * @throws InvalidKeyException If the supplied key is bad. @@ -122,11 +98,8 @@ public final class AuthenticatedEntry extends MaskableEnvelopeEntry implements public void authenticate(byte[] key) throws IOException, InvalidKeyException { if (isMasked()) - { - throw new IllegalStateException("entry is masked"); - } + throw new IllegalStateException("entry is masked"); IMac m = getMac(key); - ByteArrayOutputStream bout = new ByteArrayOutputStream(1024); MacOutputStream macout = new MacOutputStream(bout, m); DataOutputStream out2 = new DataOutputStream(macout); @@ -140,36 +113,28 @@ public final class AuthenticatedEntry extends MaskableEnvelopeEntry implements } /** - * Verifies this entry's payload. This method will unmask this entry, - * thus it must be called before accessing its contents. - * + * Verifies this entry's payload. This method will unmask this entry, thus it + * must be called before accessing its contents. + * * @param key The key to use to authenticate. * @throws InvalidKeyException If the given key is improper. */ public void verify(byte[] key) throws InvalidKeyException { - if (!isMasked() || payload == null) - { - return; - } + if (! isMasked() || payload == null) + return; IMac m = getMac(key); - m.update(payload, 0, payload.length - m.macSize()); byte[] macValue = new byte[m.macSize()]; System.arraycopy(payload, payload.length - macValue.length, macValue, 0, macValue.length); - if (!Arrays.equals(macValue, m.digest())) - { - throw new IllegalArgumentException("MAC verification failed"); - } + if (! Arrays.equals(macValue, m.digest())) + throw new IllegalArgumentException("MAC verification failed"); try { - DataInputStream in = new DataInputStream( - new ByteArrayInputStream( - payload, - 0, - payload.length - - m.macSize())); + int len = payload.length - m.macSize(); + ByteArrayInputStream bais = new ByteArrayInputStream(payload, 0, len); + DataInputStream in = new DataInputStream(bais); decodeEnvelope(in); } catch (IOException ioe) @@ -183,27 +148,17 @@ public final class AuthenticatedEntry extends MaskableEnvelopeEntry implements protected void encodePayload() throws IOException { if (payload == null) - { - throw new IllegalStateException("not authenticated"); - } + throw new IllegalStateException("not authenticated"); } - // Own methods. - // ------------------------------------------------------------------------ - private IMac getMac(byte[] key) throws InvalidKeyException { IMac mac = MacFactory.getInstance(properties.get("mac")); if (mac == null) - { - throw new IllegalArgumentException("no such mac: " - + properties.get("mac")); - } + throw new IllegalArgumentException("no such mac: " + properties.get("mac")); int maclen = 0; - if (!properties.containsKey("maclen")) - { - throw new IllegalArgumentException("no MAC length"); - } + if (! properties.containsKey("maclen")) + throw new IllegalArgumentException("no MAC length"); try { maclen = Integer.parseInt(properties.get("maclen")); @@ -212,10 +167,9 @@ public final class AuthenticatedEntry extends MaskableEnvelopeEntry implements { throw new IllegalArgumentException("bad MAC length"); } - HashMap macAttr = new HashMap(); macAttr.put(IMac.MAC_KEY_MATERIAL, key); - macAttr.put(IMac.TRUNCATED_SIZE, new Integer(maclen)); + macAttr.put(IMac.TRUNCATED_SIZE, Integer.valueOf(maclen)); mac.init(macAttr); return mac; } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/BaseKeyring.java b/libjava/classpath/gnu/javax/crypto/keyring/BaseKeyring.java index 5fe7dbf4deb..369507d4c73 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/BaseKeyring.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/BaseKeyring.java @@ -38,86 +38,58 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; -import java.io.InputStream; +import gnu.java.security.Registry; + import java.io.IOException; +import java.io.InputStream; import java.io.OutputStream; - import java.util.Enumeration; import java.util.List; import java.util.Map; import java.util.StringTokenizer; -import gnu.java.security.Registry; - -public abstract class BaseKeyring implements IKeyring +public abstract class BaseKeyring + implements IKeyring { - - // Fields. - // ------------------------------------------------------------------------ - - /** - * The top-level keyring data. - */ + /** The top-level keyring data. */ protected PasswordAuthenticatedEntry keyring; - protected CompressedEntry keyring2; - // Constructors. - // ------------------------------------------------------------------------ - public BaseKeyring() { } - // Instance methods. - // ------------------------------------------------------------------------ - public void load(Map attributes) throws IOException { InputStream in = (InputStream) attributes.get(KEYRING_DATA_IN); if (in == null) - { - throw new IllegalArgumentException("no input stream"); - } + throw new IllegalArgumentException("no input stream"); char[] password = (char[]) attributes.get(KEYRING_PASSWORD); if (password == null) - { - password = new char[0]; - } + password = new char[0]; if (in.read() != Registry.GKR_MAGIC[0] || in.read() != Registry.GKR_MAGIC[1] || in.read() != Registry.GKR_MAGIC[2] || in.read() != Registry.GKR_MAGIC[3]) - { - throw new MalformedKeyringException("magic"); - } + throw new MalformedKeyringException("magic"); load(in, password); - List l = keyring.getEntries(); if (l.size() == 1 && (l.get(0) instanceof CompressedEntry)) - { - keyring2 = (CompressedEntry) l.get(0); - } + keyring2 = (CompressedEntry) l.get(0); } public void store(Map attributes) throws IOException { OutputStream out = (OutputStream) attributes.get(KEYRING_DATA_OUT); if (out == null) - { - throw new IllegalArgumentException("no output stream"); - } + throw new IllegalArgumentException("no output stream"); char[] password = (char[]) attributes.get(KEYRING_PASSWORD); if (password == null) - { - password = new char[0]; - } + password = new char[0]; if (keyring == null) - { - throw new IllegalStateException("empty keyring"); - } + throw new IllegalStateException("empty keyring"); out.write(Registry.GKR_MAGIC); store(out, password); @@ -131,45 +103,35 @@ public abstract class BaseKeyring implements IKeyring public int size() { if (keyring == null) - { - throw new IllegalStateException ("keyring not loaded"); - } + throw new IllegalStateException("keyring not loaded"); return ((StringTokenizer) aliases()).countTokens(); } public Enumeration aliases() { if (keyring == null) - { - throw new IllegalStateException ("keyring not loaded"); - } + throw new IllegalStateException("keyring not loaded"); return new StringTokenizer(keyring.getAliasList(), ";"); } public boolean containsAlias(String alias) { if (keyring == null) - { - throw new IllegalStateException("keyring not loaded"); - } + throw new IllegalStateException("keyring not loaded"); return keyring.containsAlias(alias); } public List get(String alias) { if (keyring == null) - { - throw new IllegalStateException("keyring not loaded"); - } + throw new IllegalStateException("keyring not loaded"); return keyring.get(alias); } public void add(Entry entry) { if (keyring == null) - { - throw new IllegalStateException("keyring not loaded"); - } + throw new IllegalStateException("keyring not loaded"); if (keyring2 != null) keyring2.add(entry); else @@ -179,9 +141,7 @@ public abstract class BaseKeyring implements IKeyring public void remove(String alias) { if (keyring == null) - { - throw new IllegalStateException("keyring not loaded"); - } + throw new IllegalStateException("keyring not loaded"); keyring.remove(alias); } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/BinaryDataEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/BinaryDataEntry.java index 2dcd5454fb6..e694487e141 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/BinaryDataEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/BinaryDataEntry.java @@ -40,29 +40,22 @@ package gnu.javax.crypto.keyring; import java.io.DataInputStream; import java.io.IOException; - import java.util.Date; /** - * A binary data entry is a primitive entry that simply contains some amount - * of arbitrary binary data and an optional content type. + * A binary data entry is a primitive entry that simply contains some amount of + * arbitrary binary data and an optional content type. */ -public class BinaryDataEntry extends PrimitiveEntry +public class BinaryDataEntry + extends PrimitiveEntry { - - // Fields. - // ------------------------------------------------------------------------ - public static final int TYPE = 9; - // Constructors. - // ------------------------------------------------------------------------ - /** * Creates a new binary data entry. - * - * @param contentType The content type of this entry. This parameter can - * be <code>null</code> if no content type is needed. + * + * @param contentType The content type of this entry. This parameter can be + * <code>null</code> if no content type is needed. * @param data The data. * @param creationDate The creation date. * @param properties This entry's properties. @@ -72,14 +65,10 @@ public class BinaryDataEntry extends PrimitiveEntry { super(TYPE, creationDate, properties); if (data == null) - { - throw new IllegalArgumentException("no data"); - } + throw new IllegalArgumentException("no data"); payload = (byte[]) data.clone(); if (contentType != null) - { - this.properties.put("content-type", contentType); - } + this.properties.put("content-type", contentType); } private BinaryDataEntry() @@ -87,9 +76,6 @@ public class BinaryDataEntry extends PrimitiveEntry super(TYPE); } - // Class methods. - // ------------------------------------------------------------------------ - public static BinaryDataEntry decode(DataInputStream in) throws IOException { BinaryDataEntry entry = new BinaryDataEntry(); @@ -97,13 +83,10 @@ public class BinaryDataEntry extends PrimitiveEntry return entry; } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Returns the content type of this entry, or <code>null</code> if this * property is not set. - * + * * @return The content type. */ public String getContentType() @@ -113,7 +96,7 @@ public class BinaryDataEntry extends PrimitiveEntry /** * Returns this object's data field. - * + * * @return The data. */ public byte[] getData() diff --git a/libjava/classpath/gnu/javax/crypto/keyring/CertPathEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/CertPathEntry.java index ef62347ec9d..32b86084f31 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/CertPathEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/CertPathEntry.java @@ -40,40 +40,28 @@ package gnu.javax.crypto.keyring; import java.io.ByteArrayOutputStream; import java.io.DataInputStream; -import java.io.DataOutputStream; import java.io.IOException; - import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; - import java.util.Date; /** * A primitive entry that contains a path of X.509 certificates. */ -public final class CertPathEntry extends PrimitiveEntry +public final class CertPathEntry + extends PrimitiveEntry { - - // Constants and fields. - // ------------------------------------------------------------------------ - public static final int TYPE = 8; - private Certificate[] path; - // Constructor. - // ------------------------------------------------------------------------ - public CertPathEntry(Certificate[] path, Date creationDate, Properties properties) { super(TYPE, creationDate, properties); if (path == null || path.length == 0) - { - throw new IllegalArgumentException("no certificate path"); - } + throw new IllegalArgumentException("no certificate path"); this.path = (Certificate[]) path.clone(); } @@ -82,9 +70,6 @@ public final class CertPathEntry extends PrimitiveEntry super(TYPE); } - // Class method. - // ------------------------------------------------------------------------ - public static CertPathEntry decode(DataInputStream in) throws IOException { CertPathEntry entry = new CertPathEntry(); @@ -95,8 +80,7 @@ public final class CertPathEntry extends PrimitiveEntry try { CertificateFactory fact = CertificateFactory.getInstance("X.509"); - entry.path = (Certificate[]) fact.generateCertificates(in2).toArray( - new Certificate[0]); + entry.path = (Certificate[]) fact.generateCertificates(in2).toArray(new Certificate[0]); } catch (CertificateException ce) { @@ -105,9 +89,6 @@ public final class CertPathEntry extends PrimitiveEntry return entry; } - // Instance methods. - // ------------------------------------------------------------------------ - public Certificate[] getCertPath() { return path; @@ -120,9 +101,7 @@ public final class CertPathEntry extends PrimitiveEntry try { for (int i = 0; i < path.length; i++) - { - bout.write(path[i].getEncoded()); - } + bout.write(path[i].getEncoded()); } catch (CertificateEncodingException cee) { diff --git a/libjava/classpath/gnu/javax/crypto/keyring/CertificateEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/CertificateEntry.java index 95a708ac53f..661758442cc 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/CertificateEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/CertificateEntry.java @@ -39,50 +39,38 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; import java.io.DataInputStream; -import java.io.DataOutputStream; import java.io.IOException; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; import java.util.Date; /** - * <p>An immutable class representing a trusted certificate entry.</p> + * An immutable class representing a trusted certificate entry. */ -public final class CertificateEntry extends PrimitiveEntry +public final class CertificateEntry + extends PrimitiveEntry { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final int TYPE = 5; - /** The certificate. */ private Certificate certificate; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Creates a new certificate entry. - * + * * @param certificate The certificate. * @param creationDate The creation date. * @param properties The alias. * @throws IllegalArgumentException If any argument is null, or if the alias - * is empty. + * is empty. */ public CertificateEntry(Certificate certificate, Date creationDate, Properties properties) { super(TYPE, creationDate, properties); - if (certificate == null) - { - throw new IllegalArgumentException("no certificate"); - } + throw new IllegalArgumentException("no certificate"); this.certificate = certificate; this.properties.put("type", certificate.getType()); } @@ -92,9 +80,6 @@ public final class CertificateEntry extends PrimitiveEntry super(TYPE); } - // Class methods - // ------------------------------------------------------------------------- - public static CertificateEntry decode(DataInputStream in) throws IOException { CertificateEntry entry = new CertificateEntry(); @@ -102,9 +87,7 @@ public final class CertificateEntry extends PrimitiveEntry entry.makeCreationDate(); String type = entry.properties.get("type"); if (type == null) - { - throw new MalformedKeyringException("no certificate type"); - } + throw new MalformedKeyringException("no certificate type"); int len = in.readInt(); MeteredInputStream in2 = new MeteredInputStream(in, len); try @@ -116,19 +99,14 @@ public final class CertificateEntry extends PrimitiveEntry { throw new MalformedKeyringException(ce.toString()); } - if (!in2.limitReached()) - { - throw new MalformedKeyringException("extra data at end of payload"); - } + if (! in2.limitReached()) + throw new MalformedKeyringException("extra data at end of payload"); return entry; } - // Instance methods - // ------------------------------------------------------------------------- - /** * Returns this entry's certificate. - * + * * @return The certificate. */ public Certificate getCertificate() diff --git a/libjava/classpath/gnu/javax/crypto/keyring/CompressedEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/CompressedEntry.java index cce930d739d..b24c6715ab7 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/CompressedEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/CompressedEntry.java @@ -42,22 +42,15 @@ import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; - import java.util.Iterator; import java.util.zip.DeflaterOutputStream; import java.util.zip.InflaterInputStream; -public class CompressedEntry extends EnvelopeEntry +public class CompressedEntry + extends EnvelopeEntry { - - // Constants and fields. - // ------------------------------------------------------------------------ - public static final int TYPE = 4; - // Constructor. - // ------------------------------------------------------------------------ - public CompressedEntry(Properties properties) { super(TYPE, properties); @@ -69,24 +62,16 @@ public class CompressedEntry extends EnvelopeEntry this(new Properties()); } - // Class methods. - // ------------------------------------------------------------------------ - public static CompressedEntry decode(DataInputStream in) throws IOException { CompressedEntry entry = new CompressedEntry(); entry.properties.decode(in); String alg = entry.properties.get("algorithm"); if (alg == null) - { - throw new MalformedKeyringException("no compression algorithm"); - } - if (!alg.equalsIgnoreCase("DEFLATE")) - { - throw new MalformedKeyringException( - "unsupported compression algorithm: " - + alg); - } + throw new MalformedKeyringException("no compression algorithm"); + if (! alg.equalsIgnoreCase("DEFLATE")) + throw new MalformedKeyringException("unsupported compression algorithm: " + + alg); int len = in.readInt(); MeteredInputStream min = new MeteredInputStream(in, len); InflaterInputStream infin = new InflaterInputStream(min); @@ -95,18 +80,13 @@ public class CompressedEntry extends EnvelopeEntry return entry; } - // Instance methods. - // ------------------------------------------------------------------------ - protected void encodePayload() throws IOException { ByteArrayOutputStream buf = new ByteArrayOutputStream(1024); DeflaterOutputStream dout = new DeflaterOutputStream(buf); DataOutputStream out2 = new DataOutputStream(dout); for (Iterator it = entries.iterator(); it.hasNext();) - { - ((Entry) it.next()).encode(out2); - } + ((Entry) it.next()).encode(out2); dout.finish(); payload = buf.toByteArray(); } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/EncryptedEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/EncryptedEntry.java index fad5f54b236..f0693cc91d2 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/EncryptedEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/EncryptedEntry.java @@ -38,21 +38,6 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; - -import java.security.InvalidKeyException; - -import java.util.Arrays; -import java.util.Collections; -import java.util.Date; -import java.util.Iterator; -import java.util.HashMap; -import java.util.List; - import gnu.java.security.Registry; import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; @@ -62,25 +47,24 @@ import gnu.javax.crypto.pad.IPad; import gnu.javax.crypto.pad.PadFactory; import gnu.javax.crypto.pad.WrongPaddingException; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.io.IOException; +import java.security.InvalidKeyException; +import java.util.HashMap; +import java.util.Iterator; + public class EncryptedEntry extends MaskableEnvelopeEntry implements Registry { - - // Constants and fields. - // ------------------------------------------------------------------------ - public static final int TYPE = 0; - // Constructor. - // ------------------------------------------------------------------------ - public EncryptedEntry(String cipher, String mode, Properties properties) { super(TYPE, properties); if (cipher == null || mode == null) - { - throw new IllegalArgumentException( - "neither cipher nor mode can be null"); - } + throw new IllegalArgumentException("neither cipher nor mode can be null"); properties.put("cipher", cipher); properties.put("mode", mode); setMasked(false); @@ -92,34 +76,22 @@ public class EncryptedEntry extends MaskableEnvelopeEntry implements Registry setMasked(true); } - // Class methods. - // ------------------------------------------------------------------------ - public static EncryptedEntry decode(DataInputStream in) throws IOException { EncryptedEntry entry = new EncryptedEntry(); entry.defaultDecode(in); - if (!entry.properties.containsKey("cipher")) - { - throw new MalformedKeyringException("no cipher"); - } - if (!entry.properties.containsKey("cipher")) - { - throw new MalformedKeyringException("no cipher"); - } + if (! entry.properties.containsKey("cipher")) + throw new MalformedKeyringException("no cipher"); + if (! entry.properties.containsKey("cipher")) + throw new MalformedKeyringException("no cipher"); return entry; } - // Instance methods. - // ------------------------------------------------------------------------ - public void decrypt(byte[] key, byte[] iv) throws IllegalArgumentException, WrongPaddingException { - if (!isMasked() || payload == null) - { - return; - } + if (! isMasked() || payload == null) + return; IMode mode = getMode(key, iv, IMode.DECRYPTION); IPad padding = null; padding = PadFactory.getInstance("PKCS7"); @@ -132,12 +104,8 @@ public class EncryptedEntry extends MaskableEnvelopeEntry implements Registry count += mode.currentBlockSize(); } int padlen = padding.unpad(buf, 0, buf.length); - DataInputStream in = new DataInputStream( - new ByteArrayInputStream( - buf, - 0, - buf.length - - padlen)); + int len = buf.length - padlen; + DataInputStream in = new DataInputStream(new ByteArrayInputStream(buf, 0, len)); try { decodeEnvelope(in); @@ -181,22 +149,14 @@ public class EncryptedEntry extends MaskableEnvelopeEntry implements Registry public void encodePayload() throws IOException { if (payload == null) - { - throw new IOException("not encrypted"); - } + throw new IOException("not encrypted"); } - // Own methods. - // ------------------------------------------------------------------------ - private IMode getMode(byte[] key, byte[] iv, int state) { IBlockCipher cipher = CipherFactory.getInstance(properties.get("cipher")); if (cipher == null) - { - throw new IllegalArgumentException("no such cipher: " - + properties.get("cipher")); - } + throw new IllegalArgumentException("no such cipher: " + properties.get("cipher")); int blockSize = cipher.defaultBlockSize(); if (properties.containsKey("block-size")) { @@ -210,17 +170,13 @@ public class EncryptedEntry extends MaskableEnvelopeEntry implements Registry + nfe.getMessage()); } } - IMode mode = ModeFactory.getInstance(properties.get("mode"), cipher, - blockSize); + IMode mode = ModeFactory.getInstance(properties.get("mode"), cipher, blockSize); if (mode == null) - { - throw new IllegalArgumentException("no such mode: " - + properties.get("mode")); - } + throw new IllegalArgumentException("no such mode: " + properties.get("mode")); HashMap modeAttr = new HashMap(); modeAttr.put(IMode.KEY_MATERIAL, key); - modeAttr.put(IMode.STATE, new Integer(state)); + modeAttr.put(IMode.STATE, Integer.valueOf(state)); modeAttr.put(IMode.IV, iv); try { diff --git a/libjava/classpath/gnu/javax/crypto/keyring/Entry.java b/libjava/classpath/gnu/javax/crypto/keyring/Entry.java index fa7f496798b..ef225db95e6 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/Entry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/Entry.java @@ -38,49 +38,51 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Configuration; + import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; +import java.util.logging.Logger; /** * An immutable class representing a single entry in a keyring. */ public abstract class Entry { - - // Fields. - // ------------------------------------------------------------------------ - + private static final Logger log = Logger.getLogger(Entry.class.getName()); + private static final String[] TYPES = new String[] { + "Encrypted", + "PasswordEncrypted", + "Authenticated", + "PasswordAuthenticated", + "Compressed", + "Certificate", + "PublicKey", + "PrivateKey", + "CertPath", + "BinaryData" }; /** This entry's type identifier. */ protected int type; - /** This entry's property set. */ protected Properties properties; - /** This entry's payload. */ protected byte[] payload; - // Constructor. - // ------------------------------------------------------------------------ - /** * Creates a new Entry. - * + * * @param type This entry's type. * @param properties This entry's properties. - * @throws IllegalArgumentException If the properties argument is null, - * or if the type is out of range. + * @throws IllegalArgumentException If the properties argument is null, or if + * the type is out of range. */ protected Entry(int type, Properties properties) { if (type < 0 || type > 255) - { - throw new IllegalArgumentException("invalid packet type"); - } + throw new IllegalArgumentException("invalid packet type"); if (properties == null) - { - throw new IllegalArgumentException("no properties"); - } + throw new IllegalArgumentException("no properties"); this.type = type; this.properties = (Properties) properties.clone(); } @@ -91,20 +93,15 @@ public abstract class Entry protected Entry(final int type) { if (type < 0 || type > 255) - { - throw new IllegalArgumentException("invalid packet type"); - } + throw new IllegalArgumentException("invalid packet type"); this.type = type; properties = new Properties(); } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Returns this entry's properties object. The properties are cloned before * being returned. - * + * * @return The properties. */ public Properties getProperties() @@ -123,28 +120,35 @@ public abstract class Entry } /** - * This method is called when this entry needs to be written to an - * output stream. - * + * This method is called when this entry needs to be written to an output + * stream. + * * @param out The stream to write to. * @throws IOException If an I/O exception occurs. */ public void encode(DataOutputStream out) throws IOException { if (payload == null) - { - encodePayload(); - } + encodePayload(); if (out == null) - { - return; - } + return; out.write(type); properties.encode(out); out.writeInt(payload.length); out.write(payload); } + public String toString() + { + return new StringBuilder("Entry{") + .append("type=").append(TYPES[type]) + .append(", properties=").append(properties) + .append(", payload=") + .append(payload == null ? "-" : "byte[" + payload.length + "]") + .append( "}") + .toString(); + } + /** * Generic decoding method, which simply decodes the properties field * and reads the payload field. @@ -158,16 +162,13 @@ public abstract class Entry properties.decode(in); int len = in.readInt(); if (len < 0) - { - throw new IOException("corrupt length"); - } + throw new IOException("corrupt length"); + if (Configuration.DEBUG) + log.fine("About to instantiate new payload byte array for " + this); payload = new byte[len]; in.readFully(payload); } - // Abstract methods. - // ------------------------------------------------------------------------ - /** * This method is called of subclasses when the payload data needs to be * created. diff --git a/libjava/classpath/gnu/javax/crypto/keyring/EnvelopeEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/EnvelopeEntry.java index 25b1dc2a04d..fe39091b05c 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/EnvelopeEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/EnvelopeEntry.java @@ -38,45 +38,38 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Configuration; + import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; - import java.util.ArrayList; -import java.util.Date; import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.StringTokenizer; +import java.util.logging.Logger; /** - * An envelope entry is a generic container for some number of primitive - * and other envelope entries. + * An envelope entry is a generic container for some number of primitive and + * other envelope entries. */ -public abstract class EnvelopeEntry extends Entry +public abstract class EnvelopeEntry + extends Entry { - - // Fields. - // ------------------------------------------------------------------------ - + private static final Logger log = Logger.getLogger(EnvelopeEntry.class.getName()); /** The envelope that contains this one (if any). */ protected EnvelopeEntry containingEnvelope; - /** The contained entries. */ protected List entries; - // Constructor. - // ------------------------------------------------------------------------ - public EnvelopeEntry(int type, Properties properties) { super(type, properties); entries = new LinkedList(); if (this.properties.get("alias-list") != null) - { - this.properties.remove("alias-list"); - } + this.properties.remove("alias-list"); } protected EnvelopeEntry(int type) @@ -85,84 +78,85 @@ public abstract class EnvelopeEntry extends Entry entries = new LinkedList(); } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Adds an entry to this envelope. - * + * * @param entry The entry to add. */ public void add(Entry entry) { - if (!containsEntry(entry)) + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "add", entry); + if (! containsEntry(entry)) { if (entry instanceof EnvelopeEntry) - { - ((EnvelopeEntry) entry).setContainingEnvelope(this); - } + ((EnvelopeEntry) entry).setContainingEnvelope(this); entries.add(entry); - payload = null; + if (Configuration.DEBUG) + log.fine("Payload is " + (payload == null ? "" : "not ") + "null"); makeAliasList(); } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "add"); } /** - * Tests if this envelope contains a primitive entry with the - * given alias. - * + * Tests if this envelope contains a primitive entry with the given alias. + * * @param alias The alias to test. - * @return True if this envelope (or one of the contained envelopes) - * contains a primitive entry with the given alias. + * @return True if this envelope (or one of the contained envelopes) contains + * a primitive entry with the given alias. */ public boolean containsAlias(String alias) { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "containsAlias", alias); String aliases = getAliasList(); - if (aliases == null) + if (Configuration.DEBUG) + log.fine("aliases = [" + aliases + "]"); + boolean result = false; + if (aliases != null) { - return false; + StringTokenizer tok = new StringTokenizer(aliases, ";"); + while (tok.hasMoreTokens()) + if (tok.nextToken().equals(alias)) + { + result = true; + break; + } } - StringTokenizer tok = new StringTokenizer(aliases, ";"); - while (tok.hasMoreTokens()) - { - if (tok.nextToken().equals(alias)) - { - return true; - } - } - return false; + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "containsAlias", + Boolean.valueOf(result)); + return result; } /** * Tests if this envelope contains the given entry. - * + * * @param entry The entry to test. * @return True if this envelope contains the given entry. */ public boolean containsEntry(Entry entry) { if (entry instanceof EnvelopeEntry) - { - return entries.contains(entry); - } - else if (entry instanceof PrimitiveEntry) - { - for (Iterator it = entries.iterator(); it.hasNext();) - { - Entry e = (Entry) it.next(); - if (e.equals(entry)) - return true; - if ((e instanceof EnvelopeEntry) - && ((EnvelopeEntry) e).containsEntry(entry)) - return true; - } - } + return entries.contains(entry); + if (entry instanceof PrimitiveEntry) + for (Iterator it = entries.iterator(); it.hasNext();) + { + Entry e = (Entry) it.next(); + if (e.equals(entry)) + return true; + if ((e instanceof EnvelopeEntry) + && ((EnvelopeEntry) e).containsEntry(entry)) + return true; + } return false; } /** * Returns a copy of all entries this envelope contains. - * + * * @return All contained entries. */ public List getEntries() @@ -171,73 +165,77 @@ public abstract class EnvelopeEntry extends Entry } /** - * Gets all primitive entries that have the given alias. If there - * are any masked entries that contain the given alias, they will - * be returned as well. - * + * Gets all primitive entries that have the given alias. If there are any + * masked entries that contain the given alias, they will be returned as well. + * * @param alias The alias of the entries to get. * @return A list of all primitive entries that have the given alias. */ public List get(String alias) { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "get", alias); List result = new LinkedList(); for (Iterator it = entries.iterator(); it.hasNext();) { Entry e = (Entry) it.next(); if (e instanceof EnvelopeEntry) { - if (!((EnvelopeEntry) e).containsAlias(alias)) - { - continue; - } - if (e instanceof MaskableEnvelopeEntry) + EnvelopeEntry ee = (EnvelopeEntry) e; + if (! ee.containsAlias(alias)) + continue; + if (ee instanceof MaskableEnvelopeEntry) { - if (((MaskableEnvelopeEntry) e).isMasked()) + MaskableEnvelopeEntry mee = (MaskableEnvelopeEntry) ee; + if (mee.isMasked()) { - result.add(e); + if (Configuration.DEBUG) + log.fine("Processing masked entry: " + mee); + result.add(mee); continue; } } - result.addAll(((EnvelopeEntry) e).get(alias)); + if (Configuration.DEBUG) + log.fine("Processing unmasked entry: " + ee); + result.addAll(ee.get(alias)); } else if (e instanceof PrimitiveEntry) { - if (((PrimitiveEntry) e).getAlias().equals(alias)) - { - result.add(e); - } + PrimitiveEntry pe = (PrimitiveEntry) e; + if (pe.getAlias().equals(alias)) + result.add(e); } } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "get", result); return result; } /** - * Returns the list of all aliases contained by this envelope, - * separated by a semicolon (';'). - * + * Returns the list of all aliases contained by this envelope, separated by a + * semicolon (';'). + * * @return The list of aliases. */ public String getAliasList() { String list = properties.get("alias-list"); if (list == null) - { - return ""; - } + return ""; else - { - return list; - } + return list; } /** * Removes the specified entry. - * + * * @param entry The entry. * @return True if an entry was removed. */ public boolean remove(Entry entry) { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "remove", entry); boolean ret = false; for (Iterator it = entries.iterator(); it.hasNext();) { @@ -268,36 +266,71 @@ public abstract class EnvelopeEntry extends Entry } if (ret) { + if (Configuration.DEBUG) + log.fine("State before: " + this); payload = null; makeAliasList(); + if (Configuration.DEBUG) + log.fine("State after: " + this); } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "remove", Boolean.valueOf(ret)); return ret; } /** * Removes all primitive entries that have the specified alias. - * + * * @param alias The alias of the entries to remove. + * @return <code>true</code> if <code>alias</code> was present and was + * successfully trmoved. Returns <code>false</code> if + * <code>alias</code> was not present in the list of aliases in this + * envelope. */ - public void remove(String alias) + public boolean remove(String alias) { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "remove", alias); + boolean result = false; for (Iterator it = entries.iterator(); it.hasNext();) { Entry e = (Entry) it.next(); if (e instanceof EnvelopeEntry) { - ((EnvelopeEntry) e).remove(alias); + EnvelopeEntry ee = (EnvelopeEntry) e; + result = ee.remove(alias) || result; } else if (e instanceof PrimitiveEntry) { - if (((PrimitiveEntry) e).getAlias().equals(alias)) + PrimitiveEntry pe = (PrimitiveEntry) e; + if (pe.getAlias().equals(alias)) { it.remove(); + result = true; } } } - payload = null; - makeAliasList(); + if (result) + { + if (Configuration.DEBUG) + log.fine("State before: " + this); + payload = null; + makeAliasList(); + if (Configuration.DEBUG) + log.fine("State after: " + this); + } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "remove", Boolean.valueOf(result)); + return result; + } + + public String toString() + { + return new StringBuilder("Envelope{") + .append(super.toString()) + .append(", entries=").append(entries) + .append("}") + .toString(); } // Protected methods. @@ -308,22 +341,19 @@ public abstract class EnvelopeEntry extends Entry ByteArrayOutputStream bout = new ByteArrayOutputStream(1024); DataOutputStream out = new DataOutputStream(bout); for (Iterator it = entries.iterator(); it.hasNext();) - { - ((Entry) it.next()).encode(out); - } + ((Entry) it.next()).encode(out); } protected void setContainingEnvelope(EnvelopeEntry e) { if (containingEnvelope != null) - { - throw new IllegalArgumentException("envelopes may not be shared"); - } + throw new IllegalArgumentException("envelopes may not be shared"); containingEnvelope = e; } protected void decodeEnvelope(DataInputStream in) throws IOException { + this.entries.clear(); while (true) { int type = in.read(); @@ -367,32 +397,43 @@ public abstract class EnvelopeEntry extends Entry } } - // Own methods. - // ------------------------------------------------------------------------ - private void makeAliasList() { - if (entries.isEmpty()) - return; - StringBuffer buf = new StringBuffer(); - for (Iterator it = entries.iterator(); it.hasNext();) + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "makeAliasList"); + if (! entries.isEmpty()) { - Entry entry = (Entry) it.next(); - if (entry instanceof EnvelopeEntry) - { - buf.append(((EnvelopeEntry) entry).getAliasList()); - } - else if (entry instanceof PrimitiveEntry) + StringBuilder buf = new StringBuilder(); + String aliasOrList; + for (Iterator it = entries.iterator(); it.hasNext();) { - buf.append(((PrimitiveEntry) entry).getAlias()); + Entry entry = (Entry) it.next(); + aliasOrList = null; + if (entry instanceof EnvelopeEntry) + aliasOrList = ((EnvelopeEntry) entry).getAliasList(); + else if (entry instanceof PrimitiveEntry) + aliasOrList = ((PrimitiveEntry) entry).getAlias(); + else if (Configuration.DEBUG) + log.fine("Entry with no Alias. Ignored: " + entry); + if (aliasOrList != null) + { + aliasOrList = aliasOrList.trim(); + if (aliasOrList.trim().length() > 0) + { + buf.append(aliasOrList); + if (it.hasNext()) + buf.append(';'); + } + } } - if (it.hasNext()) - buf.append(';'); - } - properties.put("alias-list", buf.toString()); - if (containingEnvelope != null) - { - containingEnvelope.makeAliasList(); + String aliasList = buf.toString(); + properties.put("alias-list", aliasList); + if (Configuration.DEBUG) + log.fine("alias-list=[" + aliasList + "]"); + if (containingEnvelope != null) + containingEnvelope.makeAliasList(); } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "makeAliasList"); } } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/GnuPrivateKeyring.java b/libjava/classpath/gnu/javax/crypto/keyring/GnuPrivateKeyring.java index c1fe30e677b..2ccdad6b3e3 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/GnuPrivateKeyring.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/GnuPrivateKeyring.java @@ -38,6 +38,7 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import java.io.DataInputStream; @@ -55,30 +56,21 @@ import java.util.logging.Level; import java.util.logging.Logger; /** - * <p>.</p> + * */ -public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring +public class GnuPrivateKeyring + extends BaseKeyring + implements IPrivateKeyring { - // Constants and variables - // ------------------------------------------------------------------------- - private static final Logger log = Logger.getLogger(GnuPrivateKeyring.class.getName()); public static final int USAGE = Registry.GKR_PRIVATE_KEYS | Registry.GKR_PUBLIC_CREDENTIALS; - protected String mac; - protected int maclen; - protected String cipher; - protected String mode; - protected int keylen; - // Constructor(s) - // ------------------------------------------------------------------------- - public GnuPrivateKeyring(String mac, int maclen, String cipher, String mode, int keylen) { @@ -97,16 +89,10 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring this("HMAC-SHA-1", 20, "AES", "OFB", 16); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public boolean containsPrivateKey(String alias) { - log.entering(this.getClass().getName(), "containsPrivateKey", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "containsPrivateKey", alias); boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -115,33 +101,34 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring result = true; break; } - - log.exiting(this.getClass().getName(), "containsPrivateKey", - Boolean.valueOf(result)); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "containsPrivateKey", + Boolean.valueOf(result)); return result; } public Key getPrivateKey(String alias, char[] password) throws UnrecoverableKeyException { - log.entering(this.getClass().getName(), "getPrivateKey", - new Object[] { alias, String.valueOf(password) }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "getPrivateKey", alias); Key result = null; if (containsAlias(alias)) { PasswordAuthenticatedEntry e1 = null; - PasswordEncryptedEntry e2 = null; for (Iterator it = get(alias).iterator(); it.hasNext();) { Entry e = (Entry) it.next(); + if (Configuration.DEBUG) + log.finest("Entry: " + e); if (e instanceof PasswordAuthenticatedEntry) { e1 = (PasswordAuthenticatedEntry) e; break; } } - + if (Configuration.DEBUG) + log.fine("e1 = " + e1); if (e1 != null) { try @@ -150,9 +137,11 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring } catch (Exception e) { + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "getPrivateKey", e); throw new UnrecoverableKeyException("authentication failed"); } - + PasswordEncryptedEntry e2 = null; for (Iterator it = e1.getEntries().iterator(); it.hasNext();) { Entry e = (Entry) it.next(); @@ -162,7 +151,6 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring break; } } - if (e2 != null) { try @@ -171,9 +159,9 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring } catch (Exception e) { + log.throwing(this.getClass().getName(), "getPrivateKey", e); throw new UnrecoverableKeyException("decryption failed"); } - for (Iterator it = e2.get(alias).iterator(); it.hasNext();) { Entry e = (Entry) it.next(); @@ -186,66 +174,67 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring } } } - - log.exiting(this.getClass().getName(), "getPrivateKey", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "getPrivateKey", + result == null ? "null" : result.getClass().getName()); return result; } public void putPrivateKey(String alias, Key key, char[] password) { - log.entering(this.getClass().getName(), "putPrivateKey", - new Object[] { alias, key, String.valueOf(password) }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "putPrivateKey", + new Object[] { alias, key.getClass().getName() }); if (! containsPrivateKey(alias)) { alias = fixAlias(alias); Properties p = new Properties(); p.put("alias", alias); PrivateKeyEntry pke = new PrivateKeyEntry(key, new Date(), p); + if (Configuration.DEBUG) + log.fine("About to encrypt the key..."); PasswordEncryptedEntry enc; enc = new PasswordEncryptedEntry(cipher, mode, keylen, new Properties()); enc.add(pke); - - PasswordAuthenticatedEntry auth; - auth = new PasswordAuthenticatedEntry(mac, maclen, new Properties()); - auth.add(enc); - - log.finest("About to encrypt the key..."); try { enc.encode(null, password); } catch (IOException x) { - log.log(Level.FINER, "Exception while encrypting the key. " - + "Rethrow as IllegalArgumentException", x); + if (Configuration.DEBUG) + log.log(Level.FINE, "Exception while encrypting the key. " + + "Rethrow as IllegalArgumentException", x); throw new IllegalArgumentException(x.toString()); } - - log.finest("About to authenticate the encrypted key..."); + if (Configuration.DEBUG) + log.fine("About to authenticate the encrypted key..."); + PasswordAuthenticatedEntry auth; + auth = new PasswordAuthenticatedEntry(mac, maclen, new Properties()); + auth.add(enc); try { auth.encode(null, password); } catch (IOException x) { - log.log(Level.FINER, "Exception while authenticating the encrypted " - + "key. Rethrow as IllegalArgumentException", x); + if (Configuration.DEBUG) + log.log(Level.FINE, "Exception while authenticating the encrypted " + + "key. Rethrow as IllegalArgumentException", x); throw new IllegalArgumentException(x.toString()); } - keyring.add(auth); } - else - log.finer("Keyring already contains alias: " + alias); - - log.exiting(this.getClass().getName(), "putPrivateKey"); + else if (Configuration.DEBUG) + log.fine("Keyring already contains alias: " + alias); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "putPrivateKey"); } public boolean containsPublicKey(String alias) { - log.entering(this.getClass().getName(), "containsPublicKey", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "containsPublicKey", alias); boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -254,16 +243,16 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring result = true; break; } - - log.exiting(this.getClass().getName(), "containsPublicKey", - Boolean.valueOf(result)); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "containsPublicKey", + Boolean.valueOf(result)); return result; } public PublicKey getPublicKey(String alias) { - log.entering(this.getClass().getName(), "getPublicKey", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "getPublicKey", alias); PublicKey result = null; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -275,32 +264,33 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring break; } } - - log.exiting(this.getClass().getName(), "getPublicKey", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "getPublicKey", + result == null ? "null" : result.getClass().getName()); return result; } public void putPublicKey(String alias, PublicKey key) { - log.entering(this.getClass().getName(), "putPublicKey", - new Object[] { alias, key }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "putPublicKey", + new Object[] { alias, key.getClass().getName() }); if (! containsPublicKey(alias)) { Properties p = new Properties(); p.put("alias", fixAlias(alias)); add(new PublicKeyEntry(key, new Date(), p)); } - else - log.finer("Keyring already contains alias: " + alias); - - log.exiting(this.getClass().getName(), "putPublicKey"); + else if (Configuration.DEBUG) + log.fine("Keyring already contains alias: " + alias); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "putPublicKey"); } public boolean containsCertPath(String alias) { - log.entering(this.getClass().getName(), "containsCertPath", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "containsCertPath", alias); boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -309,16 +299,16 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring result = true; break; } - - log.exiting(this.getClass().getName(), "containsCertPath", - Boolean.valueOf(result)); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "containsCertPath", + Boolean.valueOf(result)); return result; } public Certificate[] getCertPath(String alias) { - log.entering(this.getClass().getName(), "getCertPath", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "getCertPath", alias); Certificate[] result = null; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -330,52 +320,49 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring break; } } - - log.exiting(this.getClass().getName(), "getCertPath", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "getCertPath", result); return result; } public void putCertPath(String alias, Certificate[] path) { - log.entering(this.getClass().getName(), "putCertPath", - new Object[] { alias, path }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "putCertPath", + new Object[] { alias, path }); if (! containsCertPath(alias)) { Properties p = new Properties(); p.put("alias", fixAlias(alias)); add(new CertPathEntry(path, new Date(), p)); } - else - log.finer("Keyring already contains alias: " + alias); - - log.exiting(this.getClass().getName(), "putCertPath"); + else if (Configuration.DEBUG) + log.fine("Keyring already contains alias: " + alias); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "putCertPath"); } protected void load(InputStream in, char[] password) throws IOException { - log.entering(this.getClass().getName(), "load", - new Object[] { in, String.valueOf(password) }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "load"); if (in.read() != USAGE) throw new MalformedKeyringException("incompatible keyring usage"); - if (in.read() != PasswordAuthenticatedEntry.TYPE) - throw new MalformedKeyringException("expecting password-authenticated entry tag"); - + throw new MalformedKeyringException( + "expecting password-authenticated entry tag"); keyring = PasswordAuthenticatedEntry.decode(new DataInputStream(in), password); - - log.exiting(this.getClass().getName(), "load"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "load"); } protected void store(OutputStream out, char[] password) throws IOException { - log.entering(this.getClass().getName(), "store", - new Object[] { out, String.valueOf(password) }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "store"); out.write(USAGE); keyring.encode(new DataOutputStream(out), password); - - log.exiting(this.getClass().getName(), "store"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "store"); } } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/GnuPublicKeyring.java b/libjava/classpath/gnu/javax/crypto/keyring/GnuPublicKeyring.java index 490eb4458fa..5243919c3c9 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/GnuPublicKeyring.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/GnuPublicKeyring.java @@ -38,6 +38,7 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import java.io.DataInputStream; @@ -50,17 +51,13 @@ import java.util.Date; import java.util.Iterator; import java.util.logging.Logger; -public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring +public class GnuPublicKeyring + extends BaseKeyring + implements IPublicKeyring { - // Fields. - // ------------------------------------------------------------------------ - private static final Logger log = Logger.getLogger(GnuPublicKeyring.class.getName()); public static final int USAGE = Registry.GKR_CERTIFICATES; - // Constructors. - // ------------------------------------------------------------------------ - public GnuPublicKeyring(String mac, int macLen) { keyring = new PasswordAuthenticatedEntry(mac, macLen, new Properties()); @@ -72,13 +69,10 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring { } - // Instance methods. - // ------------------------------------------------------------------------ - public boolean containsCertificate(String alias) { - log.entering(this.getClass().getName(), "containsCertificate", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "containsCertificate", alias); boolean result = false; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -87,16 +81,16 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring result = true; break; } - - log.exiting(this.getClass().getName(), "containsCertificate", - Boolean.valueOf(result)); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "containsCertificate", + Boolean.valueOf(result)); return result; } public Certificate getCertificate(String alias) { - log.entering(this.getClass().getName(), "getCertificate", alias); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "getCertificate", alias); Certificate result = null; if (containsAlias(alias)) for (Iterator it = get(alias).iterator(); it.hasNext();) @@ -108,53 +102,50 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring break; } } - - log.exiting(this.getClass().getName(), "getCertificate", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "getCertificate", result); return result; } public void putCertificate(String alias, Certificate cert) { - log.entering(this.getClass().getName(), "putCertificate", - new Object[] { alias, cert }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "putCertificate", + new Object[] { alias, cert }); if (! containsCertificate(alias)) { Properties p = new Properties(); p.put("alias", fixAlias(alias)); add(new CertificateEntry(cert, new Date(), p)); } - else - log.finer("Keyring already contains alias: " + alias); - - log.exiting(this.getClass().getName(), "putCertificate"); + else if (Configuration.DEBUG) + log.fine("Keyring already contains alias: " + alias); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "putCertificate"); } protected void load(InputStream in, char[] password) throws IOException { - log.entering(this.getClass().getName(), "load", - new Object[] { in, String.valueOf(password) }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "load"); if (in.read() != USAGE) throw new MalformedKeyringException("incompatible keyring usage"); - if (in.read() != PasswordAuthenticatedEntry.TYPE) - throw new MalformedKeyringException("expecting password-authenticated entry tag"); - + throw new MalformedKeyringException( + "expecting password-authenticated entry tag"); DataInputStream dis = new DataInputStream(in); keyring = PasswordAuthenticatedEntry.decode(dis, password); - - log.exiting(this.getClass().getName(), "load"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "load"); } protected void store(OutputStream out, char[] password) throws IOException { - log.entering(this.getClass().getName(), "store", - new Object[] { out, String.valueOf(password) }); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "store"); out.write(USAGE); keyring.encode(new DataOutputStream(out), password); - - log.exiting(this.getClass().getName(), "store"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "store"); } } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/IKeyring.java b/libjava/classpath/gnu/javax/crypto/keyring/IKeyring.java index 56f467df26e..44d5377008a 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/IKeyring.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/IKeyring.java @@ -44,120 +44,118 @@ import java.util.List; import java.util.Map; /** - * <p>The top-level interface to a <i>keyring:</i> a file that is used to - * store and protect public and private cryptographic keys.</p> - * - * <p>A <i>keyring</i> is modelled as a mapping of one <i>alias</i> to one or - * more <i>entries</i> (optionally of different types).</p> - * - * <p>See also the sub-interfaces {@link IPublicKeyring} and - * {@link IPrivateKeyring} for special types of <i>keyrings</i> --the difference - * being in the type of entries they contain.</p> + * The top-level interface to a <i>keyring:</i> a file that is used to store + * and protect public and private cryptographic keys. + * <p> + * A <i>keyring</i> is modelled as a mapping of one <i>alias</i> to one or + * more <i>entries</i> (optionally of different types). + * <p> + * See also the sub-interfaces {@link IPublicKeyring} and + * {@link IPrivateKeyring} for special types of <i>keyrings</i> --the + * difference being in the type of entries they contain. */ public interface IKeyring { - /** - * <p>Property name for the source of data to load the keyring from. The - * value mapped must be a {@link java.io.InputStream}.</p> + * Property name for the source of data to load the keyring from. The value + * mapped must be a {@link java.io.InputStream}. */ public static final String KEYRING_DATA_IN = "gnu.crypto.keyring.data.in"; /** - * <p>Property name for the data sink to store the keyring to. The value - * mapped must be a {@link java.io.OutputStream}.</p> + * Property name for the data sink to store the keyring to. The value mapped + * must be a {@link java.io.OutputStream}. */ public static final String KEYRING_DATA_OUT = "gun.crypto.keyring.data.out"; /** - * <p>Property name for the keyring's top-level password, used to - * authenticate and/or transform the store itself. The mapped value must be a - * char array.</p> + * Property name for the keyring's top-level password, used to authenticate + * and/or transform the store itself. The mapped value must be a char array. */ public static final String KEYRING_PASSWORD = "gnu.crypto.keyring.password"; /** - * <p>Loads a keyring into memory.</p> - * - * <p>What happens to the current contents of this keyring? are the new ones - * merged with the current ones or do they simply replace them?</p> - * + * Loads a keyring into memory. + * <p> + * What happens to the current contents of this keyring? are the new ones + * merged with the current ones or do they simply replace them? + * * @param attributes The attributes that designate the source where the store - * is to be loaded from. What happens + * is to be loaded from. What happens * @throws IllegalArgumentException If the attributes are inappropriate. * @throws IOException If the keyring file cannot be read. * @throws SecurityException If the given password is incorrect, or if the - * top-level authentication or decryption fails. + * top-level authentication or decryption fails. */ void load(Map attributes) throws IOException; /** - * <p>Stores the contents of this keyring to persistent storage as specified - * by the designated <code>attributes</code>.</p> - * + * Stores the contents of this keyring to persistent storage as specified by + * the designated <code>attributes</code>. + * * @param attributes the attributes that define where the contents of this - * keyring will be stored. + * keyring will be stored. * @throws IOException if an exception occurs during the process. */ void store(Map attributes) throws IOException; /** - * <p>Resets this keyring, clearing all sensitive data. This method always - * suceeds.</p> + * Resets this keyring, clearing all sensitive data. This method always + * suceeds. */ void reset(); /** - * <p>Returns the number of entries in this keyring.</p> - * + * Returns the number of entries in this keyring. + * * @return The number of current entries in this keyring. */ int size(); /** - * <p>Returns an {@link Enumeration} of all aliases (instances of - * {@link String}) in this keyring.</p> - * - * @return The enumeration of {@link String}s each representing an - * <i>alias</i> found in this keyring. + * Returns an {@link Enumeration} of all aliases (instances of {@link String}) + * in this keyring. + * + * @return The enumeration of {@link String}s each representing an <i>alias</i> + * found in this keyring. */ Enumeration aliases(); /** * Tests whether or not this keyring contains the given alias. - * + * * @param alias The alias to check. * @return true if this keyring contains the alias. */ boolean containsAlias(String alias); /** - * <p>Returns a {@link List} of entries (instances of {@link Entry}) for the + * Returns a {@link List} of entries (instances of {@link Entry}) for the * given <code>alias</code>, or <code>null</code> if there no such entry - * exists.</p> - * + * exists. + * * @param alias The alias of the entry(ies) to return. * @return A list of all entries (instances of {@link Entry} that have the - * given <code>alias</code>, or <code>null</code> if no one {@link Entry} can - * be found with the designated <code>alias</code>. + * given <code>alias</code>, or <code>null</code> if no one + * {@link Entry} can be found with the designated <code>alias</code>. */ List get(String alias); /** - * <p>Adds a designated {@link Entry} to this keyring.</p> - * - * <p>What happens if there is already an entry with the same alias?</p> - * + * Adds a designated {@link Entry} to this keyring. + * <p> + * What happens if there is already an entry with the same alias? + * * @param entry The entry to put in this keyring. */ void add(Entry entry); /** - * <p>Removes an entry with the designated <code>alias</code> from this - * keyring. Does nothing if there was no such entry.</p> - * - * <p>What happens if there are more than one?</p> - * + * Removes an entry with the designated <code>alias</code> from this + * keyring. Does nothing if there was no such entry. + * <p> + * What happens if there are more than one? + * * @param alias The alias of the entry to remove. */ void remove(String alias); diff --git a/libjava/classpath/gnu/javax/crypto/keyring/IPrivateKeyring.java b/libjava/classpath/gnu/javax/crypto/keyring/IPrivateKeyring.java index 66bbd84f568..9e2ceab9b95 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/IPrivateKeyring.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/IPrivateKeyring.java @@ -44,41 +44,41 @@ import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; /** - * <p>An interface to private, or "personal", keyrings, which contain private + * An interface to private, or "personal", keyrings, which contain private * credentials. The contract is that each such entry is known by a unique - * <i>alias</i>.</p> - * - * <p>What about public keys? and certificate-path?</p> + * <i>alias</i>. + * <p> + * What about public keys? and certificate-path? */ -public interface IPrivateKeyring extends IKeyring +public interface IPrivateKeyring + extends IKeyring { - /** - * <p>Tests if this keyring contains a private key entry with the given - * <code>alias</code>.</p> - * + * Tests if this keyring contains a private key entry with the given + * <code>alias</code>. + * * @param alias The alias to check. * @return <code>true</code> if this keyring contains a private key with the - * given <code>alias</code>; <code>false</code> otherwise.</p> + * given <code>alias</code>; <code>false</code> otherwise. */ boolean containsPrivateKey(String alias); /** - * <p>Returns the private key with the given <code>alias</code>.</p> - * + * Returns the private key with the given <code>alias</code>. + * * @param alias The alias of the private key to find. * @param password The password of the private key. * @return The private, or secret, key if one is found; <code>null</code> if - * none were found. + * none were found. * @throws UnrecoverableKeyException If the private key could not be - * recovered, possibly due to a bad password. + * recovered, possibly due to a bad password. */ Key getPrivateKey(String alias, char[] password) throws UnrecoverableKeyException; /** - * <p>Adds a private key to this keyring.</p> - * + * Adds a private key to this keyring. + * * @param alias The alias of the private key. * @param key The private key. * @param password The password used to protect this private key. @@ -86,55 +86,57 @@ public interface IPrivateKeyring extends IKeyring void putPrivateKey(String alias, Key key, char[] password); /** - * <p>Checks if this keyring contains a public key with the given - * <code>alias</code>.</p> - * + * Checks if this keyring contains a public key with the given + * <code>alias</code>. + * * @param alias The alias to test. - * @return <code>true</code> if this keyring contains a public key entry with - * the given <code>alias</code>; <code>false</code> otherwise. + * @return <code>true</code> if this keyring contains a public key entry + * with the given <code>alias</code>; <code>false</code> + * otherwise. */ boolean containsPublicKey(String alias); /** - * <p>Returns the public key with the given <code>alias</code>, or - * <code>null</code> if there is no such entry.</p> - * + * Returns the public key with the given <code>alias</code>, or + * <code>null</code> if there is no such entry. + * * @param alias The alias of the public key to find. * @return The public key; or <code>null</code> if none were found. */ PublicKey getPublicKey(String alias); /** - * <p>Sets a public key entry.</p> - * + * Sets a public key entry. + * * @param alias The alias for this public key. * @param key The public key. */ void putPublicKey(String alias, PublicKey key); /** - * <p>Checks if this keyring contains a certificate path with the given - * <code>alias</code>.</p> - * + * Checks if this keyring contains a certificate path with the given + * <code>alias</code>. + * * @param alias The alias to check. - * @return <code>true</code> if this keyring contains a certificate path with - * the given <code>alias</code>; <code>false</code> otherwise. + * @return <code>true</code> if this keyring contains a certificate path + * with the given <code>alias</code>; <code>false</code> + * otherwise. */ boolean containsCertPath(String alias); /** - * <p>Returns the certificate path with the given <code>alias</code>, or - * <code>null</code> if there is no such entry.</p> - * + * Returns the certificate path with the given <code>alias</code>, or + * <code>null</code> if there is no such entry. + * * @param alias The alias of the certificate path to find. * @return The certificate path for the designated <code>alias</code>; or - * <code>null</code> if none were found. + * <code>null</code> if none were found. */ Certificate[] getCertPath(String alias); /** - * <p>Sets a certificate path entry.</p> - * + * Sets a certificate path entry. + * * @param alias The alias for this certificate path. * @param path The certificate path. */ diff --git a/libjava/classpath/gnu/javax/crypto/keyring/IPublicKeyring.java b/libjava/classpath/gnu/javax/crypto/keyring/IPublicKeyring.java index ccf9ca73b55..efe568f185b 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/IPublicKeyring.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/IPublicKeyring.java @@ -41,39 +41,40 @@ package gnu.javax.crypto.keyring; import java.security.cert.Certificate; /** - * <p>An interface for keyrings that contain trusted (by the owner) public - * credentials (incl. certificates).</p> - * + * An interface for keyrings that contain trusted (by the owner) public + * credentials (incl. certificates). + * * @see IKeyring */ -public interface IPublicKeyring extends IKeyring +public interface IPublicKeyring + extends IKeyring { - /** - * <p>Tests if this keyring contains a certificate entry with the specified - * <code>alias</code>.</p> - * + * Tests if this keyring contains a certificate entry with the specified + * <code>alias</code>. + * * @param alias The alias of the certificate to check. * @return <code>true</code> if this keyring contains a certificate entry - * that has the given <code>alias</code>; <code>false</code> otherwise. + * that has the given <code>alias</code>; <code>false</code> + * otherwise. */ boolean containsCertificate(String alias); /** - * <p>Returns a certificate that has the given <code>alias</code>, or - * <code>null</code> if this keyring has no such entry.</p> - * + * Returns a certificate that has the given <code>alias</code>, or + * <code>null</code> if this keyring has no such entry. + * * @param alias The alias of the certificate to find. * @return The certificate with the designated <code>alias</code>, or - * <code>null</code> if none found. + * <code>null</code> if none found. */ Certificate getCertificate(String alias); /** - * <p>Adds a certificate in this keyring, with the given <code>alias</code>.</p> - * - * <p>What happens if there is already a certificate entry with this alias?</p> - * + * Adds a certificate in this keyring, with the given <code>alias</code>. + * <p> + * What happens if there is already a certificate entry with this alias? + * * @param alias The alias of this certificate entry. * @param cert The certificate. */ diff --git a/libjava/classpath/gnu/javax/crypto/keyring/MalformedKeyringException.java b/libjava/classpath/gnu/javax/crypto/keyring/MalformedKeyringException.java index 44c953946d4..0dab3a764c6 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/MalformedKeyringException.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/MalformedKeyringException.java @@ -40,12 +40,9 @@ package gnu.javax.crypto.keyring; import java.io.IOException; -public class MalformedKeyringException extends IOException +public class MalformedKeyringException + extends IOException { - - // Constructors. - // ------------------------------------------------------------------------ - public MalformedKeyringException() { super(); diff --git a/libjava/classpath/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java index 7fed7c40c15..5206a5e071e 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/MaskableEnvelopeEntry.java @@ -43,21 +43,15 @@ import java.util.List; /** * An envelope entry that can be "masked" -- placed in a state where the - * envelope's contents cannot be accessed, due to the envelope not being - * fully decoded, for example. + * envelope's contents cannot be accessed, due to the envelope not being fully + * decoded, for example. */ -public abstract class MaskableEnvelopeEntry extends EnvelopeEntry +public abstract class MaskableEnvelopeEntry + extends EnvelopeEntry { - - // Fields. - // ------------------------------------------------------------------------ - /** The masked state. */ protected boolean masked; - // Constructors. - // ------------------------------------------------------------------------ - public MaskableEnvelopeEntry(int type, Properties properties) { super(type, properties); @@ -68,12 +62,9 @@ public abstract class MaskableEnvelopeEntry extends EnvelopeEntry super(type); } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Sets the masked state to the specified value. - * + * * @param masked The new masked state. */ protected final void setMasked(boolean masked) @@ -84,7 +75,7 @@ public abstract class MaskableEnvelopeEntry extends EnvelopeEntry /** * Gets the masked state of this object. Certain operations on this object * will fail if it is masked. - * + * * @return The current masked state. */ public boolean isMasked() @@ -95,54 +86,50 @@ public abstract class MaskableEnvelopeEntry extends EnvelopeEntry public void add(Entry entry) { if (isMasked()) - { - throw new IllegalStateException("masked envelope"); - } + throw new IllegalStateException("masked envelope"); super.add(entry); } public boolean containsEntry(Entry entry) { if (isMasked()) - { - throw new IllegalStateException("masked envelope"); - } + throw new IllegalStateException("masked envelope"); return super.containsEntry(entry); } public List getEntries() { if (isMasked()) - { - throw new IllegalStateException("masked envelope"); - } + throw new IllegalStateException("masked envelope"); return new ArrayList(entries); } public List get(String alias) { if (isMasked()) - { - throw new IllegalStateException("masked envelope"); - } + throw new IllegalStateException("masked envelope"); return super.get(alias); } public boolean remove(Entry entry) { if (isMasked()) - { - throw new IllegalStateException("masked envelope"); - } + throw new IllegalStateException("masked envelope"); return super.remove(entry); } - public void remove(String alias) + public boolean remove(String alias) { if (isMasked()) - { - throw new IllegalStateException("masked envelope"); - } - super.remove(alias); + throw new IllegalStateException("masked envelope"); + return super.remove(alias); + } + + public String toString() + { + return new StringBuilder("MaskableEnvelope{") + .append(super.toString()) + .append(", masked=").append(masked) + .append("}").toString(); } } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/MeteredInputStream.java b/libjava/classpath/gnu/javax/crypto/keyring/MeteredInputStream.java index fcf2be746c9..330e4b20fb5 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/MeteredInputStream.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/MeteredInputStream.java @@ -39,22 +39,15 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; import java.io.FilterInputStream; -import java.io.InputStream; import java.io.IOException; +import java.io.InputStream; -final class MeteredInputStream extends FilterInputStream +final class MeteredInputStream + extends FilterInputStream { - - // Fields. - // ------------------------------------------------------------------------ - private int count; - private final int limit; - // Constructor. - // ------------------------------------------------------------------------ - MeteredInputStream(InputStream in, int limit) { super(in); @@ -64,12 +57,9 @@ final class MeteredInputStream extends FilterInputStream count = 0; } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Tests if the number of bytes read has reached the limit. - * + * * @return True if the limit has been reached. */ public boolean limitReached() diff --git a/libjava/classpath/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java index 2e3a0d145c8..be10029c8bc 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java @@ -38,9 +38,11 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.prng.IRandom; import gnu.java.security.prng.LimitReachedException; +import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; import gnu.javax.crypto.mac.IMac; import gnu.javax.crypto.mac.MacFactory; @@ -55,35 +57,27 @@ import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; import java.security.InvalidKeyException; -import java.security.SecureRandom; import java.util.Arrays; -import java.util.Iterator; import java.util.HashMap; +import java.util.Iterator; +import java.util.logging.Logger; /** - * <p>An entry authenticated with a password-based MAC.</p> + * An entry authenticated with a password-based MAC. */ -public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry +public final class PasswordAuthenticatedEntry + extends MaskableEnvelopeEntry implements PasswordProtectedEntry, Registry { - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(PasswordAuthenticatedEntry.class.getName()); public static final int TYPE = 3; - // Constructor(s) - // ------------------------------------------------------------------------- - public PasswordAuthenticatedEntry(String mac, int maclen, Properties properties) { super(TYPE, properties); - if (mac == null || mac.length() == 0) - { - throw new IllegalArgumentException("no MAC specified"); - } + throw new IllegalArgumentException("no MAC specified"); this.properties.put("mac", mac); this.properties.put("maclen", String.valueOf(maclen)); setMasked(false); @@ -95,9 +89,6 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry setMasked(true); } - // Class methods - // ------------------------------------------------------------------------- - public static PasswordAuthenticatedEntry decode(DataInputStream in, char[] password) throws IOException @@ -113,10 +104,8 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry entry.decodeEnvelope(in2); byte[] macValue = new byte[mac.macSize()]; in.readFully(macValue); - if (!Arrays.equals(macValue, mac.digest())) - { - throw new MalformedKeyringException("MAC verification failed"); - } + if (! Arrays.equals(macValue, mac.digest())) + throw new MalformedKeyringException("MAC verification failed"); return entry; } @@ -125,74 +114,76 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry { PasswordAuthenticatedEntry entry = new PasswordAuthenticatedEntry(); entry.defaultDecode(in); - if (!entry.properties.containsKey("mac")) - { - throw new MalformedKeyringException("no MAC"); - } - if (!entry.properties.containsKey("maclen")) - { - throw new MalformedKeyringException("no MAC length"); - } - if (!entry.properties.containsKey("salt")) - { - throw new MalformedKeyringException("no salt"); - } + if (! entry.properties.containsKey("mac")) + throw new MalformedKeyringException("no MAC"); + if (! entry.properties.containsKey("maclen")) + throw new MalformedKeyringException("no MAC length"); + if (! entry.properties.containsKey("salt")) + throw new MalformedKeyringException("no salt"); return entry; } - // Instance methods - // ------------------------------------------------------------------------- - public void verify(char[] password) { - if (!isMasked() || payload == null) - { - return; - } - IMac m = null; - try - { - m = getMac(password); - } - catch (Exception x) + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "verify"); + if (isMasked() && payload != null) { - throw new IllegalArgumentException(x.toString()); + if (Configuration.DEBUG) + log.fine("payload to verify: " + Util.dumpString(payload)); + long tt = -System.currentTimeMillis(); + IMac m = null; + try + { + m = getMac(password); + } + catch (Exception x) + { + throw new IllegalArgumentException(x.toString(), x); + } + int limit = payload.length - m.macSize(); + m.update(payload, 0, limit); + byte[] macValue = new byte[m.macSize()]; + System.arraycopy(payload, payload.length - macValue.length, macValue, + 0, macValue.length); + if (! Arrays.equals(macValue, m.digest())) + throw new IllegalArgumentException("MAC verification failed"); + setMasked(false); + ByteArrayInputStream bais; + try + { + bais = new ByteArrayInputStream(payload, 0, limit); + DataInputStream in = new DataInputStream(bais); + decodeEnvelope(in); + } + catch (IOException ioe) + { + throw new IllegalArgumentException("malformed keyring fragment"); + } + tt += System.currentTimeMillis(); + if (Configuration.DEBUG) + log.fine("Verified in " + tt + "ms."); } - - m.update(payload, 0, payload.length - m.macSize()); - byte[] macValue = new byte[m.macSize()]; - System.arraycopy(payload, payload.length - macValue.length, macValue, 0, - macValue.length); - if (!Arrays.equals(macValue, m.digest())) - { - throw new IllegalArgumentException("MAC verification failed"); - } - try - { - DataInputStream in = new DataInputStream( - new ByteArrayInputStream( - payload, - 0, - payload.length - - m.macSize())); - decodeEnvelope(in); - } - catch (IOException ioe) - { - throw new IllegalArgumentException("malformed keyring fragment"); - } - setMasked(false); - payload = null; + else if (Configuration.DEBUG) + log.fine("Skip verification; " + + (isMasked() ? "null payload" : "unmasked")); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "verify"); } public void authenticate(char[] password) throws IOException { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "authenticate"); + long tt = -System.currentTimeMillis(); + long t1 = -System.currentTimeMillis(); if (isMasked()) - { - throw new IllegalStateException("entry is masked"); - } + throw new IllegalStateException("entry is masked"); byte[] salt = new byte[8]; - new SecureRandom ().nextBytes (salt); + PRNG.getInstance().nextBytes(salt); + t1 += System.currentTimeMillis(); + if (Configuration.DEBUG) + log.fine("-- Generated salt in " + t1 + "ms."); properties.put("salt", Util.toString(salt)); IMac m = getMac(password); ByteArrayOutputStream bout = new ByteArrayOutputStream(1024); @@ -201,10 +192,25 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry for (Iterator it = entries.iterator(); it.hasNext();) { Entry entry = (Entry) it.next(); + if (Configuration.DEBUG) + log.fine("-- About to authenticate one " + entry); + t1 = -System.currentTimeMillis(); entry.encode(out2); + t1 += System.currentTimeMillis(); + if (Configuration.DEBUG) + log.fine("-- Authenticated an Entry in " + t1 + "ms."); } bout.write(m.digest()); payload = bout.toByteArray(); + if (Configuration.DEBUG) + log.fine("authenticated payload: " + Util.dumpString(payload)); + setMasked(true); + tt += System.currentTimeMillis(); + if (Configuration.DEBUG) + { + log.fine("Authenticated in " + tt + "ms."); + log.exiting(this.getClass().getName(), "authenticate"); + } } public void encode(DataOutputStream out, char[] password) throws IOException @@ -217,48 +223,42 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry { if (payload == null) { + log.fine("Null payload: " + this); throw new IllegalStateException("mac not computed"); } } - // Own methods. - // ------------------------------------------------------------------------ - private IMac getMac(char[] password) throws MalformedKeyringException { - if (!properties.containsKey("salt")) - { - throw new MalformedKeyringException("no salt"); - } - byte[] salt = Util.toBytesFromString(properties.get("salt")); - IMac mac = MacFactory.getInstance(properties.get("mac")); + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "getMac"); + String saltString = properties.get("salt"); + if (saltString == null) + throw new MalformedKeyringException("no salt"); + byte[] salt = Util.toBytesFromString(saltString); + String macAlgorithm = properties.get("mac"); + IMac mac = MacFactory.getInstance(macAlgorithm); if (mac == null) - { - throw new MalformedKeyringException("no such mac: " - + properties.get("mac")); - } - int keylen = mac.macSize(); - int maclen = 0; - if (!properties.containsKey("maclen")) - { - throw new MalformedKeyringException("no MAC length"); - } + throw new MalformedKeyringException("no such mac: " + macAlgorithm); + String macLenString = properties.get("maclen"); + if (macLenString == null) + throw new MalformedKeyringException("no MAC length"); + int maclen; try { - maclen = Integer.parseInt(properties.get("maclen")); + maclen = Integer.parseInt(macLenString); } catch (NumberFormatException nfe) { throw new MalformedKeyringException("bad MAC length"); } - HashMap pbAttr = new HashMap(); pbAttr.put(IPBE.PASSWORD, password); pbAttr.put(IPBE.SALT, salt); pbAttr.put(IPBE.ITERATION_COUNT, ITERATION_COUNT); IRandom kdf = PRNGFactory.getInstance("PBKDF2-HMAC-SHA"); kdf.init(pbAttr); - + int keylen = mac.macSize(); byte[] dk = new byte[keylen]; try { @@ -268,10 +268,9 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry { throw new Error(shouldNotHappen.toString()); } - HashMap macAttr = new HashMap(); macAttr.put(IMac.MAC_KEY_MATERIAL, dk); - macAttr.put(IMac.TRUNCATED_SIZE, new Integer(maclen)); + macAttr.put(IMac.TRUNCATED_SIZE, Integer.valueOf(maclen)); try { mac.init(macAttr); @@ -280,6 +279,8 @@ public final class PasswordAuthenticatedEntry extends MaskableEnvelopeEntry { throw new Error(shouldNotHappen.toString()); } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "getMac"); return mac; } } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java index 26b4032bdfb..00031cbf1bb 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/PasswordEncryptedEntry.java @@ -38,11 +38,12 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.prng.IRandom; import gnu.java.security.prng.LimitReachedException; +import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; - import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.mode.IMode; @@ -58,41 +59,28 @@ import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; - import java.security.InvalidKeyException; -import java.security.SecureRandom; - -import java.util.Arrays; -import java.util.Collections; -import java.util.Date; -import java.util.Iterator; import java.util.HashMap; -import java.util.List; +import java.util.Iterator; +import java.util.logging.Logger; /** * An envelope that is encrypted with a password-derived key. */ -public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements - PasswordProtectedEntry, Registry +public class PasswordEncryptedEntry + extends MaskableEnvelopeEntry + implements PasswordProtectedEntry, Registry { - - // Constants and fields. - // ------------------------------------------------------------------------ - + private static final Logger log = Logger.getLogger(PasswordEncryptedEntry.class.getName()); public static final int TYPE = 1; - // Constructors. - // ------------------------------------------------------------------------ - public PasswordEncryptedEntry(String cipher, String mode, int keylen, Properties properties) { super(TYPE, properties); if ((cipher == null || cipher.length() == 0) || (mode == null || mode.length() == 0)) - { - throw new IllegalArgumentException("cipher nor mode can be empty"); - } + throw new IllegalArgumentException("cipher nor mode can be empty"); this.properties.put("cipher", cipher); this.properties.put("mode", mode); this.properties.put("keylen", String.valueOf(keylen)); @@ -105,9 +93,6 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements setMasked(true); } - // Class methods. - // ------------------------------------------------------------------------ - public static PasswordEncryptedEntry decode(DataInputStream in, char[] password) throws IOException @@ -132,49 +117,57 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements return entry; } - // Instance methods. - // ------------------------------------------------------------------------ - public void decrypt(char[] password) throws IllegalArgumentException, WrongPaddingException { - if (!isMasked() || payload == null) + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "decrypt"); + if (isMasked() && payload != null) { - return; - } - IMode mode = getMode(password, IMode.DECRYPTION); - IPad padding = PadFactory.getInstance("PKCS7"); - padding.init(mode.currentBlockSize()); - byte[] buf = new byte[payload.length]; - int count = 0; - for (int i = 0; i < payload.length; i++) - { - mode.update(payload, count, buf, count); - count += mode.currentBlockSize(); - } - int padlen = padding.unpad(buf, 0, buf.length); - DataInputStream in = new DataInputStream( - new ByteArrayInputStream( - buf, - 0, - buf.length - - padlen)); - try - { - decodeEnvelope(in); - } - catch (IOException ioe) - { - throw new IllegalArgumentException("decryption failed"); + long tt = -System.currentTimeMillis(); + IMode mode = getMode(password, IMode.DECRYPTION); + IPad padding = PadFactory.getInstance("PKCS7"); + padding.init(mode.currentBlockSize()); + byte[] buf = new byte[payload.length]; + int count = 0; + while (count + mode.currentBlockSize() <= payload.length) + { + mode.update(payload, count, buf, count); + count += mode.currentBlockSize(); + } + int padlen = padding.unpad(buf, 0, buf.length); + setMasked(false); + int len = buf.length - padlen; + ByteArrayInputStream baos = new ByteArrayInputStream(buf, 0, len); + DataInputStream in = new DataInputStream(baos); + try + { + decodeEnvelope(in); + } + catch (IOException ioe) + { + throw new IllegalArgumentException("decryption failed"); + } + tt += System.currentTimeMillis(); + log.fine("Decrypted in " + tt + "ms."); } - setMasked(false); - payload = null; + else if (Configuration.DEBUG) + log.fine("Skip decryption; " + (isMasked() ? "null payload" : "unmasked")); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "decrypt"); } public void encrypt(char[] password) throws IOException { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "encrypt", String.valueOf(password)); + long tt = -System.currentTimeMillis(); + long t1 = -System.currentTimeMillis(); byte[] salt = new byte[8]; - new SecureRandom ().nextBytes (salt); + PRNG.getInstance().nextBytes(salt); + t1 += System.currentTimeMillis(); + if (Configuration.DEBUG) + log.fine("-- Generated salt in " + t1 + "ms."); properties.put("salt", Util.toString(salt)); IMode mode = getMode(password, IMode.ENCRYPTION); IPad pad = PadFactory.getInstance("PKCS7"); @@ -184,7 +177,13 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements for (Iterator it = entries.iterator(); it.hasNext();) { Entry entry = (Entry) it.next(); + if (Configuration.DEBUG) + log.fine("-- About to encode one " + entry); + t1 = -System.currentTimeMillis(); entry.encode(out2); + t1 += System.currentTimeMillis(); + if (Configuration.DEBUG) + log.fine("-- Encoded an Entry in " + t1 + "ms."); } byte[] plaintext = bout.toByteArray(); byte[] padding = pad.pad(plaintext, 0, plaintext.length); @@ -200,6 +199,13 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements count += mode.currentBlockSize(); } mode.update(lastBlock, 0, payload, count); + setMasked(true); + tt += System.currentTimeMillis(); + if (Configuration.DEBUG) + { + log.fine("Encrypted in " + tt + "ms."); + log.exiting(this.getClass().getName(), "encrypt"); + } } public void encode(DataOutputStream out, char[] password) throws IOException @@ -212,60 +218,46 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements { if (payload == null) { + if (Configuration.DEBUG) + log.fine("Null payload: " + this); throw new IllegalStateException("not encrypted"); } } - // Own methods. - // ------------------------------------------------------------------------ - private IMode getMode(char[] password, int state) { String s = properties.get("salt"); if (s == null) - { - throw new IllegalArgumentException("no salt"); - } + throw new IllegalArgumentException("no salt"); byte[] salt = Util.toBytesFromString(s); IBlockCipher cipher = CipherFactory.getInstance(properties.get("cipher")); if (cipher == null) - { - throw new IllegalArgumentException("no such cipher: " - + properties.get("cipher")); - } + throw new IllegalArgumentException("no such cipher: " + + properties.get("cipher")); int blockSize = cipher.defaultBlockSize(); if (properties.containsKey("block-size")) - { - try - { - blockSize = Integer.parseInt(properties.get("block-size")); - } - catch (NumberFormatException nfe) - { - throw new IllegalArgumentException("bad block size: " - + nfe.getMessage()); - } - } - IMode mode = ModeFactory.getInstance(properties.get("mode"), cipher, - blockSize); + try + { + blockSize = Integer.parseInt(properties.get("block-size")); + } + catch (NumberFormatException nfe) + { + throw new IllegalArgumentException("bad block size: " + + nfe.getMessage()); + } + String modeName = properties.get("mode"); + IMode mode = ModeFactory.getInstance(modeName, cipher, blockSize); if (mode == null) - { - throw new IllegalArgumentException("no such mode: " - + properties.get("mode")); - } - + throw new IllegalArgumentException("no such mode: " + modeName); HashMap pbAttr = new HashMap(); pbAttr.put(IPBE.PASSWORD, password); pbAttr.put(IPBE.SALT, salt); pbAttr.put(IPBE.ITERATION_COUNT, ITERATION_COUNT); IRandom kdf = PRNGFactory.getInstance("PBKDF2-HMAC-SHA"); kdf.init(pbAttr); - int keylen = 0; - if (!properties.containsKey("keylen")) - { - throw new IllegalArgumentException("no key length"); - } + if (! properties.containsKey("keylen")) + throw new IllegalArgumentException("no key length"); try { keylen = Integer.parseInt(properties.get("keylen")); @@ -286,7 +278,7 @@ public class PasswordEncryptedEntry extends MaskableEnvelopeEntry implements } HashMap modeAttr = new HashMap(); modeAttr.put(IMode.KEY_MATERIAL, dk); - modeAttr.put(IMode.STATE, new Integer(state)); + modeAttr.put(IMode.STATE, Integer.valueOf(state)); modeAttr.put(IMode.IV, iv); try { diff --git a/libjava/classpath/gnu/javax/crypto/keyring/PasswordProtectedEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/PasswordProtectedEntry.java index 0dcf73eb8d2..5eff637927a 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/PasswordProtectedEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/PasswordProtectedEntry.java @@ -43,21 +43,12 @@ import java.io.IOException; public interface PasswordProtectedEntry { - - // Constant. - // ------------------------------------------------------------------------ - - /** - * The iteration count for password-based KDFs. - */ - Integer ITERATION_COUNT = new Integer(1000); - - // Method. - // ------------------------------------------------------------------------ + /** The iteration count for password-based KDFs. */ + Integer ITERATION_COUNT = Integer.valueOf(1000); /** * Encodes this entry, protected by a password. - * + * * @param out The output stream to encode to. * @param password The password. * @throws IOException If an I/O error occurs. diff --git a/libjava/classpath/gnu/javax/crypto/keyring/PrimitiveEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/PrimitiveEntry.java index 4c9ff0ff1d9..194fe9eeec1 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/PrimitiveEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/PrimitiveEntry.java @@ -43,36 +43,24 @@ import java.util.Date; /** * A primitive entry is an entry that contains a single cryptographic entity. */ -public abstract class PrimitiveEntry extends Entry +public abstract class PrimitiveEntry + extends Entry { - - // Fields. - // ------------------------------------------------------------------------ - /** The creation date. */ protected Date creationDate; - // Constructor. - // ------------------------------------------------------------------------ - protected PrimitiveEntry(int type, Date creationDate, Properties properties) { super(type, properties); if (creationDate == null) - { - this.creationDate = new Date(); - } + this.creationDate = new Date(); else - { - this.creationDate = (Date) creationDate.clone(); - } - if (!this.properties.containsKey("alias") + this.creationDate = (Date) creationDate.clone(); + if (! this.properties.containsKey("alias") || this.properties.get("alias").length() == 0) - { - throw new IllegalArgumentException( - "primitive entries MUST have an alias"); - } - this.properties.put("creation-date", String.valueOf(creationDate.getTime())); + throw new IllegalArgumentException("primitive entries MUST have an alias"); + this.properties.put("creation-date", + String.valueOf(this.creationDate.getTime())); } protected PrimitiveEntry(int type) @@ -80,12 +68,9 @@ public abstract class PrimitiveEntry extends Entry super(type); } - // Instance method. - // ------------------------------------------------------------------------ - /** * Returns the alias of this primitive entry. - * + * * @return The alias. */ public String getAlias() @@ -95,7 +80,7 @@ public abstract class PrimitiveEntry extends Entry /** * Returns the creation date of this primitive entry. - * + * * @return The creation date. */ public Date getCreationDate() @@ -105,7 +90,7 @@ public abstract class PrimitiveEntry extends Entry public boolean equals(Object object) { - if (!getClass().equals(object.getClass())) + if (! getClass().equals(object.getClass())) return false; return getAlias().equals(((PrimitiveEntry) object).getAlias()); } @@ -114,9 +99,7 @@ public abstract class PrimitiveEntry extends Entry { String s = properties.get("creation-date"); if (s == null) - { - throw new MalformedKeyringException("no creation date"); - } + throw new MalformedKeyringException("no creation date"); try { creationDate = new Date(Long.parseLong(s)); diff --git a/libjava/classpath/gnu/javax/crypto/keyring/PrivateKeyEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/PrivateKeyEntry.java index 88249563341..23244afee8d 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/PrivateKeyEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/PrivateKeyEntry.java @@ -42,12 +42,10 @@ import gnu.java.security.key.IKeyPairCodec; import gnu.java.security.key.KeyPairCodecFactory; import gnu.java.security.key.dss.DSSPrivateKey; import gnu.java.security.key.rsa.GnuRSAPrivateKey; - import gnu.javax.crypto.key.GnuSecretKey; import gnu.javax.crypto.key.dh.GnuDHPrivateKey; import java.io.DataInputStream; -import java.io.DataOutputStream; import java.io.IOException; import java.security.Key; import java.security.KeyFactory; @@ -56,25 +54,18 @@ import java.security.spec.PKCS8EncodedKeySpec; import java.util.Date; /** - * <p>An immutable class representing a private or secret key entry.</p> + * An immutable class representing a private or secret key entry. */ -public final class PrivateKeyEntry extends PrimitiveEntry +public final class PrivateKeyEntry + extends PrimitiveEntry { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final int TYPE = 7; - /** The key. */ private Key key; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Creates a new key entry.</p> - * + * Creates a new key entry. + * * @param key The key. * @param creationDate The entry creation date. * @param properties The entry properties. @@ -83,15 +74,10 @@ public final class PrivateKeyEntry extends PrimitiveEntry public PrivateKeyEntry(Key key, Date creationDate, Properties properties) { super(TYPE, creationDate, properties); - if (key == null) - { - throw new IllegalArgumentException("no private key"); - } - if (!(key instanceof PrivateKey) && !(key instanceof GnuSecretKey)) - { - throw new IllegalArgumentException("not a private or secret key"); - } + throw new IllegalArgumentException("no private key"); + if (! (key instanceof PrivateKey) && ! (key instanceof GnuSecretKey)) + throw new IllegalArgumentException("not a private or secret key"); this.key = key; } @@ -100,18 +86,13 @@ public final class PrivateKeyEntry extends PrimitiveEntry super(TYPE); } - // Class methods - // ------------------------------------------------------------------------- - public static PrivateKeyEntry decode(DataInputStream in) throws IOException { PrivateKeyEntry entry = new PrivateKeyEntry(); entry.defaultDecode(in); String type = entry.properties.get("type"); if (type == null) - { - throw new MalformedKeyringException("no key type"); - } + throw new MalformedKeyringException("no key type"); if (type.equalsIgnoreCase("RAW-DSS")) { IKeyPairCodec coder = KeyPairCodecFactory.getInstance("dss"); @@ -128,18 +109,16 @@ public final class PrivateKeyEntry extends PrimitiveEntry entry.key = coder.decodePrivateKey(entry.payload); } else if (type.equalsIgnoreCase("RAW")) - { - entry.key = new GnuSecretKey(entry.payload, null); - } + entry.key = new GnuSecretKey(entry.payload, null); else if (type.equalsIgnoreCase("PKCS8")) { try { KeyFactory kf = KeyFactory.getInstance("RSA"); - entry.key = kf.generatePrivate(new PKCS8EncodedKeySpec( - entry.payload)); + PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(entry.payload); + entry.key = kf.generatePrivate(ks); } - catch (Exception x) + catch (Exception ignored) { } if (entry.key == null) @@ -147,32 +126,24 @@ public final class PrivateKeyEntry extends PrimitiveEntry try { KeyFactory kf = KeyFactory.getInstance("DSA"); - entry.key = kf.generatePrivate(new PKCS8EncodedKeySpec( - entry.payload)); + PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(entry.payload); + entry.key = kf.generatePrivate(ks); } - catch (Exception x) + catch (Exception ignored) { } if (entry.key == null) - { - throw new MalformedKeyringException( - "could not decode PKCS#8 key"); - } + throw new MalformedKeyringException("could not decode PKCS#8 key"); } } else - { - throw new MalformedKeyringException("unsupported key type " + type); - } + throw new MalformedKeyringException("unsupported key type " + type); return entry; } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns this entry's key.</p> - * + * Returns this entry's key. + * * @return The key. */ public Key getKey() @@ -212,8 +183,12 @@ public final class PrivateKeyEntry extends PrimitiveEntry payload = key.getEncoded(); } else - { - throw new IllegalArgumentException("unsupported private key"); - } + throw new IllegalArgumentException("unsupported private key"); + } + + public String toString() + { + return "PrivateKeyEntry{key=" + + (key == null ? "-" : key.getClass().getName()) + "}"; } } diff --git a/libjava/classpath/gnu/javax/crypto/keyring/Properties.java b/libjava/classpath/gnu/javax/crypto/keyring/Properties.java index 646b5711df2..b833a74aeab 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/Properties.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/Properties.java @@ -42,27 +42,20 @@ import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; - import java.util.HashMap; import java.util.Iterator; import java.util.Map; /** * A set of <code>(name => value)</code> pairs used in keyring entries. - * Keys and values are simple strings, with the key never being empty and - * always treated case-insensitively. + * Keys and values are simple strings, with the key never being empty and always + * treated case-insensitively. */ -public class Properties implements Cloneable +public class Properties + implements Cloneable { - - // Field. - // ------------------------------------------------------------------------ - private HashMap props; - // Constructor. - // ------------------------------------------------------------------------ - /** * Creates a new properties object. */ @@ -71,9 +64,6 @@ public class Properties implements Cloneable props = new HashMap(); } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Removes all properties from this object. */ @@ -84,7 +74,7 @@ public class Properties implements Cloneable /** * Creates a copy of this properties object. - * + * * @return The copy. */ public Object clone() @@ -96,86 +86,75 @@ public class Properties implements Cloneable /** * Tests if this object contains a given property name. - * + * * @param key The key to test. * @return True if this object contains the given key. */ public boolean containsKey(String key) { if (key == null || key.length() == 0) - { - return false; - } + return false; return props.containsKey(canonicalize(key)); } /** * Tests if this object contains a given property value. - * + * * @param value The value to test. * @return True if this object contains the given value. */ public boolean containsValue(String value) { if (value == null) - { - return false; - } + return false; return props.containsValue(value); } /** * Adds a new property to this object. - * + * * @param key The key, which can neither be null nor empty. * @param value The value, which cannot be null. * @return The old value mapped by the key, if any. - * @throws IllegalArgumentException If either the key or value parameter - - * is null, or if the key is empty. + * @throws IllegalArgumentException If either the key or value parameter is + * null, or if the key is empty. */ public String put(String key, String value) { if (key == null || value == null || key.length() == 0) - { - throw new IllegalArgumentException("key nor value can be null"); - } + throw new IllegalArgumentException("key nor value can be null"); return (String) props.put(canonicalize(key), value); } /** - * Returns the value mapped by the given key, or null if there is no - * such mapping. - * + * Returns the value mapped by the given key, or null if there is no such + * mapping. + * * @param key */ public String get(String key) { if (key == null || key.length() == 0) - { - return null; - } + return null; return (String) props.get(canonicalize(key)); } /** * Removes a key and its value from this object. - * + * * @param key The key of the property to remove. * @return The old value mapped by the key, if any. */ public String remove(String key) { if (key == null || key.length() == 0) - { - return null; - } + return null; return (String) props.remove(canonicalize(key)); } /** * Decodes a set of properties from the given input stream. - * + * * @param in The input stream. * @throws IOException If an I/O error occurs. */ @@ -184,7 +163,7 @@ public class Properties implements Cloneable int len = in.readInt(); MeteredInputStream min = new MeteredInputStream(in, len); DataInputStream in2 = new DataInputStream(min); - while (!min.limitReached()) + while (! min.limitReached()) { String name = in2.readUTF(); String value = in2.readUTF(); @@ -194,7 +173,7 @@ public class Properties implements Cloneable /** * Encodes this set of properties to the given output stream. - * + * * @param out The output stream to encode to. * @throws IOException If an I/O error occurs. */ @@ -217,9 +196,6 @@ public class Properties implements Cloneable return props.toString(); } - // Own methods. - // ------------------------------------------------------------------------ - private String canonicalize(String key) { return key.toLowerCase(); diff --git a/libjava/classpath/gnu/javax/crypto/keyring/PublicKeyEntry.java b/libjava/classpath/gnu/javax/crypto/keyring/PublicKeyEntry.java index 528e70cc648..3e7f54d3e20 100644 --- a/libjava/classpath/gnu/javax/crypto/keyring/PublicKeyEntry.java +++ b/libjava/classpath/gnu/javax/crypto/keyring/PublicKeyEntry.java @@ -38,43 +38,30 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; - -import java.security.PublicKey; -import java.security.KeyFactory; -import java.security.spec.X509EncodedKeySpec; - -import java.util.Date; - import gnu.java.security.key.IKeyPairCodec; import gnu.java.security.key.KeyPairCodecFactory; import gnu.java.security.key.dss.DSSPublicKey; import gnu.java.security.key.rsa.GnuRSAPublicKey; import gnu.javax.crypto.key.dh.GnuDHPublicKey; -public final class PublicKeyEntry extends PrimitiveEntry -{ - - // Constants and fields. - // ------------------------------------------------------------------------ +import java.io.DataInputStream; +import java.io.IOException; +import java.security.KeyFactory; +import java.security.PublicKey; +import java.security.spec.X509EncodedKeySpec; +import java.util.Date; +public final class PublicKeyEntry + extends PrimitiveEntry +{ public static final int TYPE = 6; - private PublicKey key; - // Constructor. - // ------------------------------------------------------------------------ - public PublicKeyEntry(PublicKey key, Date creationDate, Properties properties) { super(TYPE, creationDate, properties); - if (key == null) - { - throw new IllegalArgumentException("no key specified"); - } + throw new IllegalArgumentException("no key specified"); this.key = key; } @@ -83,18 +70,13 @@ public final class PublicKeyEntry extends PrimitiveEntry super(TYPE); } - // Class method. - // ------------------------------------------------------------------------ - public static PublicKeyEntry decode(DataInputStream in) throws IOException { PublicKeyEntry entry = new PublicKeyEntry(); entry.defaultDecode(in); String type = entry.properties.get("type"); if (type == null) - { - throw new MalformedKeyringException("no key type"); - } + throw new MalformedKeyringException("no key type"); if (type.equalsIgnoreCase("RAW-DSS")) { IKeyPairCodec coder = KeyPairCodecFactory.getInstance("dss"); @@ -125,33 +107,23 @@ public final class PublicKeyEntry extends PrimitiveEntry try { KeyFactory kf = KeyFactory.getInstance("DSA"); - entry.key = kf.generatePublic(new X509EncodedKeySpec( - entry.payload)); + entry.key = kf.generatePublic(new X509EncodedKeySpec(entry.payload)); } catch (Exception x) { } if (entry.key == null) - { - throw new MalformedKeyringException( - "could not decode X.509 key"); - } + throw new MalformedKeyringException("could not decode X.509 key"); } } else - { - throw new MalformedKeyringException("unsupported public key type: " - + type); - } + throw new MalformedKeyringException("unsupported public key type: " + type); return entry; } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Returns the public key. - * + * * @return The public key. */ public PublicKey getKey() @@ -185,8 +157,6 @@ public final class PublicKeyEntry extends PrimitiveEntry payload = key.getEncoded(); } else - { - throw new IllegalArgumentException("cannot encode public key"); - } + throw new IllegalArgumentException("cannot encode public key"); } } diff --git a/libjava/classpath/gnu/javax/crypto/kwa/AESKeyWrap.java b/libjava/classpath/gnu/javax/crypto/kwa/AESKeyWrap.java new file mode 100644 index 00000000000..bb86c5477aa --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/kwa/AESKeyWrap.java @@ -0,0 +1,168 @@ +/* AESWrap.java -- An implementation of RFC-3394 AES Key Wrap Algorithm + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.kwa; + +import gnu.java.security.Registry; +import gnu.javax.crypto.cipher.IBlockCipher; +import gnu.javax.crypto.cipher.Rijndael; + +import java.security.InvalidKeyException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +/** + * The GNU implementation of the AES Key Wrap Algorithm as described in [1]. + * <p> + * References: + * <ol> + * <li><a href="http://csrc.nist.gov/encryption/kms/key-wrap.pdf"></a>.</li> + * <li><a href="http://www.rfc-archive.org/getrfc.php?rfc=3394">Advanced + * Encryption Standard (AES) Key Wrap Algorithm</a>.</li> + * <li><a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption Syntax and + * Processing</a>.</li> + * </ol> + */ +public class AESKeyWrap + extends BaseKeyWrappingAlgorithm +{ + private static final byte[] DEFAULT_IV = new byte[] { + (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, + (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6 }; + + private Rijndael aes; + private byte[] iv; + + public AESKeyWrap() + { + super(Registry.AES_KWA); + + aes = new Rijndael(); + } + + protected void engineInit(Map attributes) throws InvalidKeyException + { + Map cipherAttributes = new HashMap(); + cipherAttributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(16)); + cipherAttributes.put(IBlockCipher.KEY_MATERIAL, + attributes.get(KEY_ENCRYPTION_KEY_MATERIAL)); + aes.reset(); + aes.init(cipherAttributes); + byte[] initialValue = (byte[]) attributes.get(INITIAL_VALUE); + iv = initialValue == null ? DEFAULT_IV : (byte[]) initialValue.clone(); + } + + protected byte[] engineWrap(byte[] in, int inOffset, int length) + { + // TODO: handle input length which is not a multiple of 8 as suggested by + // section 2.2.3.2 of RFC-3394 + if (length % 8 != 0) + throw new IllegalArgumentException("Input length MUST be a multiple of 8"); + int n = length / 8; + // output is always one block larger than input + byte[] result = new byte[length + 8]; + + // 1. init variables: we'll use out buffer for our work buffer; + // A will be the first block in out, while R will be the rest + System.arraycopy(iv, 0, result, 0, 8); + System.arraycopy(in, inOffset, result, 8, length); + byte[] B = new byte[2 * 8]; + // 2. compute intermediate values + long t; + for (int j = 0; j < 6; j++) + for (int i = 1; i <= n; i++) + { + System.arraycopy(result, 0, B, 0, 8); + System.arraycopy(result, i * 8, B, 8, 8); + aes.encryptBlock(B, 0, B, 0); + t = (n * j) + i; + result[0] = (byte)(B[0] ^ (t >>> 56)); + result[1] = (byte)(B[1] ^ (t >>> 48)); + result[2] = (byte)(B[2] ^ (t >>> 40)); + result[3] = (byte)(B[3] ^ (t >>> 32)); + result[4] = (byte)(B[4] ^ (t >>> 24)); + result[5] = (byte)(B[5] ^ (t >>> 16)); + result[6] = (byte)(B[6] ^ (t >>> 8)); + result[7] = (byte)(B[7] ^ t ); + System.arraycopy(B, 8, result, i * 8, 8); + } + return result; + } + + protected byte[] engineUnwrap(byte[] in, int inOffset, int length) + throws KeyUnwrappingException + { + // TODO: handle input length which is not a multiple of 8 as suggested by + // section 2.2.3.2 of RFC-3394 + if (length % 8 != 0) + throw new IllegalArgumentException("Input length MUST be a multiple of 8"); + // output is always one block shorter than input + byte[] result = new byte[length - 8]; + + // 1. init variables: we'll use out buffer for our R work buffer + byte[] A = new byte[8]; + System.arraycopy(in, inOffset, A, 0, 8); + System.arraycopy(in, inOffset + 8, result, 0, result.length); + byte[] B = new byte[2 * 8]; + // 2. compute intermediate values + int n = length / 8 - 1; + long t; + for (int j = 5; j >= 0; j--) + for (int i = n; i >= 1; i--) + { + t = (n * j) + i; + B[0] = (byte)(A[0] ^ (t >>> 56)); + B[1] = (byte)(A[1] ^ (t >>> 48)); + B[2] = (byte)(A[2] ^ (t >>> 40)); + B[3] = (byte)(A[3] ^ (t >>> 32)); + B[4] = (byte)(A[4] ^ (t >>> 24)); + B[5] = (byte)(A[5] ^ (t >>> 16)); + B[6] = (byte)(A[6] ^ (t >>> 8)); + B[7] = (byte)(A[7] ^ t ); + System.arraycopy(result, (i - 1) * 8, B, 8, 8); + aes.decryptBlock(B, 0, B, 0); + System.arraycopy(B, 0, A, 0, 8); + System.arraycopy(B, 8, result, (i - 1) * 8, 8); + } + if (! Arrays.equals(A, iv)) + throw new KeyUnwrappingException(); + + return result; + } +} diff --git a/libjava/classpath/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java b/libjava/classpath/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java new file mode 100644 index 00000000000..206e01d13da --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java @@ -0,0 +1,145 @@ +/* BaseKeyWrappingAlgorithm.java -- FIXME: briefly describe file purpose + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.kwa; + +import gnu.java.security.util.PRNG; + +import java.security.InvalidKeyException; +import java.util.Collections; +import java.util.Map; + +import javax.crypto.ShortBufferException; + +/** + * A base class to facilitate implementation of concrete Key Wrapping + * Algorithms. + */ +public abstract class BaseKeyWrappingAlgorithm + implements IKeyWrappingAlgorithm +{ + /** The canonical name of the key wrapping algorithm. */ + protected String name; + /** A source of randomness if/when needed by concrete implementations. */ + private PRNG prng; + + /** + * Protected constructor. + * + * @param name the key wrapping algorithm canonical name. + */ + protected BaseKeyWrappingAlgorithm(String name) + { + super(); + } + + public String name() + { + return this.name; + } + + public void init(Map attributes) throws InvalidKeyException + { + if (attributes == null) + attributes = Collections.EMPTY_MAP; + + engineInit(attributes); + } + + public int wrap(byte[] in, int inOffset, int length, byte[] out, int outOffset) + throws ShortBufferException + { + if (outOffset < 0) + throw new IllegalArgumentException("Output offset MUST NOT be negative"); + byte[] result = wrap(in, inOffset, length); + if (outOffset + result.length > out.length) + throw new ShortBufferException(); + System.arraycopy(result, 0, out, outOffset, result.length); + return result.length; + } + + public byte[] wrap(byte[] in, int inOffset, int length) + { + if (inOffset < 0) + throw new IllegalArgumentException("Input offset MUST NOT be negative"); + if (length < 0) + throw new IllegalArgumentException("Input length MUST NOT be negative"); + + return engineWrap(in, inOffset, length); + } + + public int unwrap(byte[] in, int inOffset, int length, + byte[] out, int outOffset) + throws ShortBufferException, KeyUnwrappingException + { + if (outOffset < 0) + throw new IllegalArgumentException("Output offset MUST NOT be negative"); + byte[] result = engineUnwrap(in, inOffset, length); + if (outOffset + result.length > out.length) + throw new ShortBufferException(); + System.arraycopy(result, 0, out, outOffset, result.length); + return result.length; + } + + public byte[] unwrap(byte[] in, int inOffset, int length) + throws KeyUnwrappingException + { + if (inOffset < 0) + throw new IllegalArgumentException("Input offset MUST NOT be negative"); + if (length < 0) + throw new IllegalArgumentException("Input length MUST NOT be negative"); + + return engineUnwrap(in, inOffset, length); + } + + protected abstract void engineInit(Map attributes) throws InvalidKeyException; + + protected abstract byte[] engineWrap(byte[] in, int inOffset, int length); + + protected abstract byte[] engineUnwrap(byte[] in, int inOffset, int length) + throws KeyUnwrappingException; + + /** @return a strong pseudo-random number generator if/when needed. */ + protected PRNG getDefaultPRNG() + { + if (prng == null) + prng = PRNG.getInstance(); + + return prng; + } +} diff --git a/libjava/classpath/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java b/libjava/classpath/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java new file mode 100644 index 00000000000..d9c2bed14d5 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java @@ -0,0 +1,160 @@ +/* IKeyWrappingAlgorithm.java -- FIXME: briefly describe file purpose + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.kwa; + +import java.security.InvalidKeyException; +import java.security.SecureRandom; +import java.util.Map; + +import javax.crypto.ShortBufferException; + +/** + * Constants and visible methods available to all GNU Key Wrapping Algorithm + * implementations. + */ +public interface IKeyWrappingAlgorithm +{ + /** + * Name of the property, in the attributes map, that references the Key + * Wrapping Algorithm KEK (Key Encryption Key) material. The object referenced + * by this property is a byte array containing the keying material for the + * underlying block cipher. + */ + String KEY_ENCRYPTION_KEY_MATERIAL = "gnu.crypto.kwa.kek"; + /** + * Name of the property, in the attributes map, that references the Initial + * Value (IV) material. The object referenced by this property is a byte array + * containing the initial integrity check register value. + */ + String INITIAL_VALUE = "gnu.crypto.kwa.iv"; + /** + * Property name of an optional {@link SecureRandom} instance to use. The + * default is to use a {@link gnu.java.security.util.PRNG} instance. + */ + String SOURCE_OF_RANDOMNESS = "gnu.crypto.kwa.prng"; + + /** + * Returns the canonical name of this Key Wrapping Algorithm. + * + * @return the canonical name of this Key Wrapping Algorithm. + */ + String name(); + + /** + * Initializes this instance with the designated algorithm specific + * attributes. + * + * @param attributes a map of name-to-value pairs the Key Wrapping Algorithm + * must use for its setup. + * @throws InvalidKeyException if an exception is encountered while seting up + * the Key Wrapping Algorithm keying material (KEK). + */ + void init(Map attributes) throws InvalidKeyException; + + /** + * Wraps the designated plain text bytes. + * + * @param in the input byte array containing the plain text. + * @param inOffset the offset into <code>in</code> where the first byte of + * the plain text (key material) to wrap is located. + * @param length the number of bytes to wrap. + * @param out the output byte array where the wrapped key material will be + * stored. + * @param outOffset the offset into <code>out</code> of the first wrapped + * byte. + * @return the number of bytes of the wrapped key material; i.e. the length, + * in <code>out</code>, starting from <code>outOffset</code> + * where the cipher text (wrapped key material) are stored. + * @throws ShortBufferException if the output buffer is not long enough to + * accomodate the number of bytes resulting from wrapping the plain + * text. + */ + int wrap(byte[] in, int inOffset, int length, byte[] out, int outOffset) + throws ShortBufferException; + + /** + * Wraps the designated plain text bytes. + * + * @param in the input byte array containing the plain text. + * @param inOffset the offset into <code>in</code> where the first byte of + * the plain text (key material) to wrap is located. + * @param length the number of bytes to wrap. + * @return a newly allocated byte array containing the cipher text. + */ + byte[] wrap(byte[] in, int inOffset, int length); + + /** + * Unwraps the designated cipher text bytes. + * + * @param in the input byte array containing the cipher text. + * @param inOffset the offset into <code>in</code> where the first byte of + * the cipher text (already wrapped key material) to unwrap is + * located. + * @param length the number of bytes to unwrap. + * @param out the output byte array where the unwrapped key material will be + * stored. + * @param outOffset the offset into <code>out</code> of the first unwrapped + * byte. + * @return the number of bytes of the unwrapped key material; i.e. the length, + * in <code>out</code>, starting from <code>outOffset</code> + * where the plain text (unwrapped key material) are stored. + * @throws ShortBufferException if the output buffer is not long enough to + * accomodate the number of bytes resulting from unwrapping the + * cipher text. + * @throws KeyUnwrappingException if after unwrapping the cipher text, the + * bytes at the begining did not match the initial value. + */ + int unwrap(byte[] in, int inOffset, int length, byte[] out, int outOffset) + throws ShortBufferException, KeyUnwrappingException; + + /** + * Unwraps the designated cipher text bytes. + * + * @param in the input byte array containing the cipher text. + * @param inOffset the offset into <code>in</code> where the first byte of + * the cipher text (already wrapped key material) to unwrap is + * located. + * @param length the number of bytes to unwrap. + * @return a newly allocated byte array containing the plain text. + * @throws KeyUnwrappingException if after unwrapping the cipher text, the + * bytes at the begining did not match the initial value. + */ + byte[] unwrap(byte[] in, int inOffset, int length) + throws KeyUnwrappingException; +} diff --git a/libjava/classpath/gnu/javax/crypto/kwa/KeyUnwrappingException.java b/libjava/classpath/gnu/javax/crypto/kwa/KeyUnwrappingException.java new file mode 100644 index 00000000000..54b4aff0a62 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/kwa/KeyUnwrappingException.java @@ -0,0 +1,67 @@ +/* KeyUnwrappingException.java -- FIXME: briefly describe file purpose + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.kwa; + +import java.security.GeneralSecurityException; + +/** + * A checked security exception to denote an unexpected problem while unwrapping + * key material with a Key Wrapping Algorithm. + */ +public class KeyUnwrappingException + extends GeneralSecurityException +{ + /** + * Create a new instance with no descriptive error message. + */ + public KeyUnwrappingException() + { + super(); + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public KeyUnwrappingException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/kwa/KeyWrappingAlgorithmFactory.java b/libjava/classpath/gnu/javax/crypto/kwa/KeyWrappingAlgorithmFactory.java new file mode 100644 index 00000000000..6f6cd121944 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/kwa/KeyWrappingAlgorithmFactory.java @@ -0,0 +1,110 @@ +/* KeyWrappingAlgorithmFactory.java -- FIXME: briefly describe file purpose + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.kwa; + +import gnu.java.security.Registry; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +/** + * A Factory class for the Key Wrapping Algorithm implementations. + */ +public class KeyWrappingAlgorithmFactory +{ + /** Names of Key Wrapping Algorihms cached for speed. */ + private static Set names; + + /** Trivial constructor to enforce Singleton pattern. */ + private KeyWrappingAlgorithmFactory() + { + super(); + } + + /** + * Returns an instance of a key-wrapping algorithm given its name. + * + * @param name the case-insensitive name of the key-wrapping algorithm. + * @return an instance of the designated key-wrapping algorithm, or + * <code>null</code> if none was found. + * @exception InternalError if the implementation does not pass its self-test. + */ + public static final IKeyWrappingAlgorithm getInstance(String name) + { + if (name == null) + return null; + name = name.trim(); + IKeyWrappingAlgorithm result = null; + if (name.equalsIgnoreCase(Registry.AES_KWA) + || name.equalsIgnoreCase(Registry.AES128_KWA) + || name.equalsIgnoreCase(Registry.AES192_KWA) + || name.equalsIgnoreCase(Registry.AES256_KWA) + || name.equalsIgnoreCase(Registry.RIJNDAEL_KWA)) + result = new AESKeyWrap(); + else if (name.equalsIgnoreCase(Registry.TRIPLEDES_KWA) + || name.equalsIgnoreCase(Registry.DESEDE_KWA)) + result = new TripleDESKeyWrap(); + + return result; + } + + /** + * Returns a {@link Set} of key wrapping algorithm names supported by this + * <i>Factory</i>. + * + * @return a {@link Set} of key wrapping algorithm names (Strings). + */ + public static synchronized final Set getNames() + { + if (names == null) + { + HashSet hs = new HashSet(); + hs.add(Registry.AES_KWA); + hs.add(Registry.AES128_KWA); + hs.add(Registry.AES192_KWA); + hs.add(Registry.AES256_KWA); + hs.add(Registry.RIJNDAEL_KWA); + hs.add(Registry.TRIPLEDES_KWA); + hs.add(Registry.DESEDE_KWA); + names = Collections.unmodifiableSet(hs); + } + return names; + } +} diff --git a/libjava/classpath/gnu/javax/crypto/kwa/TripleDESKeyWrap.java b/libjava/classpath/gnu/javax/crypto/kwa/TripleDESKeyWrap.java new file mode 100644 index 00000000000..71562bd752b --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/kwa/TripleDESKeyWrap.java @@ -0,0 +1,292 @@ +/* TripleDESKeyWrap.java -- FIXME: briefly describe file purpose + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.kwa; + +import gnu.java.security.Registry; +import gnu.java.security.hash.Sha160; +import gnu.javax.crypto.assembly.Assembly; +import gnu.javax.crypto.assembly.Cascade; +import gnu.javax.crypto.assembly.Direction; +import gnu.javax.crypto.assembly.Stage; +import gnu.javax.crypto.assembly.Transformer; +import gnu.javax.crypto.assembly.TransformerException; +import gnu.javax.crypto.cipher.IBlockCipher; +import gnu.javax.crypto.cipher.TripleDES; +import gnu.javax.crypto.mode.IMode; +import gnu.javax.crypto.mode.ModeFactory; + +import java.security.InvalidKeyException; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +/** + * The GNU implementation of the Triple DES Key Wrap Algorithm as described in + * [1]. + * <p> + * <b>IMPORTANT</b>: This class is NOT thread safe. + * <p> + * References: + * <ol> + * <li><a href="http://www.rfc-archive.org/getrfc.php?rfc=3217">Triple-DES and + * RC2 Key Wrapping</a>.</li> + * <li><a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption Syntax and + * Processing</a>.</li> + * </ol> + */ +public class TripleDESKeyWrap + extends BaseKeyWrappingAlgorithm +{ + private static final byte[] DEFAULT_IV = new byte[] { + (byte) 0x4A, (byte) 0xDD, (byte) 0xA2, (byte) 0x2C, + (byte) 0x79, (byte) 0xE8, (byte) 0x21, (byte) 0x05 }; + + private Assembly asm; + private HashMap asmAttributes = new HashMap(); + private HashMap modeAttributes = new HashMap(); + private Sha160 sha = new Sha160(); + private SecureRandom rnd; + + public TripleDESKeyWrap() + { + super(Registry.TRIPLEDES_KWA); + } + + protected void engineInit(Map attributes) throws InvalidKeyException + { + rnd = (SecureRandom) attributes.get(IKeyWrappingAlgorithm.SOURCE_OF_RANDOMNESS); + IMode des3CBC = ModeFactory.getInstance(Registry.CBC_MODE, new TripleDES(), 8); + Stage des3CBCStage = Stage.getInstance(des3CBC, Direction.FORWARD); + Cascade cascade = new Cascade(); + Object modeNdx = cascade.append(des3CBCStage); + + asmAttributes.put(modeNdx, modeAttributes); + + asm = new Assembly(); + asm.addPreTransformer(Transformer.getCascadeTransformer(cascade)); + + modeAttributes.put(IBlockCipher.KEY_MATERIAL, + attributes.get(KEY_ENCRYPTION_KEY_MATERIAL)); + asmAttributes.put(Assembly.DIRECTION, Direction.FORWARD); + } + + protected byte[] engineWrap(byte[] in, int inOffset, int length) + { + // The same key wrap algorithm is used for both Two-key Triple-DES and + // Three-key Triple-DES keys. When a Two-key Triple-DES key is to be + // wrapped, a third DES key with the same value as the first DES key is + // created. Thus, all wrapped Triple-DES keys include three DES keys. + if (length != 16 && length != 24) + throw new IllegalArgumentException("Only 2- and 3-key Triple DES keys are alowed"); + + byte[] CEK = new byte[24]; + if (length == 16) + { + System.arraycopy(in, inOffset, CEK, 0, 16); + System.arraycopy(in, inOffset, CEK, 16, 8); + } + else + System.arraycopy(in, inOffset, CEK, 0, 24); + + // TODO: check for the following: + // However, a Two-key Triple-DES key MUST NOT be used to wrap a Three- + // key Triple-DES key that is comprised of three unique DES keys. + + // 1. Set odd parity for each of the DES key octets comprising the + // Three-Key Triple-DES key that is to be wrapped, call the result + // CEK. + TripleDES.adjustParity(CEK, 0); + + // 2. Compute an 8 octet key checksum value on CEK as described above in + // Section 2, call the result ICV. + sha.update(CEK); + byte[] hash = sha.digest(); + byte[] ICV = new byte[8]; + System.arraycopy(hash, 0, ICV, 0, 8); + + // 3. Let CEKICV = CEK || ICV. + byte[] CEKICV = new byte[CEK.length + ICV.length]; + System.arraycopy(CEK, 0, CEKICV, 0, CEK.length); + System.arraycopy(ICV, 0, CEKICV, CEK.length, ICV.length); + + // 4. Generate 8 octets at random, call the result IV. + byte[] IV = new byte[8]; + nextRandomBytes(IV); + + // 5. Encrypt CEKICV in CBC mode using the key-encryption key. Use the + // random value generated in the previous step as the initialization + // vector (IV). Call the ciphertext TEMP1. + modeAttributes.put(IMode.IV, IV); + asmAttributes.put(Assembly.DIRECTION, Direction.FORWARD); + byte[] TEMP1; + try + { + asm.init(asmAttributes); + TEMP1 = asm.lastUpdate(CEKICV); + } + catch (TransformerException x) + { + throw new RuntimeException(x); + } + + // 6. Let TEMP2 = IV || TEMP1. + byte[] TEMP2 = new byte[IV.length + TEMP1.length]; + System.arraycopy(IV, 0, TEMP2, 0, IV.length); + System.arraycopy(TEMP1, 0, TEMP2, IV.length, TEMP1.length); + + // 7. Reverse the order of the octets in TEMP2. That is, the most + // significant (first) octet is swapped with the least significant + // (last) octet, and so on. Call the result TEMP3. + byte[] TEMP3 = new byte[TEMP2.length]; + for (int i = 0, j = TEMP2.length - 1; i < TEMP2.length; i++, j--) + TEMP3[j] = TEMP2[i]; + + // 8. Encrypt TEMP3 in CBC mode using the key-encryption key. Use an + // initialization vector (IV) of 0x4adda22c79e82105. The ciphertext + // is 40 octets long. + modeAttributes.put(IMode.IV, DEFAULT_IV); + asmAttributes.put(Assembly.DIRECTION, Direction.FORWARD); + byte[] result; + try + { + asm.init(asmAttributes); + result = asm.lastUpdate(TEMP3); + } + catch (TransformerException x) + { + throw new RuntimeException(x); + } + return result; + } + + protected byte[] engineUnwrap(byte[] in, int inOffset, int length) + throws KeyUnwrappingException + { + // 1. If the wrapped key is not 40 octets, then error. + if (length != 40) + throw new IllegalArgumentException("length MUST be 40"); + + // 2. Decrypt the wrapped key in CBC mode using the key-encryption key. + // Use an initialization vector (IV) of 0x4adda22c79e82105. Call the + // output TEMP3. + modeAttributes.put(IMode.IV, DEFAULT_IV); + asmAttributes.put(Assembly.DIRECTION, Direction.REVERSED); + byte[] TEMP3; + try + { + asm.init(asmAttributes); + TEMP3 = asm.lastUpdate(in, inOffset, 40); + } + catch (TransformerException x) + { + throw new RuntimeException(x); + } + + // 3. Reverse the order of the octets in TEMP3. That is, the most + // significant (first) octet is swapped with the least significant + // (last) octet, and so on. Call the result TEMP2. + byte[] TEMP2 = new byte[40]; + for (int i = 0, j = 40 - 1; i < 40; i++, j--) + TEMP2[j] = TEMP3[i]; + + // 4. Decompose TEMP2 into IV and TEMP1. IV is the most significant + // (first) 8 octets, and TEMP1 is the least significant (last) 32 + // octets. + byte[] IV = new byte[8]; + byte[] TEMP1 = new byte[32]; + System.arraycopy(TEMP2, 0, IV, 0, 8); + System.arraycopy(TEMP2, 8, TEMP1, 0, 32); + + // 5. Decrypt TEMP1 in CBC mode using the key-encryption key. Use the + // IV value from the previous step as the initialization vector. + // Call the ciphertext CEKICV. + modeAttributes.put(IMode.IV, IV); + asmAttributes.put(Assembly.DIRECTION, Direction.REVERSED); + byte[] CEKICV; + try + { + asm.init(asmAttributes); + CEKICV = asm.lastUpdate(TEMP1, 0, 32); + } + catch (TransformerException x) + { + throw new RuntimeException(x); + } + + // 6. Decompose CEKICV into CEK and ICV. CEK is the most significant + // (first) 24 octets, and ICV is the least significant (last) 8 + // octets. + byte[] CEK = new byte[24]; + byte[] ICV = new byte[8]; + System.arraycopy(CEKICV, 0, CEK, 0, 24); + System.arraycopy(CEKICV, 24, ICV, 0, 8); + + // 7. Compute an 8 octet key checksum value on CEK as described above in + // Section 2. If the computed key checksum value does not match the + // decrypted key checksum value, ICV, then error. + sha.update(CEK); + byte[] hash = sha.digest(); + byte[] computedICV = new byte[8]; + System.arraycopy(hash, 0, computedICV, 0, 8); + if (! Arrays.equals(ICV, computedICV)) + throw new KeyUnwrappingException("ICV and computed ICV MUST match"); + + // 8. Check for odd parity each of the DES key octets comprising CEK. + // If parity is incorrect, then error. + if (! TripleDES.isParityAdjusted(CEK, 0)) + throw new KeyUnwrappingException("Triple-DES key parity MUST be adjusted"); + + // 9. Use CEK as a Triple-DES key. + return CEK; + } + + /** + * Fills the designated byte array with random data. + * + * @param buffer the byte array to fill with random data. + */ + private void nextRandomBytes(byte[] buffer) + { + if (rnd != null) + rnd.nextBytes(buffer); + else + getDefaultPRNG().nextBytes(buffer); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/BaseMac.java b/libjava/classpath/gnu/javax/crypto/mac/BaseMac.java index 1b42a1644c9..16922130fb6 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/BaseMac.java +++ b/libjava/classpath/gnu/javax/crypto/mac/BaseMac.java @@ -40,35 +40,26 @@ package gnu.javax.crypto.mac; import gnu.java.security.hash.IMessageDigest; -import java.util.Map; import java.security.InvalidKeyException; +import java.util.Map; /** - * <p>A base abstract class to facilitate <i>MAC</i> (Message Authentication - * Code) implementations.</p> + * A base abstract class to facilitate <i>MAC</i> (Message Authentication Code) + * implementations. */ -public abstract class BaseMac implements IMac +public abstract class BaseMac + implements IMac { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The canonical name prefix of the <i>MAC</i>. */ protected String name; - /** Reference to the underlying hash algorithm instance. */ protected IMessageDigest underlyingHash; - /** The length of the truncated output in bytes. */ protected int truncatedSize; - /** The authentication key for this instance. */ - // protected transient byte[] K; - // Constructor(s) - // ------------------------------------------------------------------------- /** - * <p>Trivial constructor for use by concrete subclasses.</p> - * + * Trivial constructor for use by concrete subclasses. + * * @param name the canonical name of this instance. */ protected BaseMac(String name) @@ -79,8 +70,8 @@ public abstract class BaseMac implements IMac } /** - * <p>Trivial constructor for use by concrete subclasses.</p> - * + * Trivial constructor for use by concrete subclasses. + * * @param name the canonical name of this instance. * @param underlyingHash the underlying message digest algorithm instance. */ @@ -89,20 +80,10 @@ public abstract class BaseMac implements IMac this(name); if (underlyingHash != null) - { - truncatedSize = underlyingHash.hashSize(); - } + truncatedSize = underlyingHash.hashSize(); this.underlyingHash = underlyingHash; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.mac.IMac interface implementation ---------------------------- - public String name() { return name; @@ -137,12 +118,10 @@ public abstract class BaseMac implements IMac return result; } - // methods to be implemented by concrete subclasses ------------------------ - public abstract void init(Map attributes) throws InvalidKeyException, IllegalStateException; public abstract byte[] digest(); public abstract boolean selfTest(); -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/HMac.java b/libjava/classpath/gnu/javax/crypto/mac/HMac.java index c1f97b54195..f0e588d1831 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/HMac.java +++ b/libjava/classpath/gnu/javax/crypto/mac/HMac.java @@ -48,70 +48,51 @@ import java.util.HashMap; import java.util.Map; /** - * <p>The implementation of the <i>HMAC</i> (Keyed-Hash Message Authentication - * Code).</p> - * - * <p><i>HMAC</i> can be used in combination with any iterated cryptographic - * hash function. <i>HMAC</i> also uses a <i>secret key</i> for calculation and + * The implementation of the <i>HMAC</i> (Keyed-Hash Message Authentication + * Code). + * <p> + * <i>HMAC</i> can be used in combination with any iterated cryptographic hash + * function. <i>HMAC</i> also uses a <i>secret key</i> for calculation and * verification of the message authentication values. The main goals behind this - * construction are</p> - * + * construction are: * <ul> - * <li>To use, without modifications, available hash functions. In - * particular, hash functions that perform well in software, and for which - * code is freely and widely available.</li> - * - * <li>To preserve the original performance of the hash function without - * incurring a significant degradation.</li> - * - * <li>To use and handle keys in a simple way.</li> - * - * <li>To have a well understood cryptographic analysis of the strength of - * the authentication mechanism based on reasonable assumptions on the - * underlying hash function.</li> - * - * <li>To allow for easy replaceability of the underlying hash function in - * case that faster or more secure hash functions are found or required.</li> + * <li>To use, without modifications, available hash functions. In particular, + * hash functions that perform well in software, and for which code is freely + * and widely available.</li> + * <li>To preserve the original performance of the hash function without + * incurring a significant degradation.</li> + * <li>To use and handle keys in a simple way.</li> + * <li>To have a well understood cryptographic analysis of the strength of the + * authentication mechanism based on reasonable assumptions on the underlying + * hash function.</li> + * <li>To allow for easy replaceability of the underlying hash function in case + * that faster or more secure hash functions are found or required.</li> * </ul> - * - * <p>References:</p> - * + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc-2104.txt">RFC 2104</a>HMAC: - * Keyed-Hashing for Message Authentication.<br> - * H. Krawczyk, M. Bellare, and R. Canetti.</li> + * <li><a href="http://www.ietf.org/rfc/rfc-2104.txt">RFC 2104</a>HMAC: + * Keyed-Hashing for Message Authentication.<br> + * H. Krawczyk, M. Bellare, and R. Canetti.</li> * </ol> */ -public class HMac extends BaseMac implements Cloneable +public class HMac + extends BaseMac + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String USE_WITH_PKCS5_V2 = "gnu.crypto.hmac.pkcs5"; - private static final byte IPAD_BYTE = 0x36; - private static final byte OPAD_BYTE = 0x5C; - /** caches the result of the correctness test, once executed. */ private static Boolean valid; - protected int macSize; - protected int blockSize; - protected IMessageDigest ipadHash; - protected IMessageDigest opadHash; - protected byte[] ipad; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial constructor for use by concrete subclasses.</p> + * Trivial constructor for use by concrete subclasses. * * @param underlyingHash the underlying hash algorithm instance. */ @@ -124,14 +105,6 @@ public class HMac extends BaseMac implements Cloneable ipadHash = opadHash = null; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() throws CloneNotSupportedException { HMac result = (HMac) super.clone(); @@ -145,88 +118,65 @@ public class HMac extends BaseMac implements Cloneable return result; } - // implementation of abstract methods in BaseMac --------------------------- - public void init(Map attributes) throws InvalidKeyException, IllegalStateException { Integer ts = (Integer) attributes.get(TRUNCATED_SIZE); truncatedSize = (ts == null ? macSize : ts.intValue()); if (truncatedSize < (macSize / 2)) - { - throw new IllegalArgumentException("Truncated size too small"); - } + throw new IllegalArgumentException("Truncated size too small"); else if (truncatedSize < 10) - { - throw new IllegalArgumentException("Truncated size less than 80 bits"); - } + throw new IllegalArgumentException("Truncated size less than 80 bits"); // we dont use/save the key outside this method byte[] K = (byte[]) attributes.get(MAC_KEY_MATERIAL); if (K == null) { // take it as an indication to re-use previous key if set if (ipadHash == null) - { - throw new InvalidKeyException("Null key"); - } + throw new InvalidKeyException("Null key"); // we already went through the motions; ie. up to step #4. re-use underlyingHash = (IMessageDigest) ipadHash.clone(); return; } - // for HMACs used in key-derivation functions (e.g. PBKDF2) the key - // material need not be >= the (output) block size of the underlying - // algorithm + // for HMACs used in key-derivation functions (e.g. PBKDF2) the key material + // need not be >= the (output) block size of the underlying algorithm Boolean pkcs5 = (Boolean) attributes.get(USE_WITH_PKCS5_V2); if (pkcs5 == null) - { - pkcs5 = Boolean.FALSE; - } - if (K.length < macSize && !pkcs5.booleanValue()) - { - throw new InvalidKeyException("Key too short"); - } + pkcs5 = Boolean.FALSE; + if (K.length < macSize && ! pkcs5.booleanValue()) + throw new InvalidKeyException("Key too short"); if (K.length > blockSize) { - // (0) replace K with HASH(K) if K is larger than the hash's - // block size. Then pad with zeros until it is the correct - // size (the next `if'). + // (0) replace K with HASH(K) if K is larger than the hash's block size. + // Then pad with zeros until it is the correct size (the next `if'). underlyingHash.update(K, 0, K.length); K = underlyingHash.digest(); } if (K.length < blockSize) { - // (1) append zeros to the end of K to create a B byte string - // (e.g., if K is of length 20 bytes and B=64, then K will be - // appended with 44 zero bytes 0x00) + // (1) append zeros to the end of K to create a B byte string (e.g., if + // K is of length 20 bytes and B=64, then K will be appended with 44 + // zero bytes 0x00) int limit = (K.length > blockSize) ? blockSize : K.length; byte[] newK = new byte[blockSize]; System.arraycopy(K, 0, newK, 0, limit); K = newK; } - underlyingHash.reset(); opadHash = (IMessageDigest) underlyingHash.clone(); if (ipad == null) - { - ipad = new byte[blockSize]; - } - // (2) XOR (bitwise exclusive-OR) the B byte string computed in step - // (1) with ipad - // (3) append the stream of data 'text' to the B byte string resulting - // from step (2) + ipad = new byte[blockSize]; + // (2) XOR (bitwise exclusive-OR) the B byte string computed in step (1) + // with ipad + // (3) append the stream of data 'text' to the B byte string resulting from + // step (2) // (4) apply H to the stream generated in step (3) for (int i = 0; i < blockSize; i++) - { - // underlyingHash.update((byte)(K[i] ^ IPAD_BYTE)); - ipad[i] = (byte) (K[i] ^ IPAD_BYTE); - } + ipad[i] = (byte)(K[i] ^ IPAD_BYTE); for (int i = 0; i < blockSize; i++) - { - opadHash.update((byte) (K[i] ^ OPAD_BYTE)); - } - + opadHash.update((byte)(K[i] ^ OPAD_BYTE)); underlyingHash.update(ipad, 0, blockSize); ipadHash = (IMessageDigest) underlyingHash.clone(); K = null; @@ -245,28 +195,21 @@ public class HMac extends BaseMac implements Cloneable public byte[] digest() { if (ipadHash == null) - { - throw new IllegalStateException("HMAC not initialised"); - } - + throw new IllegalStateException("HMAC not initialised"); byte[] out = underlyingHash.digest(); - // (5) XOR (bitwise exclusive-OR) the B byte string computed in - // step (1) with opad + // (5) XOR (bitwise exclusive-OR) the B byte string computed in step (1) + // with opad underlyingHash = (IMessageDigest) opadHash.clone(); - // (6) append the H result from step (4) to the B byte string - // resulting from step (5) + // (6) append the H result from step (4) to the B byte string resulting from + // step (5) underlyingHash.update(out, 0, macSize); - // (7) apply H to the stream generated in step (6) and output - // the result + // (7) apply H to the stream generated in step (6) and output the result out = underlyingHash.digest(); // which also resets the underlying hash - // truncate and return if (truncatedSize == macSize) return out; - byte[] result = new byte[truncatedSize]; System.arraycopy(out, 0, result, 0, truncatedSize); - return result; } @@ -279,31 +222,25 @@ public class HMac extends BaseMac implements Cloneable IMac mac = new HMac(new MD5()); // use rfc-2104 test vectors String tv1 = "9294727A3638BB1C13F48EF8158BFC9D"; String tv3 = "56BE34521D144C88DBB8C733F0E8B3F6"; - byte[] k1 = new byte[] { 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, - 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, - 0x0B, 0x0B }; - byte[] k3 = new byte[] { (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, - (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, - (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, - (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, - (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, - (byte) 0xAA }; + byte[] k1 = new byte[] { + 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, + 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B }; + byte[] k3 = new byte[] { + (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, + (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, + (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, + (byte) 0xAA, (byte) 0xAA, (byte) 0xAA, (byte) 0xAA }; byte[] data = new byte[50]; for (int i = 0; i < 50;) - { - data[i++] = (byte) 0xDD; - } + data[i++] = (byte) 0xDD; HashMap map = new HashMap(); - // test vector #1 map.put(MAC_KEY_MATERIAL, k1); mac.init(map); mac.update("Hi There".getBytes("ASCII"), 0, 8); - if (!tv1.equals(Util.toString(mac.digest()))) - { - valid = Boolean.FALSE; - } + if (! tv1.equals(Util.toString(mac.digest()))) + valid = Boolean.FALSE; // test #2 is not used since it causes a "Key too short" exception @@ -311,10 +248,8 @@ public class HMac extends BaseMac implements Cloneable map.put(MAC_KEY_MATERIAL, k3); mac.init(map); mac.update(data, 0, 50); - if (!tv3.equals(Util.toString(mac.digest()))) - { - valid = Boolean.FALSE; - } + if (! tv3.equals(Util.toString(mac.digest()))) + valid = Boolean.FALSE; valid = Boolean.TRUE; } catch (Exception x) diff --git a/libjava/classpath/gnu/javax/crypto/mac/HMacFactory.java b/libjava/classpath/gnu/javax/crypto/mac/HMacFactory.java index 156e6ced5e7..bc70e8b66ed 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/HMacFactory.java +++ b/libjava/classpath/gnu/javax/crypto/mac/HMacFactory.java @@ -47,68 +47,56 @@ import java.util.Iterator; import java.util.Set; /** - * <p>A <i>Factory</i> to instantiate Keyed-Hash Message Authentication Code - * (HMAC) algorithm instances.</p> + * A <i>Factory</i> to instantiate Keyed-Hash Message Authentication Code + * (HMAC) algorithm instances. */ -public class HMacFactory implements Registry +public class HMacFactory + implements Registry { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor to enforce <i>Singleton</i> pattern. */ private HMacFactory() { super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Return an instance of a <i>HMAC</i> algorithm given the name of its + * Return an instance of a <i>HMAC</i> algorithm given the name of its * underlying hash function, prefixed with the literal defined in - * {@link Registry#HMAC_NAME_PREFIX}.</p> - * + * {@link Registry#HMAC_NAME_PREFIX}. + * * @param name the fully qualified name of the underlying algorithm: composed - * as the concatenation of a literal prefix (see {@link Registry#HMAC_NAME_PREFIX}) - * and the name of the underlying hash algorithm. - * @return an instance of the <i>HMAC</i> algorithm, or <code>null</code> if - * none can be constructed. + * as the concatenation of a literal prefix (see + * {@link Registry#HMAC_NAME_PREFIX}) and the name of the underlying + * hash algorithm. + * @return an instance of the <i>HMAC</i> algorithm, or <code>null</code> + * if none can be constructed. * @exception InternalError if the implementation does not pass its self-test. */ public static IMac getInstance(String name) { if (name == null) - { - return null; - } + return null; name = name.trim(); name = name.toLowerCase(); - if (!name.startsWith(HMAC_NAME_PREFIX)) - { - return null; - } + if (! name.startsWith(HMAC_NAME_PREFIX)) + return null; // strip the prefix name = name.substring(HMAC_NAME_PREFIX.length()).trim(); IMac result = new HMac(HashFactory.getInstance(name)); - if (result != null && !result.selfTest()) - { - throw new InternalError(result.name()); - } + if (result != null && ! result.selfTest()) + throw new InternalError(result.name()); return result; } /** - * <p>Returns a {@link java.util.Set} of names of <i>HMAC</i> algorithms - * supported by this <i>Factory</i>.</p> - * + * <p> + * Returns a {@link java.util.Set} of names of <i>HMAC</i> algorithms + * supported by this <i>Factory</i>. + * </p> + * * @return a {@link java.util.Set} of HMAC algorithm names (Strings). */ public static final Set getNames() @@ -116,13 +104,8 @@ public class HMacFactory implements Registry Set hashNames = HashFactory.getNames(); HashSet hs = new HashSet(); for (Iterator it = hashNames.iterator(); it.hasNext();) - { - hs.add(HMAC_NAME_PREFIX + ((String) it.next())); - } + hs.add(HMAC_NAME_PREFIX + ((String) it.next())); return Collections.unmodifiableSet(hs); } - - // Instance methods - // ------------------------------------------------------------------------- -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/IMac.java b/libjava/classpath/gnu/javax/crypto/mac/IMac.java index c4170c42ce9..a9da9eefb63 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/IMac.java +++ b/libjava/classpath/gnu/javax/crypto/mac/IMac.java @@ -38,108 +38,93 @@ exception statement from your version. */ package gnu.javax.crypto.mac; -import java.util.Map; import java.security.InvalidKeyException; +import java.util.Map; /** - * <p>The basic visible methods of any MAC (Message Authentication Code) - * algorithm.</p> - * - * <p>A <i>MAC</i> provides a way to check the integrity of information + * The basic visible methods of any MAC (Message Authentication Code) algorithm. + * <p> + * A <i>MAC</i> provides a way to check the integrity of information * transmitted over, or stored in, an unreliable medium, based on a secret key. * Typically, <i>MAC</i>s are used between two parties, that share a common - * secret key, in order to validate information transmitted between them.</p> - * - * <p>When a <i>MAC</i> algorithm is based on a cryptographic hash function, it - * is then called to a <i>HMAC</i> (Hashed Message Authentication Code) --see - * <a href="http://www.ietf.org/rfc/rfc-2104.txt">RFC-2104</a>.</p> - * + * secret key, in order to validate information transmitted between them. + * <p> + * When a <i>MAC</i> algorithm is based on a cryptographic hash function, it is + * then called to a <i>HMAC</i> (Hashed Message Authentication Code) --see <a + * href="http://www.ietf.org/rfc/rfc-2104.txt">RFC-2104</a>. + * <p> * Another type of <i>MAC</i> algorithms exist: UMAC or <i>Universal Message - * Authentication Code</i>, described in - * <a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> - * draft-krovetz-umac-01.txt</a>.</p> - * - * <p>With <i>UMAC</i>s, the sender and receiver share a common secret key (the - * <i>MAC</i> key) which determines:</p> - * + * Authentication Code</i>, described in <a + * href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> + * draft-krovetz-umac-01.txt</a>. + * <p> + * With <i>UMAC</i>s, the sender and receiver share a common secret key (the + * <i>MAC</i> key) which determines: * <ul> - * <li>The key for a <i>universal hash function</i>. This hash function is - * <i>non-cryptographic</i>, in the sense that it does not need to have any - * cryptographic <i>hardness</i> property. Rather, it needs to satisfy some - * combinatorial property, which can be proven to hold without relying on - * unproven hardness assumptions.</li> - * - * <li>The key for a <i>pseudorandom function</i>. This is where one needs a - * cryptographic hardness assumption. The pseudorandom function may be - * obtained from a <i>block cipher</i> or a <i>cryptographic hash function</i>. - * </li> + * <li>The key for a <i>universal hash function</i>. This hash function is + * <i>non-cryptographic</i>, in the sense that it does not need to have any + * cryptographic <i>hardness</i> property. Rather, it needs to satisfy some + * combinatorial property, which can be proven to hold without relying on + * unproven hardness assumptions.</li> + * <li>The key for a <i>pseudorandom function</i>. This is where one needs a + * cryptographic hardness assumption. The pseudorandom function may be obtained + * from a <i>block cipher</i> or a <i>cryptographic hash function</i>. </li> * </ul> - * - * <p>References:</p> - * + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc-2104.txt">RFC 2104</a>HMAC: - * Keyed-Hashing for Message Authentication.<br> - * H. Krawczyk, M. Bellare, and R. Canetti.</li> - * - * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> - * UMAC</a>: Message Authentication Code using Universal Hashing.<br> - * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> + * <li><a href="http://www.ietf.org/rfc/rfc-2104.txt">RFC 2104</a>HMAC: + * Keyed-Hashing for Message Authentication.<br> + * H. Krawczyk, M. Bellare, and R. Canetti.</li> + * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> + * UMAC</a>: Message Authentication Code using Universal Hashing.<br> + * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> * </ol> */ public interface IMac { - - // Constants - // ------------------------------------------------------------------------- - /** * Property name of the user-supplied key material. The value associated to * this property name is taken to be a byte array. */ String MAC_KEY_MATERIAL = "gnu.crypto.mac.key.material"; - /** - * <p>Property name of the desired truncated output size in bytes. The value - * associated to this property name is taken to be an integer. If no value - * is specified in the attributes map at initialisation time, then all bytes - * of the underlying hash algorithm's output are emitted.</p> - * - * <p>This implementation, follows the recommendation of the <i>RFC 2104</i> - * authors; specifically:</p> - * + * Property name of the desired truncated output size in bytes. The value + * associated to this property name is taken to be an integer. If no value is + * specified in the attributes map at initialisation time, then all bytes of + * the underlying hash algorithm's output are emitted. + * <p> + * This implementation, follows the recommendation of the <i>RFC 2104</i> + * authors; specifically: * <pre> - * We recommend that the output length t be not less than half the - * length of the hash output (to match the birthday attack bound) - * and not less than 80 bits (a suitable lower bound on the number - * of bits that need to be predicted by an attacker). + * We recommend that the output length t be not less than half the + * length of the hash output (to match the birthday attack bound) + * and not less than 80 bits (a suitable lower bound on the number + * of bits that need to be predicted by an attacker). * </pre> */ String TRUNCATED_SIZE = "gnu.crypto.mac.truncated.size"; - // Methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the canonical name of this algorithm.</p> - * + * Returns the canonical name of this algorithm. + * * @return the canonical name of this algorithm. */ String name(); /** - * <p>Returns the output length in bytes of this <i>MAC</i> algorithm.</p> - * + * Returns the output length in bytes of this <i>MAC</i> algorithm. + * * @return the output length in bytes of this <i>MAC</i> algorithm. */ int macSize(); /** - * <p>Initialises the algorithm with designated attributes. Permissible names - * and values are described in the class documentation above.</p> - * + * Initialises the algorithm with designated attributes. Permissible names and + * values are described in the class documentation above. + * * @param attributes a set of name-value pairs that describe the desired - * future instance behaviour. + * future instance behaviour. * @exception InvalidKeyException if the key data is invalid. * @exception IllegalStateException if the instance is already initialised. * @see #MAC_KEY_MATERIAL @@ -147,18 +132,17 @@ public interface IMac void init(Map attributes) throws InvalidKeyException, IllegalStateException; /** - * <p>Continues a <i>MAC</i> operation using the input byte.</p> - * + * Continues a <i>MAC</i> operation using the input byte. + * * @param b the input byte to digest. */ void update(byte b); /** - * <p>Continues a <i>MAC</i> operation, by filling the buffer, processing - * data in the algorithm's MAC_SIZE-bit block(s), updating the context and - * count, and buffering the remaining bytes in buffer for the next - * operation.</p> - * + * Continues a <i>MAC</i> operation, by filling the buffer, processing data + * in the algorithm's MAC_SIZE-bit block(s), updating the context and count, + * and buffering the remaining bytes in buffer for the next operation. + * * @param in the input block. * @param offset start of meaningful bytes in input block. * @param length number of bytes, in input block, to consider. @@ -166,32 +150,32 @@ public interface IMac void update(byte[] in, int offset, int length); /** - * <p>Completes the <i>MAC</i> by performing final operations such as - * padding and resetting the instance.</p> - * + * Completes the <i>MAC</i> by performing final operations such as padding + * and resetting the instance. + * * @return the array of bytes representing the <i>MAC</i> value. */ byte[] digest(); /** - * <p>Resets the algorithm instance for re-initialisation and use with other - * characteristics. This method always succeeds.</p> + * Resets the algorithm instance for re-initialisation and use with other + * characteristics. This method always succeeds. */ void reset(); /** - * <p>A basic test. Ensures that the MAC of a pre-determined message is equal - * to a known pre-computed value.</p> - * + * A basic test. Ensures that the MAC of a pre-determined message is equal to + * a known pre-computed value. + * * @return <code>true</code> if the implementation passes a basic self-test. - * Returns <code>false</code> otherwise. + * Returns <code>false</code> otherwise. */ boolean selfTest(); /** - * <p>Returns a clone copy of this instance.</p> - * + * Returns a clone copy of this instance. + * * @return a clone copy of this instance. */ Object clone() throws CloneNotSupportedException; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/MacFactory.java b/libjava/classpath/gnu/javax/crypto/mac/MacFactory.java index d8f8bcfcee6..5d4a561824e 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/MacFactory.java +++ b/libjava/classpath/gnu/javax/crypto/mac/MacFactory.java @@ -48,17 +48,13 @@ import java.util.Iterator; import java.util.Set; /** - * <p>A <i>Factory</i> that instantiates instances of every supported Message - * Authentication Code algorithms, including all <i>HMAC</i> algorithms.</p> + * A <i>Factory</i> that instantiates instances of every supported Message + * Authentication Code algorithms, including all <i>HMAC</i> algorithms. */ -public class MacFactory implements Registry +public class MacFactory + implements Registry { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- + private static Set names; /** Trivial constructor to enforce <i>Singleton</i> pattern. */ private MacFactory() @@ -66,72 +62,51 @@ public class MacFactory implements Registry super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a <i>MAC</i> algorithm given its name.</p> - * + * Returns an instance of a <i>MAC</i> algorithm given its name. + * * @param name the name of the MAC algorithm. * @return an instance of the <i>MAC</i> algorithm, or <code>null</code> if - * none can be constructed. + * none can be constructed. * @exception InternalError if the implementation does not pass its self-test. */ public static IMac getInstance(String name) { if (name == null) - { - return null; - } + return null; name = name.trim(); name = name.toLowerCase(); if (name.startsWith(HMAC_NAME_PREFIX)) - { - return HMacFactory.getInstance(name); - } + return HMacFactory.getInstance(name); if (name.startsWith(OMAC_PREFIX)) { name = name.substring(OMAC_PREFIX.length()); IBlockCipher cipher = CipherFactory.getInstance(name); if (cipher == null) - { - return null; - } + return null; return new OMAC(cipher); } - IMac result = null; if (name.equalsIgnoreCase(UHASH32)) - { - result = new UHash32(); - } + result = new UHash32(); else if (name.equalsIgnoreCase(UMAC32)) - { - result = new UMac32(); - } + result = new UMac32(); else if (name.equalsIgnoreCase(TMMH16)) - { - result = new TMMH16(); - } - // else if (name.equalsIgnoreCase(TMMH32)) { - // result = new TMMH32(); - // } + result = new TMMH16(); - if (result != null && !result.selfTest()) - { - throw new InternalError(result.name()); - } + if (result != null && ! result.selfTest()) + throw new InternalError(result.name()); return result; } /** - * <p>Returns a {@link java.util.Set} of names of <i>MAC</i> algorithms - * supported by this <i>Factory</i>.</p> - * - * @return a {@link java.util.Set} of MAC names (Strings). + * Returns a {@link Set} of names of <i>MAC</i> algorithms supported by this + * <i>Factory</i>. + * + * @return a {@link Set} of MAC names (Strings). */ public static final Set getNames() { @@ -144,21 +119,12 @@ public class MacFactory implements Registry hs.add(UHASH32); hs.add(UMAC32); hs.add(TMMH16); - // hs.add(TMMH32); - for (Iterator it = CipherFactory.getNames().iterator(); it.hasNext();) - { - hs.add(OMAC_PREFIX + it.next()); - } + hs.add(OMAC_PREFIX + it.next()); names = Collections.unmodifiableSet(hs); } } return names; } - - private static Set names; - - // Instance methods - // ------------------------------------------------------------------------- -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/MacInputStream.java b/libjava/classpath/gnu/javax/crypto/mac/MacInputStream.java index 9acd18b19af..e734b1bbb4b 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/MacInputStream.java +++ b/libjava/classpath/gnu/javax/crypto/mac/MacInputStream.java @@ -46,30 +46,19 @@ import java.io.IOException; * A filtering input stream that computes a MAC (message authentication code) * over all data read from the stream. */ -public class MacInputStream extends FilterInputStream +public class MacInputStream + extends FilterInputStream { - - // Field. - // ------------------------------------------------------------------------ - - /** - * The digesting state. The MAC is updated only if this flag is true. - */ + /** The digesting state. The MAC is updated only if this flag is true. */ private boolean digesting; - - /** - * The MAC being updated. - */ + /** The MAC being updated. */ private IMac mac; - // Constructor. - // ------------------------------------------------------------------------ - /** - * Creates a new MacInputStream. The stream is initially set to digest - * data written, the <i>mac</i> argument must have already been initialized, - * and the <i>mac</i> argument is <b>not</b> cloned. - * + * Creates a new MacInputStream. The stream is initially set to digest data + * written, the <i>mac</i> argument must have already been initialized, and + * the <i>mac</i> argument is <b>not</b> cloned. + * * @param in The underlying input stream. * @param mac The mac instance to use. */ @@ -82,12 +71,9 @@ public class MacInputStream extends FilterInputStream digesting = true; } - // Instance methods. - // ------------------------------------------------------------------------ - /** * Returns the MAC this stream is updating. - * + * * @return The MAC. */ public IMac getMac() @@ -98,7 +84,7 @@ public class MacInputStream extends FilterInputStream /** * Sets the MAC this stream is updating, which must have already been * initialized. The argument is not cloned by this method. - * + * * @param mac The new MAC. * @throws NullPointerException If the argument is null. */ @@ -110,9 +96,9 @@ public class MacInputStream extends FilterInputStream } /** - * Turns the digesting state on or off. When off, the MAC will not be - * updated when data is written to the stream. - * + * Turns the digesting state on or off. When off, the MAC will not be updated + * when data is written to the stream. + * * @param flag The new digesting state. */ public void on(boolean flag) @@ -135,4 +121,4 @@ public class MacInputStream extends FilterInputStream mac.update(buf, off, i); return i; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/MacOutputStream.java b/libjava/classpath/gnu/javax/crypto/mac/MacOutputStream.java index a48d25ba3a5..739a78497a7 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/MacOutputStream.java +++ b/libjava/classpath/gnu/javax/crypto/mac/MacOutputStream.java @@ -43,29 +43,23 @@ import java.io.IOException; import java.io.OutputStream; /** - * <p>A filtering output stream that computes a MAC (message authentication - * code) over all data written to the stream.</p> + * A filtering output stream that computes a MAC (message authentication code) + * over all data written to the stream. */ -public class MacOutputStream extends FilterOutputStream +public class MacOutputStream + extends FilterOutputStream { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The digesting state. The MAC is updated only if this flag is true. */ private boolean digesting; - /** The MAC being updated. */ private IMac mac; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Creates a new <code>MacOutputStream</code>. The stream is initially set + * Creates a new <code>MacOutputStream</code>. The stream is initially set * to digest data written, the <code>mac</code> argument must have already - * been initialized, and the <code>mac</code> argument is <b>not</b> cloned.</p> - * + * been initialized, and the <code>mac</code> argument is <b>not</b> + * cloned. + * * @param out The underlying output stream. * @param mac The mac instance to use. */ @@ -73,19 +67,14 @@ public class MacOutputStream extends FilterOutputStream { super(out); if (mac == null) - { - throw new NullPointerException(); - } + throw new NullPointerException(); this.mac = mac; digesting = true; } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the MAC this stream is updating.</p> - * + * Returns the MAC this stream is updating. + * * @return The MAC. */ public IMac getMac() @@ -94,25 +83,23 @@ public class MacOutputStream extends FilterOutputStream } /** - * <p>Sets the MAC this stream is updating, which must have already been - * initialized. The argument is not cloned by this method.</p> - * + * Sets the MAC this stream is updating, which must have already been + * initialized. The argument is not cloned by this method. + * * @param mac The non-null new MAC. * @throws NullPointerException If the argument is null. */ public void setMac(IMac mac) { if (mac == null) - { - throw new NullPointerException(); - } + throw new NullPointerException(); this.mac = mac; } /** - * <p>Turns the digesting state on or off. When off, the MAC will not be - * updated when data is written to the stream.</p> - * + * Turns the digesting state on or off. When off, the MAC will not be updated + * when data is written to the stream. + * * @param flag The new digesting state. */ public void on(boolean flag) @@ -123,18 +110,14 @@ public class MacOutputStream extends FilterOutputStream public void write(int b) throws IOException { if (digesting) - { - mac.update((byte) b); - } + mac.update((byte) b); out.write(b); } public void write(byte[] buf, int off, int len) throws IOException { if (digesting) - { - mac.update(buf, off, len); - } + mac.update(buf, off, len); out.write(buf, off, len); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/OMAC.java b/libjava/classpath/gnu/javax/crypto/mac/OMAC.java index c83320a1bc4..cd753acafbc 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/OMAC.java +++ b/libjava/classpath/gnu/javax/crypto/mac/OMAC.java @@ -38,88 +38,60 @@ exception statement from your version. */ package gnu.javax.crypto.mac; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.Util; import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.mode.IMode; -import gnu.javax.crypto.mode.ModeFactory; import java.security.InvalidKeyException; - import java.util.Arrays; import java.util.HashMap; import java.util.Map; +import java.util.logging.Logger; /** - * <p>The One-Key CBC MAC, OMAC. This message authentication code is based on - * a block cipher in CBC mode.</p> - * - * <p>References:</p> + * The One-Key CBC MAC, OMAC. This message authentication code is based on a + * block cipher in CBC mode. + * <p> + * References: * <ol> * <li>Tetsu Iwata and Kaoru Kurosawa, <i><a * href="http://crypt.cis.ibaraki.ac.jp/omac/docs/omac.pdf">OMAC: One-Key CBC * MAC</a></i>.</li> * </ol> */ -public class OMAC implements IMac +public class OMAC + implements IMac { - - // Constants and fields. - // ------------------------------------------------------------------------ - - private static final boolean DEBUG = false; - - private static void debug(String msg) - { - System.out.print(">>> OMAC: "); - System.out.println(msg); - } - + private static final Logger log = Logger.getLogger(OMAC.class.getName()); private static final byte C1 = (byte) 0x87; - private static final byte C2 = 0x1b; - // Test key for OMAC-AES-128 - private static final byte[] KEY0 = Util.toBytesFromString("2b7e151628aed2a6abf7158809cf4f3c"); - + private static final byte[] KEY0 = + Util.toBytesFromString("2b7e151628aed2a6abf7158809cf4f3c"); // Test MAC for zero-length input. - private static final byte[] DIGEST0 = Util.toBytesFromString("bb1d6929e95937287fa37d129b756746"); - + private static final byte[] DIGEST0 = + Util.toBytesFromString("bb1d6929e95937287fa37d129b756746"); private static Boolean valid; - private final IBlockCipher cipher; - private final String name; - private IMode mode; - private int blockSize; - private int outputSize; - private byte[] Lu, Lu2; - private byte[] M; - private byte[] Y; - private boolean init; - private int index; - // Constructor. - // ------------------------------------------------------------------------ - public OMAC(IBlockCipher cipher) { this.cipher = cipher; this.name = "OMAC-" + cipher.name(); } - // Instance methods. - // ------------------------------------------------------------------------ - public Object clone() { return new OMAC(cipher); @@ -141,135 +113,89 @@ public class OMAC implements IMac attrib2.put(IBlockCipher.KEY_MATERIAL, attrib.get(MAC_KEY_MATERIAL)); cipher.reset(); cipher.init(attrib2); - blockSize = cipher.currentBlockSize(); Integer os = (Integer) attrib.get(TRUNCATED_SIZE); if (os != null) { outputSize = os.intValue(); if (outputSize < 0 || outputSize > blockSize) - { - throw new IllegalArgumentException("truncated size out of range"); - } + throw new IllegalArgumentException("truncated size out of range"); } else - { - outputSize = blockSize; - } + outputSize = blockSize; byte[] L = new byte[blockSize]; cipher.encryptBlock(L, 0, L, 0); - - if (DEBUG) - { - debug("L = " + Util.toString(L).toLowerCase()); - } - + if (Configuration.DEBUG) + log.fine("L = " + Util.toString(L).toLowerCase()); if (Lu != null) { Arrays.fill(Lu, (byte) 0); if (Lu.length != blockSize) - { - Lu = new byte[blockSize]; - } + Lu = new byte[blockSize]; } else - { - Lu = new byte[blockSize]; - } + Lu = new byte[blockSize]; if (Lu2 != null) { Arrays.fill(Lu2, (byte) 0); if (Lu2.length != blockSize) - { - Lu2 = new byte[blockSize]; - } + Lu2 = new byte[blockSize]; } else - { - Lu2 = new byte[blockSize]; - } + Lu2 = new byte[blockSize]; boolean msb = (L[0] & 0x80) != 0; for (int i = 0; i < blockSize; i++) { - Lu[i] = (byte) (L[i] << 1 & 0xFF); + Lu[i] = (byte)(L[i] << 1 & 0xFF); if (i + 1 < blockSize) - { - Lu[i] |= (byte) ((L[i + 1] & 0x80) >> 7); - } + Lu[i] |= (byte)((L[i + 1] & 0x80) >> 7); } if (msb) { if (blockSize == 16) - { - Lu[Lu.length - 1] ^= C1; - } + Lu[Lu.length - 1] ^= C1; else if (blockSize == 8) - { - Lu[Lu.length - 1] ^= C2; - } + Lu[Lu.length - 1] ^= C2; else - { - throw new IllegalArgumentException( - "unsupported cipher block size: " - + blockSize); - } - } - if (DEBUG) - { - debug("Lu = " + Util.toString(Lu).toLowerCase()); + throw new IllegalArgumentException("unsupported cipher block size: " + + blockSize); } - + if (Configuration.DEBUG) + log.fine("Lu = " + Util.toString(Lu).toLowerCase()); msb = (Lu[0] & 0x80) != 0; for (int i = 0; i < blockSize; i++) { - Lu2[i] = (byte) (Lu[i] << 1 & 0xFF); + Lu2[i] = (byte)(Lu[i] << 1 & 0xFF); if (i + 1 < blockSize) - { - Lu2[i] |= (byte) ((Lu[i + 1] & 0x80) >> 7); - } + Lu2[i] |= (byte)((Lu[i + 1] & 0x80) >> 7); } if (msb) { if (blockSize == 16) - { - Lu2[Lu2.length - 1] ^= C1; - } + Lu2[Lu2.length - 1] ^= C1; else - { - Lu2[Lu2.length - 1] ^= C2; - } - } - if (DEBUG) - { - debug("Lu2 = " + Util.toString(Lu2).toLowerCase()); + Lu2[Lu2.length - 1] ^= C2; } - + if (Configuration.DEBUG) + log.fine("Lu2 = " + Util.toString(Lu2).toLowerCase()); if (M != null) { Arrays.fill(M, (byte) 0); if (M.length != blockSize) - { - M = new byte[blockSize]; - } + M = new byte[blockSize]; } else - { - M = new byte[blockSize]; - } + M = new byte[blockSize]; if (Y != null) { Arrays.fill(Y, (byte) 0); if (Y.length != blockSize) - { - Y = new byte[blockSize]; - } + Y = new byte[blockSize]; } else - { - Y = new byte[blockSize]; - } + Y = new byte[blockSize]; index = 0; init = true; @@ -277,10 +203,8 @@ public class OMAC implements IMac public void update(byte b) { - if (!init) - { - throw new IllegalStateException("not initialized"); - } + if (! init) + throw new IllegalStateException("not initialized"); if (index == M.length) { process(); @@ -291,15 +215,11 @@ public class OMAC implements IMac public void update(byte[] buf, int off, int len) { - if (!init) - { - throw new IllegalStateException("not initialized"); - } + if (! init) + throw new IllegalStateException("not initialized"); if (off < 0 || len < 0 || off + len > buf.length) - { - throw new IndexOutOfBoundsException("size=" + buf.length + "; off=" - + off + "; len=" + len); - } + throw new IndexOutOfBoundsException("size=" + buf.length + "; off=" + off + + "; len=" + len); for (int i = 0; i < len;) { if (index == blockSize) @@ -323,30 +243,22 @@ public class OMAC implements IMac public void digest(byte[] out, int off) { - if (!init) - { - throw new IllegalStateException("not initialized"); - } + if (! init) + throw new IllegalStateException("not initialized"); if (off < 0 || off + outputSize > out.length) - { - throw new IndexOutOfBoundsException("size=" + out.length + "; off=" - + off + "; len=" + outputSize); - } + throw new IndexOutOfBoundsException("size=" + out.length + "; off=" + off + + "; len=" + outputSize); byte[] T = new byte[blockSize]; byte[] L = Lu; if (index < blockSize) { M[index++] = (byte) 0x80; while (index < blockSize) - { - M[index++] = 0; - } + M[index++] = 0; L = Lu2; } for (int i = 0; i < blockSize; i++) - { - T[i] = (byte) (M[i] ^ Y[i] ^ L[i]); - } + T[i] = (byte)(M[i] ^ Y[i] ^ L[i]); cipher.encryptBlock(T, 0, T, 0); System.arraycopy(T, 0, out, off, outputSize); reset(); @@ -356,13 +268,9 @@ public class OMAC implements IMac { index = 0; if (Y != null) - { - Arrays.fill(Y, (byte) 0); - } + Arrays.fill(Y, (byte) 0); if (M != null) - { - Arrays.fill(M, (byte) 0); - } + Arrays.fill(M, (byte) 0); } public boolean selfTest() @@ -382,21 +290,14 @@ public class OMAC implements IMac return false; } if (digest == null) - { - return false; - } + return false; return Arrays.equals(DIGEST0, digest); } - // Own methods. - // ------------------------------------------------------------------------ - private void process() { for (int i = 0; i < blockSize; i++) - { - M[i] = (byte) (M[i] ^ Y[i]); - } + M[i] = (byte)(M[i] ^ Y[i]); cipher.encryptBlock(M, 0, Y, 0); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/TMMH16.java b/libjava/classpath/gnu/javax/crypto/mac/TMMH16.java index af6e78fcf87..0a7b4a6caeb 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/TMMH16.java +++ b/libjava/classpath/gnu/javax/crypto/mac/TMMH16.java @@ -46,91 +46,63 @@ import java.security.InvalidKeyException; import java.util.Map; /** - * <p><i>TMMH</i> is a <i>universal</i> hash function suitable for message + * <i>TMMH</i> is a <i>universal</i> hash function suitable for message * authentication in the Wegman-Carter paradigm, as in the Stream Cipher * Security Transform. It is simple, quick, and especially appropriate for * Digital Signal Processors and other processors with a fast multiply * operation, though a straightforward implementation requires storage equal in - * length to the largest message to be hashed.</p> - * - * <p><i>TMMH</i> is a simple hash function which maps a key and a message to a + * length to the largest message to be hashed. + * <p> + * <i>TMMH</i> is a simple hash function which maps a key and a message to a * hash value. There are two versions of TMMH: TMMH/16 and TMMH/32. <i>TMMH</i> * can be used as a message authentication code, as described in Section 5 (see - * References).</p> - * - * <p>The key, message, and hash value are all octet strings, and the lengths of + * References). + * <p> + * The key, message, and hash value are all octet strings, and the lengths of * these quantities are denoted as <code>KEY_LENGTH</code>, - * <code>MESSAGE_LENGTH</code>, and <code>TAG_LENGTH</code>, respectively. The - * values of <code>KEY_LENGTH</code> and <code>TAG_LENGTH</code> + * <code>MESSAGE_LENGTH</code>, and <code>TAG_LENGTH</code>, respectively. + * The values of <code>KEY_LENGTH</code> and <code>TAG_LENGTH</code> * <bold>MUST</bold> be fixed for any particular fixed value of the key, and - * must obey the alignment restrictions described below.</p> - * - * <p>The parameter <code>MAX_HASH_LENGTH</code>, which denotes the maximum + * must obey the alignment restrictions described below. + * <p> + * The parameter <code>MAX_HASH_LENGTH</code>, which denotes the maximum * value which <code>MESSAGE_LENGTH</code> may take, is equal to - * <code>KEY_LENGTH - TAG_LENGTH</code>.</p> - * - * <p>References:</p> - * + * <code>KEY_LENGTH - TAG_LENGTH</code>. + * <p> + * References: * <ol> - * <li><a - href="http://www.ietf.org/internet-drafts/draft-mcgrew-saag-tmmh-01.txt"> - * The Truncated Multi-Modular Hash Function (TMMH)</a>, David A. McGrew.</li> + * <li><a + * href="http://www.ietf.org/internet-drafts/draft-mcgrew-saag-tmmh-01.txt"> The + * Truncated Multi-Modular Hash Function (TMMH)</a>, David A. McGrew.</li> * </ol> */ -public class TMMH16 extends BaseMac implements Cloneable +public class TMMH16 + extends BaseMac + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final String TAG_LENGTH = "gnu.crypto.mac.tmmh.tag.length"; - public static final String KEYSTREAM = "gnu.crypto.mac.tmmh.keystream"; - public static final String PREFIX = "gnu.crypto.mac.tmmh.prefix"; - private static final int P = (1 << 16) + 1; // the TMMH/16 prime - /** caches the result of the correctness test, once executed. */ private static Boolean valid; - private int tagWords = 0; // the tagLength expressed in words - private IRandom keystream = null; // the keystream generator - private byte[] prefix; // mask to use when operating as an authentication f. - private long keyWords; // key words counter - private long msgLength; // in bytes - private long msgWords; // should be = msgLength * WORD_LENGTH - private int[] context; // the tmmh running context; length == TAG_WORDS - private int[] K0; // the first TAG_WORDS words of the keystream - private int[] Ki; // the sliding TAG_WORDS words of the keystream - private int Mi; // current message word being constructed - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public TMMH16() { super(Registry.TMMH16); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.mac.IMac interface implementation ---------------------------- - public int macSize() { return tagWords * 2; @@ -143,22 +115,17 @@ public class TMMH16 extends BaseMac implements Cloneable Integer tagLength = (Integer) attributes.get(TAG_LENGTH); // get tag length if (tagLength == null) { - if (tagWords == 0) - { // was never set - throw new IllegalArgumentException(TAG_LENGTH); - } // else re-use + if (tagWords == 0) // was never set + throw new IllegalArgumentException(TAG_LENGTH); + // else re-use } - else - { // check if positive and is divisible by WORD_LENGTH + else // check if positive and is divisible by WORD_LENGTH + { wantTagLength = tagLength.intValue(); if (wantTagLength < 2 || (wantTagLength % 2 != 0)) - { - throw new IllegalArgumentException(TAG_LENGTH); - } - else if (wantTagLength > (512 / 8)) - { // 512-bits is our maximum - throw new IllegalArgumentException(TAG_LENGTH); - } + throw new IllegalArgumentException(TAG_LENGTH); + else if (wantTagLength > (512 / 8)) // 512-bits is our maximum + throw new IllegalArgumentException(TAG_LENGTH); tagWords = wantTagLength / 2; // init local vars K0 = new int[tagWords]; @@ -167,36 +134,27 @@ public class TMMH16 extends BaseMac implements Cloneable } prefix = (byte[]) attributes.get(PREFIX); - if (prefix == null) - { // default to all-zeroes - prefix = new byte[tagWords * 2]; - } - else - { // ensure it's as long as it should + if (prefix == null) // default to all-zeroes + prefix = new byte[tagWords * 2]; + else // ensure it's as long as it should + { if (prefix.length != tagWords * 2) - { - throw new IllegalArgumentException(PREFIX); - } + throw new IllegalArgumentException(PREFIX); } IRandom prng = (IRandom) attributes.get(KEYSTREAM); // get keystream if (prng == null) { if (keystream == null) - { - throw new IllegalArgumentException(KEYSTREAM); - } // else reuse + throw new IllegalArgumentException(KEYSTREAM); + // else reuse } else - { - keystream = prng; - } + keystream = prng; reset(); // reset context variables - for (int i = 0; i < tagWords; i++) - { // init starting key words - Ki[i] = K0[i] = getNextKeyWord(keystream); - } + for (int i = 0; i < tagWords; i++) // init starting key words + Ki[i] = K0[i] = getNextKeyWord(keystream); } // The words of the key are denoted as K[1], K[2], ..., K[KEY_WORDS], and the @@ -206,12 +164,12 @@ public class TMMH16 extends BaseMac implements Cloneable // // If MESSAGE_LENGTH is greater than MAX_HASH_LENGTH, then the value of // TMMH/16 is undefined. Implementations MUST indicate an error if asked to - // hash a message with such a length. Otherwise, the hash value is defined + // hash a message with such a length. Otherwise, the hash value is defined // to be the length TAG_WORDS sequence of words in which the j-th word in the // sequence is defined as // // [ [ K[j] * MESSAGE_LENGTH +32 K[j+1] * M[1] +32 K[j+2] * M[2] - // +32 ... K[j+MSG_WORDS] * M[MSG_WORDS] ] modulo p ] modulo 2^16 + // +32 ... K[j+MSG_WORDS] * M[MSG_WORDS] ] modulo p ] modulo 2^16 // // where j ranges from 1 to TAG_WORDS. public void update(byte b) @@ -222,23 +180,21 @@ public class TMMH16 extends BaseMac implements Cloneable public void update(byte[] b, int offset, int len) { for (int i = 0; i < len; i++) - { - this.update(b[offset + i], keystream); - } + this.update(b[offset + i], keystream); } // For TMMH/16, KEY_LENGTH and TAG_LENGTH MUST be a multiple of two. The key, // message, and hash value are treated as a sequence of unsigned sixteen bit - // integers in network byte order. (In this section, we call such an integer - // a word.) If MESSAGE_LENGTH is odd, then a zero byte is appended to the + // integers in network byte order. (In this section, we call such an integer + // a word.) If MESSAGE_LENGTH is odd, then a zero byte is appended to the // message to align it on a word boundary, though this process does not // change the value of MESSAGE_LENGTH. // - // ... Otherwise, the hash value is defined to be the length TAG_WORDS + // ... Otherwise, the hash value is defined to be the length TAG_WORDS // sequence of words in which the j-th word in the sequence is defined as // // [ [ K[j] * MESSAGE_LENGTH +32 K[j+1] * M[1] +32 K[j+2] * M[2] - // +32 ... K[j+MSG_WORDS] * M[MSG_WORDS] ] modulo p ] modulo 2^16 + // +32 ... K[j+MSG_WORDS] * M[MSG_WORDS] ] modulo p ] modulo 2^16 // // where j ranges from 1 to TAG_WORDS. // @@ -255,9 +211,7 @@ public class TMMH16 extends BaseMac implements Cloneable msgLength = msgWords = keyWords = 0L; Mi = 0; for (int i = 0; i < tagWords; i++) - { - context[i] = 0; - } + context[i] = 0; } public boolean selfTest() @@ -265,42 +219,31 @@ public class TMMH16 extends BaseMac implements Cloneable if (valid == null) { // TODO: compute and test equality with one known vector - valid = Boolean.TRUE; } return valid.booleanValue(); } - // Cloneable interface implementation --------------------------------------- - public Object clone() throws CloneNotSupportedException { TMMH16 result = (TMMH16) super.clone(); - if (this.keystream != null) result.keystream = (IRandom) this.keystream.clone(); - if (this.prefix != null) result.prefix = (byte[]) this.prefix.clone(); - if (this.context != null) result.context = (int[]) this.context.clone(); - if (this.K0 != null) result.K0 = (int[]) this.K0.clone(); - if (this.Ki != null) result.Ki = (int[]) this.Ki.clone(); - return result; } - // own methods ------------------------------------------------------------- - /** - * <p>Similar to the same method with one argument, but uses the designated - * random number generator to compute needed keying material.</p> - * + * Similar to the same method with one argument, but uses the designated + * random number generator to compute needed keying material. + * * @param b the byte to process. * @param prng the source of randomness to use. */ @@ -309,14 +252,14 @@ public class TMMH16 extends BaseMac implements Cloneable Mi <<= 8; // update message buffer Mi |= b & 0xFF; msgLength++; // update message length (bytes) - if (msgLength % 2 == 0) - { // got a full word + if (msgLength % 2 == 0) // got a full word + { msgWords++; // update message words counter System.arraycopy(Ki, 1, Ki, 0, tagWords - 1); // 1. shift Ki up by 1 Ki[tagWords - 1] = getNextKeyWord(prng); // 2. fill last box of Ki long t; // temp var to allow working in modulo 2^32 - for (int i = 0; i < tagWords; i++) - { // 3. update context + for (int i = 0; i < tagWords; i++) // 3. update context + { t = context[i] & 0xFFFFFFFFL; t += Ki[i] * Mi; context[i] = (int) t; @@ -326,28 +269,26 @@ public class TMMH16 extends BaseMac implements Cloneable } /** - * <p>Similar to the same method with three arguments, but uses the - * designated random number generator to compute needed keying material.</p> - * + * Similar to the same method with three arguments, but uses the designated + * random number generator to compute needed keying material. + * * @param b the byte array to process. * @param offset the starting offset in <code>b</code> to start considering - * the bytes to process. + * the bytes to process. * @param len the number of bytes in <code>b</code> starting from - * <code>offset</code> to process. + * <code>offset</code> to process. * @param prng the source of randomness to use. */ public void update(byte[] b, int offset, int len, IRandom prng) { for (int i = 0; i < len; i++) - { - this.update(b[offset + i], prng); - } + this.update(b[offset + i], prng); } /** - * <p>Similar to the same method with no arguments, but uses the designated - * random number generator to compute needed keying material.</p> - * + * Similar to the same method with no arguments, but uses the designated + * random number generator to compute needed keying material. + * * @param prng the source of randomness to use. * @return the final result of the algorithm. */ @@ -357,12 +298,11 @@ public class TMMH16 extends BaseMac implements Cloneable byte[] result = new byte[tagWords * 2]; for (int i = 0, j = 0; i < tagWords; i++) { - result[j] = (byte) ((context[i] >>> 8) ^ prefix[j]); + result[j] = (byte)((context[i] >>> 8) ^ prefix[j]); j++; - result[j] = (byte) (context[i] ^ prefix[j]); + result[j] = (byte)(context[i] ^ prefix[j]); j++; } - reset(); return result; } @@ -378,7 +318,6 @@ public class TMMH16 extends BaseMac implements Cloneable { throw new RuntimeException(String.valueOf(x)); } - keyWords++; // update key words counter return result; } @@ -387,9 +326,7 @@ public class TMMH16 extends BaseMac implements Cloneable { long limit = msgLength; // formula works on real message length while (msgLength % 2 != 0) - { - update((byte) 0x00, prng); - } + update((byte) 0x00, prng); long t; for (int i = 0; i < tagWords; i++) { diff --git a/libjava/classpath/gnu/javax/crypto/mac/UHash32.java b/libjava/classpath/gnu/javax/crypto/mac/UHash32.java index 8abb0255ed4..737e9ce24ec 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/UHash32.java +++ b/libjava/classpath/gnu/javax/crypto/mac/UHash32.java @@ -40,7 +40,6 @@ package gnu.javax.crypto.mac; import gnu.java.security.prng.IRandom; import gnu.java.security.prng.LimitReachedException; - import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.prng.UMacGenerator; @@ -51,103 +50,63 @@ import java.util.HashMap; import java.util.Map; /** - * <p><i>UHASH</i> is a keyed hash function, which takes as input a string of + * <i>UHASH</i> is a keyed hash function, which takes as input a string of * arbitrary length, and produces as output a string of fixed length (such as 8 - * bytes). The actual output length depends on the parameter UMAC-OUTPUT-LEN.</p> - * - * <p><i>UHASH</i> has been shown to be <i>epsilon-ASU</i> ("Almost Strongly + * bytes). The actual output length depends on the parameter UMAC-OUTPUT-LEN. + * <p> + * <i>UHASH</i> has been shown to be <i>epsilon-ASU</i> ("Almost Strongly * Universal"), where epsilon is a small (parameter-dependent) real number. * Informally, saying that a keyed hash function is <i>epsilon-ASU</i> means * that for any two distinct fixed input strings, the two outputs of the hash * function with a random key "look almost like a pair of random strings". The - * number epsilon measures how non-random the output strings may be.</p> - * - * <i>UHASH</i> has been designed to be fast by exploiting several architectural - * features of modern commodity processors. It was specifically designed for use - * in <i>UMAC</i>. But <i>UHASH</i> is useful beyond that domain, and can be - * easily adopted for other purposes.</p> - * + * number epsilon measures how non-random the output strings may be. + * <p> + * <i>UHASH</i> has been designed to be fast by exploiting several + * architectural features of modern commodity processors. It was specifically + * designed for use in <i>UMAC</i>. But <i>UHASH</i> is useful beyond that + * domain, and can be easily adopted for other purposes. + * <p> * <i>UHASH</i> does its work in three layers. First, a hash function called * <code>NH</code> is used to compress input messages into strings which are * typically many times smaller than the input message. Second, the compressed * message is hashed with an optimized <i>polynomial hash function</i> into a * fixed-length 16-byte string. Finally, the 16-byte string is hashed using an - * <i>inner-product hash</i> into a string of length WORD-LEN bytes. These three - * layers are repeated (with a modified key) until the outputs total - * UMAC-OUTPUT-LEN bytes.</p> - * - * <p>References:</p> - * + * <i>inner-product hash</i> into a string of length WORD-LEN bytes. These + * three layers are repeated (with a modified key) until the outputs total + * UMAC-OUTPUT-LEN bytes. + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> - * UMAC</a>: Message Authentication Code using Universal Hashing.<br> - * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> + * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> + * UMAC</a>: Message Authentication Code using Universal Hashing.<br> + * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> * </ol> */ -public class UHash32 extends BaseMac +public class UHash32 + extends BaseMac { - - // Constants and variables - // ------------------------------------------------------------------------- - // UMAC prime values private static final BigInteger PRIME_19 = BigInteger.valueOf(0x7FFFFL); - private static final BigInteger PRIME_32 = BigInteger.valueOf(0xFFFFFFFBL); - private static final BigInteger PRIME_36 = BigInteger.valueOf(0xFFFFFFFFBL); - - private static final BigInteger PRIME_64 = new BigInteger( - 1, - new byte[] { - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xC5 }); - - private static final BigInteger PRIME_128 = new BigInteger( - 1, - new byte[] { - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0x61 }); - + private static final BigInteger PRIME_64 = new BigInteger(1, new byte[] { + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xC5 }); + private static final BigInteger PRIME_128 = new BigInteger(1, new byte[] { + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x61 }); static final BigInteger TWO = BigInteger.valueOf(2L); - static final long BOUNDARY = TWO.shiftLeft(17).longValue(); - // 2**64 - 2**32 static final BigInteger LOWER_RANGE = TWO.pow(64).subtract(TWO.pow(32)); - // 2**128 - 2**96 static final BigInteger UPPER_RANGE = TWO.pow(128).subtract(TWO.pow(96)); - static final byte[] ALL_ZEROES = new byte[32]; - int streams; - L1Hash32[] l1hash; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public UHash32() { @@ -155,7 +114,7 @@ public class UHash32 extends BaseMac } /** - * <p>Private constructor for cloning purposes.</p> + * Private constructor for cloning purposes. * * @param that the instance to clone. */ @@ -166,24 +125,15 @@ public class UHash32 extends BaseMac this.streams = that.streams; if (that.l1hash != null) { - // this.l1hash = new L1Hash32[that.l1hash.length]; this.l1hash = new L1Hash32[that.streams]; - // for (int i = 0; i < that.l1hash.length; i++) { for (int i = 0; i < that.streams; i++) - { - if (that.l1hash[i] != null) - { - this.l1hash[i] = (L1Hash32) that.l1hash[i].clone(); - } - } + if (that.l1hash[i] != null) + this.l1hash[i] = (L1Hash32) that.l1hash[i].clone(); } } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>The prime numbers used in UMAC are:</p> + * The prime numbers used in UMAC are: * <pre> * +-----+--------------------+---------------------------------------+ * | x | prime(x) [Decimal] | prime(x) [Hexadecimal] | @@ -219,18 +169,11 @@ public class UHash32 extends BaseMac } } - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { return new UHash32(this); } - // gnu.crypto.mac.IMac interface implementation ---------------------------- - public int macSize() { return UMac32.OUTPUT_LEN; @@ -241,18 +184,12 @@ public class UHash32 extends BaseMac { byte[] K = (byte[]) attributes.get(MAC_KEY_MATERIAL); if (K == null) - { - throw new InvalidKeyException("Null Key"); - } + throw new InvalidKeyException("Null Key"); if (K.length != UMac32.KEY_LEN) - { - throw new InvalidKeyException("Invalid Key length: " - + String.valueOf(K.length)); - } - + throw new InvalidKeyException("Invalid Key length: " + + String.valueOf(K.length)); // Calculate iterations needed to make UMAC-OUTPUT-LEN bytes streams = (UMac32.OUTPUT_LEN + 3) / 4; - // Define total key needed for all iterations using UMacGenerator. // L1Key and L3Key1 both reuse most key between iterations. IRandom kdf1 = new UMacGenerator(); @@ -261,15 +198,14 @@ public class UHash32 extends BaseMac IRandom kdf4 = new UMacGenerator(); Map map = new HashMap(); map.put(IBlockCipher.KEY_MATERIAL, K); - map.put(UMacGenerator.INDEX, new Integer(0)); + map.put(UMacGenerator.INDEX, Integer.valueOf(0)); kdf1.init(map); - map.put(UMacGenerator.INDEX, new Integer(1)); + map.put(UMacGenerator.INDEX, Integer.valueOf(1)); kdf2.init(map); - map.put(UMacGenerator.INDEX, new Integer(2)); + map.put(UMacGenerator.INDEX, Integer.valueOf(2)); kdf3.init(map); - map.put(UMacGenerator.INDEX, new Integer(3)); + map.put(UMacGenerator.INDEX, Integer.valueOf(3)); kdf4.init(map); - // need to generate all bytes for use later in a Toepliz construction byte[] L1Key = new byte[UMac32.L1_KEY_LEN + (streams - 1) * 16]; try @@ -297,7 +233,6 @@ public class UHash32 extends BaseMac x.printStackTrace(System.err); throw new RuntimeException("KDF for L2Key reached limit"); } - byte[] k31 = new byte[64]; try { @@ -308,7 +243,6 @@ public class UHash32 extends BaseMac x.printStackTrace(System.err); throw new RuntimeException("KDF for L3Key1 reached limit"); } - byte[] k32 = new byte[4]; try { @@ -319,7 +253,6 @@ public class UHash32 extends BaseMac x.printStackTrace(System.err); throw new RuntimeException("KDF for L3Key2 reached limit"); } - L1Hash32 mac = new L1Hash32(); mac.init(k1, k2, k31, k32); l1hash[i] = mac; @@ -329,17 +262,13 @@ public class UHash32 extends BaseMac public void update(byte b) { for (int i = 0; i < streams; i++) - { - l1hash[i].update(b); - } + l1hash[i].update(b); } public void update(byte[] b, int offset, int len) { for (int i = 0; i < len; i++) - { - this.update(b[offset + i]); - } + this.update(b[offset + i]); } public byte[] digest() @@ -357,9 +286,7 @@ public class UHash32 extends BaseMac public void reset() { for (int i = 0; i < streams; i++) - { - l1hash[i].reset(); - } + l1hash[i].reset(); } public boolean selfTest() @@ -367,38 +294,20 @@ public class UHash32 extends BaseMac return true; } - // helper methods ---------------------------------------------------------- - - // Inner classes - // ========================================================================= - /** * First hash stage of the UHash32 algorithm. */ - class L1Hash32 implements Cloneable + class L1Hash32 + implements Cloneable { - - // Constants and variables - // ---------------------------------------------------------------------- - private int[] key; // key material as an array of 32-bit ints - private byte[] buffer; // work buffer L1_KEY_LEN long - private int count; // meaningful bytes in buffer - private ByteArrayOutputStream Y; - - // private byte[] y; private long totalCount; - private L2Hash32 l2hash; - private L3Hash32 l3hash; - // Constructor(s) - // ---------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ L1Hash32() { @@ -412,7 +321,7 @@ public class UHash32 extends BaseMac } /** - * <p>Private constructor for cloning purposes.</p> + * Private constructor for cloning purposes. * * @param that the instance to clone. */ @@ -427,38 +336,23 @@ public class UHash32 extends BaseMac this.Y.write(otherY, 0, otherY.length); this.totalCount = that.totalCount; if (that.l2hash != null) - { - this.l2hash = (L2Hash32) that.l2hash.clone(); - } + this.l2hash = (L2Hash32) that.l2hash.clone(); if (that.l3hash != null) - { - this.l3hash = (L3Hash32) that.l3hash.clone(); - } + this.l3hash = (L3Hash32) that.l3hash.clone(); } - // Class methods - // ---------------------------------------------------------------------- - - // Instance methods - // ---------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ------------------------- - public Object clone() { return new L1Hash32(this); } - // other instance methods ----------------------------------------------- - public void init(byte[] k1, byte[] k2, byte[] k31, byte[] k32) { for (int i = 0, j = 0; i < (UMac32.L1_KEY_LEN / 4); i++) - { - key[i] = k1[j++] << 24 | (k1[j++] & 0xFF) << 16 - | (k1[j++] & 0xFF) << 8 | (k1[j++] & 0xFF); - } - + key[i] = k1[j++] << 24 + | (k1[j++] & 0xFF) << 16 + | (k1[j++] & 0xFF) << 8 + | (k1[j++] & 0xFF); l2hash = new L2Hash32(k2); l3hash = new L3Hash32(k31, k32); } @@ -484,8 +378,8 @@ public class UHash32 extends BaseMac // For each iteration, extract key and three-layer hash. // If length(M) <= L1_KEY_LEN, then skip L2-HASH. - if (Y.size() == 16) - { // we already hashed twice L1_KEY_LEN + if (Y.size() == 16) // we already hashed twice L1_KEY_LEN + { byte[] A = Y.toByteArray(); Y.reset(); l2hash.update(A, 0, 16); @@ -508,19 +402,16 @@ public class UHash32 extends BaseMac byte[] y = nh32(count); Y.write(y, 0, 8); } - byte[] A = Y.toByteArray(); Y.reset(); byte[] B; if (totalCount <= UMac32.L1_KEY_LEN) { // we might have 'update'd the bytes already. check - if (A.length == 0) - { // we did - B = l2hash.digest(); - } - else - { // did not + if (A.length == 0) // we did + B = l2hash.digest(); + else // did not + { B = new byte[16]; System.arraycopy(A, 0, B, 8, 8); } @@ -528,12 +419,9 @@ public class UHash32 extends BaseMac else { if (A.length != 0) - { - l2hash.update(A, 0, A.length); - } + l2hash.update(A, 0, A.length); B = l2hash.digest(); } - byte[] result = l3hash.digest(B); reset(); return result; @@ -545,13 +433,9 @@ public class UHash32 extends BaseMac Y.reset(); totalCount = 0L; if (l2hash != null) - { - l2hash.reset(); - } + l2hash.reset(); } - // helper methods ------------------------------------------------------- - /** * 5.1 NH-32: NH hashing with a 32-bit word size. * @@ -562,116 +446,87 @@ public class UHash32 extends BaseMac { // Break M and K into 4-byte chunks int t = len / 4; - // Let M_1, M_2, ..., M_t be 4-byte strings // so that M = M_1 || M_2 || .. || M_t. // Let K_1, K_2, ..., K_t be 4-byte strings // so that K_1 || K_2 || .. || K_t is a prefix of K. int[] m = new int[t]; - int i; int j = 0; for (i = 0, j = 0; i < t; i++) - { - m[i] = buffer[j++] << 24 | (buffer[j++] & 0xFF) << 16 - | (buffer[j++] & 0xFF) << 8 | (buffer[j++] & 0xFF); - } - + m[i] = buffer[j++] << 24 + | (buffer[j++] & 0xFF) << 16 + | (buffer[j++] & 0xFF) << 8 + | (buffer[j++] & 0xFF); // Perform NH hash on the chunks, pairing words for multiplication // which are 4 apart to accommodate vector-parallelism. long result = len * 8L; for (i = 0; i < t; i += 8) { result += ((m[i + 0] + key[i + 0]) & 0xFFFFFFFFL) - * ((m[i + 4] + key[i + 4]) & 0xFFFFFFFFL); + * ((m[i + 4] + key[i + 4]) & 0xFFFFFFFFL); result += ((m[i + 1] + key[i + 1]) & 0xFFFFFFFFL) - * ((m[i + 5] + key[i + 5]) & 0xFFFFFFFFL); + * ((m[i + 5] + key[i + 5]) & 0xFFFFFFFFL); result += ((m[i + 2] + key[i + 2]) & 0xFFFFFFFFL) - * ((m[i + 6] + key[i + 6]) & 0xFFFFFFFFL); + * ((m[i + 6] + key[i + 6]) & 0xFFFFFFFFL); result += ((m[i + 3] + key[i + 3]) & 0xFFFFFFFFL) - * ((m[i + 7] + key[i + 7]) & 0xFFFFFFFFL); + * ((m[i + 7] + key[i + 7]) & 0xFFFFFFFFL); } - - return new byte[] { (byte) (result >>> 56), (byte) (result >>> 48), - (byte) (result >>> 40), (byte) (result >>> 32), - (byte) (result >>> 24), (byte) (result >>> 16), - (byte) (result >>> 8), (byte) result }; + return new byte[] { + (byte)(result >>> 56), (byte)(result >>> 48), + (byte)(result >>> 40), (byte)(result >>> 32), + (byte)(result >>> 24), (byte)(result >>> 16), + (byte)(result >>> 8), (byte) result }; } } - // ========================================================================= - /** - * <p>Second hash stage of the UHash32 algorithm.</p> - * - * 5.4 L2-HASH-32: Second-layer hash.<p> + * Second hash stage of the UHash32 algorithm. + * <p> + * 5.4 L2-HASH-32: Second-layer hash. * <ul> - * <li>Input:<br> - * K string of length 24 bytes.<br> - * M string of length less than 2^64 bytes.</li> - * <li>Returns:<br> - * Y, string of length 16 bytes.</li> + * <li>Input:<br> + * K string of length 24 bytes.<br> + * M string of length less than 2^64 bytes.</li> + * <li>Returns:<br> + * Y, string of length 16 bytes.</li> * </ul> */ - class L2Hash32 implements Cloneable + class L2Hash32 + implements Cloneable { - - // Constants and variables - // ---------------------------------------------------------------------- - private BigInteger k64, k128; - private BigInteger y; - private boolean highBound; - private long bytesSoFar; - private ByteArrayOutputStream buffer; - // Constructor(s) - // ---------------------------------------------------------------------- - L2Hash32(byte[] K) { super(); if (K.length != 24) - { - throw new ExceptionInInitializerError("K length is not 24"); - } - + throw new ExceptionInInitializerError("K length is not 24"); // Extract keys and restrict to special key-sets // Mask64 = uint2str(0x01FFFFFF01FFFFFF, 8); // Mask128 = uint2str(0x01FFFFFF01FFFFFF01FFFFFF01FFFFFF, 16); // k64 = str2uint(K[1..8] and Mask64); // k128 = str2uint(K[9..24] and Mask128); int i = 0; - k64 = new BigInteger(1, new byte[] { (byte) (K[i++] & 0x01), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0x01), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF) }); - k128 = new BigInteger(1, new byte[] { (byte) (K[i++] & 0x01), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0x01), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0x01), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0x01), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF), - (byte) (K[i++] & 0xFF) }); - + k64 = new BigInteger(1, new byte[] { + (byte)(K[i++] & 0x01), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0xFF), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0x01), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0xFF), (byte)(K[i++] & 0xFF) }); + k128 = new BigInteger(1, new byte[] { + (byte)(K[i++] & 0x01), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0xFF), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0x01), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0xFF), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0x01), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0xFF), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0x01), (byte)(K[i++] & 0xFF), + (byte)(K[i++] & 0xFF), (byte)(K[i++] & 0xFF) }); y = BigInteger.ONE; highBound = false; bytesSoFar = 0L; @@ -694,36 +549,24 @@ public class UHash32 extends BaseMac } } - // Class methods - // ---------------------------------------------------------------------- - - // Instance methods - // ---------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ------------------------- - public Object clone() { return new L2Hash32(this); } - // other instance methods ----------------------------------------------- - // this is called with either 8-bytes or 16-bytes void update(byte[] b, int offset, int len) { if (len == 0) - { - return; - } + return; - if (!highBound) - { // do the first (only?) 8-bytes + if (! highBound) // do the first (only?) 8-bytes + { poly(64, LOWER_RANGE, k64, b, offset, 8); bytesSoFar += 8L; highBound = (bytesSoFar > BOUNDARY); - if (highBound) - { // if we just crossed the limit then process y + if (highBound) // if we just crossed the limit then process y + { poly(128, UPPER_RANGE, k128, yTo16bytes(), 0, 16); buffer = new ByteArrayOutputStream(); } @@ -739,9 +582,7 @@ public class UHash32 extends BaseMac byte[] bb = buffer.toByteArray(); poly(128, UPPER_RANGE, k128, bb, 0, 16); if (bb.length > 16) - { - buffer.write(bb, 16, bb.length - 16); - } + buffer.write(bb, 16, bb.length - 16); } } } @@ -751,19 +592,18 @@ public class UHash32 extends BaseMac // If M no more than 2^17 bytes, hash under 64-bit prime, // otherwise, hash first 2^17 bytes under 64-bit prime and // remainder under 128-bit prime. - if (!highBound) - { // y is up-to-date + if (! highBound) // y is up-to-date + { // do nothing } - else - { // we may have some bytes in buffer + else // we may have some bytes in buffer + { byte[] bb = buffer.toByteArray(); byte[] lastBlock = new byte[16]; System.arraycopy(bb, 0, lastBlock, 0, bb.length); lastBlock[bb.length] = (byte) 0x80; poly(128, UPPER_RANGE, k128, lastBlock, 0, 16); } - byte[] result = yTo16bytes(); reset(); return result; @@ -775,38 +615,29 @@ public class UHash32 extends BaseMac highBound = false; bytesSoFar = 0L; if (buffer != null) - { - buffer.reset(); - } + buffer.reset(); } - // helper methods ------------------------------------------------------- - private byte[] yTo16bytes() { byte[] yy = y.toByteArray(); byte[] result = new byte[16]; if (yy.length > 16) - { - System.arraycopy(yy, yy.length - 16, result, 0, 16); - } + System.arraycopy(yy, yy.length - 16, result, 0, 16); else - { - System.arraycopy(yy, 0, result, 16 - yy.length, yy.length); - } + System.arraycopy(yy, 0, result, 16 - yy.length, yy.length); return result; } /** - * 5.3 POLY: Polynomial hash - * Function Name: POLY - * + * 5.3 POLY: Polynomial hash Function Name: POLY + * * @param wordbits positive integer divisible by 8: called with 64 or 128. * @param maxwordrange positive integer less than 2**wordbits. * @param k integer in the range 0 .. prime(wordbits) - 1. - * @param M string with length divisible by (wordbits / 8) bytes. - * return y, integer in the range 0 .. prime(wordbits) - 1. + * @param M string with length divisible by (wordbits / 8) bytes. return y, + * integer in the range 0 .. prime(wordbits) - 1. */ private void poly(int wordbits, BigInteger maxwordrange, BigInteger k, byte[] M, int off, int len) @@ -814,12 +645,9 @@ public class UHash32 extends BaseMac byte[] mag = new byte[len]; System.arraycopy(M, off, mag, 0, len); // Define constants used for fixing out-of-range words - // int wordbytes = wordbits / 8; - BigInteger p = prime(wordbits); BigInteger offset = TWO.pow(wordbits).subtract(p); // 2^wordbits - p; BigInteger marker = p.subtract(BigInteger.ONE); - // Break M into chunks of length wordbytes bytes // long n = M.length / wordbytes; // Let M_1, M_2, ..., M_n be strings of length wordbytes bytes @@ -829,48 +657,34 @@ public class UHash32 extends BaseMac // then hash the words 'marker' and (m - offset), both in range. // for (int i = 0; i < n; i++) { BigInteger m = new BigInteger(1, mag); - if (m.compareTo(maxwordrange) >= 0) - { // m >= maxwordrange + if (m.compareTo(maxwordrange) >= 0) // m >= maxwordrange + { y = y.multiply(k).add(marker).mod(p); // (k * y + marker) % p; y = y.multiply(k).add(m.subtract(offset)).mod(p); // (k * y + (m - offset)) % p; } else - { - y = y.multiply(k).add(m).mod(p); // (k * y + m) % p; - } - // } - - // return y; + y = y.multiply(k).add(m).mod(p); // (k * y + m) % p; } } - // ========================================================================= - /** * Third hash stage of the UHash32 algorithm. - * - * Input: - * K1 string of length 64 bytes. - * K2 string of length 4 bytes. - * M string of length 16 bytes. - * Returns: - * Y, string of length 4 bytes. + * <ul> + * <li>Input:<br/> + * K1 string of length 64 bytes.<br/> + * K2 string of length 4 bytes.<br/> + * M string of length 16 bytes.</li> + * <li>Returns:<br/> + * Y, string of length 4 bytes.</li> + * </ul> */ - class L3Hash32 implements Cloneable + class L3Hash32 + implements Cloneable { - - // Constants and variables - // ---------------------------------------------------------------------- - private static final long PRIME_36 = 0x0000000FFFFFFFFBL; - private int[] k = new int[9]; - // Constructor(s) - // ---------------------------------------------------------------------- - /** - * * @param K1 string of length 64 bytes. * @param K2 string of length 4 bytes. */ @@ -880,29 +694,26 @@ public class UHash32 extends BaseMac // pre-conditions if (K1.length != 64) - { - throw new ExceptionInInitializerError("K1 length is not 64"); - } + throw new ExceptionInInitializerError("K1 length is not 64"); if (K2.length != 4) - { - throw new ExceptionInInitializerError("K2 length is not 4"); - } - + throw new ExceptionInInitializerError("K2 length is not 4"); // Break K1 into 8 chunks and convert to integers - // int i = 0; - // for (int j = 0; i < 8; ) { for (int i = 0, j = 0; i < 8; i++) { - long kk = (K1[j++] & 0xFFL) << 56 | (K1[j++] & 0xFFL) << 48 - | (K1[j++] & 0xFFL) << 40 | (K1[j++] & 0xFFL) << 32 - | (K1[j++] & 0xFFL) << 24 | (K1[j++] & 0xFFL) << 16 - | (K1[j++] & 0xFFL) << 8 | (K1[j++] & 0xFFL); - // k[i++] = (int)(kk % PRIME_36); - k[i] = (int) (kk % PRIME_36); + long kk = (K1[j++] & 0xFFL) << 56 + | (K1[j++] & 0xFFL) << 48 + | (K1[j++] & 0xFFL) << 40 + | (K1[j++] & 0xFFL) << 32 + | (K1[j++] & 0xFFL) << 24 + | (K1[j++] & 0xFFL) << 16 + | (K1[j++] & 0xFFL) << 8 + | (K1[j++] & 0xFFL); + k[i] = (int)(kk % PRIME_36); } - // k[i] = K2[0] << 24 | (K2[1] & 0xFF) << 16 | (K2[2] & 0xFF) << 8 | (K2[3] & 0xFF); - k[8] = K2[0] << 24 | (K2[1] & 0xFF) << 16 | (K2[2] & 0xFF) << 8 - | (K2[3] & 0xFF); + k[8] = K2[0] << 24 + | (K2[1] & 0xFF) << 16 + | (K2[2] & 0xFF) << 8 + | (K2[3] & 0xFF); } private L3Hash32(int[] k) @@ -912,21 +723,11 @@ public class UHash32 extends BaseMac this.k = k; } - // Class methods - // ---------------------------------------------------------------------- - - // Instance methods - // ---------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ------------------------- - public Object clone() { return new L3Hash32((int[]) k.clone()); } - // other instance methods ----------------------------------------------- - /** * @param M string of length 16 bytes. * @return Y, string of length 4 bytes. @@ -934,24 +735,24 @@ public class UHash32 extends BaseMac byte[] digest(byte[] M) { if (M.length != 16) - { - throw new IllegalArgumentException("M length is not 16"); - } + throw new IllegalArgumentException("M length is not 16"); long m, y = 0L; for (int i = 0, j = 0; i < 8; i++) { // Break M into 8 chunks and convert to integers m = (M[j++] & 0xFFL) << 8 | (M[j++] & 0xFFL); - // Inner-product hash, extract last 32 bits and affine-translate // y = (m_1 * k_1 + ... + m_8 * k_8) mod prime(36); // y = y mod 2^32; y += (m * (k[i] & 0xFFFFFFFFL)) % PRIME_36; } int Y = ((int) y) ^ k[8]; - return new byte[] { (byte) (Y >>> 24), (byte) (Y >>> 16), - (byte) (Y >>> 8), (byte) Y }; + return new byte[] { + (byte)(Y >>> 24), + (byte)(Y >>> 16), + (byte)(Y >>> 8), + (byte) Y }; } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mac/UMac32.java b/libjava/classpath/gnu/javax/crypto/mac/UMac32.java index 01388885699..8e913db714a 100644 --- a/libjava/classpath/gnu/javax/crypto/mac/UMac32.java +++ b/libjava/classpath/gnu/javax/crypto/mac/UMac32.java @@ -53,123 +53,105 @@ import java.util.HashMap; import java.util.Map; /** - * <p>The implementation of the <i>UMAC</i> (Universal Message Authentication - * Code).</p> - * - * <p>The <i>UMAC</i> algorithms described are <i>parameterized</i>. This means + * The implementation of the <i>UMAC</i> (Universal Message Authentication + * Code). + * <p> + * The <i>UMAC</i> algorithms described are <i>parameterized</i>. This means * that various low-level choices, like the endian convention and the underlying * cryptographic primitive, have not been fixed. One must choose values for * these parameters before the authentication tag generated by <i>UMAC</i> (for - * a given message, key, and nonce) becomes fully-defined. In this document - * we provide two collections of parameter settings, and have named the sets - * <i>UMAC16</i> and <i>UMAC32</i>. The parameter sets have been chosen based on - * experimentation and provide good performance on a wide variety of processors. - * <i>UMAC16</i> is designed to excel on processors which provide small-scale - * SIMD parallelism of the type found in Intel's MMX and Motorola's AltiVec - * instruction sets, while <i>UMAC32</i> is designed to do well on processors - * with good 32- and 64- bit support. <i>UMAC32</i> may take advantage of SIMD - * parallelism in future processors.</p> - * - * <p><i>UMAC</i> has been designed to allow implementations which accommodate - * <i>on-line</i> authentication. This means that pieces of the message may - * be presented to <i>UMAC</i> at different times (but in correct order) and an + * a given message, key, and nonce) becomes fully-defined. In this document we + * provide two collections of parameter settings, and have named the sets + * <i>UMAC16</i> and <i>UMAC32</i>. The parameter sets have been chosen based + * on experimentation and provide good performance on a wide variety of + * processors. <i>UMAC16</i> is designed to excel on processors which provide + * small-scale SIMD parallelism of the type found in Intel's MMX and Motorola's + * AltiVec instruction sets, while <i>UMAC32</i> is designed to do well on + * processors with good 32- and 64- bit support. <i>UMAC32</i> may take + * advantage of SIMD parallelism in future processors. + * <p> + * <i>UMAC</i> has been designed to allow implementations which accommodate + * <i>on-line</i> authentication. This means that pieces of the message may be + * presented to <i>UMAC</i> at different times (but in correct order) and an * on-line implementation will be able to process the message correctly without * the need to buffer more than a few dozen bytes of the message. For * simplicity, the algorithms in this specification are presented as if the - * entire message being authenticated were available at once.</p> - * - * <p>To authenticate a message, <code>Msg</code>, one first applies the + * entire message being authenticated were available at once. + * <p> + * To authenticate a message, <code>Msg</code>, one first applies the * universal hash function, resulting in a string which is typically much - * shorter than the original message. The pseudorandom function is applied to a + * shorter than the original message. The pseudorandom function is applied to a * nonce, and the result is used in the manner of a Vernam cipher: the * authentication tag is the xor of the output from the hash function and the * output from the pseudorandom function. Thus, an authentication tag is - * generated as</p> - * + * generated as * <pre> - * AuthTag = f(Nonce) xor h(Msg) + * AuthTag = f(Nonce) xor h(Msg) * </pre> - * - * <p>Here <code>f</code> is the pseudorandom function shared between the sender + * <p> + * Here <code>f</code> is the pseudorandom function shared between the sender * and the receiver, and h is a universal hash function shared by the sender and * the receiver. In <i>UMAC</i>, a shared key is used to key the pseudorandom * function <code>f</code>, and then <code>f</code> is used for both tag * generation and internally to generate all of the bits needed by the universal - * hash function.</p> - * - * <p>The universal hash function that we use is called <code>UHASH</code>. It + * hash function. + * <p> + * The universal hash function that we use is called <code>UHASH</code>. It * combines several software-optimized algorithms into a multi-layered * structure. The algorithm is moderately complex. Some of this complexity comes - * from extensive speed optimizations.</p> - * - * <p>For the pseudorandom function we use the block cipher of the <i>Advanced - * Encryption Standard</i> (AES).</p> - * - * <p>The UMAC32 parameters, considered in this implementation are:</p> + * from extensive speed optimizations. + * <p> + * For the pseudorandom function we use the block cipher of the <i>Advanced + * Encryption Standard</i> (AES). + * <p> + * The UMAC32 parameters, considered in this implementation are: * <pre> - * UMAC32 - * ------ - * WORD-LEN 4 - * UMAC-OUTPUT-LEN 8 - * L1-KEY-LEN 1024 - * UMAC-KEY-LEN 16 - * ENDIAN-FAVORITE BIG * - * L1-OPERATIONS-SIGN UNSIGNED + * UMAC32 + * ------ + * WORD-LEN 4 + * UMAC-OUTPUT-LEN 8 + * L1-KEY-LEN 1024 + * UMAC-KEY-LEN 16 + * ENDIAN-FAVORITE BIG * + * L1-OPERATIONS-SIGN UNSIGNED * </pre> - * - * <p>Please note that this UMAC32 differs from the one described in the paper - * by the <i>ENDIAN-FAVORITE</i> value.</p> - * - * <p>References:</p> - * + * <p> + * Please note that this UMAC32 differs from the one described in the paper by + * the <i>ENDIAN-FAVORITE</i> value. + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> - * UMAC</a>: Message Authentication Code using Universal Hashing.<br> - * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> + * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> + * UMAC</a>: Message Authentication Code using Universal Hashing.<br> + * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> * </ol> */ -public class UMac32 extends BaseMac +public class UMac32 + extends BaseMac { - - // Constants and variables - // ------------------------------------------------------------------------- - /** * Property name of the user-supplied <i>Nonce</i>. The value associated to * this property name is taken to be a byte array. */ public static final String NONCE_MATERIAL = "gnu.crypto.umac.nonce.material"; - /** Known test vector. */ - // private static final String TV1 = "3E5A0E09198B0F94"; - // private static final String TV1 = "5FD764A6D3A9FD9D"; - // private static final String TV1 = "48658DE1D9A70304"; + // private static final String TV1 = "3E5A0E09198B0F94"; + // private static final String TV1 = "5FD764A6D3A9FD9D"; + // private static final String TV1 = "48658DE1D9A70304"; private static final String TV1 = "455ED214A6909F20"; - private static final BigInteger MAX_NONCE_ITERATIONS = BigInteger.ONE.shiftLeft(16 * 8); - // UMAC32 parameters static final int OUTPUT_LEN = 8; - static final int L1_KEY_LEN = 1024; - static final int KEY_LEN = 16; - /** caches the result of the correctness test, once executed. */ private static Boolean valid; - private byte[] nonce; - private UHash32 uhash32; - private BigInteger nonceReuseCount; - /** The authentication key for this instance. */ private transient byte[] K; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public UMac32() { @@ -177,8 +159,8 @@ public class UMac32 extends BaseMac } /** - * <p>Private constructor for cloning purposes.</p> - * + * Private constructor for cloning purposes. + * * @param that the instance to clone. */ private UMac32(UMac32 that) @@ -186,136 +168,103 @@ public class UMac32 extends BaseMac this(); if (that.K != null) - { - this.K = (byte[]) that.K.clone(); - } + this.K = (byte[]) that.K.clone(); if (that.nonce != null) - { - this.nonce = (byte[]) that.nonce.clone(); - } + this.nonce = (byte[]) that.nonce.clone(); if (that.uhash32 != null) - { - this.uhash32 = (UHash32) that.uhash32.clone(); - } + this.uhash32 = (UHash32) that.uhash32.clone(); this.nonceReuseCount = that.nonceReuseCount; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { return new UMac32(this); } - // gnu.crypto.mac.IMac interface implementation ---------------------------- - public int macSize() { return OUTPUT_LEN; } /** - * <p>Initialising a <i>UMAC</i> instance consists of defining values for - * the following parameters:</p> - * + * Initialising a <i>UMAC</i> instance consists of defining values for the + * following parameters: * <ol> - * <li>Key Material: as the value of the attribute entry keyed by - * {@link #MAC_KEY_MATERIAL}. The value is taken to be a byte array - * containing the user-specified key material. The length of this array, - * if/when defined SHOULD be exactly equal to {@link #KEY_LEN}.</li> - * - * <li>Nonce Material: as the value of the attribute entry keyed by - * {@link #NONCE_MATERIAL}. The value is taken to be a byte array - * containing the user-specified nonce material. The length of this array, - * if/when defined SHOULD be (a) greater than zero, and (b) less or equal - * to 16 (the size of the AES block).</li> + * <li>Key Material: as the value of the attribute entry keyed by + * {@link #MAC_KEY_MATERIAL}. The value is taken to be a byte array + * containing the user-specified key material. The length of this array, + * if/when defined SHOULD be exactly equal to {@link #KEY_LEN}.</li> + * <li>Nonce Material: as the value of the attribute entry keyed by + * {@link #NONCE_MATERIAL}. The value is taken to be a byte array containing + * the user-specified nonce material. The length of this array, if/when + * defined SHOULD be (a) greater than zero, and (b) less or equal to 16 (the + * size of the AES block).</li> * </ol> - * - * <p>For convenience, this implementation accepts that not both parameters - * be always specified.</p> - * + * <p> + * For convenience, this implementation accepts that not both parameters be + * always specified. * <ul> - * <li>If the <i>Key Material</i> is specified, but the <i>Nonce Material</i> - * is not, then this implementation, re-uses the previously set <i>Nonce - * Material</i> after (a) converting the bytes to an unsigned integer, - * (b) incrementing the number by one, and (c) converting it back to 16 - * bytes.</li> - * - * <li>If the <i>Nonce Material</i> is specified, but the <i>Key Material</i> - * is not, then this implementation re-uses the previously set <i>Key - * Material</i>.</li> + * <li>If the <i>Key Material</i> is specified, but the <i>Nonce Material</i> + * is not, then this implementation, re-uses the previously set <i>Nonce + * Material</i> after (a) converting the bytes to an unsigned integer, (b) + * incrementing the number by one, and (c) converting it back to 16 bytes.</li> + * <li>If the <i>Nonce Material</i> is specified, but the <i>Key Material</i> + * is not, then this implementation re-uses the previously set <i>Key Material</i>. + * </li> * </ul> - * - * <p>This method throws an exception if no <i>Key Material</i> is specified - * in the input map, and there is no previously set/defined <i>Key Material</i> + * <p> + * This method throws an exception if no <i>Key Material</i> is specified in + * the input map, and there is no previously set/defined <i>Key Material</i> * (from an earlier invocation of this method). If a <i>Key Material</i> can - * be used, but no <i>Nonce Material</i> is defined or previously set/defined, - * then a default value of all-zeroes shall be used.</p> - * + * be used, but no <i>Nonce Material</i> is defined or previously + * set/defined, then a default value of all-zeroes shall be used. + * * @param attributes one or both of required parameters. * @throws InvalidKeyException the key material specified is not of the - * correct length. + * correct length. */ public void init(Map attributes) throws InvalidKeyException, IllegalStateException { byte[] key = (byte[]) attributes.get(MAC_KEY_MATERIAL); byte[] n = (byte[]) attributes.get(NONCE_MATERIAL); - boolean newKey = (key != null); boolean newNonce = (n != null); - if (newKey) { if (key.length != KEY_LEN) - { - throw new InvalidKeyException("Key length: " - + String.valueOf(key.length)); - } + throw new InvalidKeyException("Key length: " + + String.valueOf(key.length)); K = key; } else { if (K == null) - { - throw new InvalidKeyException("Null Key"); - } + throw new InvalidKeyException("Null Key"); } - if (newNonce) { if (n.length < 1 || n.length > 16) + throw new IllegalArgumentException("Invalid Nonce length: " + + String.valueOf(n.length)); + if (n.length < 16) // pad with zeroes { - throw new IllegalArgumentException("Invalid Nonce length: " - + String.valueOf(n.length)); - } - - if (n.length < 16) - { // pad with zeroes byte[] newN = new byte[16]; System.arraycopy(n, 0, newN, 0, n.length); nonce = newN; } else - { - nonce = n; - } + nonce = n; nonceReuseCount = BigInteger.ZERO; } - else if (nonce == null) - { // use all-0 nonce if 1st time + else if (nonce == null) // use all-0 nonce if 1st time + { nonce = new byte[16]; nonceReuseCount = BigInteger.ZERO; } - else if (!newKey) - { // increment nonce if still below max count + else if (! newKey) // increment nonce if still below max count + { nonceReuseCount = nonceReuseCount.add(BigInteger.ONE); if (nonceReuseCount.compareTo(MAX_NONCE_ITERATIONS) >= 0) { @@ -326,9 +275,7 @@ public class UMac32 extends BaseMac N = N.add(BigInteger.ONE).mod(MAX_NONCE_ITERATIONS); n = N.toByteArray(); if (n.length == 16) - { - nonce = n; - } + nonce = n; else if (n.length < 16) { nonce = new byte[16]; @@ -340,15 +287,11 @@ public class UMac32 extends BaseMac System.arraycopy(n, n.length - 16, nonce, 0, 16); } } - else - { // do nothing, re-use old nonce value - nonceReuseCount = BigInteger.ZERO; - } + else // do nothing, re-use old nonce value + nonceReuseCount = BigInteger.ZERO; if (uhash32 == null) - { - uhash32 = new UHash32(); - } + uhash32 = new UHash32(); Map map = new HashMap(); map.put(MAC_KEY_MATERIAL, K); @@ -370,9 +313,7 @@ public class UMac32 extends BaseMac byte[] result = uhash32.digest(); byte[] pad = pdf(); // pdf(K, nonce); for (int i = 0; i < OUTPUT_LEN; i++) - { - result[i] = (byte) (result[i] ^ pad[i]); - } + result[i] = (byte)(result[i] ^ pad[i]); return result; } @@ -380,9 +321,7 @@ public class UMac32 extends BaseMac public void reset() { if (uhash32 != null) - { - uhash32.reset(); - } + uhash32.reset(); } public boolean selfTest() @@ -412,43 +351,32 @@ public class UMac32 extends BaseMac x.printStackTrace(System.err); return false; } - byte[] data = new byte[128]; data[0] = (byte) 0x80; - mac.update(data, 0, 128); byte[] result = mac.digest(); - // System.out.println("UMAC test vector: "+Util.toString(result)); valid = Boolean.valueOf(TV1.equals(Util.toString(result))); } return valid.booleanValue(); } - // helper methods ---------------------------------------------------------- - /** - * * @return byte array of length 8 (or OUTPUT_LEN) bytes. */ private byte[] pdf() { // Make Nonce 16 bytes by prepending zeroes. done (see init()) - // one AES invocation is enough for more than one PDF invocation // number of index bits needed = 1 - // Extract index bits and zero low bits of Nonce BigInteger Nonce = new BigInteger(1, nonce); int nlowbitsnum = Nonce.testBit(0) ? 1 : 0; Nonce = Nonce.clearBit(0); - // Generate subkey, AES and extract indexed substring IRandom kdf = new UMacGenerator(); Map map = new HashMap(); map.put(IBlockCipher.KEY_MATERIAL, K); - // map.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(128/8)); - map.put(UMacGenerator.INDEX, new Integer(128)); - // map.put(UMacGenerator.CIPHER, Registry.AES_CIPHER); + map.put(UMacGenerator.INDEX, Integer.valueOf(128)); kdf.init(map); byte[] Kp = new byte[KEY_LEN]; try @@ -485,7 +413,6 @@ public class UMac32 extends BaseMac aes.encryptBlock(nonce, 0, T, 0); byte[] result = new byte[OUTPUT_LEN]; System.arraycopy(T, nlowbitsnum, result, 0, OUTPUT_LEN); - return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/BaseMode.java b/libjava/classpath/gnu/javax/crypto/mode/BaseMode.java index 0a9ab2dab1c..6d9418ccafa 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/BaseMode.java +++ b/libjava/classpath/gnu/javax/crypto/mode/BaseMode.java @@ -49,46 +49,34 @@ import java.util.Iterator; import java.util.Map; /** - * <p>A basic abstract class to facilitate implementing block cipher modes of - * operations.</p> + * A basic abstract class to facilitate implementing block cipher modes of + * operations. */ -public abstract class BaseMode implements IMode +public abstract class BaseMode + implements IMode { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The canonical name prefix of this mode. */ protected String name; - /** The state indicator of this instance. */ protected int state; - /** The underlying block cipher implementation. */ protected IBlockCipher cipher; - /** The block size, in bytes, to operate the underlying block cipher in. */ protected int cipherBlockSize; - /** The block size, in bytes, in which to operate the mode instance. */ protected int modeBlockSize; - /** The initialisation vector value. */ protected byte[] iv; - /** The instance lock. */ protected Object lock = new Object(); - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial constructor for use by concrete subclasses.</p> - * + * Trivial constructor for use by concrete subclasses. + * * @param name the canonical name prefix of this mode. * @param underlyingCipher the implementation of the underlying cipher. * @param cipherBlockSize the block size, in bytes, in which to operate the - * underlying cipher. + * underlying cipher. */ protected BaseMode(String name, IBlockCipher underlyingCipher, int cipherBlockSize) @@ -101,14 +89,6 @@ public abstract class BaseMode implements IMode state = -1; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // IMode interface implementation ------------------------------------------ - public void update(byte[] in, int inOffset, byte[] out, int outOffset) throws IllegalStateException { @@ -128,25 +108,23 @@ public abstract class BaseMode implements IMode } } - // IBlockCipher interface implementation ----------------------------------- - public String name() { - return new StringBuffer().append(name).append('(').append(cipher.name()).append( - ')').toString(); + return new StringBuffer(name).append('(').append(cipher.name()).append(')') + .toString(); } /** - * <p>Returns the default value, in bytes, of the mode's block size. This - * value is part of the construction arguments passed to the Factory methods - * in {@link ModeFactory}. Unless changed by an invocation of any of the + * Returns the default value, in bytes, of the mode's block size. This value + * is part of the construction arguments passed to the Factory methods in + * {@link ModeFactory}. Unless changed by an invocation of any of the * <code>init()</code> methods, a <i>Mode</i> instance would operate with * the same block size as its underlying block cipher. As mentioned earlier, - * the block size of the underlying block cipher itself is specified in one - * of the method(s) available in the factory class.</p> - * + * the block size of the underlying block cipher itself is specified in one of + * the method(s) available in the factory class. + * * @return the default value, in bytes, of the mode's block size. - * @see gnu.crypto.mode.ModeFactory + * @see ModeFactory */ public int defaultBlockSize() { @@ -154,9 +132,9 @@ public abstract class BaseMode implements IMode } /** - * <p>Returns the default value, in bytes, of the underlying block cipher - * key size.</p> - * + * Returns the default value, in bytes, of the underlying block cipher key + * size. + * * @return the default value, in bytes, of the underlying cipher's key size. */ public int defaultKeySize() @@ -165,29 +143,28 @@ public abstract class BaseMode implements IMode } /** - * <p>Returns an {@link Iterator} over the supported block sizes. Each - * element returned by this object is an {@link Integer}.</p> - * - * <p>The default behaviour is to return an iterator with just one value, - * which is that currently configured for the underlying block cipher. - * Concrete implementations may override this behaviour to signal their - * ability to support other values.</p> - * + * Returns an {@link Iterator} over the supported block sizes. Each element + * returned by this object is an {@link Integer}. + * <p> + * The default behaviour is to return an iterator with just one value, which + * is that currently configured for the underlying block cipher. Concrete + * implementations may override this behaviour to signal their ability to + * support other values. + * * @return an {@link Iterator} over the supported block sizes. */ public Iterator blockSizes() { ArrayList al = new ArrayList(); - al.add(new Integer(cipherBlockSize)); - + al.add(Integer.valueOf(cipherBlockSize)); return Collections.unmodifiableList(al).iterator(); } /** - * <p>Returns an {@link Iterator} over the supported underlying block cipher - * key sizes. Each element returned by this object is an instance of - * {@link Integer}.</p> - * + * Returns an {@link Iterator} over the supported underlying block cipher key + * sizes. Each element returned by this object is an instance of + * {@link Integer}. + * * @return an {@link Iterator} over the supported key sizes. */ public Iterator keySizes() @@ -201,10 +178,7 @@ public abstract class BaseMode implements IMode synchronized (lock) { if (state != -1) - { - throw new IllegalStateException(); - } - + throw new IllegalStateException(); Integer want = (Integer) attributes.get(STATE); if (want != null) { @@ -220,20 +194,13 @@ public abstract class BaseMode implements IMode throw new IllegalArgumentException(); } } - Integer bs = (Integer) attributes.get(MODE_BLOCK_SIZE); modeBlockSize = (bs == null ? cipherBlockSize : bs.intValue()); - byte[] iv = (byte[]) attributes.get(IV); if (iv != null) - { - this.iv = (byte[]) iv.clone(); - } + this.iv = (byte[]) iv.clone(); else - { - this.iv = new byte[modeBlockSize]; - } - + this.iv = new byte[modeBlockSize]; cipher.init(attributes); setup(); } @@ -242,9 +209,7 @@ public abstract class BaseMode implements IMode public int currentBlockSize() { if (state == -1) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); return modeBlockSize; } @@ -255,7 +220,6 @@ public abstract class BaseMode implements IMode state = -1; iv = null; cipher.reset(); - teardown(); } } @@ -268,19 +232,12 @@ public abstract class BaseMode implements IMode { ks = ((Integer) kit.next()).intValue(); for (bit = blockSizes(); bit.hasNext();) - { - if (!testSymmetry(ks, ((Integer) bit.next()).intValue())) - { - return false; - } - } + if (! testSymmetry(ks, ((Integer) bit.next()).intValue())) + return false; } - return true; } - // methods to be implemented by concrete subclasses ------------------------ - public abstract Object clone(); /** The initialisation phase of the concrete mode implementation. */ @@ -293,8 +250,6 @@ public abstract class BaseMode implements IMode public abstract void decryptBlock(byte[] in, int i, byte[] out, int o); - // own methods ------------------------------------------------------------- - private boolean testSymmetry(int ks, int bs) { try @@ -304,44 +259,30 @@ public abstract class BaseMode implements IMode byte[] k = new byte[ks]; int i; for (i = 0; i < ks; i++) - { - k[i] = (byte) i; - } - + k[i] = (byte) i; int blockCount = 5; int limit = blockCount * bs; byte[] pt = new byte[limit]; for (i = 0; i < limit; i++) - { - pt[i] = (byte) i; - } + pt[i] = (byte) i; byte[] ct = new byte[limit]; byte[] cpt = new byte[limit]; - Map map = new HashMap(); map.put(KEY_MATERIAL, k); - map.put(CIPHER_BLOCK_SIZE, new Integer(cipherBlockSize)); - map.put(STATE, new Integer(ENCRYPTION)); + map.put(CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize)); + map.put(STATE, Integer.valueOf(ENCRYPTION)); map.put(IV, iv); - map.put(MODE_BLOCK_SIZE, new Integer(bs)); - + map.put(MODE_BLOCK_SIZE, Integer.valueOf(bs)); mode.reset(); mode.init(map); for (i = 0; i < blockCount; i++) - { - mode.update(pt, i * bs, ct, i * bs); - } - + mode.update(pt, i * bs, ct, i * bs); mode.reset(); - map.put(STATE, new Integer(DECRYPTION)); + map.put(STATE, Integer.valueOf(DECRYPTION)); mode.init(map); for (i = 0; i < blockCount; i++) - { - mode.update(ct, i * bs, cpt, i * bs); - } - + mode.update(ct, i * bs, cpt, i * bs); return Arrays.equals(pt, cpt); - } catch (Exception x) { @@ -349,4 +290,4 @@ public abstract class BaseMode implements IMode return false; } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/CBC.java b/libjava/classpath/gnu/javax/crypto/mode/CBC.java index 10578a6ef50..f3b3fb3312f 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/CBC.java +++ b/libjava/classpath/gnu/javax/crypto/mode/CBC.java @@ -42,36 +42,31 @@ import gnu.java.security.Registry; import gnu.javax.crypto.cipher.IBlockCipher; /** - * The Cipher Block Chaining mode. This mode introduces feedback into - * the cipher by XORing the previous ciphertext block with the plaintext - * block before encipherment. That is, encrypting looks like this:</p> - * - * <blockquote><p>C<sub>i</sub> = E<sub>K</sub>(P<sub>i</sub> ^ - * C<sub>i-1</sub></p></blockquote> - * - * <p>Similarly, decrypting is:</p> - * - * <blockquote><p>P<sub>i</sub> = C<sub>i-1</sub> ^ - * D<sub>K</sub>(C<sub>i</sub>)</p></blockquote> + * The Cipher Block Chaining mode. This mode introduces feedback into the cipher + * by XORing the previous ciphertext block with the plaintext block before + * encipherment. That is, encrypting looks like this: + * + * <pre> + * C<sub>i</sub> = E<sub>K</sub>(P<sub>i</sub>ˆ C<sub>i-1</sub>) + * </pre> + * <p> + * Similarly, decrypting is: + * <pre> + * P<sub>i</sub> = C<sub>i-1</sub> ˆ D<sub>K</sub>(C<sub>i</sub>) + * </pre> */ -public class CBC extends BaseMode implements Cloneable +public class CBC + extends BaseMode + implements Cloneable { - - // Constants and Variables - //------------------------------------------------------------------ - /** The last (de|en)crypted block */ private byte[] lastBlock; - /** An intermediate buffer. */ private byte[] scratch; - // Constructors - // ----------------------------------------------------------------- - /** * Package-private constructor for the factory class. - * + * * @param underlyingCipher The cipher implementation. * @param cipherBlockSize The cipher's block size. */ @@ -86,31 +81,20 @@ public class CBC extends BaseMode implements Cloneable this((IBlockCipher) that.cipher.clone(), that.cipherBlockSize); } - // Cloneable interface implementation - // ----------------------------------------------------------------- - public Object clone() { return new CBC(this); } - // Implementation of abstract methods in BaseMode - // ----------------------------------------------------------------- - public void setup() { if (modeBlockSize != cipherBlockSize) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); scratch = new byte[cipherBlockSize]; lastBlock = new byte[cipherBlockSize]; - // lastBlock gets initialized to the initialization vector. for (int i = 0; i < lastBlock.length && i < iv.length; i++) - { - lastBlock[i] = iv[i]; - } + lastBlock[i] = iv[i]; } public void teardown() @@ -122,9 +106,7 @@ public class CBC extends BaseMode implements Cloneable public void encryptBlock(byte[] in, int i, byte[] out, int o) { for (int k = 0; k < scratch.length; k++) - { - scratch[k] = (byte) (lastBlock[k] ^ in[k + i]); - } + scratch[k] = (byte)(lastBlock[k] ^ in[k + i]); cipher.encryptBlock(scratch, 0, out, o); System.arraycopy(out, o, lastBlock, 0, cipherBlockSize); } @@ -135,9 +117,7 @@ public class CBC extends BaseMode implements Cloneable System.arraycopy(in, i, buf, 0, cipherBlockSize); cipher.decryptBlock(in, i, scratch, 0); for (int k = 0; k < scratch.length; k++) - { - out[o + k] = (byte) (lastBlock[k] ^ scratch[k]); - } + out[o + k] = (byte)(lastBlock[k] ^ scratch[k]); System.arraycopy(buf, 0, lastBlock, 0, cipherBlockSize); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/CFB.java b/libjava/classpath/gnu/javax/crypto/mode/CFB.java index fef2b634cf2..6fc00637323 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/CFB.java +++ b/libjava/classpath/gnu/javax/crypto/mode/CFB.java @@ -42,58 +42,48 @@ import gnu.java.security.Registry; import gnu.javax.crypto.cipher.IBlockCipher; /** - * The cipher feedback mode. CFB mode is a stream mode that operates on - * <i>s</i> bit blocks, where 1 <= <i>s</i> <= <i>b</i>, if - * <i>b</i> is the underlying cipher's block size. Encryption is: - * - <pre> - I[1] = IV - I[j] = LSB(b-s, I[j-1]) | C[j-1] for j = 2...n - O[j] = CIPH(K, I[j]) for j = 1,2...n - C[j] = P[j] ^ MSB(s, O[j]) for j = 1,2...n - </pre> - * - * <p>And decryption is:</p> - * - <pre> - I[1] = IV - I[j] = LSB(b-s, I[j-1]) | C[j-1] for j = 2...n - O[j] = CIPH(K, I[j]) for j = 1,2...n - P[j] = C[j] ^ MSB(s, O[j]) for j = 1,2...n - </pre> - * - * <p>CFB mode requires an initialization vector, which need not be kept - * secret.</p> - * - * <p>References:</p> + * The cipher feedback mode. CFB mode is a stream mode that operates on <i>s</i> + * bit blocks, where 1 <= <i>s</i> <= <i>b</i>, if <i>b</i> is the + * underlying cipher's block size. Encryption is: + * <pre> + * I[1] = IV + * I[j] = LSB(b-s, I[j-1]) | C[j-1] for j = 2...n + * O[j] = CIPH(K, I[j]) for j = 1,2...n + * C[j] = P[j] ˆ MSB(s, O[j]) for j = 1,2...n + * </pre> + * <p> + * And decryption is: + * <pre> + * I[1] = IV + * I[j] = LSB(b-s, I[j-1]) | C[j-1] for j = 2...n + * O[j] = CIPH(K, I[j]) for j = 1,2...n + * P[j] = C[j] ˆ MSB(s, O[j]) for j = 1,2...n + * </pre> + * <p> + * CFB mode requires an initialization vector, which need not be kept secret. + * <p> + * References: * <ol> - * <li>Bruce Schneier, <i>Applied Cryptography: Protocols, Algorithms, - * and Source Code in C, Second Edition</i>. (1996 John Wiley and Sons) - * ISBN 0-471-11709-9.</li> - * - * <li><a href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> + * <li>Bruce Schneier, <i>Applied Cryptography: Protocols, Algorithms, and + * Source Code in C, Second Edition</i>. (1996 John Wiley and Sons) ISBN + * 0-471-11709-9.</li> + * <li><a + * href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, * Morris Dworkin.</li> * </ol> */ -public class CFB extends BaseMode +public class CFB + extends BaseMode { - - // Constants and variables. - // ----------------------------------------------------------------------- - /** The shift register, the input block to the block cipher. */ private byte[] shiftRegister; - /** The output block from the block cipher. */ private byte[] scratch; - // Constructors. - // ----------------------------------------------------------------------- - /** * Package-private constructor for the factory class. - * + * * @param underlyingCipher The cipher implementation. * @param cipherBlockSize The cipher's block size. */ @@ -104,7 +94,7 @@ public class CFB extends BaseMode /** * Cloneing constructor. - * + * * @param that The instance being cloned. */ private CFB(CFB that) @@ -112,9 +102,6 @@ public class CFB extends BaseMode this((IBlockCipher) that.cipher.clone(), that.cipherBlockSize); } - // Instance methods implementing BaseMode. - // ----------------------------------------------------------------------- - public Object clone() { return new CFB(this); @@ -123,25 +110,20 @@ public class CFB extends BaseMode public void setup() { if (modeBlockSize > cipherBlockSize) - { - throw new IllegalArgumentException( - "CFB block size cannot be larger than the cipher block size"); - } + throw new IllegalArgumentException( + "CFB block size cannot be larger than the cipher block size"); shiftRegister = new byte[cipherBlockSize]; scratch = new byte[cipherBlockSize]; - System.arraycopy(iv, 0, shiftRegister, 0, Math.min(iv.length, - cipherBlockSize)); + System.arraycopy(iv, 0, + shiftRegister, 0, + Math.min(iv.length, cipherBlockSize)); } public void teardown() { if (shiftRegister != null) - { - for (int i = 0; i < shiftRegister.length; i++) - { - shiftRegister[i] = 0; - } - } + for (int i = 0; i < shiftRegister.length; i++) + shiftRegister[i] = 0; shiftRegister = null; } @@ -149,13 +131,12 @@ public class CFB extends BaseMode { cipher.encryptBlock(shiftRegister, 0, scratch, 0); for (int i = 0; i < modeBlockSize; i++) - { - out[outOffset + i] = (byte) (in[inOffset + i] ^ scratch[i]); - } - System.arraycopy(shiftRegister, modeBlockSize, shiftRegister, 0, + out[outOffset + i] = (byte)(in[inOffset + i] ^ scratch[i]); + System.arraycopy(shiftRegister, modeBlockSize, + shiftRegister, 0, cipherBlockSize - modeBlockSize); - System.arraycopy(out, outOffset, shiftRegister, cipherBlockSize - - modeBlockSize, + System.arraycopy(out, outOffset, + shiftRegister, cipherBlockSize - modeBlockSize, modeBlockSize); } @@ -163,13 +144,12 @@ public class CFB extends BaseMode { cipher.encryptBlock(shiftRegister, 0, scratch, 0); for (int i = 0; i < modeBlockSize; i++) - { - out[outOffset + i] = (byte) (in[inOffset + i] ^ scratch[i]); - } - System.arraycopy(shiftRegister, modeBlockSize, shiftRegister, 0, + out[outOffset + i] = (byte)(in[inOffset + i] ^ scratch[i]); + System.arraycopy(shiftRegister, modeBlockSize, + shiftRegister, 0, cipherBlockSize - modeBlockSize); - System.arraycopy(in, inOffset, shiftRegister, cipherBlockSize - - modeBlockSize, + System.arraycopy(in, inOffset, + shiftRegister, cipherBlockSize - modeBlockSize, modeBlockSize); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/CTR.java b/libjava/classpath/gnu/javax/crypto/mode/CTR.java index 49f4b9f3c2a..0c856b483ee 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/CTR.java +++ b/libjava/classpath/gnu/javax/crypto/mode/CTR.java @@ -40,59 +40,50 @@ package gnu.javax.crypto.mode; import gnu.java.security.Registry; import gnu.java.security.util.Sequence; - import gnu.javax.crypto.cipher.IBlockCipher; -import java.math.BigInteger; import java.util.Arrays; import java.util.Iterator; /** - * <p>The implementation of the Counter Mode.</p> - * - * <p>The algorithm steps are formally described as follows:</p> - * + * The implementation of the Counter Mode. + * <p> + * The algorithm steps are formally described as follows: + * * <pre> - * CTR Encryption: O[j] = E(K)(T[j]); for j = 1, 2...n; - * C[j] = P[j] ^ O[j]; for j = 1, 2...n. - * CTR Decryption: O[j] = E(K)(T[j]); for j = 1, 2...n; - * P[j] = C[j] ^ O[j]; for j = 1, 2...n. + * CTR Encryption: O[j] = E(K)(T[j]); for j = 1, 2...n; + * C[j] = P[j] ˆ O[j]; for j = 1, 2...n. + * CTR Decryption: O[j] = E(K)(T[j]); for j = 1, 2...n; + * P[j] = C[j] ˆ O[j]; for j = 1, 2...n. * </pre> - * - * <p>where <code>P</code> is the plaintext, <code>C</code> is the ciphertext, + * + * <p> + * where <code>P</code> is the plaintext, <code>C</code> is the ciphertext, * <code>E(K)</code> is the underlying block cipher encryption function - * parametrised with the session key <code>K</code>, and <code>T</code> is the - * <i>Counter</i>.</p> - * - * <p>This implementation, uses a standard incrementing function with a step of - * 1, and an initial value similar to that described in the NIST document.</p> - * - * <p>References:</p> - * + * parametrised with the session key <code>K</code>, and <code>T</code> is + * the <i>Counter</i>. + * <p> + * This implementation, uses a standard incrementing function with a step of 1, + * and an initial value similar to that described in the NIST document. + * <p> + * References: * <ol> - * <li><a href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> - * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, - * Morris Dworkin.</li> + * <li><a + * href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> + * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, + * Morris Dworkin.</li> * </ol> */ -public class CTR extends BaseMode implements Cloneable +public class CTR + extends BaseMode + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - - /** The current counter. */ - // private BigInteger T; private int off; - private byte[] counter, enc; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial package-private constructor for use by the Factory class.</p> - * + * Trivial package-private constructor for use by the Factory class. + * * @param underlyingCipher the underlying cipher implementation. * @param cipherBlockSize the underlying cipher block size to use. */ @@ -102,8 +93,8 @@ public class CTR extends BaseMode implements Cloneable } /** - * <p>Private constructor for cloning purposes.</p> - * + * Private constructor for cloning purposes. + * * @param that the instance to clone. */ private CTR(CTR that) @@ -111,61 +102,31 @@ public class CTR extends BaseMode implements Cloneable this((IBlockCipher) that.cipher.clone(), that.cipherBlockSize); } - // Class methods - // ------------------------------------------------------------------------- - - // Cloneable interface implementation - // ------------------------------------------------------------------------- - public Object clone() { return new CTR(this); } - // Implementation of abstract methods in BaseMode - // ------------------------------------------------------------------------- - public void setup() { if (modeBlockSize > cipherBlockSize) - { - throw new IllegalArgumentException( - "mode size exceeds cipher block size"); - } + throw new IllegalArgumentException("mode size exceeds cipher block size"); off = 0; counter = new byte[cipherBlockSize]; int i = cipherBlockSize - 1; int j = iv.length - 1; while (i >= 0 && j >= 0) - { - counter[i--] = iv[j--]; - } + counter[i--] = iv[j--]; enc = new byte[cipherBlockSize]; cipher.encryptBlock(counter, 0, enc, 0); - // if (modeBlockSize != cipherBlockSize) { - // throw new IllegalArgumentException(); - // } - - // byte[] tBytes = new byte[modeBlockSize+1]; - // tBytes[0] = (byte) 0x80; - // for (int i = 0; i < modeBlockSize; i++) { - // tBytes[i+1] = (byte)(256 - modeBlockSize + i); - // } - - // T = new BigInteger(1, tBytes); } public void teardown() { if (counter != null) - { - Arrays.fill(counter, (byte) 0); - } + Arrays.fill(counter, (byte) 0); if (enc != null) - { - Arrays.fill(enc, (byte) 0); - } - // T = null; + Arrays.fill(enc, (byte) 0); } public void encryptBlock(byte[] in, int i, byte[] out, int o) @@ -183,21 +144,11 @@ public class CTR extends BaseMode implements Cloneable return new Sequence(1, cipherBlockSize).iterator(); } - // own methods - // ------------------------------------------------------------------------- - private void ctr(byte[] in, int inOffset, byte[] out, int outOffset) { - // T = T.add(BigInteger.ONE); - // byte[] O = T.toByteArray(); - // int ndx = O.length - modeBlockSize; - // cipher.encryptBlock(O, ndx, O, ndx); - // for (int i = 0; i < modeBlockSize; i++) { - // out[outOffset++] = (byte)(in[inOffset++] ^ O[ndx++]); - // } for (int i = 0; i < modeBlockSize; i++) { - out[outOffset++] = (byte) (in[inOffset++] ^ enc[off++]); + out[outOffset++] = (byte)(in[inOffset++] ^ enc[off++]); if (off == cipherBlockSize) { int j; @@ -205,17 +156,13 @@ public class CTR extends BaseMode implements Cloneable { counter[j]++; if ((counter[j] & 0xFF) != 0) - { - break; - } + break; } if (j == 0) - { - counter[cipherBlockSize - 1]++; - } + counter[cipherBlockSize - 1]++; off = 0; cipher.encryptBlock(counter, 0, enc, 0); } } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/EAX.java b/libjava/classpath/gnu/javax/crypto/mode/EAX.java index bf260989825..401616b9f1f 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/EAX.java +++ b/libjava/classpath/gnu/javax/crypto/mode/EAX.java @@ -39,13 +39,11 @@ exception statement from your version. */ package gnu.javax.crypto.mode; import gnu.java.security.Registry; - import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.mac.IMac; import gnu.javax.crypto.mac.MacFactory; import java.security.InvalidKeyException; - import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -53,64 +51,48 @@ import java.util.Iterator; import java.util.Map; /** - * <p>A conventional two-pass authenticated-encrypted mode, EAX. EAX is a + * A conventional two-pass authenticated-encrypted mode, EAX. EAX is a * <i>Authenticated Encryption with Additional Data</i> (<b>AEAD</b>) scheme, * which provides protection and authentication for the message, and provides * authentication of an (optional) header. EAX is composed of the counter mode * (CTR) and the one-key CBC MAC (OMAC). - * - * <p>This class makes full use of the {@link IAuthenticatedMode} interface, - * that is, all methods of both {@link IMode} and {@link IMac} can be used - * as specified in the {@link IAuthenticatedMode} interface. - * - * <p>References:</p> + * <p> + * This class makes full use of the {@link IAuthenticatedMode} interface, that + * is, all methods of both {@link IMode} and {@link IMac} can be used as + * specified in the {@link IAuthenticatedMode} interface. + * <p> + * References: * <ol> * <li>M. Bellare, P. Rogaway, and D. Wagner; <a * href="http://www.cs.berkeley.edu/~daw/papers/eprint-short-ae.pdf">A * Conventional Authenticated-Encryption Mode</a>.</li> * </ol> */ -public class EAX implements IAuthenticatedMode +public class EAX + implements IAuthenticatedMode { - - // Constants and fields. - // ------------------------------------------------------------------------ - /** The tag size, in bytes. */ private int tagSize; - /** The nonce OMAC instance. */ private IMac nonceOmac; - /** The header OMAC instance. */ private IMac headerOmac; - /** The message OMAC instance. */ private IMac msgOmac; - /** The CTR instance. */ private IMode ctr; - /** The direction state (encrypting or decrypting). */ private int state; - /** Whether we're initialized or not. */ private boolean init; - /** The cipher block size. */ private int cipherBlockSize; - /** The cipher. */ private IBlockCipher cipher; - /** The [t]_n array. */ private byte[] t_n; - private static boolean valid = false; - // Constructor. - // ------------------------------------------------------------------------ - public EAX(IBlockCipher cipher, int cipherBlockSize) { this.cipher = cipher; @@ -118,9 +100,7 @@ public class EAX implements IAuthenticatedMode String name = cipher.name(); int i = name.indexOf('-'); if (i >= 0) - { - name = name.substring(0, i); - } + name = name.substring(0, i); String omacname = Registry.OMAC_PREFIX + name; nonceOmac = MacFactory.getInstance(omacname); headerOmac = MacFactory.getInstance(omacname); @@ -130,9 +110,6 @@ public class EAX implements IAuthenticatedMode init = false; } - // IMode instance methods. - // ------------------------------------------------------------------------ - public Object clone() { return new EAX((IBlockCipher) cipher.clone(), cipherBlockSize); @@ -167,17 +144,12 @@ public class EAX implements IAuthenticatedMode { byte[] nonce = (byte[]) attrib.get(IV); if (nonce == null) - { - throw new IllegalArgumentException("no nonce provided"); - } + throw new IllegalArgumentException("no nonce provided"); byte[] key = (byte[]) attrib.get(KEY_MATERIAL); if (key == null) - { - throw new IllegalArgumentException("no key provided"); - } + throw new IllegalArgumentException("no key provided"); Arrays.fill(t_n, (byte) 0); - nonceOmac.reset(); nonceOmac.init(Collections.singletonMap(MAC_KEY_MATERIAL, key)); nonceOmac.update(t_n, 0, t_n.length); @@ -186,57 +158,41 @@ public class EAX implements IAuthenticatedMode nonceOmac.reset(); nonceOmac.update(t_n, 0, t_n.length); nonceOmac.update(nonce, 0, nonce.length); - t_n[t_n.length - 1] = 1; headerOmac.reset(); headerOmac.init(Collections.singletonMap(MAC_KEY_MATERIAL, key)); headerOmac.update(t_n, 0, t_n.length); - t_n[t_n.length - 1] = 2; msgOmac.reset(); msgOmac.init(Collections.singletonMap(MAC_KEY_MATERIAL, key)); msgOmac.update(t_n, 0, t_n.length); - Integer modeSize = (Integer) attrib.get(MODE_BLOCK_SIZE); if (modeSize == null) - { - modeSize = new Integer(cipherBlockSize); - } + modeSize = Integer.valueOf(cipherBlockSize); HashMap ctrAttr = new HashMap(); ctrAttr.put(KEY_MATERIAL, key); ctrAttr.put(IV, N); - ctrAttr.put(STATE, new Integer(ENCRYPTION)); + ctrAttr.put(STATE, Integer.valueOf(ENCRYPTION)); ctrAttr.put(MODE_BLOCK_SIZE, modeSize); ctr.reset(); ctr.init(ctrAttr); - Integer st = (Integer) attrib.get(STATE); if (st != null) { state = st.intValue(); if (state != ENCRYPTION && state != DECRYPTION) - { - throw new IllegalArgumentException("invalid state"); - } + throw new IllegalArgumentException("invalid state"); } else - { - state = ENCRYPTION; - } + state = ENCRYPTION; Integer ts = (Integer) attrib.get(TRUNCATED_SIZE); if (ts != null) - { - tagSize = ts.intValue(); - } + tagSize = ts.intValue(); else - { - tagSize = cipherBlockSize; - } + tagSize = cipherBlockSize; if (tagSize < 0 || tagSize > cipherBlockSize) - { - throw new IllegalArgumentException("tag size out of range"); - } + throw new IllegalArgumentException("tag size out of range"); init = true; } @@ -247,28 +203,20 @@ public class EAX implements IAuthenticatedMode public void encryptBlock(byte[] in, int inOff, byte[] out, int outOff) { - if (!init) - { - throw new IllegalStateException("not initialized"); - } + if (! init) + throw new IllegalStateException("not initialized"); if (state != ENCRYPTION) - { - throw new IllegalStateException("not encrypting"); - } + throw new IllegalStateException("not encrypting"); ctr.update(in, inOff, out, outOff); msgOmac.update(out, outOff, ctr.currentBlockSize()); } public void decryptBlock(byte[] in, int inOff, byte[] out, int outOff) { - if (!init) - { - throw new IllegalStateException("not initialized"); - } + if (! init) + throw new IllegalStateException("not initialized"); if (state != DECRYPTION) - { - throw new IllegalStateException("not decrypting"); - } + throw new IllegalStateException("not decrypting"); msgOmac.update(in, inOff, ctr.currentBlockSize()); ctr.update(in, inOff, out, outOff); } @@ -301,9 +249,6 @@ public class EAX implements IAuthenticatedMode return true; // XXX } - // IMac instance methods. - // ------------------------------------------------------------------------ - public int macSize() { return tagSize; @@ -319,34 +264,26 @@ public class EAX implements IAuthenticatedMode public void digest(byte[] out, int outOffset) { if (outOffset < 0 || outOffset + tagSize > out.length) - { - throw new IndexOutOfBoundsException(); - } + throw new IndexOutOfBoundsException(); byte[] N = nonceOmac.digest(); byte[] H = headerOmac.digest(); byte[] M = msgOmac.digest(); for (int i = 0; i < tagSize; i++) - { - out[outOffset + i] = (byte) (N[i] ^ H[i] ^ M[i]); - } + out[outOffset + i] = (byte)(N[i] ^ H[i] ^ M[i]); reset(); } public void update(byte b) { - if (!init) - { - throw new IllegalStateException("not initialized"); - } + if (! init) + throw new IllegalStateException("not initialized"); headerOmac.update(b); } public void update(byte[] buf, int off, int len) { - if (!init) - { - throw new IllegalStateException("not initialized"); - } + if (! init) + throw new IllegalStateException("not initialized"); headerOmac.update(buf, off, len); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/ECB.java b/libjava/classpath/gnu/javax/crypto/mode/ECB.java index 3b33a1848fe..665e526ca11 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/ECB.java +++ b/libjava/classpath/gnu/javax/crypto/mode/ECB.java @@ -42,44 +42,40 @@ import gnu.java.security.Registry; import gnu.javax.crypto.cipher.IBlockCipher; /** - * <p>The implementation of the Electronic Codebook mode.</p> - * - * <p>The Electronic Codebook (ECB) mode is a confidentiality mode that is - * defined as follows:</p> - * + * The implementation of the Electronic Codebook mode. + * <p> + * The Electronic Codebook (ECB) mode is a confidentiality mode that is defined + * as follows: * <ul> - * <li>ECB Encryption: C<sub>j</sub> = CIPH<sub>K</sub>(P<sub>j</sub>) for j = 1...n</li> - * <li>ECB Decryption: P<sub>j</sub> = CIPH<sup>-1</sup><sub>K</sub>(C<sub>j</sub>) for j = 1...n</li> + * <li>ECB Encryption: C<sub>j</sub> = CIPH<sub>K</sub>(P<sub>j</sub>) + * for j = 1...n</li> + * <li>ECB Decryption: P<sub>j</sub> = CIPH<sup>-1</sup><sub>K</sub>(C<sub>j</sub>) + * for j = 1...n</li> * </ul> - * - * <p>In ECB encryption, the forward cipher function is applied directly, and + * <p> + * In ECB encryption, the forward cipher function is applied directly, and * independently, to each block of the plaintext. The resulting sequence of - * output blocks is the ciphertext.</p> - * - * <p>In ECB decryption, the inverse cipher function is applied directly, and + * output blocks is the ciphertext. + * <p> + * In ECB decryption, the inverse cipher function is applied directly, and * independently, to each block of the ciphertext. The resulting sequence of - * output blocks is the plaintext.</p> - * - * <p>References:</p> - * + * output blocks is the plaintext. + * <p> + * References: * <ol> - * <li><a href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> - * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, - * Morris Dworkin.</li> + * <li><a + * href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> + * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, + * Morris Dworkin.</li> * </ol> */ -public class ECB extends BaseMode implements Cloneable +public class ECB + extends BaseMode + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial package-private constructor for use by the Factory class.</p> - * + * Trivial package-private constructor for use by the Factory class. + * * @param underlyingCipher the underlying cipher implementation. * @param cipherBlockSize the underlying cipher block size to use. */ @@ -89,8 +85,8 @@ public class ECB extends BaseMode implements Cloneable } /** - * <p>Private constructor for cloning purposes.</p> - * + * Private constructor for cloning purposes. + * * @param that the mode to clone. */ private ECB(ECB that) @@ -98,27 +94,15 @@ public class ECB extends BaseMode implements Cloneable this((IBlockCipher) that.cipher.clone(), that.cipherBlockSize); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { return new ECB(this); } - // Implementation of abstract methods in BaseMode -------------------------- - public void setup() { if (modeBlockSize != cipherBlockSize) - { - throw new IllegalArgumentException(IMode.MODE_BLOCK_SIZE); - } + throw new IllegalArgumentException(IMode.MODE_BLOCK_SIZE); } public void teardown() @@ -134,4 +118,4 @@ public class ECB extends BaseMode implements Cloneable { cipher.decryptBlock(in, i, out, o); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/IAuthenticatedMode.java b/libjava/classpath/gnu/javax/crypto/mode/IAuthenticatedMode.java index 989e3edbcd0..703679dc0a6 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/IAuthenticatedMode.java +++ b/libjava/classpath/gnu/javax/crypto/mode/IAuthenticatedMode.java @@ -43,16 +43,14 @@ import gnu.javax.crypto.mac.IMac; /** * The interface for encryption modes that also produce a message authentication * tag. - * - * <p>This interface is merely the conjuction of the {@link IMode} and - * {@link IMac} interfaces. Encryption and decryption is done via the - * {@link IMode#update(byte[],int,byte[],int)} method, tag generation - * is done via the {@link IMac#digest()} method, and header updating - * (if supported by the mode) is done via the {@link - * IMac#update(byte[],int,int)} method. + * <p> + * This interface is merely the conjuction of the {@link IMode} and {@link IMac} + * interfaces. Encryption and decryption is done via the + * {@link IMode#update(byte[],int,byte[],int)} method, tag generation is done + * via the {@link IMac#digest()} method, and header updating (if supported by + * the mode) is done via the {@link IMac#update(byte[],int,int)} method. */ -public interface IAuthenticatedMode extends IMode, IMac +public interface IAuthenticatedMode + extends IMode, IMac { - - // Trivial conjunction of IMode and IMac. } diff --git a/libjava/classpath/gnu/javax/crypto/mode/ICM.java b/libjava/classpath/gnu/javax/crypto/mode/ICM.java index d37908b5dfd..833ddb18f7f 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/ICM.java +++ b/libjava/classpath/gnu/javax/crypto/mode/ICM.java @@ -44,75 +44,66 @@ import gnu.javax.crypto.cipher.IBlockCipher; import java.math.BigInteger; /** - * <p>An implementation of <i>David McGrew</i> Integer Counter Mode (ICM) as an - * {@link IMode}.</p> - * - * <p>ICM is a way to define a pseudorandom keystream generator using a block - * cipher. The keystream can be used for additive encryption, key derivation, - * or any other application requiring pseudorandom data. In the case of this - * class, it is used as additive encryption, XOR-ing the keystream with the - * input text --for both encryption and decryption.</p> - * - * <p>In ICM, the keystream is logically broken into segments. Each segment is + * An implementation of <i>David McGrew</i> Integer Counter Mode (ICM) as an + * {@link IMode}. + * <p> + * ICM is a way to define a pseudorandom keystream generator using a block + * cipher. The keystream can be used for additive encryption, key derivation, or + * any other application requiring pseudorandom data. In the case of this class, + * it is used as additive encryption, XOR-ing the keystream with the input text + * --for both encryption and decryption. + * <p> + * In ICM, the keystream is logically broken into segments. Each segment is * identified with a segment index, and the segments have equal lengths. This * segmentation makes ICM especially appropriate for securing packet-based * protocols. ICM also allows a variety of configurations based, among other - * things, on two parameters: the <i>block index length</i> and the - * <i>segment index length</i>. A constraint on those two values exists: The sum - * of <i>segment index length</i> and <i>block index length</i> <b>must not</b> - * half the <i>block size</i> of the underlying cipher. This requirement protects - * the ICM keystream generator from potentially failing to be pseudorandom.</p> - * - * <p>For simplicity, this implementation, fixes these two values to the - * following:</p> - * + * things, on two parameters: the <i>block index length</i> and the <i>segment + * index length</i>. A constraint on those two values exists: The sum of + * <i>segment index length</i> and <i>block index length</i> <b>must not</b> + * half the <i>block size</i> of the underlying cipher. This requirement + * protects the ICM keystream generator from potentially failing to be + * pseudorandom. + * <p> + * For simplicity, this implementation, fixes these two values to the following: * <ul> - * <li>block index length: is half the underlying cipher block size, and</li> - * <li>segment index length: is zero.</li> + * <li>block index length: is half the underlying cipher block size, and</li> + * <li>segment index length: is zero.</li> * </ul> - * - * <p>For a 128-bit block cipher, the above values imply a maximum keystream - * length of 295,147,905,179,352,825,856 octets, since in ICM, each segment must - * not exceed the value <code>(256 ^ <i>block index length</i>) * <i>block length</i></code> - * octets.</p> - * - * <p>Finally, for this implementation of the ICM, the IV placeholder will be - * used to pass the value of the <i>Offset</i> in the keystream segment.</p> - * - * <p>References:</p> - * + * <p> + * For a 128-bit block cipher, the above values imply a maximum keystream length + * of 295,147,905,179,352,825,856 octets, since in ICM, each segment must not + * exceed the value + * <code>(256 ^ <i>block index length</i>) * <i>block length</i></code> + * octets. + * <p> + * Finally, for this implementation of the ICM, the IV placeholder will be used + * to pass the value of the <i>Offset</i> in the keystream segment. + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt"> - * Integer Counter Mode</a>, David A. McGrew.</li> + * <li><a + * href="http://www.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt"> + * Integer Counter Mode</a>, David A. McGrew.</li> * </ol> */ -public class ICM extends BaseMode implements Cloneable +public class ICM + extends BaseMode + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The integer value 256 as a BigInteger. */ private static final BigInteger TWO_FIFTY_SIX = new BigInteger("256"); - /** Maximum number of blocks per segment. */ private BigInteger maxBlocksPerSegment; - /** A work constant. */ private BigInteger counterRange; - /** The initial counter for a given keystream segment. */ private BigInteger C0; - /** The index of the next block for a given keystream segment. */ private BigInteger blockNdx; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial package-private constructor for use by the Factory class.</p> - * + * Trivial package-private constructor for use by the Factory class. + * * @param underlyingCipher the underlying cipher implementation. * @param cipherBlockSize the underlying cipher block size to use. */ @@ -122,8 +113,8 @@ public class ICM extends BaseMode implements Cloneable } /** - * <p>Private constructor for cloning purposes.<p> - * + * Private constructor for cloning purposes. + * * @param that the instance to clone. */ private ICM(ICM that) @@ -131,27 +122,15 @@ public class ICM extends BaseMode implements Cloneable this((IBlockCipher) that.cipher.clone(), that.cipherBlockSize); } - // Class methods - // ------------------------------------------------------------------------- - - // Cloneable interface implementation - // ------------------------------------------------------------------------- - public Object clone() { return new ICM(this); } - // Implementation of abstract methods in BaseMode - // ------------------------------------------------------------------------- - public void setup() { if (modeBlockSize != cipherBlockSize) - { - throw new IllegalArgumentException(); - } - + throw new IllegalArgumentException(); counterRange = TWO_FIFTY_SIX.pow(cipherBlockSize); maxBlocksPerSegment = TWO_FIFTY_SIX.pow(cipherBlockSize / 2); BigInteger r = new BigInteger(1, iv); @@ -177,35 +156,13 @@ public class ICM extends BaseMode implements Cloneable icm(in, i, out, o); } - // Instance methods - // ------------------------------------------------------------------------- - private void icm(byte[] in, int inOffset, byte[] out, int outOffset) { if (blockNdx.compareTo(maxBlocksPerSegment) >= 0) throw new RuntimeException("Maximum blocks for segment reached"); - - // encrypt the counter for the current blockNdx - // C[i] = (C[0] + i) modulo (256^BLOCK_LENGTH). - BigInteger Ci = C0.add(blockNdx).modPow(BigInteger.ONE, counterRange); byte[] result = Ci.toByteArray(); int limit = result.length; - // if (limit < cipherBlockSize) { - // byte[] data = new byte[cipherBlockSize]; - // System.arraycopy(result, 0, data, cipherBlockSize-limit, limit); - // result = data; - // } else if (limit > cipherBlockSize) { - // byte[] data = new byte[cipherBlockSize]; - // System.arraycopy(result, limit-cipherBlockSize, data, 0, cipherBlockSize); - // result = data; - // } - // - // cipher.encryptBlock(result, 0, result, 0); - // blockNdx = blockNdx.add(BigInteger.ONE); // increment blockNdx - // for (int i = 0; i < modeBlockSize; ) { // xor result with input block - // out[outOffset++] = (byte)(in[inOffset++] ^ result[i++]); - // } int ndx = 0; if (limit < cipherBlockSize) { @@ -214,15 +171,11 @@ public class ICM extends BaseMode implements Cloneable result = data; } else if (limit > cipherBlockSize) - { - ndx = limit - cipherBlockSize; - } + ndx = limit - cipherBlockSize; cipher.encryptBlock(result, ndx, result, ndx); blockNdx = blockNdx.add(BigInteger.ONE); // increment blockNdx - for (int i = 0; i < modeBlockSize; i++) - { // xor result with input block - out[outOffset++] = (byte) (in[inOffset++] ^ result[ndx++]); - } + for (int i = 0; i < modeBlockSize; i++) // xor result with input block + out[outOffset++] = (byte)(in[inOffset++] ^ result[ndx++]); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/IMode.java b/libjava/classpath/gnu/javax/crypto/mode/IMode.java index 4cb6ca64bd9..30485117d45 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/IMode.java +++ b/libjava/classpath/gnu/javax/crypto/mode/IMode.java @@ -41,105 +41,83 @@ package gnu.javax.crypto.mode; import gnu.javax.crypto.cipher.IBlockCipher; /** - * <p>The basic visible methods of any block cipher mode.</p> - * - * <p>Block ciphers encrypt plaintext in fixed size n-bit blocks. For messages + * The basic visible methods of any block cipher mode. + * <p> + * Block ciphers encrypt plaintext in fixed size n-bit blocks. For messages * larger than n bits, the simplest approach is to segment the message into * n-bit blocks and process (encrypt and/or decrypt) each one separately * (Electronic Codebook or ECB mode). But this approach has disadvantages in * most applications. The block cipher modes of operations are one way of - * working around those disadvantages.</p> - * - * <p>A <i>Mode</i> always employs an underlying block cipher for processing its + * working around those disadvantages. + * <p> + * A <i>Mode</i> always employs an underlying block cipher for processing its * input. For all intents and purposes, a <i>Mode</i> appears to behave as any - * other block cipher with the following differences:</p> - * + * other block cipher with the following differences: * <ul> - * <li>Depending on the specifications of the mode, the block size may be - * different that that of the underlying cipher.</li> - * - * <li>While some modes of operations allow operations on block sizes that - * can be 1-bit long, this library will only deal with sizes that are - * multiple of 8 bits. This is because the <tt>byte</tt> is the smallest, - * easy to handle, primitive type in Java.</li> - * - * <li>Some modes need an <i>Initialisation Vector</i> (IV) to be properly - * initialised.</li> + * <li>Depending on the specifications of the mode, the block size may be + * different that that of the underlying cipher.</li> + * <li>While some modes of operations allow operations on block sizes that can + * be 1-bit long, this library will only deal with sizes that are multiple of 8 + * bits. This is because the <tt>byte</tt> is the smallest, easy to handle, + * primitive type in Java.</li> + * <li>Some modes need an <i>Initialisation Vector</i> (IV) to be properly + * initialised.</li> * </ul> - * - * <p>Possible additional initialisation values for an instance of that type - * are:</p> - * + * <p> + * Possible additional initialisation values for an instance of that type are: * <ul> - * <li>The block size in which to operate this mode instance. This - * value is <b>optional</b>, if unspecified, the underlying block cipher's - * configured block size shall be used.</li> - * - * <li>Whether this mode will be used for encryption or decryption. This - * value is <b>mandatory</b> and should be included in the initialisation - * parameters. If it isn't, a {@link java.lang.IllegalStateException} will - * be thrown if any method, other than <code>reset()</code> is invoked on the - * instance.</li> - * - * <li>The byte array containing the <i>initialisation vector</i>, if - * required by this type of mode.</li> + * <li>The block size in which to operate this mode instance. This value is + * <b>optional</b>, if unspecified, the underlying block cipher's configured + * block size shall be used.</li> + * <li>Whether this mode will be used for encryption or decryption. This value + * is <b>mandatory</b> and should be included in the initialisation parameters. + * If it isn't, a {@link java.lang.IllegalStateException} will be thrown if any + * method, other than <code>reset()</code> is invoked on the instance.</li> + * <li>The byte array containing the <i>initialisation vector</i>, if required + * by this type of mode.</li> * </ul> */ -public interface IMode extends IBlockCipher +public interface IMode + extends IBlockCipher { - - // Constants - // ------------------------------------------------------------------------- - /** - * <p>Property name of the state in which to operate this mode. The value + * Property name of the state in which to operate this mode. The value * associated to this property name is taken to be an {@link Integer} which - * value is either <code>ENCRYPTION</code> or <code>DECRYPTION</code>.</p> + * value is either <code>ENCRYPTION</code> or <code>DECRYPTION</code>. */ String STATE = "gnu.crypto.mode.state"; - /** - * <p>Property name of the block size in which to operate this mode. The - * value associated with this property name is taken to be an {@link Integer}. - * If it is not specified, the value of the block size of the underlying - * block cipher, used to construct the mode instance, shall be used.</p> + * Property name of the block size in which to operate this mode. The value + * associated with this property name is taken to be an {@link Integer}. If + * it is not specified, the value of the block size of the underlying block + * cipher, used to construct the mode instance, shall be used. */ String MODE_BLOCK_SIZE = "gnu.crypto.mode.block.size"; - /** - * <p>Property name of the initialisation vector to use, if required, with - * this instance. The value associated with this property name is taken to - * be a byte array. If the concrete instance needs such a parameter, and it - * has not been specified as part of the initialissation parameters, an - * all-zero byte array of the appropriate size shall be used.</p> + * Property name of the initialisation vector to use, if required, with this + * instance. The value associated with this property name is taken to be a + * byte array. If the concrete instance needs such a parameter, and it has not + * been specified as part of the initialissation parameters, an all-zero byte + * array of the appropriate size shall be used. */ String IV = "gnu.crypto.mode.iv"; - - /** - * <p>Constant indicating the instance is being used for <i>encryption</i>.</p> - */ + /** Constant indicating the instance is being used for <i>encryption</i>. */ int ENCRYPTION = 1; - - /** - * <p>Constant indicating the instance is being used for <i>decryption</i>.</p> - */ + /** Constant indicating the instance is being used for <i>decryption</i>. */ int DECRYPTION = 2; - // Methods - // ------------------------------------------------------------------------- - /** - * <p>A convenience method. Effectively invokes the <code>encryptBlock()</code> + * A convenience method. Effectively invokes the <code>encryptBlock()</code> * or <code>decryptBlock()</code> method depending on the operational state - * of the instance.</p> - * + * of the instance. + * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering - * data. + * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store result. * @exception IllegalStateException if the instance is not initialised. */ void update(byte[] in, int inOffset, byte[] out, int outOffset) throws IllegalStateException; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/ModeFactory.java b/libjava/classpath/gnu/javax/crypto/mode/ModeFactory.java index 0e949ed9e96..d1acdf4e599 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/ModeFactory.java +++ b/libjava/classpath/gnu/javax/crypto/mode/ModeFactory.java @@ -49,16 +49,12 @@ import java.util.Iterator; import java.util.Set; /** - * <p>A <i>Factory</i> to instantiate block cipher modes of operations.</p> + * A <i>Factory</i> to instantiate block cipher modes of operations. */ -public class ModeFactory implements Registry +public class ModeFactory + implements Registry { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- + private static Set names; /** Trivial constructor to enforce Singleton pattern. */ private ModeFactory() @@ -66,37 +62,29 @@ public class ModeFactory implements Registry super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a block cipher mode of operations given its name - * and characteristics of the underlying block cipher.</p> - * + * Returns an instance of a block cipher mode of operations given its name and + * characteristics of the underlying block cipher. + * * @param mode the case-insensitive name of the mode of operations. * @param cipher the case-insensitive name of the block cipher. * @param cipherBlockSize the block size, in bytes, of the underlying cipher. * @return an instance of the block cipher algorithm, operating in a given - * mode of operations, or <code>null</code> if none found. + * mode of operations, or <code>null</code> if none found. * @exception InternalError if either the mode or the underlying block cipher - * implementation does not pass its self-test. + * implementation does not pass its self-test. */ public static IMode getInstance(String mode, String cipher, int cipherBlockSize) { if (mode == null || cipher == null) - { - return null; - } + return null; mode = mode.trim(); cipher = cipher.trim(); - IBlockCipher cipherImpl = CipherFactory.getInstance(cipher); if (cipherImpl == null) - { - return null; - } + return null; return getInstance(mode, cipherImpl, cipherBlockSize); } @@ -110,59 +98,36 @@ public class ModeFactory implements Registry { ok = (cipherBlockSize == ((Integer) it.next()).intValue()); if (ok) - { - break; - } - } - - if (!ok) - { - throw new IllegalArgumentException("cipherBlockSize"); + break; } - + if (! ok) + throw new IllegalArgumentException("cipherBlockSize"); IMode result = null; if (mode.equalsIgnoreCase(ECB_MODE)) - { - result = new ECB(cipher, cipherBlockSize); - } + result = new ECB(cipher, cipherBlockSize); else if (mode.equalsIgnoreCase(CTR_MODE)) - { - result = new CTR(cipher, cipherBlockSize); - } + result = new CTR(cipher, cipherBlockSize); else if (mode.equalsIgnoreCase(ICM_MODE)) - { - result = new ICM(cipher, cipherBlockSize); - } + result = new ICM(cipher, cipherBlockSize); else if (mode.equalsIgnoreCase(OFB_MODE)) - { - result = new OFB(cipher, cipherBlockSize); - } + result = new OFB(cipher, cipherBlockSize); else if (mode.equalsIgnoreCase(CBC_MODE)) - { - result = new CBC(cipher, cipherBlockSize); - } + result = new CBC(cipher, cipherBlockSize); else if (mode.equalsIgnoreCase(CFB_MODE)) - { - result = new CFB(cipher, cipherBlockSize); - } + result = new CFB(cipher, cipherBlockSize); else if (mode.equalsIgnoreCase(EAX_MODE)) - { - result = new EAX(cipher, cipherBlockSize); - } + result = new EAX(cipher, cipherBlockSize); - if (result != null && !result.selfTest()) - { - throw new InternalError(result.name()); - } + if (result != null && ! result.selfTest()) + throw new InternalError(result.name()); return result; } /** - * <p>Returns a {@link java.util.Set} of names of mode supported by this - * <i>Factory</i>.</p> - * - * @return a {@link java.util.Set} of mode names (Strings). + * Returns a {@link Set} of names of mode supported by this <i>Factory</i>. + * + * @return a {@link Set} of mode names (Strings). */ public static final Set getNames() { @@ -178,15 +143,9 @@ public class ModeFactory implements Registry hs.add(CBC_MODE); hs.add(CFB_MODE); hs.add(EAX_MODE); - names = Collections.unmodifiableSet(hs); } } return names; } - - private static Set names; - - // Instance methods - // ------------------------------------------------------------------------- -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/mode/OFB.java b/libjava/classpath/gnu/javax/crypto/mode/OFB.java index 68065d10b9c..c8b6d7e97e7 100644 --- a/libjava/classpath/gnu/javax/crypto/mode/OFB.java +++ b/libjava/classpath/gnu/javax/crypto/mode/OFB.java @@ -39,33 +39,33 @@ exception statement from your version. */ package gnu.javax.crypto.mode; import gnu.java.security.Registry; - import gnu.javax.crypto.cipher.IBlockCipher; /** - * <p>The Output Feedback (OFB) mode is a confidentiality mode that requires a + * The Output Feedback (OFB) mode is a confidentiality mode that requires a * unique <code>IV</code> for every message that is ever encrypted under the - * given key. The OFB mode is defined as follows:</p> - * + * given key. The OFB mode is defined as follows: + * <ul> + * <li>OFB Encryption: * <ul> - * <li>OFB Encryption: - * <ul> - * <li>I<sub>1</sub> = IV;</li> - * <li>I<sub>j</sub> = O<sub>j -1</sub> for j = 2...n;</li> - * <li>O<sub>j</sub> = CIPH<sub>K</sub>(I<sub>j</sub>) for j = 1, 2...n;</li> - * <li>C<sub>j</sub> = P<sub>j</sub> XOR O<sub>j</sub> for j = 1, 2...n.</li> - * </ul></li> + * <li>I<sub>1</sub> = IV;</li> + * <li>I<sub>j</sub> = O<sub>j -1</sub> for j = 2...n;</li> + * <li>O<sub>j</sub> = CIPH<sub>K</sub>(I<sub>j</sub>) for j = 1, 2...n;</li> + * <li>C<sub>j</sub> = P<sub>j</sub> XOR O<sub>j</sub> for j = 1, 2...n.</li> + * </ul> + * </li> * <li>OFB Decryption: - * <ul> - * <li>I<sub>1</sub> = IV;</li> - * <li>I<sub>j</sub> = O<sub>j -1</sub> for j = 2...n;</li> - * <li>O<sub>j</sub> = CIPH<sub>K</sub>(I<sub>j</sub>) for j = 1, 2...n;</li> - * <li>P<sub>j</sub> = C<sub>j</sub> XOR O<sub>j</sub> for j = 1, 2...n.</li> - * </ul></li> + * <ul> + * <li>I<sub>1</sub> = IV;</li> + * <li>I<sub>j</sub> = O<sub>j -1</sub> for j = 2...n;</li> + * <li>O<sub>j</sub> = CIPH<sub>K</sub>(I<sub>j</sub>) for j = 1, 2...n;</li> + * <li>P<sub>j</sub> = C<sub>j</sub> XOR O<sub>j</sub> for j = 1, 2...n.</li> * </ul> - * - * <p>In OFB encryption, the <code>IV</code> is transformed by the forward - * cipher function to produce the first output block. The first output block is + * </li> + * </ul> + * <p> + * In OFB encryption, the <code>IV</code> is transformed by the forward cipher + * function to produce the first output block. The first output block is * exclusive-ORed with the first plaintext block to produce the first ciphertext * block. The first output block is then transformed by the forward cipher * function to produce the second output block. The second output block is @@ -74,9 +74,9 @@ import gnu.javax.crypto.cipher.IBlockCipher; * cipher function to produce the third output block. Thus, the successive * output blocks are produced from enciphering the previous output blocks, and * the output blocks are exclusive-ORed with the corresponding plaintext blocks - * to produce the ciphertext blocks.</p> - * - * <p>In OFB decryption, the <code>IV</code> is transformed by the forward cipher + * to produce the ciphertext blocks. + * <p> + * In OFB decryption, the <code>IV</code> is transformed by the forward cipher * function to produce the first output block. The first output block is * exclusive-ORed with the first ciphertext block to recover the first plaintext * block. The first output block is then transformed by the forward cipher @@ -86,51 +86,46 @@ import gnu.javax.crypto.cipher.IBlockCipher; * forward cipher function to produce the third output block. Thus, the * successive output blocks are produced from enciphering the previous output * blocks, and the output blocks are exclusive-ORed with the corresponding - * ciphertext blocks to recover the plaintext blocks.</p> - * - * <p>In both OFB encryption and OFB decryption, each forward cipher function + * ciphertext blocks to recover the plaintext blocks. + * <p> + * In both OFB encryption and OFB decryption, each forward cipher function * (except the first) depends on the results of the previous forward cipher - * function; therefore, multiple forward cipher functions cannot be performed - * in parallel. However, if the <code>IV</code> is known, the output blocks can - * be generated prior to the availability of the plaintext or ciphertext data.</p> - * - * <p>The OFB mode requires a unique <code>IV</code> for every message that is + * function; therefore, multiple forward cipher functions cannot be performed in + * parallel. However, if the <code>IV</code> is known, the output blocks can + * be generated prior to the availability of the plaintext or ciphertext data. + * <p> + * The OFB mode requires a unique <code>IV</code> for every message that is * ever encrypted under the given key. If, contrary to this requirement, the * same <code>IV</code> is used for the encryption of more than one message, * then the confidentiality of those messages may be compromised. In particular, * if a plaintext block of any of these messages is known, say, the j<sup>th</sup> * plaintext block, then the j<sup>th</sup> output of the forward cipher - * function can be determined easily from the j<sup>th</sup> ciphertext block of - * the message. This information allows the j<sup>th</sup> plaintext block of - * any other message that is encrypted using the same <code>IV</code> to be - * easily recovered from the jth ciphertext block of that message.</p> - * - * <p>Confidentiality may similarly be compromised if any of the input blocks to + * function can be determined easily from the j<sup>th</sup> ciphertext block + * of the message. This information allows the j<sup>th</sup> plaintext block + * of any other message that is encrypted using the same <code>IV</code> to be + * easily recovered from the jth ciphertext block of that message. + * <p> + * Confidentiality may similarly be compromised if any of the input blocks to * the forward cipher function for the encryption of a message is used as the - * <code>IV</code> for the encryption of another message under the given key.</p> - * - * <p>References:</p> - * + * <code>IV</code> for the encryption of another message under the given key. + * <p> + * References: * <ol> - * <li><a href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> - * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, - * Morris Dworkin.</li> + * <li><a + * href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> + * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, + * Morris Dworkin.</li> * </ol> */ -public class OFB extends BaseMode implements Cloneable +public class OFB + extends BaseMode + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - private byte[] outputBlock; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial package-private constructor for use by the Factory class.</p> - * + * Trivial package-private constructor for use by the Factory class. + * * @param underlyingCipher the underlying cipher implementation. * @param cipherBlockSize the underlying cipher block size to use. */ @@ -140,8 +135,8 @@ public class OFB extends BaseMode implements Cloneable } /** - * <p>Private constructor for cloning purposes.</p> - * + * Private constructor for cloning purposes. + * * @param that the mode to clone. */ private OFB(OFB that) @@ -149,28 +144,15 @@ public class OFB extends BaseMode implements Cloneable this((IBlockCipher) that.cipher.clone(), that.cipherBlockSize); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.lang.Cloneable interface implementation ---------------------------- - public Object clone() { return new OFB(this); } - // Implementation of abstract methods in BaseMode -------------------------- - public void setup() { if (modeBlockSize != cipherBlockSize) - { - throw new IllegalArgumentException(IMode.MODE_BLOCK_SIZE); - } - + throw new IllegalArgumentException(IMode.MODE_BLOCK_SIZE); outputBlock = (byte[]) iv.clone(); } @@ -182,13 +164,11 @@ public class OFB extends BaseMode implements Cloneable { cipher.encryptBlock(outputBlock, 0, outputBlock, 0); for (int j = 0; j < cipherBlockSize;) - { - out[o++] = (byte) (in[i++] ^ outputBlock[j++]); - } + out[o++] = (byte)(in[i++] ^ outputBlock[j++]); } public void decryptBlock(byte[] in, int i, byte[] out, int o) { this.encryptBlock(in, i, out, o); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/BasePad.java b/libjava/classpath/gnu/javax/crypto/pad/BasePad.java index 49c5d050a85..8b475d2d8cb 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/BasePad.java +++ b/libjava/classpath/gnu/javax/crypto/pad/BasePad.java @@ -38,24 +38,24 @@ exception statement from your version. */ package gnu.javax.crypto.pad; +import gnu.java.security.Configuration; + +import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; + /** - * <p>An abstract class to facilitate implementing padding algorithms.</p> + * An abstract class to facilitate implementing padding algorithms. */ -public abstract class BasePad implements IPad +public abstract class BasePad + implements IPad { - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(BasePad.class.getName()); /** The canonical name prefix of the padding algorithm. */ protected String name; - /** The block size, in bytes, for this instance. */ protected int blockSize; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor for use by concrete subclasses. */ protected BasePad(final String name) { @@ -65,84 +65,122 @@ public abstract class BasePad implements IPad blockSize = -1; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // IPad interface implementation ------------------------------------------- - public String name() { final StringBuffer sb = new StringBuffer(name); if (blockSize != -1) - { - sb.append('-').append(String.valueOf(8 * blockSize)); - } + sb.append('-').append(String.valueOf(8 * blockSize)); return sb.toString(); } public void init(final int bs) throws IllegalStateException { if (blockSize != -1) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); blockSize = bs; setup(); } + /** + * Initialises the algorithm with designated attributes. Names, valid and/or + * recognisable by all concrete implementations are described in {@link IPad} + * class documentation. Other algorithm-specific attributes MUST be documented + * in the implementation class of that padding algorithm. + * <p> + * For compatibility reasons, this method is not declared <i>abstract</i>. + * Furthermore, and unless overridden, the default implementation will throw + * an {@link UnsupportedOperationException}. Concrete padding algorithms MUST + * override this method if they wish to offer an initialisation method that + * allows for other than the padding block size parameter to be specified. + * + * @param attributes a set of name-value pairs that describes the desired + * future behaviour of this instance. + * @exception IllegalStateException if the instance is already initialised. + * @exception IllegalArgumentException if the block size value is invalid. + */ + public void init(Map attributes) throws IllegalStateException + { + throw new UnsupportedOperationException(); + } + public void reset() { blockSize = -1; } + /** + * A default implementation of a correctness test that exercises the padder + * implementation, using block sizes varying from 2 to 256 bytes. + * + * @return <code>true</code> if the concrete implementation correctly unpads + * what it pads for all tested block sizes. Returns <code>false</code> + * if the test fails for any block size. + */ public boolean selfTest() { + final byte[] in = new byte[1024]; + for (int bs = 2; bs < 256; bs++) + if (! test1BlockSize(bs, in)) + return false; + return true; + } + + /** + * The basic symmetric test for a padder given a specific block size. + * <p> + * The code ensures that the implementation is capable of unpadding what it + * pads. + * + * @param size the block size to test. + * @param buffer a work buffer. It is exposed as an argument for this method + * to reduce un-necessary object allocations. + * @return <code>true</code> if the test passes; <code>false</code> + * otherwise. + */ + protected boolean test1BlockSize(int size, byte[] buffer) + { byte[] padBytes; final int offset = 5; - final int limit = 1024; - final byte[] in = new byte[limit]; - for (int bs = 2; bs < 256; bs++) + final int limit = buffer.length; + this.init(size); + for (int i = 0; i < limit - offset - blockSize; i++) { - this.init(bs); - for (int i = 0; i < limit - offset - blockSize; i++) + padBytes = pad(buffer, offset, i); + if (((i + padBytes.length) % blockSize) != 0) { - padBytes = pad(in, offset, i); - if (((i + padBytes.length) % blockSize) != 0) - { - new RuntimeException(name()).printStackTrace(System.err); - return false; - } - - System.arraycopy(padBytes, 0, in, offset + i, padBytes.length); - try - { - if (padBytes.length != unpad(in, offset, i + padBytes.length)) - { - new RuntimeException(name()).printStackTrace(System.err); - return false; - } - } - catch (WrongPaddingException x) + if (Configuration.DEBUG) + log.log(Level.SEVERE, + "Length of padded text MUST be a multiple of " + + blockSize, new RuntimeException(name())); + return false; + } + System.arraycopy(padBytes, 0, buffer, offset + i, padBytes.length); + try + { + if (padBytes.length != unpad(buffer, offset, i + padBytes.length)) { - x.printStackTrace(System.err); + if (Configuration.DEBUG) + log.log(Level.SEVERE, + "IPad [" + name() + "] failed symmetric operation", + new RuntimeException(name())); return false; } } - this.reset(); + catch (WrongPaddingException x) + { + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "test1BlockSize", x); + return false; + } } - + this.reset(); return true; } - // abstract methods to implement by subclasses ----------------------------- - /** - * <p>If any additional checks or resource setup must be done by the - * subclass, then this is the hook for it. This method will be called before - * the {@link #init(int)} method returns.</p> + * If any additional checks or resource setup must be done by the subclass, + * then this is the hook for it. This method will be called before the + * {@link #init(int)} method returns. */ public abstract void setup(); @@ -150,4 +188,4 @@ public abstract class BasePad implements IPad public abstract int unpad(byte[] in, int off, int len) throws WrongPaddingException; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/IPad.java b/libjava/classpath/gnu/javax/crypto/pad/IPad.java index 4b4c925e622..0e3db7db19e 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/IPad.java +++ b/libjava/classpath/gnu/javax/crypto/pad/IPad.java @@ -38,29 +38,32 @@ exception statement from your version. */ package gnu.javax.crypto.pad; +import java.util.Map; + /** - * <p>The basic visible methods of any padding algorithm.</p> - * - * <p>Padding algorithms serve to <i>pad</i> and <i>unpad</i> byte arrays usually + * The basic visible methods, and attribute names, of every padding algorithm. + * <p> + * Padding algorithms serve to <i>pad</i> and <i>unpad</i> byte arrays usually * as the last step in an <i>encryption</i> or respectively a <i>decryption</i> * operation. Their input buffers are usually those processed by instances of - * {@link gnu.crypto.mode.IMode} and/or {@link gnu.crypto.cipher.IBlockCipher}.</p> + * {@link gnu.javax.crypto.mode.IMode} and/or + * {@link gnu.javax.crypto.cipher.IBlockCipher}. */ public interface IPad { - - // Constants - // ------------------------------------------------------------------------- - - // Methods - // ------------------------------------------------------------------------- + /** + * Property name of the block size in which to operate the padding algorithm. + * The value associated with this property name is taken to be a positive + * {@link Integer} greater than zero. + */ + String PADDING_BLOCK_SIZE = "gnu.crypto.pad.block.size"; /** @return the canonical name of this instance. */ String name(); /** * Initialises the padding scheme with a designated block size. - * + * * @param bs the designated block size. * @exception IllegalStateException if the instance is already initialised. * @exception IllegalArgumentException if the block size value is invalid. @@ -68,29 +71,43 @@ public interface IPad void init(int bs) throws IllegalStateException; /** + * Initialises the algorithm with designated attributes. Names, valid and/or + * recognisable by all concrete implementations are described in the class + * documentation above. Other algorithm-specific attributes MUST be documented + * in the implementation class of that padding algorithm. + * + * @param attributes a set of name-value pairs that describes the desired + * future behaviour of this instance. + * @exception IllegalStateException if the instance is already initialised. + * @exception IllegalArgumentException if the block size value is invalid. + */ + void init(Map attributes) throws IllegalStateException; + + /** * Returns the byte sequence that should be appended to the designated input. - * + * * @param in the input buffer containing the bytes to pad. * @param offset the starting index of meaningful data in <i>in</i>. * @param length the number of meaningful bytes in <i>in</i>. * @return the possibly 0-byte long sequence to be appended to the designated - * input. + * input. */ byte[] pad(byte[] in, int offset, int length); /** * Returns the number of bytes to discard from a designated input buffer. - * + * * @param in the input buffer containing the bytes to unpad. * @param offset the starting index of meaningful data in <i>in</i>. * @param length the number of meaningful bytes in <i>in</i>. * @return the number of bytes to discard, to the left of index position - * <tt>offset + length</tt> in <i>in</i>. In other words, if the return - * value of a successful invocation of this method is <tt>result</tt>, then - * the unpadded byte sequence will be <tt>offset + length - result</tt> bytes - * in <i>in</i>, starting from index position <tt>offset</tt>. + * <code>offset + length</code> in <i>in</i>. In other words, if + * the return value of a successful invocation of this method is + * <code>result</code>, then the unpadded byte sequence will be + * <code>offset + length - result</code> bytes in <i>in</i>, + * starting from index position <code>offset</code>. * @exception WrongPaddingException if the data is not terminated with the - * expected padding bytes. + * expected padding bytes. */ int unpad(byte[] in, int offset, int length) throws WrongPaddingException; @@ -102,9 +119,9 @@ public interface IPad /** * A basic symmetric pad/unpad test. - * - * @return <tt>true</tt> if the implementation passes a basic symmetric - * self-test. Returns <tt>false</tt> otherwise. + * + * @return <code>true</code> if the implementation passes a basic symmetric + * self-test. Returns <code>false</code> otherwise. */ boolean selfTest(); -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/ISO10126.java b/libjava/classpath/gnu/javax/crypto/pad/ISO10126.java new file mode 100644 index 00000000000..8e8c59254fc --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/pad/ISO10126.java @@ -0,0 +1,109 @@ +/* ISO10126.java -- An implementation of the ISO 10126-2 padding scheme + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.pad; + +import gnu.java.security.Registry; +import gnu.java.security.util.PRNG; + +/** + * The implementation of the ISO 10126-2 padding algorithm. + * <p> + * The last byte of the padding block is the number of padding bytes, all other + * padding bytes are random. + * <p> + * References: + * <ol> + * <li><a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption Syntax and + * Processing</a> Section "5.2 Block Encryption Algorithms"; "Padding".</li> + * </ol> + */ +public final class ISO10126 + extends BasePad +{ + /** Used to generate random numbers for padding bytes. */ + private PRNG prng; + + ISO10126() + { + super(Registry.ISO10126_PAD); + prng = PRNG.getInstance(); + } + + public void setup() + { + // Nothing to do here + } + + public byte[] pad(byte[] in, int offset, int length) + { + int padLength = blockSize - (length % blockSize); + final byte[] pad = new byte[padLength]; + + // generate random numbers for the padding bytes except for the last byte + prng.nextBytes(pad, 0, padLength - 1); + // the last byte contains the number of padding bytes + pad[padLength - 1] = (byte) padLength; + + return pad; + } + + public int unpad(byte[] in, int offset, int length) + throws WrongPaddingException + { + // the last byte contains the number of padding bytes + int padLength = in[offset + length - 1] & 0xFF; + if (padLength > length) + throw new WrongPaddingException(); + + return padLength; + } + + /** + * The default self-test in the super-class would take too long to finish + * with this type of padder --due to the large amount of random data needed. + * We override the default test and replace it with a simple one for a 16-byte + * block-size (default AES block-size). The Mauve test TestOfISO10126 will + * exercise all block-sizes that the default self-test uses for the other + * padders. + */ + public boolean selfTest() + { + return test1BlockSize(16, new byte[1024]); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/PKCS1_V1_5.java b/libjava/classpath/gnu/javax/crypto/pad/PKCS1_V1_5.java index 03c3d61a303..9ddc6098949 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/PKCS1_V1_5.java +++ b/libjava/classpath/gnu/javax/crypto/pad/PKCS1_V1_5.java @@ -38,73 +38,47 @@ exception statement from your version. */ package gnu.javax.crypto.pad; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.sig.rsa.EME_PKCS1_V1_5; import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; -import java.io.PrintWriter; +import java.util.logging.Level; +import java.util.logging.Logger; /** - * <p>A padding algorithm implementation of the EME-PKCS1-V1.5 encoding/decoding + * A padding algorithm implementation of the EME-PKCS1-V1.5 encoding/decoding * algorithm as described in section 7.2 of RFC-3447. This is effectively an * <i>Adapter</i> over an instance of {@link EME_PKCS1_V1_5} initialised with - * the RSA public shared modulus length (in bytes).</p> - * - * <p>References:</p> + * the RSA public shared modulus length (in bytes). + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/rfc/rfc3447.txt">Public-Key Cryptography - * Standards (PKCS) #1:</a><br> - * RSA Cryptography Specifications Version 2.1.<br> - * Jakob Jonsson and Burt Kaliski.</li> + * <li><a href="http://www.ietf.org/rfc/rfc3447.txt">Public-Key Cryptography + * Standards (PKCS) #1:</a><br> + * RSA Cryptography Specifications Version 2.1.<br> + * Jakob Jonsson and Burt Kaliski.</li> * </ol> - * + * * @see EME_PKCS1_V1_5 */ -public class PKCS1_V1_5 extends BasePad +public class PKCS1_V1_5 + extends BasePad { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = Registry.EME_PKCS1_V1_5_PAD; - - private static final boolean DEBUG = false; - - private static final int debuglevel = 9; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(final String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(PKCS1_V1_5.class.getName()); private EME_PKCS1_V1_5 codec; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Trivial package-private constructor for use by the <i>Factory</i> class. - * </p> + * Trivial package-private constructor for use by the <i>Factory</i> class. * - * @see gnu.crypto.pad.PadFactory + * @see PadFactory */ PKCS1_V1_5() { super(Registry.EME_PKCS1_V1_5_PAD); } - // Class methods - // ------------------------------------------------------------------------- - - // Implementation of abstract methods in BasePad - // ------------------------------------------------------------------------- - public void setup() { codec = EME_PKCS1_V1_5.getInstance(blockSize); @@ -117,10 +91,8 @@ public class PKCS1_V1_5 extends BasePad final byte[] EM = codec.encode(M); final byte[] result = new byte[blockSize - length]; System.arraycopy(EM, 0, result, 0, result.length); - if (DEBUG && debuglevel > 8) - { - debug("padding: 0x" + Util.toString(result)); - } + if (Configuration.DEBUG) + log.fine("padding: 0x" + Util.toString(result)); return result; } @@ -130,15 +102,11 @@ public class PKCS1_V1_5 extends BasePad final byte[] EM = new byte[length]; System.arraycopy(in, offset, EM, 0, length); final int result = length - codec.decode(EM).length; - if (DEBUG && debuglevel > 8) - { - debug("padding length: " + String.valueOf(result)); - } + if (Configuration.DEBUG) + log.fine("padding length: " + String.valueOf(result)); return result; } - // overloaded methods ------------------------------------------------------ - public boolean selfTest() { final int[] mLen = new int[] { 16, 20, 32, 48, 64 }; @@ -156,29 +124,33 @@ public class PKCS1_V1_5 extends BasePad p = pad(M, 0, j); if (j + p.length != blockSize) { - new RuntimeException(name()).printStackTrace(System.err); + if (Configuration.DEBUG) + log.log(Level.SEVERE, + "Length of padded text MUST be a multiple of " + + blockSize, new RuntimeException(name())); return false; } - System.arraycopy(p, 0, EM, 0, p.length); System.arraycopy(M, 0, EM, p.length, j); try { if (p.length != unpad(EM, 0, blockSize)) { - new RuntimeException(name()).printStackTrace(System.err); + if (Configuration.DEBUG) + log.log(Level.SEVERE, "Failed symmetric operation", + new RuntimeException(name())); return false; } } catch (WrongPaddingException x) { - x.printStackTrace(System.err); + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "selfTest", x); return false; } } reset(); } - return true; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/PKCS7.java b/libjava/classpath/gnu/javax/crypto/pad/PKCS7.java index 5697aff2712..bef1784eeb3 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/PKCS7.java +++ b/libjava/classpath/gnu/javax/crypto/pad/PKCS7.java @@ -1,129 +1,98 @@ /* PKCS7.java -- - Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. - -This file is a part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or (at -your option) any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; if not, write to the Free Software -Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 -USA - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. */ + Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. + + This file is a part of GNU Classpath. + + GNU Classpath is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or (at + your option) any later version. + + GNU Classpath is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNU Classpath; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 + USA + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. */ package gnu.javax.crypto.pad; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.Util; -import java.io.PrintWriter; +import java.util.logging.Logger; /** - * <p>The implementation of the PKCS7 padding algorithm.</p> - * - * <p>This algorithm is described for 8-byte blocks in [RFC-1423] and extended to - * block sizes of up to 256 bytes in [PKCS-7].</p> - * - * References:<br> - * <a href="http://www.ietf.org/rfc/rfc1423.txt">RFC-1423</a>: Privacy + * The implementation of the PKCS7 padding algorithm. + * <p> + * This algorithm is described for 8-byte blocks in [RFC-1423] and extended to + * block sizes of up to 256 bytes in [PKCS-7]. + * <p> + * References: + * <ol> + * <li><a href="http://www.ietf.org/rfc/rfc1423.txt">RFC-1423</a>: Privacy * Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and - * Identifiers.<br> - * <a href="http://www.ietf.org/">IETF</a>. - * <a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/">[PKCS-7]</a>PKCS #7: - * Cryptographic Message Syntax Standard - An RSA Laboratories Technical Note.<br> - * <a href="http://www.rsasecurity.com/">RSA Security</a>.<p> + * Identifiers.</li> + * <li><a href="http://www.ietf.org/">IETF</a>.</li> + * <li><a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/">[PKCS-7]</a> + * PKCS #7: Cryptographic Message Syntax Standard - An RSA Laboratories + * Technical Note.</li> + * <li><a href="http://www.rsasecurity.com/">RSA Security</a>.</li> + * </ol> */ -public final class PKCS7 extends BasePad +public final class PKCS7 + extends BasePad { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "pkcs7"; - - private static final boolean DEBUG = false; - - private static final int debuglevel = 9; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- + private static final Logger log = Logger.getLogger(PKCS7.class.getName()); /** - * Trivial package-private constructor for use by the <i>Factory</i> class.<p> - * - * @see gnu.crypto.pad.PadFactory + * Trivial package-private constructor for use by the <i>Factory</i> class. + * + * @see PadFactory */ PKCS7() { super(Registry.PKCS7_PAD); } - // Class methods - // ------------------------------------------------------------------------- - - // Implementation of abstract methods in BasePad - // ------------------------------------------------------------------------- - public void setup() { if (blockSize < 2 || blockSize > 256) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); } public byte[] pad(byte[] in, int offset, int length) { int padLength = blockSize; if (length % blockSize != 0) - { - padLength = blockSize - length % blockSize; - } + padLength = blockSize - length % blockSize; byte[] result = new byte[padLength]; for (int i = 0; i < padLength;) - { - result[i++] = (byte) padLength; - } - - if (DEBUG && debuglevel > 8) - { - debug("padding: 0x" + Util.toString(result)); - } + result[i++] = (byte) padLength; + if (Configuration.DEBUG) + log.fine("padding: 0x" + Util.toString(result)); return result; } @@ -133,17 +102,10 @@ public final class PKCS7 extends BasePad int limit = offset + length; int result = in[limit - 1] & 0xFF; for (int i = 0; i < result; i++) - { - if (result != (in[--limit] & 0xFF)) - { - throw new WrongPaddingException(); - } - } - - if (DEBUG && debuglevel > 8) - { - debug("padding length: " + String.valueOf(result)); - } + if (result != (in[--limit] & 0xFF)) + throw new WrongPaddingException(); + if (Configuration.DEBUG) + log.fine("padding length: " + result); return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/PadFactory.java b/libjava/classpath/gnu/javax/crypto/pad/PadFactory.java index 913d69dcbaf..eaa78112e09 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/PadFactory.java +++ b/libjava/classpath/gnu/javax/crypto/pad/PadFactory.java @@ -45,16 +45,13 @@ import java.util.HashSet; import java.util.Set; /** - * <p>A Factory to instantiate padding schemes.</p> + * A Factory to instantiate padding schemes. */ -public class PadFactory implements Registry +public class PadFactory + implements Registry { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- + /** Collection of padding algorithm names --cached for speed. */ + private static Set names; /** Trivial constructor to enforce Singleton pattern. */ private PadFactory() @@ -62,76 +59,62 @@ public class PadFactory implements Registry super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a padding algorithm given its name.</p> - * + * Returns an instance of a padding algorithm given its name. + * * @param pad the case-insensitive name of the padding algorithm. - * @return an instance of the padding algorithm, operating with a given - * block size, or <code>null</code> if none found. + * @return an instance of the padding algorithm, operating with a given block + * size, or <code>null</code> if none found. * @throws InternalError if the implementation does not pass its self-test. */ public static final IPad getInstance(String pad) { if (pad == null) - { - return null; - } + return null; pad = pad.trim().toLowerCase(); if (pad.endsWith("padding")) pad = pad.substring(0, pad.length() - "padding".length()); IPad result = null; if (pad.equals(PKCS7_PAD) || pad.equals(PKCS5_PAD)) - { - result = new PKCS7(); - } + result = new PKCS7(); else if (pad.equals(TBC_PAD)) - { - result = new TBC(); - } + result = new TBC(); else if (pad.equals(EME_PKCS1_V1_5_PAD)) - { - result = new PKCS1_V1_5(); - } + result = new PKCS1_V1_5(); else if (pad.equals(SSL3_PAD)) - { - result = new SSL3(); - } + result = new SSL3(); else if (pad.equals(TLS1_PAD)) - { - result = new TLS1(); - } + result = new TLS1(); + else if (pad.equals(ISO10126_PAD)) + result = new ISO10126(); - if (result != null && !result.selfTest()) - { - throw new InternalError(result.name()); - } + if (result != null && ! result.selfTest()) + throw new InternalError(result.name()); return result; } /** - * <p>Returns a {@link java.util.Set} of names of padding algorithms - * supported by this <i>Factory</i>.</p> - * + * Returns a {@link Set} of names of padding algorithms supported by this + * <i>Factory</i>. + * * @return a {@link Set} of padding algorithm names (Strings). */ public static final Set getNames() { - HashSet hs = new HashSet(); - hs.add(PKCS5_PAD); - hs.add(PKCS7_PAD); - hs.add(TBC_PAD); - hs.add(EME_PKCS1_V1_5_PAD); - hs.add(SSL3_PAD); - hs.add(TLS1_PAD); - - return Collections.unmodifiableSet(hs); + if (names == null) + { + HashSet hs = new HashSet(); + hs.add(PKCS5_PAD); + hs.add(PKCS7_PAD); + hs.add(TBC_PAD); + hs.add(EME_PKCS1_V1_5_PAD); + hs.add(SSL3_PAD); + hs.add(TLS1_PAD); + hs.add(ISO10126_PAD); + names = Collections.unmodifiableSet(hs); + } + return names; } - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/pad/SSL3.java b/libjava/classpath/gnu/javax/crypto/pad/SSL3.java index 25aeefa13d0..78964d6193a 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/SSL3.java +++ b/libjava/classpath/gnu/javax/crypto/pad/SSL3.java @@ -39,39 +39,31 @@ exception statement from your version. */ package gnu.javax.crypto.pad; /** - * The padding scheme used by the Secure Sockets Layer, version 3. This - * padding scheme is used in the block-ciphered struct, e.g.: - * + * The padding scheme used by the Secure Sockets Layer, version 3. This padding + * scheme is used in the block-ciphered struct, e.g.: * <pre> - * block-ciphered struct { - * opaque content[SSLCompressed.length]; - * opaque MAC[CipherSpec.hash_size]; - * uint8 padding[GenericBlockCipher.padding_length]; - * uint8 padding_length; - * } GenericBlockCipher; + * block-ciphered struct { + * opaque content[SSLCompressed.length]; + * opaque MAC[CipherSpec.hash_size]; + * uint8 padding[GenericBlockCipher.padding_length]; + * uint8 padding_length; + * } GenericBlockCipher; * </pre> - * - * <p>Where <i>padding_length</i> is <i>cipher_block_size</i> - - * ((<i>SSLCompressed.length</i> + <i>CipherSpec.hash_size</i>) - * % <i>cipher_block_size</i>) - 1. That is, the padding is enough bytes - * to make the plaintext a multiple of the block size minus one, plus one - * additional byte for the padding length. The padding can be any arbitrary - * data.</p> + * <p> + * Where <i>padding_length</i> is <i>cipher_block_size</i> - + * ((<i>SSLCompressed.length</i> + <i>CipherSpec.hash_size</i>) % + * <i>cipher_block_size</i>) - 1. That is, the padding is enough bytes to make + * the plaintext a multiple of the block size minus one, plus one additional + * byte for the padding length. The padding can be any arbitrary data. */ -public class SSL3 extends BasePad +public class SSL3 + extends BasePad { - - // Constructors. - // ------------------------------------------------------------------------- - public SSL3() { super("ssl3"); } - // Instance methods. - // ------------------------------------------------------------------------- - public void setup() { if (blockSize <= 0 || blockSize > 255) @@ -83,7 +75,7 @@ public class SSL3 extends BasePad int padlen = blockSize - (len % blockSize); byte[] pad = new byte[padlen]; for (int i = 0; i < padlen; i++) - pad[i] = (byte) (padlen - 1); + pad[i] = (byte)(padlen - 1); return pad; } @@ -95,4 +87,4 @@ public class SSL3 extends BasePad throw new WrongPaddingException(); return padlen + 1; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/TBC.java b/libjava/classpath/gnu/javax/crypto/pad/TBC.java index 25c3e4286bc..e5ff4b5dcb6 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/TBC.java +++ b/libjava/classpath/gnu/javax/crypto/pad/TBC.java @@ -38,95 +38,63 @@ exception statement from your version. */ package gnu.javax.crypto.pad; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.Util; -import java.io.PrintWriter; +import java.util.logging.Logger; /** - * <p>The implementation of the Trailing Bit Complement (TBC) padding algorithm.</p> - * - * <p>In this mode, "...the data string is padded at the trailing end with the + * The implementation of the Trailing Bit Complement (TBC) padding algorithm. + * <p> + * In this mode, "...the data string is padded at the trailing end with the * complement of the trailing bit of the unpadded message: if the trailing bit - * is <tt>1</tt>, then <tt>0</tt> bits are appended, and if the trailing bit is - * <tt>0</tt>, then <tt>1</tt> bits are appended. As few bits are added as are - * necessary to meet the formatting size requirement."</p> - * - * References:<br> - * <a href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> - * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, - * Morris Dworkin.<p> + * is <tt>1</tt>, then <tt>0</tt> bits are appended, and if the trailing + * bit is <tt>0</tt>, then <tt>1</tt> bits are appended. As few bits are + * added as are necessary to meet the formatting size requirement." + * <p> + * References: + * <ol> + * <li><a + * href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> + * Recommendation for Block Cipher Modes of Operation Methods and + * Techniques</a>, Morris Dworkin.</li> + * </ol> */ -public final class TBC extends BasePad +public final class TBC + extends BasePad { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "tbc"; - - private static final boolean DEBUG = false; - - private static final int debuglevel = 9; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- + private static final Logger log = Logger.getLogger(TBC.class.getName()); /** - * Trivial package-private constructor for use by the <i>Factory</i> class.<p> - * - * @see gnu.crypto.pad.PadFactory + * Trivial package-private constructor for use by the <i>Factory</i> class. + * + * @see PadFactory */ TBC() { super(Registry.TBC_PAD); } - // Class methods - // ------------------------------------------------------------------------- - - // Implementation of abstract methods in BasePad - // ------------------------------------------------------------------------- - public void setup() { if (blockSize < 1 || blockSize > 256) - { - throw new IllegalArgumentException(); - } + throw new IllegalArgumentException(); } public byte[] pad(byte[] in, int offset, int length) { int padLength = blockSize; if (length % blockSize != 0) - { - padLength = blockSize - length % blockSize; - } + padLength = blockSize - length % blockSize; byte[] result = new byte[padLength]; int lastBit = in[offset + length - 1] & 0x01; if (lastBit == 0) - { - for (int i = 0; i < padLength;) - { - result[i++] = 0x01; - } - } // else it's already set to zeroes by virtue of initialisation - - if (DEBUG && debuglevel > 8) - { - debug("padding: 0x" + Util.toString(result)); - } + for (int i = 0; i < padLength;) + result[i++] = 0x01; + // else it's already set to zeroes by virtue of initialisation + if (Configuration.DEBUG) + log.fine("padding: 0x" + Util.toString(result)); return result; } @@ -141,16 +109,10 @@ public final class TBC extends BasePad result++; limit--; } - if (result > length) - { - throw new WrongPaddingException(); - } - - if (DEBUG && debuglevel > 8) - { - debug("padding length: " + String.valueOf(result)); - } + throw new WrongPaddingException(); + if (Configuration.DEBUG) + log.fine("padding length: " + result); return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/TLS1.java b/libjava/classpath/gnu/javax/crypto/pad/TLS1.java index 00a538f882a..1d690dd599c 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/TLS1.java +++ b/libjava/classpath/gnu/javax/crypto/pad/TLS1.java @@ -38,42 +38,32 @@ exception statement from your version. */ package gnu.javax.crypto.pad; -import gnu.java.security.util.Util; - /** - * The padding scheme used by the Transport Layer Security protocol, - * version 1. This padding scheme is used in the block-ciphered struct, - * e.g.: - * + * The padding scheme used by the Transport Layer Security protocol, version 1. + * This padding scheme is used in the block-ciphered struct, e.g.: * <pre> - * block-ciphered struct { - * opaque content[TLSCompressed.length]; - * opaque MAC[CipherSpec.hash_size]; - * uint8 padding[GenericBlockCipher.padding_length]; - * uint8 padding_length; - * } GenericBlockCipher; + * block-ciphered struct { + * opaque content[TLSCompressed.length]; + * opaque MAC[CipherSpec.hash_size]; + * uint8 padding[GenericBlockCipher.padding_length]; + * uint8 padding_length; + * } GenericBlockCipher; * </pre> - * - * <p>Where <i>padding_length</i> is any multiple of <i>cipher_block_size</i> - - * ((<i>SSLCompressed.length</i> + <i>CipherSpec.hash_size</i>) - * % <i>cipher_block_size</i>) - 1 that is less than 255. Every byte of the + * <p> + * Where <i>padding_length</i> is any multiple of <i>cipher_block_size</i> - + * ((<i>SSLCompressed.length</i> + <i>CipherSpec.hash_size</i>) % + * <i>cipher_block_size</i>) - 1 that is less than 255. Every byte of the * padding must be equal to <i>padding_length</i>. That is, the end of the - * plaintext is <i>n</i> + 1 copies of the unsigned byte <i>n</i>.</p> + * plaintext is <i>n</i> + 1 copies of the unsigned byte <i>n</i>. */ -public class TLS1 extends BasePad +public class TLS1 + extends BasePad { - - // Constructors. - // ------------------------------------------------------------------------- - public TLS1() { super("tls1"); } - // Instance methods. - // ------------------------------------------------------------------------- - public void setup() { if (blockSize <= 0 || blockSize > 255) @@ -85,9 +75,7 @@ public class TLS1 extends BasePad int padlen = blockSize - (len % blockSize); byte[] pad = new byte[padlen]; for (int i = 0; i < padlen; i++) - { - pad[i] = (byte) (padlen - 1); - } + pad[i] = (byte)(padlen - 1); return pad; } @@ -96,10 +84,8 @@ public class TLS1 extends BasePad { int padlen = in[off + len - 1] & 0xFF; for (int i = off + (len - padlen - 1); i < off + len - 1; i++) - { - if ((in[i] & 0xFF) != padlen) - throw new WrongPaddingException(); - } + if ((in[i] & 0xFF) != padlen) + throw new WrongPaddingException(); return padlen + 1; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/pad/WrongPaddingException.java b/libjava/classpath/gnu/javax/crypto/pad/WrongPaddingException.java index e477cf303c7..090d021ebfd 100644 --- a/libjava/classpath/gnu/javax/crypto/pad/WrongPaddingException.java +++ b/libjava/classpath/gnu/javax/crypto/pad/WrongPaddingException.java @@ -39,23 +39,10 @@ exception statement from your version. */ package gnu.javax.crypto.pad; /** - * <p>A checked exception that indicates that a padding algorithm did not find the - * expected padding bytes when unpadding some data.</p> + * A checked exception that indicates that a padding algorithm did not find the + * expected padding bytes when unpadding some data. */ -public class WrongPaddingException extends Exception +public class WrongPaddingException + extends Exception { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - - // implicit 0-arguments constructor - - // Class methods - // ------------------------------------------------------------------------- - - // Instant methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/prng/ARCFour.java b/libjava/classpath/gnu/javax/crypto/prng/ARCFour.java index 22316ec8b9b..b7265294268 100644 --- a/libjava/classpath/gnu/javax/crypto/prng/ARCFour.java +++ b/libjava/classpath/gnu/javax/crypto/prng/ARCFour.java @@ -45,88 +45,65 @@ import gnu.java.security.prng.LimitReachedException; import java.util.Map; /** - * RC4 is a stream cipher developed by Ron Rivest. Until 1994 RC4 was a - * trade secret of RSA Data Security, Inc., when it was released - * anonymously to a mailing list. This version is a descendent of that - * code, and since there is no proof that the leaked version was in fact - * RC4 and because "RC4" is a trademark, it is called "ARCFOUR", short for - * "Allegedly RC4". - * - * <p>This class only implements the <i>keystream</i> of ARCFOUR. To use - * this as a stream cipher, one would say:</p> - * - * <pre> out = in ^ arcfour.nextByte();</pre> - * - * <p>This operation works for encryption and decryption.</p> - * - * <p>References:</p> - * + * RC4 is a stream cipher developed by Ron Rivest. Until 1994 RC4 was a trade + * secret of RSA Data Security, Inc., when it was released anonymously to a + * mailing list. This version is a descendent of that code, and since there is + * no proof that the leaked version was in fact RC4 and because "RC4" is a + * trademark, it is called "ARCFOUR", short for "Allegedly RC4". + * <p> + * This class only implements the <i>keystream</i> of ARCFOUR. To use this as a + * stream cipher, one would say: + * <pre> + * out = in ˆ arcfour.nextByte(); + * </pre> + * <p> + * This operation works for encryption and decryption. + * <p> + * References: * <ol> - * <li>Schneier, Bruce: <i>Applied Cryptography: Protocols, Algorithms, - * and Source Code in C, Second Edition.</i> (1996 John Wiley and Sons), - * pp. 397--398. ISBN 0-471-11709-9</li> + * <li>Schneier, Bruce: <i>Applied Cryptography: Protocols, Algorithms, and + * Source Code in C, Second Edition.</i> (1996 John Wiley and Sons), pp. + * 397--398. ISBN 0-471-11709-9</li> * <li>K. Kaukonen and R. Thayer, "A Stream Cipher Encryption Algorithm * 'Arcfour'", Internet Draft (expired), <a * href="http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt">draft-kaukonen-cipher-arcfour-03.txt</a></li> * </ol> */ -public class ARCFour extends BasePRNG implements Cloneable +public class ARCFour + extends BasePRNG + implements Cloneable { - - // Constants and variables. - // ----------------------------------------------------------------------- - /** The attributes property name for the key bytes. */ public static final String ARCFOUR_KEY_MATERIAL = "gnu.crypto.prng.arcfour.key-material"; - /** The size of the internal S-box. */ public static final int ARCFOUR_SBOX_SIZE = 256; - /** The S-box. */ private byte[] s; - private byte m, n; - // Constructors. - // ----------------------------------------------------------------------- - /** Default 0-arguments constructor. */ public ARCFour() { super(Registry.ARCFOUR_PRNG); } - // Methods implementing BasePRNG. - // ----------------------------------------------------------------------- - public void setup(Map attributes) { byte[] kb = (byte[]) attributes.get(ARCFOUR_KEY_MATERIAL); - if (kb == null) - { - throw new IllegalArgumentException("ARCFOUR needs a key"); - } - + throw new IllegalArgumentException("ARCFOUR needs a key"); s = new byte[ARCFOUR_SBOX_SIZE]; m = n = 0; byte[] k = new byte[ARCFOUR_SBOX_SIZE]; - for (int i = 0; i < ARCFOUR_SBOX_SIZE; i++) - { - s[i] = (byte) i; - } - + s[i] = (byte) i; if (kb.length > 0) - { - for (int i = 0, j = 0; i < ARCFOUR_SBOX_SIZE; i++) - { - k[i] = kb[j++]; - if (j >= kb.length) - j = 0; - } - } - + for (int i = 0, j = 0; i < ARCFOUR_SBOX_SIZE; i++) + { + k[i] = kb[j++]; + if (j >= kb.length) + j = 0; + } for (int i = 0, j = 0; i < ARCFOUR_SBOX_SIZE; i++) { j = j + s[i] + k[i]; @@ -134,7 +111,6 @@ public class ARCFour extends BasePRNG implements Cloneable s[i] = s[j & 0xff]; s[j & 0xff] = temp; } - buffer = new byte[ARCFOUR_SBOX_SIZE]; try { @@ -150,12 +126,12 @@ public class ARCFour extends BasePRNG implements Cloneable for (int i = 0; i < buffer.length; i++) { m++; - n = (byte) (n + s[m & 0xff]); + n = (byte)(n + s[m & 0xff]); byte temp = s[m & 0xff]; s[m & 0xff] = s[n & 0xff]; s[n & 0xff] = temp; - temp = (byte) (s[m & 0xff] + s[n & 0xff]); + temp = (byte)(s[m & 0xff] + s[n & 0xff]); buffer[i] = s[temp & 0xff]; } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/prng/CSPRNG.java b/libjava/classpath/gnu/javax/crypto/prng/CSPRNG.java index 6585dcb907a..2cf75a96644 100644 --- a/libjava/classpath/gnu/javax/crypto/prng/CSPRNG.java +++ b/libjava/classpath/gnu/javax/crypto/prng/CSPRNG.java @@ -38,6 +38,7 @@ exception statement from your version. */ package gnu.javax.crypto.prng; +import gnu.java.security.Configuration; import gnu.java.security.Properties; import gnu.java.security.Registry; import gnu.java.security.hash.HashFactory; @@ -48,7 +49,6 @@ import gnu.java.security.prng.IRandom; import gnu.java.security.prng.LimitReachedException; import gnu.java.security.util.SimpleList; import gnu.java.security.util.Util; - import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; @@ -56,15 +56,11 @@ import java.io.ByteArrayOutputStream; import java.io.FileInputStream; import java.io.InputStream; import java.io.PrintStream; - import java.net.MalformedURLException; import java.net.URL; - import java.security.AccessController; import java.security.InvalidKeyException; import java.security.PrivilegedAction; - -import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -73,115 +69,85 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.StringTokenizer; +import java.util.logging.Level; +import java.util.logging.Logger; /** - * <p>An entropy pool-based pseudo-random number generator based on the PRNG - * in Peter Gutmann's cryptlib (<a - * href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">http://www.cs.auckland.ac.nz/~pgut001/cryptlib/</a>).</p> - * - * <p>The basic properties of this generator are:</p> - * + * An entropy pool-based pseudo-random number generator based on the PRNG in + * Peter Gutmann's cryptlib (<a + * href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">http://www.cs.auckland.ac.nz/~pgut001/cryptlib/</a>). + * <p> + * The basic properties of this generator are: * <ol> * <li>The internal state cannot be determined by knowledge of the input.</li> * <li>It is resistant to bias introduced by specific inputs.</li> * <li>The output does not reveal the state of the generator.</li> * </ol> */ -public class CSPRNG extends BasePRNG +public class CSPRNG + extends BasePRNG { - - // Constants and fields. - // ------------------------------------------------------------------------- - - private static final boolean DEBUG = false; - - private static void debug(String msg) - { - System.err.print(">>> CSPRNG: "); - System.err.println(msg); - } - + private static final Logger log = Logger.getLogger(CSPRNG.class.getName()); /** - * Property name for the list of files to read for random values. The - * mapped value is a list with the following values: - * + * Property name for the list of files to read for random values. The mapped + * value is a list with the following values: * <ol> * <li>A {@link Double}, indicating the suggested <i>quality</i> of this * source. This value must be between 0 and 100.</li> - * <li>An {@link Integer}, indicating the number of bytes to skip in the file - * before reading bytes. This can be any nonnegative value.</li> + * <li>An {@link Integer}, indicating the number of bytes to skip in the + * file before reading bytes. This can be any nonnegative value.</li> * <li>An {@link Integer}, indicating the number of bytes to read.</li> * <li>A {@link String}, indicating the path to the file.</li> * </ol> - * - * @see gnu.crypto.util.SimpleList + * + * @see gnu.java.security.util.SimpleList */ public static final String FILE_SOURCES = "gnu.crypto.prng.pool.files"; - /** - * Property name for the list of URLs to poll for random values. The - * mapped value is a list formatted similarly as in {@link #FILE_SOURCES}, - * but the fourth member is a {@link URL}. + * Property name for the list of URLs to poll for random values. The mapped + * value is a list formatted similarly as in {@link #FILE_SOURCES}, but the + * fourth member is a {@link URL}. */ public static final String URL_SOURCES = "gnu.crypto.prng.pool.urls"; - /** - * Property name for the list of programs to execute, and use the output - * as new random bytes. The mapped property is formatted similarly an in - * {@link #FILE_SOURCES} and {@link #URL_SOURCES}, except the fourth - * member is a {@link String} of the program to execute. + * Property name for the list of programs to execute, and use the output as + * new random bytes. The mapped property is formatted similarly an in + * {@link #FILE_SOURCES} and {@link #URL_SOURCES}, except the fourth member + * is a {@link String} of the program to execute. */ public static final String PROGRAM_SOURCES = "gnu.crypto.prng.pool.programs"; - /** - * Property name for a list of other sources of entropy. The mapped - * value must be a list of {@link EntropySource} objects. + * Property name for a list of other sources of entropy. The mapped value must + * be a list of {@link EntropySource} objects. */ public static final String OTHER_SOURCES = "gnu.crypto.prng.pool.other"; - /** - * Property name for whether or not to wait for the slow poll to - * complete, passed as a {@link Boolean}. The default value is true. + * Property name for whether or not to wait for the slow poll to complete, + * passed as a {@link Boolean}. The default value is true. */ public static final String BLOCKING = "gnu.crypto.prng.pool.blocking"; - private static final String FILES = "gnu.crypto.csprng.file."; - private static final String URLS = "gnu.crypto.csprng.url."; - private static final String PROGS = "gnu.crypto.csprng.program."; - private static final String OTHER = "gnu.crypto.csprng.other."; - private static final String BLOCK = "gnu.crypto.csprng.blocking"; - private static final int POOL_SIZE = 256; - private static final int ALLOC_SIZE = 260; - private static final int OUTPUT_SIZE = POOL_SIZE / 2; - private static final int X917_POOL_SIZE = 16; - private static final String HASH_FUNCTION = Registry.SHA160_HASH; - private static final String CIPHER = Registry.AES_CIPHER; - private static final int MIX_COUNT = 10; - private static final int X917_LIFETIME = 8192; - // FIXME this should be configurable. private static final int SPINNER_COUNT = 8; - /** * The spinner group singleton. We use this to add a small amount of - * randomness (in addition to the current time and the amount of - * free memory) based on the randomness (if any) present due to - * system load and thread scheduling. + * randomness (in addition to the current time and the amount of free memory) + * based on the randomness (if any) present due to system load and thread + * scheduling. */ private static final Spinner[] SPINNERS = new Spinner[SPINNER_COUNT]; - private static final Thread[] SPINNER_THREADS = new Thread[SPINNER_COUNT]; static { @@ -194,87 +160,38 @@ public class CSPRNG extends BasePRNG SPINNER_THREADS[i].start(); } } - - /** - * The message digest (SHA-1) used in the mixing function. - */ + /** The message digest (SHA-1) used in the mixing function. */ private final IMessageDigest hash; - - /** - * The cipher (AES) used in the output masking function. - */ + /** The cipher (AES) used in the output masking function. */ private final IBlockCipher cipher; - - /** - * The number of times the pool has been mixed. - */ + /** The number of times the pool has been mixed. */ private int mixCount; - - /** - * The entropy pool. - */ + /** The entropy pool. */ private final byte[] pool; - - /** - * The quality of the random pool (percentage). - */ + /** The quality of the random pool (percentage). */ private double quality; - - /** - * The index of the next byte in the entropy pool. - */ + /** The index of the next byte in the entropy pool. */ private int index; - - /** - * The pool for the X9.17-like generator. - */ + /** The pool for the X9.17-like generator. */ private byte[] x917pool; - - /** - * The number of iterations of the X9.17-like generators. - */ + /** The number of iterations of the X9.17-like generators. */ private int x917count; - - /** - * Whether or not the X9.17-like generator is initialized. - */ + /** Whether or not the X9.17-like generator is initialized. */ private boolean x917init; - - /** - * The list of file soures. - */ + /** The list of file soures. */ private final List files; - - /** - * The list of URL sources. - */ + /** The list of URL sources. */ private final List urls; - - /** - * The list of program sources. - */ + /** The list of program sources. */ private final List progs; - - /** - * The list of other sources. - */ + /** The list of other sources. */ private final List other; - - /** - * Whether or not to wait for the slow poll to complete. - */ + /** Whether or not to wait for the slow poll to complete. */ private boolean blocking; - - /** - * The thread that polls for random data. - */ + /** The thread that polls for random data. */ private Poller poller; - private Thread pollerThread; - // Constructor. - // ------------------------------------------------------------------------- - public CSPRNG() { super("CSPRNG"); @@ -294,69 +211,75 @@ public class CSPRNG extends BasePRNG other = new LinkedList(); } - // Class methods. - // ------------------------------------------------------------------------- - /** - * <p>Create and initialize a CSPRNG instance with the "system" parameters; - * the files, URLs, programs, and {@link EntropySource} sources used by - * the instance are derived from properties set in the system {@link - * Properties}.</p> - * - * <p>All properties are of the from <i>name</i>.</i>N</i>, where <i>name</i> + * Create and initialize a CSPRNG instance with the "system" parameters; the + * files, URLs, programs, and {@link EntropySource} sources used by the + * instance are derived from properties set in the system {@link Properties}. + * <p> + * All properties are of the from <i>name</i>.</i>N</i>, where <i>name</i> * is the name of the source, and <i>N</i> is an integer (staring at 1) that - * indicates the preference number for that source.</p> - * - * <p>The following vales for <i>name</i> are used here:</p> - * + * indicates the preference number for that source. + * <p> + * The following vales for <i>name</i> are used here: * <dl> * <dt>gnu.crypto.csprng.file</dt> - * <dd><p>These properties are file sources, passed as the {@link #FILE_SOURCES} - * parameter of the instance. The property value is a 4-tuple formatted as:</p> - * + * <dd> + * <p> + * These properties are file sources, passed as the {@link #FILE_SOURCES} + * parameter of the instance. The property value is a 4-tuple formatted as: + * </p> * <blockquote><i>quality</i> ; <i>offset</i> ; <i>count</i> ; <i>path</i></blockquote> - * - * <p>The parameters are mapped to the parameters defined for {@link - * #FILE_SOURCES}. Leading or trailing spaces on any item are trimmed - * off.</p></dd> - * + * <p> + * The parameters are mapped to the parameters defined for {@link + * #FILE_SOURCES}. Leading or trailing spaces on any item are trimmed off. + * </p> + * </dd> * <dt>gnu.crypto.csprng.url</dt> - * <dd><p>These properties are URL sources, passed as the {@link #URL_SOURCES} + * <dd> + * <p> + * These properties are URL sources, passed as the {@link #URL_SOURCES} * parameter of the instance. The property is formatted the same way as file - * sources, but the <i>path</i> argument must be a valid URL.</p></dd> - * + * sources, but the <i>path</i> argument must be a valid URL. + * </p> + * </dd> * <dt>gnu.crypto.csprng.program</dt> - * <dd><p>These properties are program sources, passed as the {@link - * #PROGRAM_SOURCES} parameter of the instance. This property is formatted - * the same way as file and URL sources, but the last argument is a program - * and its arguments.</p></dd> - * + * <dd> + * <p> + * These properties are program sources, passed as the {@link + * #PROGRAM_SOURCES} parameter of the instance. This property is formatted the + * same way as file and URL sources, but the last argument is a program and + * its arguments. + * </p> + * </dd> * <dt>gnu.crypto.cspring.other</dt> - * <dd><p>These properties are other sources, passed as the {@link OTHER_SOURCES} - * parameter of the instance. The property value must be the full name - * of a class that implements the {@link EntropySource} interface and has a - * public no-argument constructor.</p></dd> + * <dd> + * <p> + * These properties are other sources, passed as the {@link #OTHER_SOURCES} + * parameter of the instance. The property value must be the full name of a + * class that implements the {@link EntropySource} interface and has a public + * no-argument constructor. + * </p> + * </dd> * </dl> - * - * <p>Finally, a boolean property "gnu.crypto.csprng.blocking" can be set to - * the desired value of {@link #BLOCKING}.</p> - * - * <p>An example of valid properties would be:</p> - * + * <p> + * Finally, a boolean property "gnu.crypto.csprng.blocking" can be set to the + * desired value of {@link #BLOCKING}. + * <p> + * An example of valid properties would be: * <pre> - * gnu.crypto.csprng.blocking=true - * - * gnu.crypto.csprng.file.1=75.0;0;256;/dev/random - * gnu.crypto.csprng.file.2=10.0;0;100;/home/user/file - * - * gnu.crypto.csprng.url.1=5.0;0;256;http://www.random.org/cgi-bin/randbyte?nbytes=256 - * gnu.crypto.csprng.url.2=0;256;256;http://slashdot.org/ - * - * gnu.crypto.csprng.program.1=0.5;0;10;last -n 50 - * gnu.crypto.csprng.program.2=0.5;0;10;tcpdump -c 5 - * - * gnu.crypto.csprng.other.1=foo.bar.MyEntropySource - * gnu.crypto.csprng.other.2=com.company.OtherEntropySource + * gnu.crypto.csprng.blocking=true + * + * gnu.crypto.csprng.file.1=75.0;0;256;/dev/random + * gnu.crypto.csprng.file.2=10.0;0;100;/home/user/file + * + * gnu.crypto.csprng.url.1=5.0;0;256;http://www.random.org/cgi-bin/randbyte?nbytes=256 + * gnu.crypto.csprng.url.2=0;256;256;http://slashdot.org/ + * + * gnu.crypto.csprng.program.1=0.5;0;10;last -n 50 + * gnu.crypto.csprng.program.2=0.5;0;10;tcpdump -c 5 + * + * gnu.crypto.csprng.other.1=foo.bar.MyEntropySource + * gnu.crypto.csprng.other.2=com.company.OtherEntropySource * </pre> */ public static IRandom getSystemInstance() throws ClassNotFoundException, @@ -366,70 +289,57 @@ public class CSPRNG extends BasePRNG HashMap attrib = new HashMap(); attrib.put(BLOCKING, Boolean.valueOf(getProperty(BLOCK))); String s = null; - // Get each file source "gnu.crypto.csprng.file.N". List l = new LinkedList(); for (int i = 0; (s = getProperty(FILES + i)) != null; i++) - { - try - { - l.add(parseString(s.trim())); - } - catch (NumberFormatException nfe) - { - } - } + try + { + l.add(parseString(s.trim())); + } + catch (NumberFormatException nfe) + { + } attrib.put(FILE_SOURCES, l); - l = new LinkedList(); for (int i = 0; (s = getProperty(URLS + i)) != null; i++) - { - try - { - l.add(parseURL(s.trim())); - } - catch (NumberFormatException nfe) - { - } - catch (MalformedURLException mue) - { - } - } + try + { + l.add(parseURL(s.trim())); + } + catch (NumberFormatException nfe) + { + } + catch (MalformedURLException mue) + { + } attrib.put(URL_SOURCES, l); - l = new LinkedList(); for (int i = 0; (s = getProperty(PROGS + i)) != null; i++) - { - try - { - l.add(parseString(s.trim())); - } - catch (NumberFormatException nfe) - { - } - } + try + { + l.add(parseString(s.trim())); + } + catch (NumberFormatException nfe) + { + } attrib.put(PROGRAM_SOURCES, l); - l = new LinkedList(); for (int i = 0; (s = getProperty(OTHER + i)) != null; i++) - { - try - { - Class c = Class.forName(s.trim()); - l.add(c.newInstance()); - } - catch (ClassNotFoundException cnfe) - { - } - catch (InstantiationException ie) - { - } - catch (IllegalAccessException iae) - { - } - } + try + { + Class c = Class.forName(s.trim()); + l.add(c.newInstance()); + } + catch (ClassNotFoundException cnfe) + { + } + catch (InstantiationException ie) + { + } + catch (IllegalAccessException iae) + { + } attrib.put(OTHER_SOURCES, l); - instance.init(attrib); return instance; } @@ -449,9 +359,7 @@ public class CSPRNG extends BasePRNG { StringTokenizer tok = new StringTokenizer(s, ";"); if (tok.countTokens() != 4) - { - throw new IllegalArgumentException("malformed property"); - } + throw new IllegalArgumentException("malformed property"); Double quality = new Double(tok.nextToken()); Integer offset = new Integer(tok.nextToken()); Integer length = new Integer(tok.nextToken()); @@ -464,9 +372,7 @@ public class CSPRNG extends BasePRNG { StringTokenizer tok = new StringTokenizer(s, ";"); if (tok.countTokens() != 4) - { - throw new IllegalArgumentException("malformed property"); - } + throw new IllegalArgumentException("malformed property"); Double quality = new Double(tok.nextToken()); Integer offset = new Integer(tok.nextToken()); Integer length = new Integer(tok.nextToken()); @@ -474,9 +380,6 @@ public class CSPRNG extends BasePRNG return new SimpleList(quality, offset, length, url); } - // Instance methods. - // ------------------------------------------------------------------------- - public Object clone() { return new CSPRNG(); @@ -485,34 +388,25 @@ public class CSPRNG extends BasePRNG public void setup(Map attrib) { List list = null; - - if (DEBUG) - { - debug(String.valueOf(attrib)); - } + if (Configuration.DEBUG) + log.fine("attrib=" + String.valueOf(attrib)); try { list = (List) attrib.get(FILE_SOURCES); - if (DEBUG) - { - debug(String.valueOf(list)); - } + if (Configuration.DEBUG) + log.fine("list=" + String.valueOf(list)); if (list != null) { files.clear(); for (Iterator it = list.iterator(); it.hasNext();) { List l = (List) it.next(); - if (DEBUG) - { - debug("l=" + l); - } + if (Configuration.DEBUG) + log.fine("l=" + l); if (l.size() != 4) { - if (DEBUG) - { - debug("file list too small: " + l.size()); - } + if (Configuration.DEBUG) + log.fine("file list too small: " + l.size()); throw new IllegalArgumentException("invalid file list"); } Double quality = (Double) l.get(0); @@ -525,37 +419,27 @@ public class CSPRNG extends BasePRNG } catch (ClassCastException cce) { - if (DEBUG) - { - debug("bad file list: " + cce.getMessage()); - cce.printStackTrace(); - } + if (Configuration.DEBUG) + log.log(Level.FINE, "bad file list", cce); throw new IllegalArgumentException("invalid file list"); } - try { list = (List) attrib.get(URL_SOURCES); - if (DEBUG) - { - debug(String.valueOf(list)); - } + if (Configuration.DEBUG) + log.fine("list=" + String.valueOf(list)); if (list != null) { urls.clear(); for (Iterator it = list.iterator(); it.hasNext();) { List l = (List) it.next(); - if (DEBUG) - { - debug("l=" + l); - } + if (Configuration.DEBUG) + log.fine("l=" + l); if (l.size() != 4) { - if (DEBUG) - { - debug("URL list too small: " + l.size()); - } + if (Configuration.DEBUG) + log.fine("URL list too small: " + l.size()); throw new IllegalArgumentException("invalid URL list"); } Double quality = (Double) l.get(0); @@ -568,37 +452,27 @@ public class CSPRNG extends BasePRNG } catch (ClassCastException cce) { - if (DEBUG) - { - debug("bad URL list: " + cce.getMessage()); - cce.printStackTrace(); - } + if (Configuration.DEBUG) + log.log(Level.FINE, "bad URL list", cce); throw new IllegalArgumentException("invalid URL list"); } - try { list = (List) attrib.get(PROGRAM_SOURCES); - if (DEBUG) - { - debug(String.valueOf(list)); - } + if (Configuration.DEBUG) + log.fine("list=" + String.valueOf(list)); if (list != null) { progs.clear(); for (Iterator it = list.iterator(); it.hasNext();) { List l = (List) it.next(); - if (DEBUG) - { - debug("l=" + l); - } + if (Configuration.DEBUG) + log.fine("l=" + l); if (l.size() != 4) { - if (DEBUG) - { - debug("program list too small: " + l.size()); - } + if (Configuration.DEBUG) + log.fine("program list too small: " + l.size()); throw new IllegalArgumentException("invalid program list"); } Double quality = (Double) l.get(0); @@ -611,35 +485,25 @@ public class CSPRNG extends BasePRNG } catch (ClassCastException cce) { - if (DEBUG) - { - debug("bad program list: " + cce.getMessage()); - cce.printStackTrace(); - } + if (Configuration.DEBUG) + log.log(Level.FINE, "bad program list", cce); throw new IllegalArgumentException("invalid program list"); } - try { list = (List) attrib.get(OTHER_SOURCES); - if (DEBUG) - { - debug(String.valueOf(list)); - } + if (Configuration.DEBUG) + log.fine("list=" + String.valueOf(list)); if (list != null) { other.clear(); for (Iterator it = list.iterator(); it.hasNext();) { EntropySource src = (EntropySource) it.next(); - if (DEBUG) - { - debug("src=" + src); - } + if (Configuration.DEBUG) + log.fine("src=" + src); if (src == null) - { - throw new NullPointerException("null source in source list"); - } + throw new NullPointerException("null source in source list"); other.add(src); } } @@ -653,19 +517,14 @@ public class CSPRNG extends BasePRNG { Boolean block = (Boolean) attrib.get(BLOCKING); if (block != null) - { - blocking = block.booleanValue(); - } + blocking = block.booleanValue(); else - { - blocking = true; - } + blocking = true; } catch (ClassCastException cce) { throw new IllegalArgumentException("invalid blocking parameter"); } - poller = new Poller(files, urls, progs, other, this); try { @@ -679,27 +538,21 @@ public class CSPRNG extends BasePRNG public void fillBlock() throws LimitReachedException { - if (DEBUG) - { - debug("fillBlock"); - } + if (Configuration.DEBUG) + log.fine("fillBlock"); if (getQuality() < 100.0) { - if (DEBUG) - { - debug("doing slow poll"); - } + if (Configuration.DEBUG) + log.fine("doing slow poll"); slowPoll(); } - do { fastPoll(); mixRandomPool(); } while (mixCount < MIX_COUNT); - - if (!x917init || x917count >= X917_LIFETIME) + if (! x917init || x917count >= X917_LIFETIME) { mixRandomPool(pool); Map attr = new HashMap(); @@ -715,59 +568,45 @@ public class CSPRNG extends BasePRNG { throw new Error(ike.toString()); } - mixRandomPool(pool); generateX917(pool); mixRandomPool(pool); generateX917(pool); - if (x917init) - { - quality = 0.0; - } + quality = 0.0; x917init = true; x917count = 0; } - byte[] export = new byte[ALLOC_SIZE]; for (int i = 0; i < ALLOC_SIZE; i++) - { - export[i] = (byte) (pool[i] ^ 0xFF); - } - + export[i] = (byte)(pool[i] ^ 0xFF); mixRandomPool(); mixRandomPool(export); - generateX917(export); - for (int i = 0; i < OUTPUT_SIZE; i++) - { - buffer[i] = (byte) (export[i] ^ export[i + OUTPUT_SIZE]); - } + buffer[i] = (byte)(export[i] ^ export[i + OUTPUT_SIZE]); Arrays.fill(export, (byte) 0); } /** - * Add an array of bytes into the randomness pool. Note that this method - * will <i>not</i> increment the pool's quality counter (this can only be - * done via a source provided to the setup method). - * + * Add an array of bytes into the randomness pool. Note that this method will + * <i>not</i> increment the pool's quality counter (this can only be done via + * a source provided to the setup method). + * * @param buf The byte array. * @param off The offset from whence to start reading bytes. * @param len The number of bytes to add. * @throws ArrayIndexOutOfBoundsException If <i>off</i> or <i>len</i> are - * out of the range of <i>buf</i>. + * out of the range of <i>buf</i>. */ public synchronized void addRandomBytes(byte[] buf, int off, int len) { if (off < 0 || len < 0 || off + len > buf.length) + throw new ArrayIndexOutOfBoundsException(); + if (Configuration.DEBUG) { - throw new ArrayIndexOutOfBoundsException(); - } - if (DEBUG) - { - debug("adding random bytes:"); - debug(Util.toString(buf, off, len)); + log.fine("adding random bytes:"); + log.fine(Util.toString(buf, off, len)); } final int count = off + len; for (int i = off; i < count; i++) @@ -782,18 +621,16 @@ public class CSPRNG extends BasePRNG } /** - * Add a single random byte to the randomness pool. Note that this method - * will <i>not</i> increment the pool's quality counter (this can only be - * done via a source provided to the setup method). - * + * Add a single random byte to the randomness pool. Note that this method will + * <i>not</i> increment the pool's quality counter (this can only be done via + * a source provided to the setup method). + * * @param b The byte to add. */ public synchronized void addRandomByte(byte b) { - if (DEBUG) - { - debug("adding byte " + Integer.toHexString(b)); - } + if (Configuration.DEBUG) + log.fine("adding byte " + Integer.toHexString(b)); pool[index++] ^= b; if (index >= pool.length) { @@ -802,23 +639,14 @@ public class CSPRNG extends BasePRNG } } - // Package methods. - // ------------------------------------------------------------------------- - synchronized void addQuality(double quality) { - if (DEBUG) - { - debug("adding quality " + quality); - } + if (Configuration.DEBUG) + log.fine("adding quality " + quality); if (this.quality < 100) - { - this.quality += quality; - } - if (DEBUG) - { - debug("quality now " + this.quality); - } + this.quality += quality; + if (Configuration.DEBUG) + log.fine("quality now " + this.quality); } synchronized double getQuality() @@ -826,13 +654,10 @@ public class CSPRNG extends BasePRNG return quality; } - // Own methods. - // ------------------------------------------------------------------------- - /** - * The mix operation. This method will, for every 20-byte block in the - * random pool, hash that block, the previous 20 bytes, and the next - * 44 bytes with SHA-1, writing the result back into that block. + * The mix operation. This method will, for every 20-byte block in the random + * pool, hash that block, the previous 20 bytes, and the next 44 bytes with + * SHA-1, writing the result back into that block. */ private void mixRandomPool(byte[] buf) { @@ -841,25 +666,17 @@ public class CSPRNG extends BasePRNG { // First update the bytes [p-19..p-1]. if (i == 0) - { - hash.update(buf, buf.length - hashSize, hashSize); - } + hash.update(buf, buf.length - hashSize, hashSize); else - { - hash.update(buf, i - hashSize, hashSize); - } - + hash.update(buf, i - hashSize, hashSize); // Now the next 64 bytes. if (i + 64 < buf.length) - { - hash.update(buf, i, 64); - } + hash.update(buf, i, 64); else { hash.update(buf, i, buf.length - i); hash.update(buf, 0, 64 - (buf.length - i)); } - byte[] digest = hash.digest(); System.arraycopy(digest, 0, buf, i, hashSize); } @@ -878,28 +695,22 @@ public class CSPRNG extends BasePRNG { int copy = Math.min(buf.length - i, X917_POOL_SIZE); for (int j = 0; j < copy; j++) - { - x917pool[j] ^= pool[off + j]; - } - + x917pool[j] ^= pool[off + j]; cipher.encryptBlock(x917pool, 0, x917pool, 0); System.arraycopy(x917pool, 0, buf, off, copy); cipher.encryptBlock(x917pool, 0, x917pool, 0); - off += copy; x917count++; } } /** - * Add random data always immediately available into the random pool, such - * as the values of the eight asynchronous counters, the current time, the - * current memory usage, the calling thread name, and the current stack - * trace. - * - * <p>This method does not alter the quality counter, and is provided more - * to maintain randomness, not to seriously improve the current random - * state. + * Add random data always immediately available into the random pool, such as + * the values of the eight asynchronous counters, the current time, the + * current memory usage, the calling thread name, and the current stack trace. + * <p> + * This method does not alter the quality counter, and is provided more to + * maintain randomness, not to seriously improve the current random state. */ private void fastPoll() { @@ -909,14 +720,12 @@ public class CSPRNG extends BasePRNG addRandomByte(b); addRandomByte((byte) System.currentTimeMillis()); addRandomByte((byte) Runtime.getRuntime().freeMemory()); - String s = Thread.currentThread().getName(); if (s != null) { byte[] buf = s.getBytes(); addRandomBytes(buf, 0, buf.length); } - ByteArrayOutputStream bout = new ByteArrayOutputStream(1024); PrintStream pout = new PrintStream(bout); Throwable t = new Throwable(); @@ -928,12 +737,10 @@ public class CSPRNG extends BasePRNG private void slowPoll() throws LimitReachedException { - if (DEBUG) - { - debug("poller is alive? " - + (pollerThread == null ? false : pollerThread.isAlive())); - } - if (pollerThread == null || !pollerThread.isAlive()) + if (Configuration.DEBUG) + log.fine("poller is alive? " + + (pollerThread == null ? false : pollerThread.isAlive())); + if (pollerThread == null || ! pollerThread.isAlive()) { boolean interrupted = false; pollerThread = new Thread(poller); @@ -941,27 +748,21 @@ public class CSPRNG extends BasePRNG pollerThread.setPriority(Thread.NORM_PRIORITY - 1); pollerThread.start(); if (blocking) - { - try - { - pollerThread.join(); - } - catch (InterruptedException ie) - { - interrupted = true; - } - } - + try + { + pollerThread.join(); + } + catch (InterruptedException ie) + { + interrupted = true; + } // If the full slow poll has completed after we waited for it, // and there in insufficient randomness, throw an exception. - if (!interrupted && blocking && quality < 100.0) + if (! interrupted && blocking && quality < 100.0) { - if (DEBUG) - { - debug("insufficient quality: " + quality); - } - throw new LimitReachedException( - "insufficient randomness was polled"); + if (Configuration.DEBUG) + log.fine("insufficient quality: " + quality); + throw new LimitReachedException("insufficient randomness was polled"); } } } @@ -979,33 +780,21 @@ public class CSPRNG extends BasePRNG Arrays.fill(buffer, (byte) 0); } - // Inner classes. - // ------------------------------------------------------------------------- - /** - * A simple thread that constantly updates a byte counter. This class is - * used in a group of lowest-priority threads and the values of their - * counters (updated in competition with all other threads) is used as a - * source of entropy bits. + * A simple thread that constantly updates a byte counter. This class is used + * in a group of lowest-priority threads and the values of their counters + * (updated in competition with all other threads) is used as a source of + * entropy bits. */ - private static class Spinner implements Runnable + private static class Spinner + implements Runnable { - - // Field. - // ----------------------------------------------------------------------- - - private byte counter; - - // Constructor. - // ----------------------------------------------------------------------- + protected byte counter; private Spinner() { } - // Instance methods. - // ----------------------------------------------------------------------- - public void run() { while (true) @@ -1022,27 +811,16 @@ public class CSPRNG extends BasePRNG } } - private final class Poller implements Runnable + private final class Poller + implements Runnable { - - // Fields. - // ----------------------------------------------------------------------- - private final List files; - private final List urls; - private final List progs; - private final List other; - private final CSPRNG pool; - private boolean running; - // Constructor. - // ----------------------------------------------------------------------- - Poller(List files, List urls, List progs, List other, CSPRNG pool) { super(); @@ -1053,17 +831,14 @@ public class CSPRNG extends BasePRNG this.pool = pool; } - // Instance methods. - // ----------------------------------------------------------------------- - public void run() { running = true; - if (DEBUG) + if (Configuration.DEBUG) { - debug("files: " + files); - debug("URLs: " + urls); - debug("progs: " + progs); + log.fine("files: " + files); + log.fine("URLs: " + urls); + log.fine("progs: " + progs); } Iterator files_it = files.iterator(); Iterator urls_it = urls.iterator(); @@ -1073,190 +848,132 @@ public class CSPRNG extends BasePRNG while (files_it.hasNext() || urls_it.hasNext() || prog_it.hasNext() || other_it.hasNext()) { - // There is enough random data. Go away. - if (pool.getQuality() >= 100.0 || !running) - { - return; - } - + if (pool.getQuality() >= 100.0 || ! running) + return; if (files_it.hasNext()) - { - try - { - List l = (List) files_it.next(); - if (DEBUG) - { - debug(l.toString()); - } - double qual = ((Double) l.get(0)).doubleValue(); - int offset = ((Integer) l.get(1)).intValue(); - int count = ((Integer) l.get(2)).intValue(); - String src = (String) l.get(3); - InputStream in = new FileInputStream(src); - byte[] buf = new byte[count]; - if (offset > 0) - { - in.skip(offset); - } - int len = in.read(buf); - if (len >= 0) - { - pool.addRandomBytes(buf, 0, len); - pool.addQuality(qual * ((double) len / (double) count)); - } - if (DEBUG) - { - debug("got " + len + " bytes from " + src); - } - } - catch (Exception x) - { - if (DEBUG) - { - debug(x.toString()); - x.printStackTrace(); - } - } - } - - if (pool.getQuality() >= 100.0 || !running) - { - return; - } - + try + { + List l = (List) files_it.next(); + if (Configuration.DEBUG) + log.fine(l.toString()); + double qual = ((Double) l.get(0)).doubleValue(); + int offset = ((Integer) l.get(1)).intValue(); + int count = ((Integer) l.get(2)).intValue(); + String src = (String) l.get(3); + InputStream in = new FileInputStream(src); + byte[] buf = new byte[count]; + if (offset > 0) + in.skip(offset); + int len = in.read(buf); + if (len >= 0) + { + pool.addRandomBytes(buf, 0, len); + pool.addQuality(qual * ((double) len / (double) count)); + } + if (Configuration.DEBUG) + log.fine("got " + len + " bytes from " + src); + } + catch (Exception x) + { + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "run", x); + } + if (pool.getQuality() >= 100.0 || ! running) + return; if (urls_it.hasNext()) - { - try - { - List l = (List) urls_it.next(); - if (DEBUG) - { - debug(l.toString()); - } - double qual = ((Double) l.get(0)).doubleValue(); - int offset = ((Integer) l.get(1)).intValue(); - int count = ((Integer) l.get(2)).intValue(); - URL src = (URL) l.get(3); - InputStream in = src.openStream(); - byte[] buf = new byte[count]; - if (offset > 0) - { - in.skip(offset); - } - int len = in.read(buf); - if (len >= 0) - { - pool.addRandomBytes(buf, 0, len); - pool.addQuality(qual * ((double) len / (double) count)); - } - if (DEBUG) - { - debug("got " + len + " bytes from " + src); - } - } - catch (Exception x) - { - if (DEBUG) - { - debug(x.toString()); - x.printStackTrace(); - } - } - } - - if (pool.getQuality() >= 100.0 || !running) - { - return; - } - + try + { + List l = (List) urls_it.next(); + if (Configuration.DEBUG) + log.fine(l.toString()); + double qual = ((Double) l.get(0)).doubleValue(); + int offset = ((Integer) l.get(1)).intValue(); + int count = ((Integer) l.get(2)).intValue(); + URL src = (URL) l.get(3); + InputStream in = src.openStream(); + byte[] buf = new byte[count]; + if (offset > 0) + in.skip(offset); + int len = in.read(buf); + if (len >= 0) + { + pool.addRandomBytes(buf, 0, len); + pool.addQuality(qual * ((double) len / (double) count)); + } + if (Configuration.DEBUG) + log.fine("got " + len + " bytes from " + src); + } + catch (Exception x) + { + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "run", x); + } + if (pool.getQuality() >= 100.0 || ! running) + return; Process proc = null; if (prog_it.hasNext()) - { - try - { - List l = (List) prog_it.next(); - if (DEBUG) - { - debug(l.toString()); - } - double qual = ((Double) l.get(0)).doubleValue(); - int offset = ((Integer) l.get(1)).intValue(); - int count = ((Integer) l.get(2)).intValue(); - String src = (String) l.get(3); - proc = null; - proc = Runtime.getRuntime().exec(src); - InputStream in = proc.getInputStream(); - byte[] buf = new byte[count]; - if (offset > 0) - { - in.skip(offset); - } - int len = in.read(buf); - if (len >= 0) - { - pool.addRandomBytes(buf, 0, len); - pool.addQuality(qual * ((double) len / (double) count)); - } - proc.destroy(); - proc.waitFor(); - if (DEBUG) - { - debug("got " + len + " bytes from " + src); - } - } - catch (Exception x) - { - if (DEBUG) - { - debug(x.toString()); - x.printStackTrace(); - } - try - { - if (proc != null) - { - proc.destroy(); - proc.waitFor(); - } - } - catch (Exception ignored) - { - } - } - } - - if (pool.getQuality() >= 100.0 || !running) - { - return; - } - + try + { + List l = (List) prog_it.next(); + if (Configuration.DEBUG) + log.finer(l.toString()); + double qual = ((Double) l.get(0)).doubleValue(); + int offset = ((Integer) l.get(1)).intValue(); + int count = ((Integer) l.get(2)).intValue(); + String src = (String) l.get(3); + proc = null; + proc = Runtime.getRuntime().exec(src); + InputStream in = proc.getInputStream(); + byte[] buf = new byte[count]; + if (offset > 0) + in.skip(offset); + int len = in.read(buf); + if (len >= 0) + { + pool.addRandomBytes(buf, 0, len); + pool.addQuality(qual * ((double) len / (double) count)); + } + proc.destroy(); + proc.waitFor(); + if (Configuration.DEBUG) + log.fine("got " + len + " bytes from " + src); + } + catch (Exception x) + { + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "run", x); + try + { + if (proc != null) + { + proc.destroy(); + proc.waitFor(); + } + } + catch (Exception ignored) + { + } + } + if (pool.getQuality() >= 100.0 || ! running) + return; if (other_it.hasNext()) - { - try - { - EntropySource src = (EntropySource) other_it.next(); - byte[] buf = src.nextBytes(); - if (pool == null) - { - return; - } - pool.addRandomBytes(buf, 0, buf.length); - pool.addQuality(src.quality()); - if (DEBUG) - { - debug("got " + buf.length + " bytes from " + src); - } - } - catch (Exception x) - { - if (DEBUG) - { - debug(x.toString()); - x.printStackTrace(); - } - } - } + try + { + EntropySource src = (EntropySource) other_it.next(); + byte[] buf = src.nextBytes(); + if (pool == null) + return; + pool.addRandomBytes(buf, 0, buf.length); + pool.addQuality(src.quality()); + if (Configuration.DEBUG) + log.fine("got " + buf.length + " bytes from " + src); + } + catch (Exception x) + { + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "run", x); + } } } @@ -1265,4 +982,4 @@ public class CSPRNG extends BasePRNG running = false; } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/prng/Fortuna.java b/libjava/classpath/gnu/javax/crypto/prng/Fortuna.java index 69ce860f451..8aec9ab7d6d 100644 --- a/libjava/classpath/gnu/javax/crypto/prng/Fortuna.java +++ b/libjava/classpath/gnu/javax/crypto/prng/Fortuna.java @@ -45,7 +45,6 @@ import gnu.java.security.prng.BasePRNG; import gnu.java.security.prng.LimitReachedException; import gnu.java.security.prng.RandomEvent; import gnu.java.security.prng.RandomEventListener; - import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; @@ -53,9 +52,7 @@ import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; - import java.security.InvalidKeyException; - import java.util.Arrays; import java.util.Collections; import java.util.Iterator; @@ -63,68 +60,54 @@ import java.util.Map; /** * The Fortuna continuously-seeded pseudo-random number generator. This - * generator is composed of two major pieces: the entropy accumulator - * and the generator function. The former takes in random bits and - * incorporates them into the generator's state. The latter takes this - * base entropy and generates pseudo-random bits from it. - * - * <p>There are some things users of this class <em>must</em> be aware of: - * + * generator is composed of two major pieces: the entropy accumulator and the + * generator function. The former takes in random bits and incorporates them + * into the generator's state. The latter takes this base entropy and generates + * pseudo-random bits from it. + * <p> + * There are some things users of this class <em>must</em> be aware of: * <dl> * <dt>Adding Random Data</dt> * <dd>This class does not do any polling of random sources, but rather - * provides an interface for adding random events. Applications that use - * this code <em>must</em> provide this mechanism. We use this design - * because an application writer who knows the system he is targeting - * is in a better position to judge what random data is available.</dd> - * + * provides an interface for adding random events. Applications that use this + * code <em>must</em> provide this mechanism. We use this design because an + * application writer who knows the system he is targeting is in a better + * position to judge what random data is available.</dd> * <dt>Storing the Seed</dt> - * <dd>This class implements {@link Serializable} in such a way that it - * writes a 64 byte seed to the stream, and reads it back again when being - * deserialized. This is the extent of seed file management, however, and - * those using this class are encouraged to think deeply about when, how - * often, and where to store the seed.</dd> + * <dd>This class implements {@link Serializable} in such a way that it writes + * a 64 byte seed to the stream, and reads it back again when being + * deserialized. This is the extent of seed file management, however, and those + * using this class are encouraged to think deeply about when, how often, and + * where to store the seed.</dd> * </dl> - * - * <p><b>References:</b></p> - * + * <p> + * <b>References:</b> * <ul> - * <li>Niels Ferguson and Bruce Schneier, <i>Practical Cryptography</i>, - * pp. 155--184. Wiley Publishing, Indianapolis. (2003 Niels Ferguson and - * Bruce Schneier). ISBN 0-471-22357-3.</li> + * <li>Niels Ferguson and Bruce Schneier, <i>Practical Cryptography</i>, pp. + * 155--184. Wiley Publishing, Indianapolis. (2003 Niels Ferguson and Bruce + * Schneier). ISBN 0-471-22357-3.</li> * </ul> */ -public class Fortuna extends BasePRNG implements Serializable, - RandomEventListener +public class Fortuna + extends BasePRNG + implements Serializable, RandomEventListener { - private static final long serialVersionUID = 0xFACADE; - private static final int SEED_FILE_SIZE = 64; - private static final int NUM_POOLS = 32; - private static final int MIN_POOL_SIZE = 64; - private final Generator generator; - private final IMessageDigest[] pools; - private long lastReseed; - private int pool; - private int pool0Count; - private int reseedCount; - public static final String SEED = "gnu.crypto.prng.fortuna.seed"; public Fortuna() { super(Registry.FORTUNA_PRNG); - generator = new Generator( - CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER), + generator = new Generator(CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER), HashFactory.getInstance(Registry.SHA256_HASH)); pools = new IMessageDigest[NUM_POOLS]; for (int i = 0; i < NUM_POOLS; i++) @@ -144,11 +127,11 @@ public class Fortuna extends BasePRNG implements Serializable, generator.init(attributes); try { - fillBlock (); + fillBlock(); } catch (LimitReachedException shouldNotHappen) { - throw new RuntimeException (shouldNotHappen); + throw new RuntimeException(shouldNotHappen); } } @@ -160,10 +143,8 @@ public class Fortuna extends BasePRNG implements Serializable, reseedCount++; byte[] seed = new byte[0]; for (int i = 0; i < NUM_POOLS; i++) - { - if (reseedCount % (1 << i) == 0) - generator.addRandomBytes(pools[i].digest()); - } + if (reseedCount % (1 << i) == 0) + generator.addRandomBytes(pools[i].digest()); lastReseed = System.currentTimeMillis(); pool0Count = 0; } @@ -223,23 +204,19 @@ public class Fortuna extends BasePRNG implements Serializable, } /** - * The Fortuna generator function. The generator is a PRNG in its own - * right; Fortuna itself is basically a wrapper around this generator - * that manages reseeding in a secure way. + * The Fortuna generator function. The generator is a PRNG in its own right; + * Fortuna itself is basically a wrapper around this generator that manages + * reseeding in a secure way. */ - public static class Generator extends BasePRNG implements Cloneable + public static class Generator + extends BasePRNG + implements Cloneable { - private static final int LIMIT = 1 << 20; - private final IBlockCipher cipher; - private final IMessageDigest hash; - private final byte[] counter; - private final byte[] key; - private boolean seeded; public Generator(final IBlockCipher cipher, final IMessageDigest hash) @@ -270,9 +247,8 @@ public class Fortuna extends BasePRNG implements Serializable, public void nextBytes(byte[] out, int offset, int length) { - if (!seeded) + if (! seeded) throw new IllegalStateException("generator not seeded"); - int count = 0; do { @@ -286,7 +262,6 @@ public class Fortuna extends BasePRNG implements Serializable, throw new Error(shouldNeverHappen); } count += amount; - for (int i = 0; i < key.length; i += counter.length) { fillBlock(); @@ -318,7 +293,7 @@ public class Fortuna extends BasePRNG implements Serializable, public void fillBlock() { - if (!seeded) + if (! seeded) throw new IllegalStateException("generator not seeded"); cipher.encryptBlock(counter, 0, buffer, 0); incrementCounter(); @@ -332,13 +307,12 @@ public class Fortuna extends BasePRNG implements Serializable, byte[] seed = (byte[]) attributes.get(SEED); if (seed != null) addRandomBytes(seed); - fillBlock (); + fillBlock(); } /** - * Resets the cipher's key. This is done after every reseed, which - * combines the old key and the seed, and processes that throigh the - * hash function. + * Resets the cipher's key. This is done after every reseed, which combines + * the old key and the seed, and processes that throigh the hash function. */ private void resetKey() { @@ -359,8 +333,8 @@ public class Fortuna extends BasePRNG implements Serializable, } /** - * Increment `counter' as a sixteen-byte little-endian unsigned integer - * by one. + * Increment `counter' as a sixteen-byte little-endian unsigned integer by + * one. */ private void incrementCounter() { @@ -372,4 +346,4 @@ public class Fortuna extends BasePRNG implements Serializable, } } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/prng/ICMGenerator.java b/libjava/classpath/gnu/javax/crypto/prng/ICMGenerator.java index 7d4f4c9a32c..5b0bd4f8b1e 100644 --- a/libjava/classpath/gnu/javax/crypto/prng/ICMGenerator.java +++ b/libjava/classpath/gnu/javax/crypto/prng/ICMGenerator.java @@ -41,9 +41,8 @@ package gnu.javax.crypto.prng; import gnu.java.security.Registry; import gnu.java.security.prng.BasePRNG; import gnu.java.security.prng.LimitReachedException; - -import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.cipher.CipherFactory; +import gnu.javax.crypto.cipher.IBlockCipher; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -51,171 +50,132 @@ import java.util.HashMap; import java.util.Map; /** - * <p>Counter Mode is a way to define a pseudorandom keystream generator using - * a block cipher. The keystream can be used for additive encryption, key - * derivation, or any other application requiring pseudorandom data.</p> - * - * <p>In ICM, the keystream is logically broken into segments. Each segment is + * Counter Mode is a way to define a pseudorandom keystream generator using a + * block cipher. The keystream can be used for additive encryption, key + * derivation, or any other application requiring pseudorandom data. + * <p> + * In ICM, the keystream is logically broken into segments. Each segment is * identified with a segment index, and the segments have equal lengths. This * segmentation makes ICM especially appropriate for securing packet-based - * protocols.</p> - * - * <p>This implementation adheres to the definition of the ICM keystream - * generation function that allows for any symetric key block cipher algorithm - * (initialisation parameter <code>gnu.crypto.prng.icm.cipher.name</code> taken - * to be an instance of {@link java.lang.String}) to be used. If such a + * protocols. + * <p> + * This implementation adheres to the definition of the ICM keystream generation + * function that allows for any symetric key block cipher algorithm + * (initialisation parameter <code>gnu.crypto.prng.icm.cipher.name</code> + * taken to be an instance of {@link java.lang.String}) to be used. If such a * parameter is not defined/included in the initialisation <code>Map</code>, * then the "Rijndael" algorithm is used. Furthermore, if the initialisation * parameter <code>gnu.crypto.cipher.block.size</code> (taken to be a instance * of {@link java.lang.Integer}) is missing or undefined in the initialisation - * <code>Map</code>, then the cipher's <em>default</em> block size is used.</p> - * - * <p>The practical limits and constraints of such generator are:</p> + * <code>Map</code>, then the cipher's <em>default</em> block size is used. + * <p> + * The practical limits and constraints of such generator are: * <ul> - * <li>The number of blocks in any segment <b>MUST NOT</b> exceed <code> - * 256 ** BLOCK_INDEX_LENGTH</code>. The number of segments <b>MUST NOT</b> - * exceed <code>256 ** SEGMENT_INDEX_LENGTH</code>. These restrictions ensure - * the uniqueness of each block cipher input.</li> - * - * <li>Each segment contains <code>SEGMENT_LENGTH</code> octets; this value - * <b>MUST NOT</b> exceed the value <code>(256 ** BLOCK_INDEX_LENGTH) * + * <li>The number of blocks in any segment <b>MUST NOT</b> exceed <code> + * 256 ** BLOCK_INDEX_LENGTH</code>. + * The number of segments <b>MUST NOT</b> exceed + * <code>256 ** SEGMENT_INDEX_LENGTH</code>. These restrictions ensure the + * uniqueness of each block cipher input.</li> + * <li>Each segment contains <code>SEGMENT_LENGTH</code> octets; this value + * <b>MUST NOT</b> exceed the value <code>(256 ** BLOCK_INDEX_LENGTH) * * BLOCK_LENGTH</code>.</li> - * - * <li>The sum of <code>SEGMENT_INDEX_LENGTH</code> and - * <code>BLOCK_INDEX_LENGTH</code> <b>MUST NOT</b> exceed <code>BLOCK_LENGTH - * / 2</code>. This requirement protects the ICM keystream generator from - * potentially failing to be pseudorandom.</li> + * <li>The sum of <code>SEGMENT_INDEX_LENGTH</code> and + * <code>BLOCK_INDEX_LENGTH</code> <b>MUST NOT</b> exceed <code>BLOCK_LENGTH + * / 2</code>. + * This requirement protects the ICM keystream generator from potentially + * failing to be pseudorandom.</li> * </ul> - * - * <p><b>NOTE</b>: Rijndael is used as the default symmetric key block cipher + * <p> + * <b>NOTE</b>: Rijndael is used as the default symmetric key block cipher * algorithm because, with its default block and key sizes, it is the AES. Yet * being Rijndael, the algorithm offers more versatile block and key sizes which - * may prove to be useful for generating <em>longer</em> key streams.</p> - * - * <p>References:</p> - * + * may prove to be useful for generating <em>longer</em> key streams. + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt"> - * Integer Counter Mode</a>, David A. McGrew.</li> + * <li><a + * href="http://www.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt"> + * Integer Counter Mode</a>, David A. McGrew.</li> * </ol> */ -public class ICMGenerator extends BasePRNG implements Cloneable +public class ICMGenerator + extends BasePRNG + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - /** Property name of underlying block cipher for this ICM generator. */ public static final String CIPHER = "gnu.crypto.prng.icm.cipher.name"; - /** Property name of ICM's block index length. */ - public static final String BLOCK_INDEX_LENGTH = "gnu.crypto.prng.icm.block.index.length"; - + public static final String BLOCK_INDEX_LENGTH = + "gnu.crypto.prng.icm.block.index.length"; /** Property name of ICM's segment index length. */ - public static final String SEGMENT_INDEX_LENGTH = "gnu.crypto.prng.icm.segment.index.length"; - + public static final String SEGMENT_INDEX_LENGTH = + "gnu.crypto.prng.icm.segment.index.length"; /** Property name of ICM's offset. */ public static final String OFFSET = "gnu.crypto.prng.icm.offset"; - /** Property name of ICM's segment index. */ public static final String SEGMENT_INDEX = "gnu.crypto.prng.icm.segment.index"; - /** The integer value 256 as a BigInteger. */ private static final BigInteger TWO_FIFTY_SIX = new BigInteger("256"); - /** The underlying cipher implementation. */ private IBlockCipher cipher; - /** This keystream block index length in bytes. */ private int blockNdxLength = -1; - /** This keystream segment index length in bytes. */ private int segmentNdxLength = -1; - /** The index of the next block for a given keystream segment. */ private BigInteger blockNdx = BigInteger.ZERO; - /** The segment index for this keystream. */ private BigInteger segmentNdx; - /** The initial counter for a given keystream segment. */ private BigInteger C0; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public ICMGenerator() { super(Registry.ICM_PRNG); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // Implementation of abstract methods in BasePRNG -------------------------- - - // Conceptually, ICM is a keystream generator that takes a secret key - // and a segment index as an input and then outputs a keystream - // segment. The segmentation lends itself to packet encryption, as - // each keystream segment can be used to encrypt a distinct packet. - // - // An ICM key consists of the block cipher key and an Offset. The - // Offset is an integer with BLOCK_LENGTH octets... + // Conceptually, ICM is a keystream generator that takes a secret key and a + // segment index as an input and then outputs a keystream segment. The + // segmentation lends itself to packet encryption, as each keystream segment + // can be used to encrypt a distinct packet. // + // An ICM key consists of the block cipher key and an Offset. The Offset is + // an integer with BLOCK_LENGTH octets... public void setup(Map attributes) { // find out which cipher algorithm to use boolean newCipher = true; String underlyingCipher = (String) attributes.get(CIPHER); if (underlyingCipher == null) - { - if (cipher == null) - { // happy birthday - // ensure we have a reliable implementation of this cipher - cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER); - } - else - { // we already have one. use it as is - newCipher = false; - } - } - else - { // ensure we have a reliable implementation of this cipher - cipher = CipherFactory.getInstance(underlyingCipher); - } + if (cipher == null) // happy birthday + // ensure we have a reliable implementation of this cipher + cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER); + else + // we already have one. use it as is + newCipher = false; + else // ensure we have a reliable implementation of this cipher + cipher = CipherFactory.getInstance(underlyingCipher); // find out what block size we should use it in int cipherBlockSize = 0; Integer bs = (Integer) attributes.get(IBlockCipher.CIPHER_BLOCK_SIZE); if (bs != null) - { - cipherBlockSize = bs.intValue(); - } + cipherBlockSize = bs.intValue(); else { - if (newCipher) - { // assume we'll use its default block size - cipherBlockSize = cipher.defaultBlockSize(); - } // else use as is + if (newCipher) // assume we'll use its default block size + cipherBlockSize = cipher.defaultBlockSize(); + // else use as is } - // get the key material byte[] key = (byte[]) attributes.get(IBlockCipher.KEY_MATERIAL); if (key == null) - { - throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); - } - + throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); // now initialise the cipher HashMap map = new HashMap(); - if (cipherBlockSize != 0) - { // only needed if new or changed - map.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(cipherBlockSize)); - } + if (cipherBlockSize != 0) // only needed if new or changed + map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize)); map.put(IBlockCipher.KEY_MATERIAL, key); try { @@ -225,135 +185,96 @@ public class ICMGenerator extends BasePRNG implements Cloneable { throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); } - // at this point we have an initialised (new or otherwise) cipher // ensure that remaining params make sense - cipherBlockSize = cipher.currentBlockSize(); BigInteger counterRange = TWO_FIFTY_SIX.pow(cipherBlockSize); - // offset, like the underlying cipher key is not cloneable // always look for it and throw an exception if it's not there Object obj = attributes.get(OFFSET); // allow either a byte[] or a BigInteger BigInteger r; if (obj instanceof BigInteger) + r = (BigInteger) obj; + else // assume byte[]. should be same length as cipher block size { - r = (BigInteger) obj; - } - else - { // assume byte[]. should be same length as cipher block size byte[] offset = (byte[]) obj; if (offset.length != cipherBlockSize) - { - throw new IllegalArgumentException(OFFSET); - } - + throw new IllegalArgumentException(OFFSET); r = new BigInteger(1, offset); } - int wantBlockNdxLength = -1; // number of octets in the block index Integer i = (Integer) attributes.get(BLOCK_INDEX_LENGTH); if (i != null) { wantBlockNdxLength = i.intValue(); if (wantBlockNdxLength < 1) - { - throw new IllegalArgumentException(BLOCK_INDEX_LENGTH); - } + throw new IllegalArgumentException(BLOCK_INDEX_LENGTH); } - int wantSegmentNdxLength = -1; // number of octets in the segment index i = (Integer) attributes.get(SEGMENT_INDEX_LENGTH); if (i != null) { wantSegmentNdxLength = i.intValue(); if (wantSegmentNdxLength < 1) - { - throw new IllegalArgumentException(SEGMENT_INDEX_LENGTH); - } + throw new IllegalArgumentException(SEGMENT_INDEX_LENGTH); } - // if both are undefined check if it's a reuse if ((wantBlockNdxLength == -1) && (wantSegmentNdxLength == -1)) { - if (blockNdxLength == -1) - { // new instance - throw new IllegalArgumentException(BLOCK_INDEX_LENGTH + ", " - + SEGMENT_INDEX_LENGTH); - } // else reuse old values + if (blockNdxLength == -1) // new instance + throw new IllegalArgumentException(BLOCK_INDEX_LENGTH + ", " + + SEGMENT_INDEX_LENGTH); + // else reuse old values } - else - { // only one is undefined, set it to BLOCK_LENGTH/2 minus the other + else // only one is undefined, set it to BLOCK_LENGTH/2 minus the other + { int limit = cipherBlockSize / 2; if (wantBlockNdxLength == -1) - { - wantBlockNdxLength = limit - wantSegmentNdxLength; - } + wantBlockNdxLength = limit - wantSegmentNdxLength; else if (wantSegmentNdxLength == -1) - { - wantSegmentNdxLength = limit - wantBlockNdxLength; - } + wantSegmentNdxLength = limit - wantBlockNdxLength; else if ((wantSegmentNdxLength + wantBlockNdxLength) > limit) - { - throw new IllegalArgumentException(BLOCK_INDEX_LENGTH + ", " - + SEGMENT_INDEX_LENGTH); - } + throw new IllegalArgumentException(BLOCK_INDEX_LENGTH + ", " + + SEGMENT_INDEX_LENGTH); // save new values blockNdxLength = wantBlockNdxLength; segmentNdxLength = wantSegmentNdxLength; } - // get the segment index as a BigInteger BigInteger s = (BigInteger) attributes.get(SEGMENT_INDEX); if (s == null) { - if (segmentNdx == null) - { // segment index was never set - throw new IllegalArgumentException(SEGMENT_INDEX); - } + if (segmentNdx == null) // segment index was never set + throw new IllegalArgumentException(SEGMENT_INDEX); // reuse; check if still valid if (segmentNdx.compareTo(TWO_FIFTY_SIX.pow(segmentNdxLength)) > 0) - { - throw new IllegalArgumentException(SEGMENT_INDEX); - } + throw new IllegalArgumentException(SEGMENT_INDEX); } else { if (s.compareTo(TWO_FIFTY_SIX.pow(segmentNdxLength)) > 0) - { - throw new IllegalArgumentException(SEGMENT_INDEX); - } + throw new IllegalArgumentException(SEGMENT_INDEX); segmentNdx = s; } - // The initial counter of the keystream segment with segment index s is // defined as follows, where r denotes the Offset: // // C[0] = (s * (256^BLOCK_INDEX_LENGTH) + r) modulo (256^BLOCK_LENGTH) - // - C0 = segmentNdx.multiply(TWO_FIFTY_SIX.pow(blockNdxLength)).add(r).modPow( - BigInteger.ONE, - counterRange); + C0 = segmentNdx.multiply(TWO_FIFTY_SIX.pow(blockNdxLength)) + .add(r).modPow(BigInteger.ONE, counterRange); } public void fillBlock() throws LimitReachedException { if (C0 == null) - { - throw new IllegalStateException(); - } + throw new IllegalStateException(); if (blockNdx.compareTo(TWO_FIFTY_SIX.pow(blockNdxLength)) >= 0) - { - throw new LimitReachedException(); - } - + throw new LimitReachedException(); int cipherBlockSize = cipher.currentBlockSize(); BigInteger counterRange = TWO_FIFTY_SIX.pow(cipherBlockSize); - // encrypt the counter for the current blockNdx // C[i] = (C[0] + i) modulo (256^BLOCK_LENGTH). - BigInteger Ci = C0.add(blockNdx).modPow(BigInteger.ONE, counterRange); buffer = Ci.toByteArray(); int limit = buffer.length; @@ -370,7 +291,6 @@ public class ICMGenerator extends BasePRNG implements Cloneable cipherBlockSize); buffer = data; } - cipher.encryptBlock(buffer, 0, buffer, 0); blockNdx = blockNdx.add(BigInteger.ONE); // increment blockNdx } diff --git a/libjava/classpath/gnu/javax/crypto/prng/PBKDF2.java b/libjava/classpath/gnu/javax/crypto/prng/PBKDF2.java index d39cd0a6597..0f91d4add72 100644 --- a/libjava/classpath/gnu/javax/crypto/prng/PBKDF2.java +++ b/libjava/classpath/gnu/javax/crypto/prng/PBKDF2.java @@ -49,51 +49,42 @@ import java.util.HashMap; import java.util.Map; /** - * <p>An implementation of the <i>key derivation function</i> KDF2 from PKCS #5: + * An implementation of the <i>key derivation function</i> KDF2 from PKCS #5: * Password-Based Cryptography (<b>PBE</b>). This KDF is essentially a way to * transform a password and a salt into a stream of random bytes, which may then - * be used to initialize a cipher or a MAC.</p> - * - * <p>This version uses a MAC as its pseudo-random function, and the password is - * used as the key.</p> - * - * <p>References:</p> + * be used to initialize a cipher or a MAC. + * <p> + * This version uses a MAC as its pseudo-random function, and the password is + * used as the key. + * <p> + * References: * <ol> - * <li>B. Kaliski, <a href="http://www.ietf.org/rfc/rfc2898.txt">RFC 2898: - * Password-Based Cryptography Specification, Version 2.0</a></li> + * <li>B. Kaliski, <a href="http://www.ietf.org/rfc/rfc2898.txt">RFC 2898: + * Password-Based Cryptography Specification, Version 2.0</a></li> * </ol> */ -public class PBKDF2 extends BasePRNG implements Cloneable +public class PBKDF2 + extends BasePRNG + implements Cloneable { - - // Contstants and variables - // ------------------------------------------------------------------------- - /** - * The bytes fed into the MAC. This is initially the concatenation of the - * salt and the block number. + * The bytes fed into the MAC. This is initially the concatenation of the salt + * and the block number. */ private byte[] in; - /** The iteration count. */ private int iterationCount; - /** The salt. */ private byte[] salt; - /** The MAC (the pseudo-random function we use). */ private IMac mac; - /** The number of hLen-sized blocks generated. */ private long count; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Creates a new PBKDF2 object. The argument is the MAC that will serve as - * the pseudo-random function. The MAC does not need to be initialized.</p> - * + * Creates a new PBKDF2 object. The argument is the MAC that will serve as the + * pseudo-random function. The MAC does not need to be initialized. + * * @param mac The pseudo-random function. */ public PBKDF2(IMac mac) @@ -103,30 +94,19 @@ public class PBKDF2 extends BasePRNG implements Cloneable iterationCount = -1; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public void setup(Map attributes) { Map macAttrib = new HashMap(); macAttrib.put(HMac.USE_WITH_PKCS5_V2, Boolean.TRUE); - byte[] s = (byte[]) attributes.get(IPBE.SALT); if (s == null) { if (salt == null) - { - throw new IllegalArgumentException("no salt specified"); - } // Otherwise re-use. + throw new IllegalArgumentException("no salt specified"); + // Otherwise re-use. } else - { - salt = s; - } - + salt = s; byte[] macKeyMaterial; char[] password = (char[]) attributes.get(IPBE.PASSWORD); if (password != null) @@ -136,7 +116,6 @@ public class PBKDF2 extends BasePRNG implements Cloneable encoding = IPBE.DEFAULT_PASSWORD_ENCODING; else encoding = encoding.trim(); - try { macKeyMaterial = new String(password).getBytes(encoding); @@ -152,10 +131,10 @@ public class PBKDF2 extends BasePRNG implements Cloneable if (macKeyMaterial != null) macAttrib.put(IMac.MAC_KEY_MATERIAL, macKeyMaterial); - else if (!initialised) - throw new IllegalArgumentException("Neither password nor key-material were specified"); + else if (! initialised) + throw new IllegalArgumentException( + "Neither password nor key-material were specified"); // otherwise re-use previous password/key-material - try { mac.init(macAttrib); @@ -164,27 +143,19 @@ public class PBKDF2 extends BasePRNG implements Cloneable { throw new IllegalArgumentException(x.getMessage()); } - Integer ic = (Integer) attributes.get(IPBE.ITERATION_COUNT); if (ic != null) - { - iterationCount = ic.intValue(); - } + iterationCount = ic.intValue(); if (iterationCount <= 0) - { - throw new IllegalArgumentException("bad iteration count"); - } - + throw new IllegalArgumentException("bad iteration count"); count = 0L; buffer = new byte[mac.macSize()]; try { fillBlock(); - // } catch (Exception x) { } catch (LimitReachedException x) { - // x.printStackTrace(System.err); throw new Error(x.getMessage()); } } @@ -192,34 +163,22 @@ public class PBKDF2 extends BasePRNG implements Cloneable public void fillBlock() throws LimitReachedException { if (++count > ((1L << 32) - 1)) - { - throw new LimitReachedException(); - } - // for (int i = 0; i < buffer.length; i++) { - // buffer[i] = 0; - // } + throw new LimitReachedException(); Arrays.fill(buffer, (byte) 0x00); int limit = salt.length; - // in = new byte[salt.length + 4]; in = new byte[limit + 4]; System.arraycopy(salt, 0, in, 0, salt.length); - // in[salt.length ] = (byte)(count >>> 24); - // in[salt.length+1] = (byte)(count >>> 16); - // in[salt.length+2] = (byte)(count >>> 8); - // in[salt.length+3] = (byte) count; - in[limit++] = (byte) (count >>> 24); - in[limit++] = (byte) (count >>> 16); - in[limit++] = (byte) (count >>> 8); - in[limit] = (byte) count; + in[limit++] = (byte)(count >>> 24); + in[limit++] = (byte)(count >>> 16); + in[limit++] = (byte)(count >>> 8); + in[limit ] = (byte) count; for (int i = 0; i < iterationCount; i++) { mac.reset(); mac.update(in, 0, in.length); in = mac.digest(); for (int j = 0; j < buffer.length; j++) - { - buffer[j] ^= in[j]; - } + buffer[j] ^= in[j]; } } } diff --git a/libjava/classpath/gnu/javax/crypto/prng/PRNGFactory.java b/libjava/classpath/gnu/javax/crypto/prng/PRNGFactory.java index 9ff6558b0e3..ee75f8d8a1e 100644 --- a/libjava/classpath/gnu/javax/crypto/prng/PRNGFactory.java +++ b/libjava/classpath/gnu/javax/crypto/prng/PRNGFactory.java @@ -40,11 +40,9 @@ package gnu.javax.crypto.prng; import gnu.java.security.Registry; import gnu.java.security.prng.IRandom; - - +import gnu.javax.crypto.mac.HMacFactory; import gnu.javax.crypto.mac.IMac; import gnu.javax.crypto.mac.MacFactory; -import gnu.javax.crypto.mac.HMacFactory; import java.util.Collections; import java.util.HashSet; @@ -52,92 +50,66 @@ import java.util.Iterator; import java.util.Set; /** - * <p>A Factory to instantiate pseudo random number generators.</p> + * A Factory to instantiate pseudo random number generators. */ -public class PRNGFactory implements Registry +public class PRNGFactory + implements Registry { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor to enforce <i>Singleton</i> pattern. */ private PRNGFactory() { } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a padding algorithm given its name.</p> - * + * Returns an instance of a padding algorithm given its name. + * * @param prng the case-insensitive name of the PRNG. * @return an instance of the pseudo-random number generator. * @exception InternalError if the implementation does not pass its self- - * test. + * test. */ public static IRandom getInstance(String prng) { if (prng == null) - { - return null; - } - + return null; prng = prng.trim(); IRandom result = null; if (prng.equalsIgnoreCase(ARCFOUR_PRNG) || prng.equalsIgnoreCase(RC4_PRNG)) - { - result = new ARCFour(); - } + result = new ARCFour(); else if (prng.equalsIgnoreCase(ICM_PRNG)) - { - result = new ICMGenerator(); - } + result = new ICMGenerator(); else if (prng.equalsIgnoreCase(UMAC_PRNG)) - { - result = new UMacGenerator(); - } + result = new UMacGenerator(); else if (prng.toLowerCase().startsWith(PBKDF2_PRNG_PREFIX)) { String macName = prng.substring(PBKDF2_PRNG_PREFIX.length()); IMac mac = MacFactory.getInstance(macName); if (mac == null) - { - return null; - } + return null; result = new PBKDF2(mac); } if (result != null) return result; - return gnu.java.security.prng.PRNGFactory.getInstance (prng); + return gnu.java.security.prng.PRNGFactory.getInstance(prng); } /** - * <p>Returns a {@link Set} of names of padding algorithms supported by this - * <i>Factory</i>.</p> - * + * Returns a {@link Set} of names of padding algorithms supported by this + * <i>Factory</i>. + * * @return a {@link Set} of pseudo-random number generator algorithm names - * (Strings). + * (Strings). */ public static Set getNames() { - HashSet hs = new HashSet (gnu.java.security.prng.PRNGFactory.getNames ()); + HashSet hs = new HashSet(gnu.java.security.prng.PRNGFactory.getNames()); hs.add(ICM_PRNG); hs.add(UMAC_PRNG); // add all hmac implementations as candidate PBKDF2 ones too for (Iterator it = HMacFactory.getNames().iterator(); it.hasNext();) - { - hs.add(PBKDF2_PRNG_PREFIX + ((String) it.next())); - } - + hs.add(PBKDF2_PRNG_PREFIX + ((String) it.next())); return Collections.unmodifiableSet(hs); } - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/javax/crypto/prng/UMacGenerator.java b/libjava/classpath/gnu/javax/crypto/prng/UMacGenerator.java index 0e3725ce986..39c99f73af6 100644 --- a/libjava/classpath/gnu/javax/crypto/prng/UMacGenerator.java +++ b/libjava/classpath/gnu/javax/crypto/prng/UMacGenerator.java @@ -50,121 +50,90 @@ import java.util.Map; import java.security.InvalidKeyException; /** - * <p><i>KDF</i>s (Key Derivation Functions) are used to stretch user-supplied - * key material to specific size(s) required by high level cryptographic - * primitives. Described in the <A + * <i>KDF</i>s (Key Derivation Functions) are used to stretch user-supplied key + * material to specific size(s) required by high level cryptographic primitives. + * Described in the <A * HREF="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt">UMAC</A> * paper, this function basically operates an underlying <em>symmetric key block * cipher</em> instance in output feedback mode (OFB), as a <b>strong</b> - * pseudo-random number generator.</p> - * - * <p><code>UMacGenerator</code> requires an <em>index</em> parameter + * pseudo-random number generator. + * <p> + * <code>UMacGenerator</code> requires an <em>index</em> parameter * (initialisation parameter <code>gnu.crypto.prng.umac.kdf.index</code> taken - * to be an instance of {@link java.lang.Integer} with a value between - * <code>0</code> and <code>255</code>). Using the same key, but different - * indices, generates different pseudorandom outputs.</p> - * - * <p>This implementation generalises the definition of the - * <code>UmacGenerator</code> algorithm to allow for other than the AES symetric - * key block cipher algorithm (initialisation parameter + * to be an instance of {@link Integer} with a value between <code>0</code> and + * <code>255</code>). Using the same key, but different indices, generates + * different pseudorandom outputs. + * <p> + * This implementation generalises the definition of the + * <code>UmacGenerator</code> algorithm to allow for other than the AES + * symetric key block cipher algorithm (initialisation parameter * <code>gnu.crypto.prng.umac.cipher.name</code> taken to be an instance of - * {@link java.lang.String}). If such a parameter is not defined/included in the + * {@link String}). If such a parameter is not defined/included in the * initialisation <code>Map</code>, then the "Rijndael" algorithm is used. * Furthermore, if the initialisation parameter - * <code>gnu.crypto.cipher.block.size</code> (taken to be a instance of {@link - * java.lang.Integer}) is missing or undefined in the initialisation <code>Map - * </code>, then the cipher's <em>default</em> block size is used.</p> - * - * <p><b>NOTE</b>: Rijndael is used as the default symmetric key block cipher + * <code>gnu.crypto.cipher.block.size</code> (taken to be a instance of + * {@link Integer}) is missing or undefined in the initialisation + * <code>Map</code>, then the cipher's <em>default</em> block size is used. + * <p> + * <b>NOTE</b>: Rijndael is used as the default symmetric key block cipher * algorithm because, with its default block and key sizes, it is the AES. Yet * being Rijndael, the algorithm offers more versatile block and key sizes which - * may prove to be useful for generating "longer" key streams.</p> - * - * <p>References:</p> - * + * may prove to be useful for generating "longer" key streams. + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> - * UMAC</a>: Message Authentication Code using Universal Hashing.<br> - * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> + * <li><a href="http://www.ietf.org/internet-drafts/draft-krovetz-umac-01.txt"> + * UMAC</a>: Message Authentication Code using Universal Hashing.<br> + * T. Krovetz, J. Black, S. Halevi, A. Hevia, H. Krawczyk, and P. Rogaway.</li> * </ol> */ -public class UMacGenerator extends BasePRNG implements Cloneable +public class UMacGenerator + extends BasePRNG + implements Cloneable { - - // Constants and variables - // ------------------------------------------------------------------------- - /** - * <p>Property name of the KDF <code>index</code> value to use in this + * Property name of the KDF <code>index</code> value to use in this * instance. The value is taken to be an {@link Integer} less than - * <code>256</code>.</p> + * <code>256</code>. */ public static final String INDEX = "gnu.crypto.prng.umac.index"; - /** The name of the underlying symmetric key block cipher algorithm. */ public static final String CIPHER = "gnu.crypto.prng.umac.cipher.name"; - /** The generator's underlying block cipher. */ private IBlockCipher cipher; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial 0-arguments constructor. */ public UMacGenerator() { super(Registry.UMAC_PRNG); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // Implementation of abstract methods in BasePRNG -------------------------- - public void setup(Map attributes) { boolean newCipher = true; String cipherName = (String) attributes.get(CIPHER); if (cipherName == null) - { - if (cipher == null) - { // happy birthday - cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER); - } - else - { // we already have one. use it as is - newCipher = false; - } - } + if (cipher == null) // happy birthday + cipher = CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER); + else // we already have one. use it as is + newCipher = false; else - { - cipher = CipherFactory.getInstance(cipherName); - } - + cipher = CipherFactory.getInstance(cipherName); // find out what block size we should use it in int cipherBlockSize = 0; Integer bs = (Integer) attributes.get(IBlockCipher.CIPHER_BLOCK_SIZE); if (bs != null) - { - cipherBlockSize = bs.intValue(); - } + cipherBlockSize = bs.intValue(); else { - if (newCipher) - { // assume we'll use its default block size - cipherBlockSize = cipher.defaultBlockSize(); - } // else use as is + if (newCipher) // assume we'll use its default block size + cipherBlockSize = cipher.defaultBlockSize(); + // else use as is } - // get the key material byte[] key = (byte[]) attributes.get(IBlockCipher.KEY_MATERIAL); if (key == null) - { - throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); - } + throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); int keyLength = key.length; // ensure that keyLength is valid for the chosen underlying cipher @@ -173,15 +142,10 @@ public class UMacGenerator extends BasePRNG implements Cloneable { ok = (keyLength == ((Integer) it.next()).intValue()); if (ok) - { - break; - } + break; } - if (!ok) - { - throw new IllegalArgumentException("key length"); - } - + if (! ok) + throw new IllegalArgumentException("key length"); // ensure that remaining params make sense int index = -1; Integer i = (Integer) attributes.get(INDEX); @@ -189,17 +153,12 @@ public class UMacGenerator extends BasePRNG implements Cloneable { index = i.intValue(); if (index < 0 || index > 255) - { - throw new IllegalArgumentException(INDEX); - } + throw new IllegalArgumentException(INDEX); } - // now initialise the underlying cipher Map map = new HashMap(); - if (cipherBlockSize != 0) - { // only needed if new or changed - map.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(cipherBlockSize)); - } + if (cipherBlockSize != 0) // only needed if new or changed + map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(cipherBlockSize)); map.put(IBlockCipher.KEY_MATERIAL, key); try { @@ -209,7 +168,6 @@ public class UMacGenerator extends BasePRNG implements Cloneable { throw new IllegalArgumentException(IBlockCipher.KEY_MATERIAL); } - buffer = new byte[cipher.currentBlockSize()]; buffer[cipher.currentBlockSize() - 1] = (byte) index; try @@ -225,4 +183,4 @@ public class UMacGenerator extends BasePRNG implements Cloneable { cipher.encryptBlock(buffer, 0, buffer, 0); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/AuthInfo.java b/libjava/classpath/gnu/javax/crypto/sasl/AuthInfo.java index 1e942559dcf..733d2f0bf47 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/AuthInfo.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/AuthInfo.java @@ -56,10 +56,6 @@ import java.util.StringTokenizer; */ public class AuthInfo { - - // Constants and variables - // ------------------------------------------------------------------------- - private static final ArrayList factories = new ArrayList(); static { @@ -72,14 +68,14 @@ public class AuthInfo { for (StringTokenizer st = new StringTokenizer(pkgs, "|"); st.hasMoreTokens();) { - clazz = st.nextToken(); - if (!"gnu.crypto.sasl".equals(clazz)) + clazz = st.nextToken().trim(); + if (! "gnu.javax.crypto.sasl".equals(clazz)) { clazz += ".AuthInfoProviderFactory"; try { - IAuthInfoProviderFactory factory = (IAuthInfoProviderFactory) Class.forName( - clazz).newInstance(); + IAuthInfoProviderFactory factory = + (IAuthInfoProviderFactory) Class.forName(clazz).newInstance(); factories.add(factory); } catch (ClassCastException ignored) @@ -99,33 +95,25 @@ public class AuthInfo } // always add ours last; unless it's already there if (!factories.contains(ours)) - { - factories.add(ours); - } + factories.add(ours); } - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor to enforce Singleton pattern. */ private AuthInfo() { super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * A convenience method to return the authentication information provider - * for a designated SASL mechnanism. It goes through all the installed - * provider factories, one at a time, and attempts to return a new instance - * of the provider for the designated mechanism. It stops at the first - * factory returning a non-null provider. - * + * A convenience method to return the authentication information provider for + * a designated SASL mechnanism. It goes through all the installed provider + * factories, one at a time, and attempts to return a new instance of the + * provider for the designated mechanism. It stops at the first factory + * returning a non-null provider. + * * @param mechanism the name of a SASL mechanism. * @return an implementation that provides {@link IAuthInfoProvider} for that - * mechanism; or <code>null</code> if none found. + * mechanism; or <code>null</code> if none found. */ public static IAuthInfoProvider getProvider(String mechanism) { @@ -134,9 +122,7 @@ public class AuthInfo IAuthInfoProviderFactory factory = (IAuthInfoProviderFactory) it.next(); IAuthInfoProvider result = factory.getInstance(mechanism); if (result != null) - { - return result; - } + return result; } return null; } diff --git a/libjava/classpath/gnu/javax/crypto/sasl/AuthInfoProviderFactory.java b/libjava/classpath/gnu/javax/crypto/sasl/AuthInfoProviderFactory.java index 6ba5fc56296..c4fc816dc3e 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/AuthInfoProviderFactory.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/AuthInfoProviderFactory.java @@ -46,44 +46,22 @@ import gnu.javax.crypto.sasl.srp.SRPAuthInfoProvider; /** * The concrete SASL authentication information provider factory. */ -public class AuthInfoProviderFactory implements IAuthInfoProviderFactory +public class AuthInfoProviderFactory + implements IAuthInfoProviderFactory { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-args constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // IAuthInfoProviderFactory interface implementation ----------------------- - public IAuthInfoProvider getInstance(String mechanism) { if (mechanism == null) - { - return null; - } + return null; mechanism = mechanism.trim().toUpperCase(); if (mechanism.startsWith(Registry.SASL_SRP_MECHANISM)) - { - return new SRPAuthInfoProvider(); - } + return new SRPAuthInfoProvider(); if (mechanism.equals(Registry.SASL_CRAM_MD5_MECHANISM)) - { - return new CramMD5AuthInfoProvider(); - } + return new CramMD5AuthInfoProvider(); if (mechanism.equals(Registry.SASL_PLAIN_MECHANISM)) - { - return new PlainAuthInfoProvider(); - } + return new PlainAuthInfoProvider(); return null; } } diff --git a/libjava/classpath/gnu/javax/crypto/sasl/ClientFactory.java b/libjava/classpath/gnu/javax/crypto/sasl/ClientFactory.java index ef184632cc4..84acfcd1455 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/ClientFactory.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/ClientFactory.java @@ -47,11 +47,11 @@ import gnu.javax.crypto.sasl.srp.SRPClient; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import java.util.HashMap; import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.Sasl; @@ -62,53 +62,32 @@ import javax.security.sasl.SaslException; /** * The implementation of {@link SaslClientFactory}. */ -public class ClientFactory implements SaslClientFactory +public class ClientFactory + implements SaslClientFactory { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - public static final Set getNames() { - return Collections.unmodifiableSet(new HashSet( - Arrays.asList(getNamesInternal(null)))); + return Collections.unmodifiableSet(new HashSet(Arrays.asList(getNamesInternal(null)))); } private static final String[] getNamesInternal(Map props) { - String[] all = new String[] { Registry.SASL_SRP_MECHANISM, - Registry.SASL_CRAM_MD5_MECHANISM, - Registry.SASL_PLAIN_MECHANISM, - Registry.SASL_ANONYMOUS_MECHANISM }; - + String[] all = new String[] { + Registry.SASL_SRP_MECHANISM, + Registry.SASL_CRAM_MD5_MECHANISM, + Registry.SASL_PLAIN_MECHANISM, + Registry.SASL_ANONYMOUS_MECHANISM }; if (props == null) - { - return all; - } + return all; if (hasPolicy(Sasl.POLICY_PASS_CREDENTIALS, props)) - { - return new String[0]; - } - + return new String[0]; List result = new ArrayList(all.length); - ; for (int i = 0; i < all.length;) - { - result.add(all[i++]); - } - + result.add(all[i++]); if (hasPolicy(Sasl.POLICY_NOPLAINTEXT, props)) - { - result.remove(Registry.SASL_PLAIN_MECHANISM); - } + result.remove(Registry.SASL_PLAIN_MECHANISM); if (hasPolicy(Sasl.POLICY_NOACTIVE, props)) { result.remove(Registry.SASL_CRAM_MD5_MECHANISM); @@ -135,32 +114,19 @@ public class ClientFactory implements SaslClientFactory public static final ClientMechanism getInstance(String mechanism) { if (mechanism == null) - { - return null; - } + return null; mechanism = mechanism.trim().toUpperCase(); if (mechanism.equals(Registry.SASL_SRP_MECHANISM)) - { - return new SRPClient(); - } + return new SRPClient(); if (mechanism.equals(Registry.SASL_CRAM_MD5_MECHANISM)) - { - return new CramMD5Client(); - } + return new CramMD5Client(); if (mechanism.equals(Registry.SASL_PLAIN_MECHANISM)) - { - return new PlainClient(); - } + return new PlainClient(); if (mechanism.equals(Registry.SASL_ANONYMOUS_MECHANISM)) - { - return new AnonymousClient(); - } + return new AnonymousClient(); return null; } - // Instance methods - // ------------------------------------------------------------------------- - public SaslClient createSaslClient(String[] mechanisms, String authorisationID, String protocol, String serverName, Map props, @@ -173,29 +139,21 @@ public class ClientFactory implements SaslClientFactory mechanism = mechanisms[i]; result = getInstance(mechanism); if (result != null) - { - break; - } + break; } - if (result != null) { HashMap attributes = new HashMap(); if (props != null) - { - attributes.putAll(props); - } + attributes.putAll(props); attributes.put(Registry.SASL_AUTHORISATION_ID, authorisationID); attributes.put(Registry.SASL_PROTOCOL, protocol); attributes.put(Registry.SASL_SERVER_NAME, serverName); attributes.put(Registry.SASL_CALLBACK_HANDLER, cbh); - result.init(attributes); return result; } - - throw new SaslException( - "No supported mechanism found in given mechanism list"); + throw new SaslException("No supported mechanism found in given mechanism list"); } public String[] getMechanismNames(Map props) @@ -207,4 +165,4 @@ public class ClientFactory implements SaslClientFactory { return "true".equalsIgnoreCase(String.valueOf(props.get(propertyName))); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/ClientMechanism.java b/libjava/classpath/gnu/javax/crypto/sasl/ClientMechanism.java index 45873ae6b27..7f8e9c120b4 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/ClientMechanism.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/ClientMechanism.java @@ -42,50 +42,37 @@ import gnu.java.security.Registry; import java.util.HashMap; import java.util.Map; + import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.Sasl; import javax.security.sasl.SaslClient; import javax.security.sasl.SaslException; /** - * <p>A base class to facilitate implementing SASL client-side mechanisms.</p> + * A base class to facilitate implementing SASL client-side mechanisms. */ -public abstract class ClientMechanism implements SaslClient +public abstract class ClientMechanism + implements SaslClient { - - // Constants and variables - // ------------------------------------------------------------------------- - /** Name of this mechanism. */ protected String mechanism; - /** The authorisation identity. */ protected String authorizationID; - /** Name of protocol using this mechanism. */ protected String protocol; - /** Name of server to authenticate to. */ protected String serverName; - /** Properties of qualities desired for this mechanism. */ protected Map properties; - /** Callback handler to use with this mechanism instance. */ protected CallbackHandler handler; - /** Channel binding data to use with this mechanism instance. */ protected byte[] channelBinding; - /** Whether authentication phase is completed (true) or not (false). */ protected boolean complete = false; - /** The state of the authentication automaton. */ protected int state = -1; - // Constructor(s) - // ------------------------------------------------------------------------- - protected ClientMechanism(final String mechanism) { super(); @@ -94,20 +81,10 @@ public abstract class ClientMechanism implements SaslClient this.state = -1; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods to be implemented by concrete subclasses --------------- - protected abstract void initMechanism() throws SaslException; protected abstract void resetMechanism() throws SaslException; - // javax.security.sasl.SaslClient interface implementation ----------------- - public abstract byte[] evaluateChallenge(byte[] challenge) throws SaslException; @@ -121,20 +98,16 @@ public abstract class ClientMechanism implements SaslClient public byte[] unwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - if (!isComplete()) - { - throw new IllegalMechanismStateException(); - } + if (! isComplete()) + throw new IllegalMechanismStateException(); return this.engineUnwrap(incoming, offset, len); } public byte[] wrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - if (!isComplete()) - { - throw new IllegalMechanismStateException(); - } + if (! isComplete()) + throw new IllegalMechanismStateException(); return this.engineWrap(outgoing, offset, len); } @@ -145,58 +118,32 @@ public abstract class ClientMechanism implements SaslClient public Object getNegotiatedProperty(final String propName) { - if (!isComplete()) - { - throw new IllegalStateException(); - } + if (! isComplete()) + throw new IllegalStateException(); if (Sasl.QOP.equals(propName)) - { - return getNegotiatedQOP(); - } + return getNegotiatedQOP(); if (Sasl.STRENGTH.equals(propName)) - { - return getNegotiatedStrength(); - } + return getNegotiatedStrength(); if (Sasl.SERVER_AUTH.equals(propName)) - { - return getNegotiatedServerAuth(); - } + return getNegotiatedServerAuth(); if (Sasl.MAX_BUFFER.equals(propName)) - { - return getNegotiatedMaxBuffer(); - } + return getNegotiatedMaxBuffer(); if (Sasl.RAW_SEND_SIZE.equals(propName)) - { - return getNegotiatedRawSendSize(); - } + return getNegotiatedRawSendSize(); if (Sasl.POLICY_NOPLAINTEXT.equals(propName)) - { - return getNegotiatedPolicyNoPlainText(); - } + return getNegotiatedPolicyNoPlainText(); if (Sasl.POLICY_NOACTIVE.equals(propName)) - { - return getNegotiatedPolicyNoActive(); - } + return getNegotiatedPolicyNoActive(); if (Sasl.POLICY_NODICTIONARY.equals(propName)) - { - return getNegotiatedPolicyNoDictionary(); - } + return getNegotiatedPolicyNoDictionary(); if (Sasl.POLICY_NOANONYMOUS.equals(propName)) - { - return getNegotiatedPolicyNoAnonymous(); - } + return getNegotiatedPolicyNoAnonymous(); if (Sasl.POLICY_FORWARD_SECRECY.equals(propName)) - { - return getNegotiatedPolicyForwardSecrecy(); - } + return getNegotiatedPolicyForwardSecrecy(); if (Sasl.POLICY_PASS_CREDENTIALS.equals(propName)) - { - return getNegotiatedPolicyPassCredentials(); - } + return getNegotiatedPolicyPassCredentials(); if (Sasl.REUSE.equals(propName)) - { - return getReuse(); - } + return getReuse(); return null; } @@ -204,8 +151,6 @@ public abstract class ClientMechanism implements SaslClient { } - // other Instance methods -------------------------------------------------- - public String getAuthorizationID() { return authorizationID; @@ -288,30 +233,23 @@ public abstract class ClientMechanism implements SaslClient } /** - * <p>Initialises the mechanism with designated attributes. Permissible names - * and values are mechanism specific.</p> - * + * Initialises the mechanism with designated attributes. Permissible names and + * values are mechanism specific. + * * @param attributes a set of name-value pairs that describes the desired - * future behaviour of this instance. + * future behaviour of this instance. * @throws IllegalMechanismStateException if the instance is already - * initialised. + * initialised. * @throws SaslException if an exception occurs during the process. */ public void init(final Map attributes) throws SaslException { if (state != -1) - { - throw new IllegalMechanismStateException("init()"); - } - + throw new IllegalMechanismStateException("init()"); if (properties == null) - { - properties = new HashMap(); - } + properties = new HashMap(); else - { - properties.clear(); - } + properties.clear(); if (attributes != null) { authorizationID = (String) attributes.get(Registry.SASL_AUTHORISATION_ID); @@ -322,35 +260,25 @@ public abstract class ClientMechanism implements SaslClient properties.putAll(attributes); } else - { - handler = null; - } + handler = null; if (authorizationID == null) - { - authorizationID = ""; - } + authorizationID = ""; if (protocol == null) - { - protocol = ""; - } + protocol = ""; if (serverName == null) - { - serverName = ""; - } + serverName = ""; if (channelBinding == null) - { - channelBinding = new byte[0]; - } + channelBinding = new byte[0]; initMechanism(); complete = false; state = 0; } /** - * <p>Resets the mechanism instance for re-initialisation and use with other - * characteristics.</p> - * + * Resets the mechanism instance for re-initialisation and use with other + * characteristics. + * * @throws SaslException if an exception occurs during the process. */ public void reset() throws SaslException @@ -362,4 +290,4 @@ public abstract class ClientMechanism implements SaslClient complete = false; state = -1; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/ConfidentialityException.java b/libjava/classpath/gnu/javax/crypto/sasl/ConfidentialityException.java index adfc06593f2..62b68572552 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/ConfidentialityException.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/ConfidentialityException.java @@ -45,12 +45,12 @@ import javax.security.sasl.SaslException; * exception is thrown to indicate that a violation has occured during the * processing of a <i>confidentiality</i> protection filter. */ -public class ConfidentialityException extends SaslException +public class ConfidentialityException + extends SaslException { - /** - * Constructs a new instance of <code>ConfidentialityException</code> with no - * detail message. + * Constructs a new instance of <code>ConfidentialityException</code> with + * no detail message. */ public ConfidentialityException() { @@ -60,7 +60,7 @@ public class ConfidentialityException extends SaslException /** * Constructs a new instance of <code>ConfidentialityException</code> with * the specified detail message. - * + * * @param s the detail message. */ public ConfidentialityException(String s) @@ -71,7 +71,7 @@ public class ConfidentialityException extends SaslException /** * Constructs a new instance of <code>ConfidentialityException</code> with a * detailed message and a root exception. - * + * * @param s possibly null additional detail about the exception. * @param x a possibly null root exception that caused this one. */ diff --git a/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProvider.java b/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProvider.java index 2b913a137b8..60c50d5d4df 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProvider.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProvider.java @@ -47,71 +47,70 @@ import javax.security.sasl.AuthenticationException; */ public interface IAuthInfoProvider { - - // Constants - // ------------------------------------------------------------------------- - - // Methods - // ------------------------------------------------------------------------- - /** * Activates (initialises) this provider instance. SHOULD be the first method * invoked on the provider. - * + * * @param context a collection of name-value bindings describing the - * activation context. - * @throws AuthenticationException if an exception occurs during the operation. + * activation context. + * @throws AuthenticationException if an exception occurs during the + * operation. */ void activate(Map context) throws AuthenticationException; /** * Passivates (releases) this provider instance. SHOULD be the last method - * invoked on the provider. Once it is done, no other method may be invoked - * on the same instance before it is <i>activated</i> agains. - * - * @throws AuthenticationException if an exception occurs during the operation. + * invoked on the provider. Once it is done, no other method may be invoked on + * the same instance before it is <i>activated</i> agains. + * + * @throws AuthenticationException if an exception occurs during the + * operation. */ void passivate() throws AuthenticationException; /** * Checks if a user with a designated name is known to this provider. - * + * * @param userName the name of a user to check. - * @return <code>true</code> if the user with the designated name is known to - * this provider; <code>false</code> otherwise. - * @throws AuthenticationException if an exception occurs during the operation. + * @return <code>true</code> if the user with the designated name is known + * to this provider; <code>false</code> otherwise. + * @throws AuthenticationException if an exception occurs during the + * operation. */ boolean contains(String userName) throws AuthenticationException; /** * Returns a collection of information about a designated user. The contents * of the returned map is provider-specific of name-to-value mappings. - * + * * @param userID a map of name-to-value bindings that fully describe a user. * @return a collection of information about the designated user. - * @throws AuthenticationException if an exception occurs during the operation. + * @throws AuthenticationException if an exception occurs during the + * operation. */ Map lookup(Map userID) throws AuthenticationException; /** * Updates the credentials of a designated user. - * + * * @param userCredentials a map of name-to-value bindings that fully describe - * a user, including per new credentials. - * @throws AuthenticationException if an exception occurs during the operation. + * a user, including per new credentials. + * @throws AuthenticationException if an exception occurs during the + * operation. */ void update(Map userCredentials) throws AuthenticationException; /** * A provider may operate in more than mode; e.g. SRP-II caters for user - * credentials computed in more than one message digest algorithm. This - * method returns the set of name-to-value bindings describing the mode of - * the provider. - * + * credentials computed in more than one message digest algorithm. This method + * returns the set of name-to-value bindings describing the mode of the + * provider. + * * @param mode a unique identifier describing the operational mode. * @return a collection of name-to-value bindings describing the designated - * mode. - * @throws AuthenticationException if an exception occurs during the operation. + * mode. + * @throws AuthenticationException if an exception occurs during the + * operation. */ Map getConfiguration(String mode) throws AuthenticationException; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProviderFactory.java b/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProviderFactory.java index e630b8da14b..b6dc775d8a8 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProviderFactory.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/IAuthInfoProviderFactory.java @@ -43,20 +43,13 @@ package gnu.javax.crypto.sasl; */ public interface IAuthInfoProviderFactory { - - // Constants - // ------------------------------------------------------------------------- - - // Methods - // ------------------------------------------------------------------------- - /** - * Returns an implementation of a provider for a designated mechanism - * capable of honouring {@link IAuthInfoProvider} requests. - * + * Returns an implementation of a provider for a designated mechanism capable + * of honouring {@link IAuthInfoProvider} requests. + * * @param mechanism the unique name of a mechanism. * @return an implementation of {@link IAuthInfoProvider} for that mechanism - * or <code>null</code> if none found. + * or <code>null</code> if none found. */ IAuthInfoProvider getInstance(String mechanism); -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/IllegalMechanismStateException.java b/libjava/classpath/gnu/javax/crypto/sasl/IllegalMechanismStateException.java index b46ad98e316..547ac41030d 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/IllegalMechanismStateException.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/IllegalMechanismStateException.java @@ -47,9 +47,9 @@ import javax.security.sasl.AuthenticationException; * invoked on incomplete mechanisms was invoked but the authentication phase of * that mechanism was already completed. */ -public class IllegalMechanismStateException extends AuthenticationException +public class IllegalMechanismStateException + extends AuthenticationException { - /** * Constructs a new instance of <code>IllegalMechanismStateException</code> * with no detail message. @@ -62,7 +62,7 @@ public class IllegalMechanismStateException extends AuthenticationException /** * Constructs a new instance of <code>IllegalMechanismStateException</code> * with the specified detail message. - * + * * @param detail the detail message. */ public IllegalMechanismStateException(String detail) @@ -73,7 +73,7 @@ public class IllegalMechanismStateException extends AuthenticationException /** * Constructs a new instance of <code>IllegalMechanismStateException</code> * with the specified detail message, and cause. - * + * * @param detail the detail message. * @param ex the original cause. */ diff --git a/libjava/classpath/gnu/javax/crypto/sasl/InputBuffer.java b/libjava/classpath/gnu/javax/crypto/sasl/InputBuffer.java index a64ea3e0e65..d676a595dc5 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/InputBuffer.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/InputBuffer.java @@ -45,39 +45,33 @@ import java.io.IOException; import java.math.BigInteger; /** - * <p>The implementation of an incoming SASL buffer.</p> - * - * <p>The data elements this class caters for are described in [1].</p> - * - * <p>References:</p> + * The implementation of an incoming SASL buffer. + * <p> + * The data elements this class caters for are described in [1]. + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> - * Secure Remote Password Authentication Mechanism</a>;<br/> - * draft-burdis-cat-srp-sasl-09,<br/> - * <a href="mailto:keith@rucus.ru.ac.za">Keith Burdis</a> and - * <a href="mailto:raif@forge.com.au">Raïf S. Naffah</a>.</li> + * <li><a + * href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> + * Secure Remote Password Authentication Mechanism</a>;<br/> + * draft-burdis-cat-srp-sasl-09,<br/> <a + * href="mailto:keith@rucus.ru.ac.za">Keith Burdis</a> and <a + * href="mailto:raif@forge.com.au">Raïf S. Naffah</a>.</li> * </ol> */ public class InputBuffer { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The internal buffer stream containing the buffer's contents. */ protected ByteArrayInputStream in; - /** The length of the buffer, according to its header. */ protected int length; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Constructs a SASL buffer given the buffer's encoded form, including its - * header bytes.</p> - * - * @param frame the encoded form, including the header bytes, of a SASL buffer. + * Constructs a SASL buffer given the buffer's encoded form, including its + * header bytes. + * + * @param frame the encoded form, including the header bytes, of a SASL + * buffer. * @throws SaslEncodingException if the buffer is malformed. */ public InputBuffer(byte[] frame) throws SaslEncodingException @@ -85,17 +79,13 @@ public class InputBuffer this(); if (frame.length < 4) - { - throw new SaslEncodingException("SASL buffer header too short"); - } - - length = (frame[0] & 0xFF) << 24 | (frame[1] & 0xFF) << 16 - | (frame[2] & 0xFF) << 8 | (frame[3] & 0xFF); + throw new SaslEncodingException("SASL buffer header too short"); + length = (frame[0] & 0xFF) << 24 + | (frame[1] & 0xFF) << 16 + | (frame[2] & 0xFF) << 8 + | (frame[3] & 0xFF); if (length > Registry.SASL_BUFFER_MAX_LIMIT || length < 0) - { - throw new SaslEncodingException("SASL buffer size limit exceeded"); - } - + throw new SaslEncodingException("SASL buffer size limit exceeded"); in = new ByteArrayInputStream(frame, 4, length); } @@ -105,16 +95,13 @@ public class InputBuffer super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a SASL buffer given the buffer's encoded contents, - * excluding the buffer's header bytes.</p> - * - * <p>Calls the method with the same name and three arguments as: + * Returns an instance of a SASL buffer given the buffer's encoded contents, + * excluding the buffer's header bytes. + * <p> + * Calls the method with the same name and three arguments as: * <code>getInstance(raw, 0, raw.length)</code>. - * + * * @param raw the encoded form, excluding the header bytes, of a SASL buffer. * @return a new instance of {@link InputBuffer}. */ @@ -124,9 +111,9 @@ public class InputBuffer } /** - * <p>Returns an instance of a SASL buffer given the buffer's encoded - * contents, excluding the buffer's header bytes.</p> - * + * Returns an instance of a SASL buffer given the buffer's encoded contents, + * excluding the buffer's header bytes. + * * @param raw the encoded form, excluding the header bytes, of a SASL buffer. * @param offset offset where to start using raw bytes from. * @param len number of bytes to use. @@ -140,21 +127,8 @@ public class InputBuffer } /** - * <p>Converts four octets into the number that they represent.</p> - * - * @param b the four octets. - * @return the length. - */ - // public static int fourBytesToLength(byte[] b) throws SaslEncodingException { - // int result = b[0] << 24 | (b[1] & 0xFF) << 16 | (b[2] & 0xFF) << 8 | (b[3] & 0xFF); - // if (result > Registry.SASL_FOUR_BYTE_MAX_LIMIT || result < 0) { - // throw new SaslEncodingException("SASL EOS size limit exceeded"); - // } - // return result; - // } - /** - * <p>Converts two octets into the number that they represent.</p> - * + * Converts two octets into the number that they represent. + * * @param b the two octets. * @return the length. */ @@ -162,49 +136,37 @@ public class InputBuffer { final int result = (b[0] & 0xFF) << 8 | (b[1] & 0xFF); if (result > Registry.SASL_TWO_BYTE_MAX_LIMIT) - { - throw new SaslEncodingException("SASL MPI/Text size limit exceeded"); - } + throw new SaslEncodingException("SASL MPI/Text size limit exceeded"); return result; } - // Instance methods - // ------------------------------------------------------------------------- - public boolean hasMoreElements() { return (in.available() > 0); } /** - * <p>Decodes a SASL scalar quantity, <code>count</code>-octet long, from the - * current buffer.</p> - * + * Decodes a SASL scalar quantity, <code>count</code>-octet long, from the + * current buffer. + * * @param count the number of octets of this scalar quantity. - * @return a native representation of a SASL scalar (unsigned integer) quantity. + * @return a native representation of a SASL scalar (unsigned integer) + * quantity. * @throws SaslEncodingException if an encoding exception occurs during the - * operation. + * operation. * @throws IOException if any other I/O exception occurs during the operation. */ public long getScalar(int count) throws IOException { if (count < 0 || count > 4) - { - throw new SaslEncodingException("Invalid SASL scalar octet count: " - + String.valueOf(count)); - } - if (!hasMoreElements()) - { - throw new SaslEncodingException( - "Not enough bytes for a scalar in buffer"); - } + throw new SaslEncodingException("Invalid SASL scalar octet count: " + + String.valueOf(count)); + if (! hasMoreElements()) + throw new SaslEncodingException("Not enough bytes for a scalar in buffer"); if (in.available() < count) - { - throw new SaslEncodingException("Illegal SASL scalar encoding"); - } + throw new SaslEncodingException("Illegal SASL scalar encoding"); byte[] element = new byte[count]; in.read(element); - long result = 0L; for (int i = 0; i < count; i++) { @@ -215,125 +177,96 @@ public class InputBuffer } /** - * <p>Decodes a SASL OS from the current buffer.</p> - * + * Decodes a SASL OS from the current buffer. + * * @return a native representation of a SASL OS. * @throws SaslEncodingException if an encoding exception occurs during the - * operation. + * operation. * @throws IOException if any other I/O exception occurs during the operation. */ public byte[] getOS() throws IOException { - if (!hasMoreElements()) - { - throw new SaslEncodingException( - "Not enough bytes for an octet-sequence in buffer"); - } + if (! hasMoreElements()) + throw new SaslEncodingException( + "Not enough bytes for an octet-sequence in buffer"); final int elementLength = in.read(); if (elementLength > Registry.SASL_ONE_BYTE_MAX_LIMIT) - { - throw new SaslEncodingException( - "SASL octet-sequence size limit exceeded"); - } - + throw new SaslEncodingException("SASL octet-sequence size limit exceeded"); if (in.available() < elementLength) - { - throw new SaslEncodingException("Illegal SASL octet-sequence encoding"); - } - + throw new SaslEncodingException("Illegal SASL octet-sequence encoding"); byte[] result = new byte[elementLength]; in.read(result); - return result; } /** - * <p>Decodes a SASL EOS from the current buffer.</p> - * + * Decodes a SASL EOS from the current buffer. + * * @return a native representation of a SASL EOS. * @throws SaslEncodingException if an encoding exception occurs during the - * operation. + * operation. * @throws IOException if any other I/O exception occurs during the operation. */ public byte[] getEOS() throws IOException { if (in.available() < 2) - { - throw new SaslEncodingException( - "Not enough bytes for an extended octet-sequence in buffer"); - } - + throw new SaslEncodingException( + "Not enough bytes for an extended octet-sequence in buffer"); byte[] elementLengthBytes = new byte[2]; in.read(elementLengthBytes); final int elementLength = twoBytesToLength(elementLengthBytes); if (in.available() < elementLength) - { - throw new SaslEncodingException( - "Illegal SASL extended octet-sequence encoding"); - } - + throw new SaslEncodingException( + "Illegal SASL extended octet-sequence encoding"); byte[] result = new byte[elementLength]; in.read(result); - return result; } /** - * <p>Decodes a SASL MPI from the current buffer.</p> - * + * Decodes a SASL MPI from the current buffer. + * * @return a native representation of a SASL MPI. * @throws SaslEncodingException if an encoding exception occurs during the - * operation. + * operation. * @throws IOException if any other I/O exception occurs during the operation. */ public BigInteger getMPI() throws IOException { if (in.available() < 2) - { - throw new SaslEncodingException("Not enough bytes for an MPI in buffer"); - } + throw new SaslEncodingException("Not enough bytes for an MPI in buffer"); byte[] elementLengthBytes = new byte[2]; in.read(elementLengthBytes); final int elementLength = twoBytesToLength(elementLengthBytes); if (in.available() < elementLength) - { - throw new SaslEncodingException( - "Illegal SASL multi-precision integer encoding"); - } - + throw new SaslEncodingException( + "Illegal SASL multi-precision integer encoding"); byte[] element = new byte[elementLength]; in.read(element); - return new BigInteger(1, element); } /** - * <p>Decodes a SASL Text from the current buffer.</p> - * + * Decodes a SASL Text from the current buffer. + * * @return a native representation of a SASL Text. * @throws SaslEncodingException if an encoding exception occurs during the - * operation. + * operation. * @throws SaslEncodingException if the UTF-8 character encoding is not - * supported on this platform. + * supported on this platform. * @throws IOException if any other I/O exception occurs during the operation. */ public String getText() throws IOException { if (in.available() < 2) - { - throw new SaslEncodingException("Not enough bytes for a text in buffer"); - } + throw new SaslEncodingException("Not enough bytes for a text in buffer"); byte[] elementLengthBytes = new byte[2]; in.read(elementLengthBytes); final int elementLength = twoBytesToLength(elementLengthBytes); if (in.available() < elementLength) - { - throw new SaslEncodingException("Illegal SASL text encoding"); - } - + throw new SaslEncodingException("Illegal SASL text encoding"); byte[] element = new byte[elementLength]; in.read(element); - return new String(element, "UTF8"); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/IntegrityException.java b/libjava/classpath/gnu/javax/crypto/sasl/IntegrityException.java index 4a56ca2d564..9b793ce3e5e 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/IntegrityException.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/IntegrityException.java @@ -46,9 +46,9 @@ import javax.security.sasl.SaslException; * processing of an <i>integrity</i> protection filter, including <i>replay * detection</i>. */ -public class IntegrityException extends SaslException +public class IntegrityException + extends SaslException { - /** * Constructs a new instance of <code>IntegrityException</code> with no * detail message. @@ -61,7 +61,7 @@ public class IntegrityException extends SaslException /** * Constructs a new instance of <code>IntegrityException</code> with the * specified detail message. - * + * * @param s the detail message. */ public IntegrityException(String s) @@ -72,7 +72,7 @@ public class IntegrityException extends SaslException /** * Constructs a new instance of <code>IntegrityException</code> with a * detailed message and a root exception. - * + * * @param s possibly null additional detail about the exception. * @param x a possibly null root exception that caused this one. */ @@ -80,4 +80,4 @@ public class IntegrityException extends SaslException { super(s, x); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/NoSuchMechanismException.java b/libjava/classpath/gnu/javax/crypto/sasl/NoSuchMechanismException.java index 65432082a4e..5b16a788ccb 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/NoSuchMechanismException.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/NoSuchMechanismException.java @@ -44,19 +44,19 @@ import javax.security.sasl.SaslException; * A checked exception thrown to indicate that a designated SASL mechanism * implementation was not found. */ -public class NoSuchMechanismException extends SaslException +public class NoSuchMechanismException + extends SaslException { - /** * Constructs a <code>NoSuchMechanismException</code> with the specified * detail message. In the case of this exception, the detail message * designates the offending mechanism name. - * + * * @param arg the detail message, which in this case is the offending - * mechanism name. + * mechanism name. */ public NoSuchMechanismException(String arg) { super(arg); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/NoSuchUserException.java b/libjava/classpath/gnu/javax/crypto/sasl/NoSuchUserException.java index fe362c74261..387339f6009 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/NoSuchUserException.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/NoSuchUserException.java @@ -44,9 +44,9 @@ import javax.security.sasl.AuthenticationException; * A checked exception thrown to indicate that a designated user is unknown to * the authentication layer. */ -public class NoSuchUserException extends AuthenticationException +public class NoSuchUserException + extends AuthenticationException { - /** Constructs a <code>NoSuchUserException</code> with no detail message. */ public NoSuchUserException() { @@ -55,9 +55,9 @@ public class NoSuchUserException extends AuthenticationException /** * Constructs a <code>NoSuchUserException</code> with the specified detail - * message. In the case of this exception, the detail message designates - * the offending username. - * + * message. In the case of this exception, the detail message designates the + * offending username. + * * @param arg the detail message, which in this case is the username. */ public NoSuchUserException(String arg) diff --git a/libjava/classpath/gnu/javax/crypto/sasl/OutputBuffer.java b/libjava/classpath/gnu/javax/crypto/sasl/OutputBuffer.java index d219e7e9f0e..92e34dfbfe7 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/OutputBuffer.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/OutputBuffer.java @@ -46,31 +46,25 @@ import java.io.IOException; import java.math.BigInteger; /** - * <p>The implementation of an outgoing SASL buffer.</p> - * - * <p>The data elements this class caters for are described in [1].</p> - * - * <p>References:</p> + * The implementation of an outgoing SASL buffer. + * <p> + * The data elements this class caters for are described in [1]. + * <p> + * References: * <ol> - * <li><a href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> - * Secure Remote Password Authentication Mechanism</a>;<br/> - * draft-burdis-cat-srp-sasl-09,<br/> - * <a href="mailto:keith@rucus.ru.ac.za">Keith Burdis</a> and - * <a href="mailto:raif@forge.com.au">Raïf S. Naffah</a>.</li> + * <li><a + * href="http://www.ietf.org/internet-drafts/draft-burdis-cat-srp-sasl-09.txt"> + * Secure Remote Password Authentication Mechanism</a>;<br/> + * draft-burdis-cat-srp-sasl-09,<br/> <a + * href="mailto:keith@rucus.ru.ac.za">Keith Burdis</a> and <a + * href="mailto:raif@forge.com.au">Raïf S. Naffah</a>.</li> * </ol> */ public class OutputBuffer { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The internal output stream. */ private ByteArrayOutputStream out; - // Constructor(s) - // ------------------------------------------------------------------------- - public OutputBuffer() { super(); @@ -78,16 +72,10 @@ public class OutputBuffer out = new ByteArrayOutputStream(); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Encodes a SASL scalar quantity, <code>count</code>-octet long, to the - * current buffer.</p> - * + * Encodes a SASL scalar quantity, <code>count</code>-octet long, to the + * current buffer. + * * @param count number of octets to encode <code>b</code> with. * @param b the scalar quantity. * @throws SaslEncodingException if an encoding size constraint is violated. @@ -96,21 +84,17 @@ public class OutputBuffer public void setScalar(int count, int b) throws IOException { if (count < 0 || count > 4) - { - throw new SaslEncodingException("Invalid SASL scalar octet count: " - + String.valueOf(count)); - } + throw new SaslEncodingException("Invalid SASL scalar octet count: " + + String.valueOf(count)); byte[] element = new byte[count]; for (int i = count; --i >= 0; b >>>= 8) - { - element[i] = (byte) b; - } + element[i] = (byte) b; out.write(element); } /** - * <p>Encodes a SASL OS to the current buffer.</p> - * + * Encodes a SASL OS to the current buffer. + * * @param b the OS element. * @throws SaslEncodingException if an encoding size constraint is violated. * @throws IOException if any other I/O exception occurs during the operation. @@ -119,16 +103,14 @@ public class OutputBuffer { final int length = b.length; if (length > Registry.SASL_ONE_BYTE_MAX_LIMIT) - { - throw new SaslEncodingException("SASL octet-sequence too long"); - } + throw new SaslEncodingException("SASL octet-sequence too long"); out.write(length & 0xFF); out.write(b); } /** - * <p>Encodes a SASL EOS to the current buffer.</p> - * + * Encodes a SASL EOS to the current buffer. + * * @param b the EOS element. * @throws SaslEncodingException if an encoding size constraint is violated. * @throws IOException if any other I/O exception occurs during the operation. @@ -137,17 +119,15 @@ public class OutputBuffer { final int length = b.length; if (length > Registry.SASL_TWO_BYTE_MAX_LIMIT) - { - throw new SaslEncodingException("SASL extended octet-sequence too long"); - } - byte[] lengthBytes = { (byte) (length >>> 8), (byte) length }; + throw new SaslEncodingException("SASL extended octet-sequence too long"); + byte[] lengthBytes = { (byte)(length >>> 8), (byte) length }; out.write(lengthBytes); out.write(b); } /** - * <p>Encodes a SASL MPI to the current buffer.</p> - * + * Encodes a SASL MPI to the current buffer. + * * @param val the MPI element. * @throws SaslEncodingException if an encoding size constraint is violated. * @throws IOException if any other I/O exception occurs during the operation. @@ -157,21 +137,19 @@ public class OutputBuffer byte[] b = Util.trim(val); final int length = b.length; if (length > Registry.SASL_TWO_BYTE_MAX_LIMIT) - { - throw new SaslEncodingException("SASL multi-precision integer too long"); - } - byte[] lengthBytes = { (byte) (length >>> 8), (byte) length }; + throw new SaslEncodingException("SASL multi-precision integer too long"); + byte[] lengthBytes = { (byte)(length >>> 8), (byte) length }; out.write(lengthBytes); out.write(b); } /** - * <p>Encodes a SASL Text to the current buffer.</p> - * + * Encodes a SASL Text to the current buffer. + * * @param str the Text element. * @throws SaslEncodingException if an encoding size constraint is violated. * @throws SaslEncodingException if the UTF-8 encoding is not supported on - * this platform. + * this platform. * @throws IOException if any other I/O exception occurs during the operation. */ public void setText(String str) throws IOException @@ -179,18 +157,16 @@ public class OutputBuffer byte[] b = str.getBytes("UTF8"); final int length = b.length; if (length > Registry.SASL_TWO_BYTE_MAX_LIMIT) - { - throw new SaslEncodingException("SASL text too long"); - } - byte[] lengthBytes = { (byte) (length >>> 8), (byte) length }; + throw new SaslEncodingException("SASL text too long"); + byte[] lengthBytes = { (byte)(length >>> 8), (byte) length }; out.write(lengthBytes); out.write(b); } /** - * <p>Returns the encoded form of the current buffer including the 4-byte - * length header.</p> - * + * Returns the encoded form of the current buffer including the 4-byte length + * header. + * * @throws SaslEncodingException if an encoding size constraint is violated. */ public byte[] encode() throws SaslEncodingException @@ -198,28 +174,25 @@ public class OutputBuffer byte[] buffer = wrap(); final int length = buffer.length; byte[] result = new byte[length + 4]; - result[0] = (byte) (length >>> 24); - result[1] = (byte) (length >>> 16); - result[2] = (byte) (length >>> 8); + result[0] = (byte)(length >>> 24); + result[1] = (byte)(length >>> 16); + result[2] = (byte)(length >>> 8); result[3] = (byte) length; System.arraycopy(buffer, 0, result, 4, length); - return result; } /** - * <p>Returns the encoded form of the current buffer excluding the 4-byte - * length header.</p> - * + * Returns the encoded form of the current buffer excluding the 4-byte length + * header. + * * @throws SaslEncodingException if an encoding size constraint is violated. */ public byte[] wrap() throws SaslEncodingException { final int length = out.size(); if (length > Registry.SASL_BUFFER_MAX_LIMIT || length < 0) - { - throw new SaslEncodingException("SASL buffer too long"); - } + throw new SaslEncodingException("SASL buffer too long"); return out.toByteArray(); } } diff --git a/libjava/classpath/gnu/javax/crypto/sasl/SaslEncodingException.java b/libjava/classpath/gnu/javax/crypto/sasl/SaslEncodingException.java index 9f4c59f1c2b..f6a74641dd2 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/SaslEncodingException.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/SaslEncodingException.java @@ -44,9 +44,9 @@ import javax.security.sasl.SaslException; * A checked exception, thrown when an exception occurs while decoding a SASL * buffer and/or a SASL data element from/to a buffer. */ -public class SaslEncodingException extends SaslException +public class SaslEncodingException + extends SaslException { - /** Constructs a <code>SaslEncodingException</code> with no detail message. */ public SaslEncodingException() { @@ -56,11 +56,11 @@ public class SaslEncodingException extends SaslException /** * Constructs a <code>SaslEncodingException</code> with the specified detail * message. - * + * * @param s the detail message. */ public SaslEncodingException(String s) { super(s); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/SaslInputStream.java b/libjava/classpath/gnu/javax/crypto/sasl/SaslInputStream.java index 57eb2b5c52d..d127bf5ba22 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/SaslInputStream.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/SaslInputStream.java @@ -38,12 +38,13 @@ exception statement from your version. */ package gnu.javax.crypto.sasl; +import gnu.java.security.Configuration; import gnu.java.security.util.Util; +import java.io.IOException; import java.io.InputStream; import java.io.InterruptedIOException; -import java.io.IOException; -import java.io.PrintWriter; +import java.util.logging.Logger; import javax.security.sasl.Sasl; import javax.security.sasl.SaslClient; @@ -53,55 +54,24 @@ import javax.security.sasl.SaslServer; * An input stream that uses either a {@link SaslClient} or a {@link SaslServer} * to process the data through these entities' security layer filter(s). */ -public class SaslInputStream extends InputStream +public class SaslInputStream + extends InputStream { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SaslOutputStream"; - - private static final String ERROR = "ERROR"; - - private static final String WARN = " WARN"; - - // private static final String INFO = " INFO"; - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String level, Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SaslInputStream.class.getName()); private SaslClient client; - private SaslServer server; - private int maxRawSendSize; - private InputStream source; - private byte[] internalBuf; - // Constructor(s) - // ------------------------------------------------------------------------- - public SaslInputStream(SaslClient client, InputStream source) throws IOException { super(); this.client = client; - maxRawSendSize = Integer.parseInt((String) client.getNegotiatedProperty(Sasl.RAW_SEND_SIZE)); + String size = (String) client.getNegotiatedProperty(Sasl.RAW_SEND_SIZE); + maxRawSendSize = Integer.parseInt(size); server = null; this.source = source; } @@ -112,19 +82,12 @@ public class SaslInputStream extends InputStream super(); this.server = server; - maxRawSendSize = Integer.parseInt((String) server.getNegotiatedProperty(Sasl.RAW_SEND_SIZE)); + String size = (String) server.getNegotiatedProperty(Sasl.RAW_SEND_SIZE); + maxRawSendSize = Integer.parseInt(size); client = null; this.source = source; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // Overloaded java.io.InputStream methods ---------------------------------- - public int available() throws IOException { return (internalBuf == null) ? 0 : internalBuf.length; @@ -136,25 +99,25 @@ public class SaslInputStream extends InputStream } /** - * <p>Reads the next byte of data from the input stream. The value byte is + * Reads the next byte of data from the input stream. The value byte is * returned as an <code>int</code> in the range <code>0</code> to * <code>255</code>. If no byte is available because the end of the stream * has been reached, the value <code>-1</code> is returned. This method - * blocks until input data is available, the end of the stream is detected, - * or an exception is thrown.</p> - * - * <p>From a SASL mechanism provider's perspective, if a security layer has - * been negotiated, the underlying <i>source</i> is expected to contain SASL + * blocks until input data is available, the end of the stream is detected, or + * an exception is thrown. + * <p> + * From a SASL mechanism provider's perspective, if a security layer has been + * negotiated, the underlying <i>source</i> is expected to contain SASL * buffers, as defined in RFC 2222. Four octets in network byte order in the * front of each buffer identify the length of the buffer. The provider is * responsible for performing any integrity checking or other processing on * the buffer before returning the data as a stream of octets. For example, * the protocol driver's request for a single octet from the stream might; * i.e. an invocation of this method, may result in an entire SASL buffer - * being read and processed before that single octet can be returned.</p> - * - * @return the next byte of data, or <code>-1</code> if the end of the stream - * is reached. + * being read and processed before that single octet can be returned. + * + * @return the next byte of data, or <code>-1</code> if the end of the + * stream is reached. * @throws IOException if an I/O error occurs. */ public int read() throws IOException @@ -168,7 +131,6 @@ public class SaslInputStream extends InputStream else { byte[] tmp = new byte[internalBuf.length - 1]; - // System.arraycopy(internalBuf, 0, tmp, 0, tmp.length); System.arraycopy(internalBuf, 1, tmp, 0, tmp.length); internalBuf = tmp; } @@ -179,94 +141,83 @@ public class SaslInputStream extends InputStream int check = read(buf); result = (check > 0) ? (buf[0] & 0xFF) : -1; } - return result; } /** - * <p>Reads up to <code>len</code> bytes of data from the underlying - * <i>source</i> input stream into an array of bytes. An attempt is made to - * read as many as <code>len</code> bytes, but a smaller number may be read, - * possibly zero. The number of bytes actually read is returned as an - * integer.</p> - * - * <p>This method blocks until input data is available, end of file is - * detected, or an exception is thrown.</p> - * - * <p>If <code>b</code> is <code>null</code>, a {@link NullPointerException} is - * thrown.</p> - * - * <p>If <code>off</code> is negative, or <code>len</code> is negative, or - * <code>off+len</code> is greater than the length of the array <code>b</code>, - * then an {@link IndexOutOfBoundsException} is thrown.</p> - * - * <p>If <code>len</code> is zero, then no bytes are read and <code>0</code> + * Reads up to <code>len</code> bytes of data from the underlying <i>source</i> + * input stream into an array of bytes. An attempt is made to read as many as + * <code>len</code> bytes, but a smaller number may be read, possibly zero. + * The number of bytes actually read is returned as an integer. + * <p> + * This method blocks until input data is available, end of file is detected, + * or an exception is thrown. + * <p> + * If <code>b</code> is <code>null</code>, a {@link NullPointerException} + * is thrown. + * <p> + * If <code>off</code> is negative, or <code>len</code> is negative, or + * <code>off+len</code> is greater than the length of the array + * <code>b</code>, then an {@link IndexOutOfBoundsException} is thrown. + * <p> + * If <code>len</code> is zero, then no bytes are read and <code>0</code> * is returned; otherwise, there is an attempt to read at least one byte. If * no byte is available because the stream is at end of file, the value * <code>-1</code> is returned; otherwise, at least one byte is read and - * stored into <code>b</code>.</p> - * - * <p>The first byte read is stored into element <code>b[off]</code>, the - * next one into <code>b[off+1]</code>, and so on. The number of bytes read - * is, at most, equal to <code>len</code>. Let <code>k</code> be the number + * stored into <code>b</code>. + * <p> + * The first byte read is stored into element <code>b[off]</code>, the next + * one into <code>b[off+1]</code>, and so on. The number of bytes read is, + * at most, equal to <code>len</code>. Let <code>k</code> be the number * of bytes actually read; these bytes will be stored in elements * <code>b[off]</code> through <code>b[off+k-1]</code>, leaving elements - * <code>b[off+k]</code> through <code>b[off+len-1]</code> unaffected.</p> - * - * <p>In every case, elements <code>b[0]</code> through <code>b[off]</code> + * <code>b[off+k]</code> through <code>b[off+len-1]</code> unaffected. + * <p> + * In every case, elements <code>b[0]</code> through <code>b[off]</code> * and elements <code>b[off+len]</code> through <code>b[b.length-1]</code> - * are unaffected.</p> - * - * <p>If the first byte cannot be read for any reason other than end of file, - * then an {@link IOException} is thrown. In particular, an {@link IOException} - * is thrown if the input stream has been closed.</p> - * - * <p>From the SASL mechanism provider's perspective, if a security layer has + * are unaffected. + * <p> + * If the first byte cannot be read for any reason other than end of file, + * then an {@link IOException} is thrown. In particular, an + * {@link IOException} is thrown if the input stream has been closed. + * <p> + * From the SASL mechanism provider's perspective, if a security layer has * been negotiated, the underlying <i>source</i> is expected to contain SASL * buffers, as defined in RFC 2222. Four octets in network byte order in the * front of each buffer identify the length of the buffer. The provider is * responsible for performing any integrity checking or other processing on * the buffer before returning the data as a stream of octets. The protocol * driver's request for a single octet from the stream might result in an - * entire SASL buffer being read and processed before that single octet can - * be returned.</p> - * + * entire SASL buffer being read and processed before that single octet can be + * returned. + * * @param b the buffer into which the data is read. * @param off the start offset in array <code>b</code> at which the data is - * wricodeen. + * wricodeen. * @param len the maximum number of bytes to read. * @return the total number of bytes read into the buffer, or <code>-1</code> - * if there is no more data because the end of the stream has been reached. + * if there is no more data because the end of the stream has been + * reached. * @throws IOException if an I/O error occurs. */ public int read(byte[] b, int off, int len) throws IOException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> read(b, " + String.valueOf(off) + ", " - + String.valueOf(len) + ")"); - - if (b == null) - { - throw new NullPointerException("b"); - } + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "read", new Object[] { + b, Integer.valueOf(off), Integer.valueOf(len) + }); if ((off < 0) || (off > b.length) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0)) - { - throw new IndexOutOfBoundsException("off=" + String.valueOf(off) - + ", len=" + String.valueOf(len) - + ", b.length=" - + String.valueOf(b.length)); - } + throw new IndexOutOfBoundsException("off=" + off + ", len=" + len + + ", b.length=" + b.length); if (len == 0) { - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> 0"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "read", Integer.valueOf(0)); return 0; } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Available: " + String.valueOf(available())); - + if (Configuration.DEBUG) + log.finer("Available: " + available()); int result = 0; if (internalBuf == null || internalBuf.length < 1) try @@ -274,24 +225,26 @@ public class SaslInputStream extends InputStream internalBuf = readSaslBuffer(); if (internalBuf == null) { - if (DEBUG && debuglevel > 4) - debug(WARN, "Underlying stream empty. Returning -1"); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> -1"); + if (Configuration.DEBUG) + { + log.finer("Underlying stream empty. Returning -1"); + log.exiting(this.getClass().getName(), "read", + Integer.valueOf(-1)); + } return -1; } } catch (InterruptedIOException x) { - if (DEBUG && debuglevel > 6) - debug(TRACE, x); - if (DEBUG && debuglevel > 4) - debug(WARN, "Reading thread was interrupted. Returning -1"); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> -1"); + if (Configuration.DEBUG) + { + log.finer("Reading thread was interrupted. Returning -1"); + log.throwing(this.getClass().getName(), "read", x); + log.exiting(this.getClass().getName(), "read", + Integer.valueOf(-1)); + } return -1; } - if (len <= internalBuf.length) { result = len; @@ -311,10 +264,8 @@ public class SaslInputStream extends InputStream result = internalBuf.length; System.arraycopy(internalBuf, 0, b, off, result); internalBuf = null; - off += result; len -= result; - int remaining; // count of bytes remaining in buffer after an iteration int delta; // count of bytes moved to b after an iteration int datalen; @@ -328,13 +279,11 @@ public class SaslInputStream extends InputStream data = readSaslBuffer(); if (data == null) { - if (DEBUG && debuglevel > 4) - debug(WARN, "Underlying stream exhausted. Breaking..."); + if (Configuration.DEBUG) + log.finer("Underlying stream exhausted. Breaking..."); break; } - datalen = data.length; - // copy [part of] the result to b remaining = (datalen <= len) ? 0 : datalen - len; delta = datalen - remaining; @@ -344,7 +293,6 @@ public class SaslInputStream extends InputStream internalBuf = new byte[remaining]; System.arraycopy(data, delta, internalBuf, 0, remaining); } - // update off, result and len off += delta; result += delta; @@ -352,36 +300,32 @@ public class SaslInputStream extends InputStream } else { // nothing much we can do except return what we have - if (DEBUG && debuglevel > 4) - debug(WARN, - "Not enough bytes in source to read a buffer. Breaking..."); + if (Configuration.DEBUG) + log.finer("Not enough bytes in source to read a buffer. Breaking..."); break; } } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Remaining: " - + (internalBuf == null ? 0 : internalBuf.length)); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> " + String.valueOf(result)); + if (Configuration.DEBUG) + { + log.finer("Remaining: " + + (internalBuf == null ? 0 : internalBuf.length)); + log.exiting(this.getClass().getName(), "read()", String.valueOf(result)); + } return result; } - // other nstance methods --------------------------------------------------- - /** * Reads a SASL buffer from the underlying source if at least 4 bytes are * available. - * + * * @return the byte[] of decoded buffer contents, or null if the underlying - * source was exhausted. + * source was exhausted. * @throws IOException if an I/O exception occurs during the operation. */ private byte[] readSaslBuffer() throws IOException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> readSaslBuffer()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "readSaslBuffer()"); int realLength; // check if we read as many bytes as we're supposed to byte[] result = new byte[4]; try @@ -389,32 +333,27 @@ public class SaslInputStream extends InputStream realLength = source.read(result); if (realLength == -1) { - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== readSaslBuffer() --> null"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "readSaslBuffer"); return null; } } catch (IOException x) { - if (DEBUG && debuglevel > 0) - debug(ERROR, x); + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "readSaslBuffer", x); throw x; } - if (realLength != 4) - { - throw new IOException("Was expecting 4 but found " - + String.valueOf(realLength)); - } - int bufferLength = result[0] << 24 | (result[1] & 0xFF) << 16 - | (result[2] & 0xFF) << 8 | (result[3] & 0xFF); - - if (DEBUG && debuglevel > 6) - debug(TRACE, "SASL buffer size: " + bufferLength); + throw new IOException("Was expecting 4 but found " + realLength); + int bufferLength = result[0] << 24 + | (result[1] & 0xFF) << 16 + | (result[2] & 0xFF) << 8 + | (result[3] & 0xFF); + if (Configuration.DEBUG) + log.finer("SASL buffer size: " + bufferLength); if (bufferLength > maxRawSendSize || bufferLength < 0) - { - throw new SaslEncodingException("SASL buffer (security layer) too long"); - } + throw new SaslEncodingException("SASL buffer (security layer) too long"); result = new byte[bufferLength]; try @@ -423,37 +362,32 @@ public class SaslInputStream extends InputStream } catch (IOException x) { - if (DEBUG && debuglevel > 0) - debug(ERROR, x); + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "readSaslBuffer", x); throw x; } - if (realLength != bufferLength) - throw new IOException("Was expecting " + String.valueOf(bufferLength) - + " but found " + String.valueOf(realLength)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (before security) (hex): " - + Util.dumpString(result)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (before security) (str): \"" - + new String(result) + "\""); - - if (client != null) + throw new IOException("Was expecting " + bufferLength + " but found " + + realLength); + if (Configuration.DEBUG) { - result = client.unwrap(result, 0, realLength); + log.finer("Incoming buffer (before security) (hex): " + + Util.dumpString(result)); + log.finer("Incoming buffer (before security) (str): \"" + + new String(result) + "\""); } + if (client != null) + result = client.unwrap(result, 0, realLength); else + result = server.unwrap(result, 0, realLength); + if (Configuration.DEBUG) { - result = server.unwrap(result, 0, realLength); + log.finer("Incoming buffer (after security) (hex): " + + Util.dumpString(result)); + log.finer("Incoming buffer (after security) (str): \"" + + new String(result) + "\""); + log.exiting(this.getClass().getName(), "readSaslBuffer"); } - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (after security) (hex): " - + Util.dumpString(result)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (after security) (str): \"" - + new String(result) + "\""); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== readSaslBuffer()"); return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/SaslOutputStream.java b/libjava/classpath/gnu/javax/crypto/sasl/SaslOutputStream.java index 6997201377a..d21f1f37ae2 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/SaslOutputStream.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/SaslOutputStream.java @@ -38,11 +38,12 @@ exception statement from your version. */ package gnu.javax.crypto.sasl; +import gnu.java.security.Configuration; import gnu.java.security.util.Util; -import java.io.OutputStream; import java.io.IOException; -import java.io.PrintWriter; +import java.io.OutputStream; +import java.util.logging.Logger; import javax.security.sasl.Sasl; import javax.security.sasl.SaslClient; @@ -52,51 +53,23 @@ import javax.security.sasl.SaslServer; * An output stream that uses either a {@link SaslClient} or a {@link SaslServer} * to process the data through these entities' security layer filter(s). */ -public class SaslOutputStream extends OutputStream +public class SaslOutputStream + extends OutputStream { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SaslOutputStream"; - - // private static final String ERROR = "ERROR"; - // private static final String WARN = " WARN"; - // private static final String INFO = " INFO"; - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String level, Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SaslOutputStream.class.getName()); private SaslClient client; - private SaslServer server; - private int maxRawSendSize; - private OutputStream dest; - // Constructor(s) - // ------------------------------------------------------------------------- - public SaslOutputStream(SaslClient client, OutputStream dest) throws IOException { super(); this.client = client; - maxRawSendSize = Integer.parseInt((String) client.getNegotiatedProperty(Sasl.RAW_SEND_SIZE)); + String size = (String) client.getNegotiatedProperty(Sasl.RAW_SEND_SIZE); + maxRawSendSize = Integer.parseInt(size); server = null; this.dest = dest; } @@ -107,17 +80,12 @@ public class SaslOutputStream extends OutputStream super(); this.server = server; - maxRawSendSize = Integer.parseInt((String) server.getNegotiatedProperty(Sasl.RAW_SEND_SIZE)); + String size = (String) server.getNegotiatedProperty(Sasl.RAW_SEND_SIZE); + maxRawSendSize = Integer.parseInt(size); client = null; this.dest = dest; } - // Class methods - // ------------------------------------------------------------------------- - - // Overloaded java.io.OutputStream methods - // ------------------------------------------------------------------------- - public void close() throws IOException { dest.flush(); @@ -148,71 +116,60 @@ public class SaslOutputStream extends OutputStream */ public void write(byte[] b, int off, int len) throws IOException { - if (b == null) - { - throw new NullPointerException("b"); - } + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "write"); if ((off < 0) || (off > b.length) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0)) - { - throw new IndexOutOfBoundsException("off=" + String.valueOf(off) - + ", len=" + String.valueOf(len) - + ", b.length=" - + String.valueOf(b.length)); - } + throw new IndexOutOfBoundsException("off=" + off + ", len=" + len + + ", b.length=" + b.length); if (len == 0) { + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "write"); return; } - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> write()"); - int chunckSize, length, chunck = 1; byte[] output = null, result; - if (DEBUG && debuglevel > 6) - debug(TRACE, "About to wrap " + String.valueOf(len) + " byte(s)..."); + if (Configuration.DEBUG) + log.finer("About to wrap " + len + " byte(s)..."); while (len > 0) { chunckSize = (len > maxRawSendSize ? maxRawSendSize : len); - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (hex): " - + Util.dumpString(b, off, chunckSize)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (str): \"" - + new String(b, off, chunckSize) + "\""); - + if (Configuration.DEBUG) + { + log.finer("Outgoing buffer (before security) (hex): " + + Util.dumpString(b, off, chunckSize)); + log.finer("Outgoing buffer (before security) (str): \"" + + new String(b, off, chunckSize) + "\""); + } if (client != null) output = client.wrap(b, off, chunckSize); else output = server.wrap(b, off, chunckSize); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (after security) (hex): " - + Util.dumpString(output)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (after security) (str): \"" - + new String(output) + "\""); - + if (Configuration.DEBUG) + { + log.finer("Outgoing buffer (after security) (hex): " + + Util.dumpString(output)); + log.finer("Outgoing buffer (after security) (str): \"" + + new String(output) + "\""); + } length = output.length; result = new byte[length + 4]; - result[0] = (byte) (length >>> 24); - result[1] = (byte) (length >>> 16); - result[2] = (byte) (length >>> 8); + result[0] = (byte)(length >>> 24); + result[1] = (byte)(length >>> 16); + result[2] = (byte)(length >>> 8); result[3] = (byte) length; System.arraycopy(output, 0, result, 4, length); - dest.write(result); - off += chunckSize; len -= chunckSize; - if (DEBUG && debuglevel > 6) - debug(TRACE, "Wrapped chunck #" + String.valueOf(chunck)); + if (Configuration.DEBUG) + log.finer("Wrapped chunck #" + chunck); chunck++; } - dest.flush(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== write()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "write"); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/SaslUtil.java b/libjava/classpath/gnu/javax/crypto/sasl/SaslUtil.java index e70312c0d4d..4b0b697fe79 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/SaslUtil.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/SaslUtil.java @@ -40,7 +40,6 @@ package gnu.javax.crypto.sasl; import gnu.java.security.util.Util; -import java.math.BigInteger; import java.security.MessageDigest; /** @@ -48,30 +47,17 @@ import java.security.MessageDigest; */ public class SaslUtil { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - private SaslUtil() { super(); } - // Class methods - // ------------------------------------------------------------------------- - public static final boolean validEmailAddress(String address) { // need to do better than this return (address.indexOf("@") != -1); } - // Visualisation methods - // ------------------------------------------------------------------------- - /** Returns the context of the designated hash as a string. */ public static final String dump(MessageDigest md) { @@ -86,4 +72,4 @@ public class SaslUtil } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/ServerFactory.java b/libjava/classpath/gnu/javax/crypto/sasl/ServerFactory.java index e9b08dbd49a..7aa37962845 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/ServerFactory.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/ServerFactory.java @@ -62,53 +62,33 @@ import javax.security.sasl.SaslServerFactory; /** * The implementation of the {@link SaslServerFactory}. */ -public class ServerFactory implements SaslServerFactory +public class ServerFactory + implements SaslServerFactory { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - public static final Set getNames() { - return Collections.unmodifiableSet(new HashSet( - Arrays.asList(getNamesInternal(null)))); + return Collections.unmodifiableSet(new HashSet(Arrays.asList(getNamesInternal(null)))); } private static final String[] getNamesInternal(Map props) { - String[] all = new String[] { Registry.SASL_SRP_MECHANISM, - Registry.SASL_CRAM_MD5_MECHANISM, - Registry.SASL_PLAIN_MECHANISM, - Registry.SASL_ANONYMOUS_MECHANISM }; - + String[] all = new String[] { + Registry.SASL_SRP_MECHANISM, + Registry.SASL_CRAM_MD5_MECHANISM, + Registry.SASL_PLAIN_MECHANISM, + Registry.SASL_ANONYMOUS_MECHANISM }; List result = new ArrayList(4); int i; for (i = 0; i < all.length;) - { - result.add(all[i++]); - } - + result.add(all[i++]); if (props == null) - { - return (String[]) result.toArray(new String[0]); // all - } - if (hasPolicy(Sasl.POLICY_PASS_CREDENTIALS, props)) - { // none - return new String[0]; - } - + return (String[]) result.toArray(new String[0]); // all + if (hasPolicy(Sasl.POLICY_PASS_CREDENTIALS, props)) // none + return new String[0]; if (hasPolicy(Sasl.POLICY_NOPLAINTEXT, props)) - { - result.remove(Registry.SASL_PLAIN_MECHANISM); - } + result.remove(Registry.SASL_PLAIN_MECHANISM); if (hasPolicy(Sasl.POLICY_NOACTIVE, props)) { result.remove(Registry.SASL_CRAM_MD5_MECHANISM); @@ -135,32 +115,19 @@ public class ServerFactory implements SaslServerFactory public static final ServerMechanism getInstance(String mechanism) { if (mechanism == null) - { - return null; - } + return null; mechanism = mechanism.trim().toUpperCase(); if (mechanism.equals(Registry.SASL_SRP_MECHANISM)) - { - return new SRPServer(); - } + return new SRPServer(); if (mechanism.equals(Registry.SASL_CRAM_MD5_MECHANISM)) - { - return new CramMD5Server(); - } + return new CramMD5Server(); if (mechanism.equals(Registry.SASL_PLAIN_MECHANISM)) - { - return new PlainServer(); - } + return new PlainServer(); if (mechanism.equals(Registry.SASL_ANONYMOUS_MECHANISM)) - { - return new AnonymousServer(); - } + return new AnonymousServer(); return null; } - // Instance methods - // ------------------------------------------------------------------------- - public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Map props, CallbackHandler cbh) throws SaslException @@ -170,13 +137,10 @@ public class ServerFactory implements SaslServerFactory { HashMap attributes = new HashMap(); if (props != null) - { - attributes.putAll(props); - } + attributes.putAll(props); attributes.put(Registry.SASL_PROTOCOL, protocol); attributes.put(Registry.SASL_SERVER_NAME, serverName); attributes.put(Registry.SASL_CALLBACK_HANDLER, cbh); - result.init(attributes); } return result; @@ -191,4 +155,4 @@ public class ServerFactory implements SaslServerFactory { return "true".equalsIgnoreCase(String.valueOf(props.get(propertyName))); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/ServerMechanism.java b/libjava/classpath/gnu/javax/crypto/sasl/ServerMechanism.java index f12a075d949..75603a14aec 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/ServerMechanism.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/ServerMechanism.java @@ -45,51 +45,36 @@ import java.util.Map; import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.Sasl; -import javax.security.sasl.SaslServer; import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; /** - * <p>A base class to facilitate implementing SASL server-side mechanisms.</p> + * A base class to facilitate implementing SASL server-side mechanisms. */ -public abstract class ServerMechanism implements SaslServer +public abstract class ServerMechanism + implements SaslServer { - - // Constants and variables - // ------------------------------------------------------------------------- - /** Name of this mechanism. */ protected String mechanism; - /** Name of protocol using this mechanism. */ protected String protocol; - /** Name of server to authenticate to. */ protected String serverName; - /** Properties of qualities desired for this mechanism. */ protected Map properties; - /** Callback handler to use with this mechanism instance. */ protected CallbackHandler handler; - /** Whether authentication phase is completed (true) or not (false). */ protected boolean complete = false; - /** The authorisation identity. */ protected String authorizationID; - /** Channel binding data to use with this mechanism instance. */ protected byte[] channelBinding; - /** The state of the authentication automaton. -1 means uninitialised. */ protected int state = -1; - /** The provider for authentication information. */ protected IAuthInfoProvider authenticator; - // Constructor(s) - // ------------------------------------------------------------------------- - protected ServerMechanism(final String mechanism) { super(); @@ -99,20 +84,10 @@ public abstract class ServerMechanism implements SaslServer this.state = -1; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods to be implemented by concrete subclasses --------------- - protected abstract void initMechanism() throws SaslException; protected abstract void resetMechanism() throws SaslException; - // javax.security.sasl.SaslServer interface implementation ----------------- - public abstract byte[] evaluateResponse(byte[] response) throws SaslException; public boolean isComplete() @@ -123,20 +98,16 @@ public abstract class ServerMechanism implements SaslServer public byte[] unwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - if (!isComplete()) - { - throw new IllegalMechanismStateException(); - } + if (! isComplete()) + throw new IllegalMechanismStateException(); return this.engineUnwrap(incoming, offset, len); } public byte[] wrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - if (!isComplete()) - { - throw new IllegalMechanismStateException(); - } + if (! isComplete()) + throw new IllegalMechanismStateException(); return this.engineWrap(outgoing, offset, len); } @@ -152,58 +123,32 @@ public abstract class ServerMechanism implements SaslServer public Object getNegotiatedProperty(final String propName) { - if (!isComplete()) - { - throw new IllegalStateException(); - } + if (! isComplete()) + throw new IllegalStateException(); if (Sasl.QOP.equals(propName)) - { - return getNegotiatedQOP(); - } + return getNegotiatedQOP(); if (Sasl.STRENGTH.equals(propName)) - { - return getNegotiatedStrength(); - } + return getNegotiatedStrength(); if (Sasl.SERVER_AUTH.equals(propName)) - { - return getNegotiatedServerAuth(); - } + return getNegotiatedServerAuth(); if (Sasl.MAX_BUFFER.equals(propName)) - { - return getNegotiatedMaxBuffer(); - } + return getNegotiatedMaxBuffer(); if (Sasl.RAW_SEND_SIZE.equals(propName)) - { - return getNegotiatedRawSendSize(); - } + return getNegotiatedRawSendSize(); if (Sasl.POLICY_NOPLAINTEXT.equals(propName)) - { - return getNegotiatedPolicyNoPlainText(); - } + return getNegotiatedPolicyNoPlainText(); if (Sasl.POLICY_NOACTIVE.equals(propName)) - { - return getNegotiatedPolicyNoActive(); - } + return getNegotiatedPolicyNoActive(); if (Sasl.POLICY_NODICTIONARY.equals(propName)) - { - return getNegotiatedPolicyNoDictionary(); - } + return getNegotiatedPolicyNoDictionary(); if (Sasl.POLICY_NOANONYMOUS.equals(propName)) - { - return getNegotiatedPolicyNoAnonymous(); - } + return getNegotiatedPolicyNoAnonymous(); if (Sasl.POLICY_FORWARD_SECRECY.equals(propName)) - { - return getNegotiatedPolicyForwardSecrecy(); - } + return getNegotiatedPolicyForwardSecrecy(); if (Sasl.POLICY_PASS_CREDENTIALS.equals(propName)) - { - return getNegotiatedPolicyPassCredentials(); - } + return getNegotiatedPolicyPassCredentials(); if (Sasl.REUSE.equals(propName)) - { - return getReuse(); - } + return getReuse(); return null; } @@ -212,8 +157,6 @@ public abstract class ServerMechanism implements SaslServer reset(); } - // other Instance methods -------------------------------------------------- - protected String getNegotiatedQOP() { return Registry.QOP_AUTH; @@ -291,30 +234,23 @@ public abstract class ServerMechanism implements SaslServer } /** - * <p>Initialises the mechanism with designated attributes. Permissible names - * and values are mechanism specific.</p> - * + * Initialises the mechanism with designated attributes. Permissible names and + * values are mechanism specific. + * * @param attributes a set of name-value pairs that describes the desired - * future behaviour of this instance. + * future behaviour of this instance. * @throws IllegalMechanismStateException if the instance is already - * initialised. + * initialised. * @throws SaslException if an exception occurs during the process. */ public void init(final Map attributes) throws SaslException { if (state != -1) - { - throw new IllegalMechanismStateException("init()"); - } - + throw new IllegalMechanismStateException("init()"); if (properties == null) - { - properties = new HashMap(); - } + properties = new HashMap(); else - { - properties.clear(); - } + properties.clear(); if (attributes != null) { protocol = (String) attributes.get(Registry.SASL_PROTOCOL); @@ -324,35 +260,24 @@ public abstract class ServerMechanism implements SaslServer properties.putAll(attributes); } else - { - handler = null; - } - + handler = null; if (protocol == null) - { - protocol = ""; - } + protocol = ""; if (serverName == null) - { - serverName = ""; - } + serverName = ""; if (authenticator != null) - { - authenticator.activate(properties); - } + authenticator.activate(properties); if (channelBinding == null) - { - channelBinding = new byte[0]; - } + channelBinding = new byte[0]; initMechanism(); complete = false; state = 0; } /** - * <p>Resets the mechanism instance for re-initialisation and use with other - * characteristics.</p> - * + * Resets the mechanism instance for re-initialisation and use with other + * characteristics. + * * @throws SaslException if an exception occurs during the process. */ public void reset() throws SaslException @@ -360,12 +285,10 @@ public abstract class ServerMechanism implements SaslServer resetMechanism(); properties.clear(); if (authenticator != null) - { - authenticator.passivate(); - } + authenticator.passivate(); protocol = serverName = null; channelBinding = null; complete = false; state = -1; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/UserAlreadyExistsException.java b/libjava/classpath/gnu/javax/crypto/sasl/UserAlreadyExistsException.java index 764a36df30e..1563be9173d 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/UserAlreadyExistsException.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/UserAlreadyExistsException.java @@ -44,9 +44,9 @@ import javax.security.sasl.SaslException; * A checked exception thrown to indicate that a designated user is already * known to the the authentication layer. */ -public class UserAlreadyExistsException extends SaslException +public class UserAlreadyExistsException + extends SaslException { - /** * Constructs a <code>UserAlreadyExistsException</code> with no detail * message. @@ -60,7 +60,7 @@ public class UserAlreadyExistsException extends SaslException * Constructs a <code>UserAlreadyExistsException</code> with the specified * detail message. In the case of this exception, the detail message * designates the offending username. - * + * * @param userName the detail message, which in this case is the username. */ public UserAlreadyExistsException(String userName) diff --git a/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousClient.java b/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousClient.java index f5b1faab299..87f5e5fb54e 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousClient.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousClient.java @@ -44,35 +44,22 @@ import gnu.javax.crypto.sasl.IllegalMechanismStateException; import java.io.UnsupportedEncodingException; +import javax.security.sasl.AuthenticationException; import javax.security.sasl.SaslClient; import javax.security.sasl.SaslException; -import javax.security.sasl.AuthenticationException; /** - * <p>The ANONYMOUS client-side mechanism.</p> + * The ANONYMOUS client-side mechanism. */ -public class AnonymousClient extends ClientMechanism implements SaslClient +public class AnonymousClient + extends ClientMechanism + implements SaslClient { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public AnonymousClient() { super(Registry.SASL_ANONYMOUS_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { } @@ -81,8 +68,6 @@ public class AnonymousClient extends ClientMechanism implements SaslClient { } - // javax.security.sasl.SaslClient interface implementation ----------------- - public boolean hasInitialResponse() { return true; @@ -99,13 +84,10 @@ public class AnonymousClient extends ClientMechanism implements SaslClient private byte[] response() throws SaslException { - if (!AnonymousUtil.isValidTraceInformation(authorizationID)) - { - throw new AuthenticationException( - "Authorisation ID is not a valid email address"); - } + if (! AnonymousUtil.isValidTraceInformation(authorizationID)) + throw new AuthenticationException( + "Authorisation ID is not a valid email address"); complete = true; - // return authorizationID.getBytes(); final byte[] result; try { @@ -117,4 +99,4 @@ public class AnonymousClient extends ClientMechanism implements SaslClient } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousServer.java b/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousServer.java index 2c10f78a78b..76456044c8f 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousServer.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousServer.java @@ -50,28 +50,15 @@ import javax.security.sasl.SaslServer; /** * The ANONYMOUS server-side mechanism. */ -public class AnonymousServer extends ServerMechanism implements SaslServer +public class AnonymousServer + extends ServerMechanism + implements SaslServer { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public AnonymousServer() { super(Registry.SASL_ANONYMOUS_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { } @@ -80,14 +67,10 @@ public class AnonymousServer extends ServerMechanism implements SaslServer { } - // javax.security.sasl.SaslServer interface implementation ----------------- - public byte[] evaluateResponse(final byte[] response) throws SaslException { if (response == null) - { - return null; - } + return null; try { authorizationID = new String(response, "UTF-8"); @@ -104,4 +87,4 @@ public class AnonymousServer extends ServerMechanism implements SaslServer authorizationID = null; throw new AuthenticationException("Invalid email address"); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousUtil.java b/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousUtil.java index 99e95eaeca0..9047ebd5c6e 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousUtil.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/anonymous/AnonymousUtil.java @@ -45,65 +45,39 @@ import gnu.javax.crypto.sasl.SaslUtil; */ public class AnonymousUtil { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial private constructor to enforce Singleton pattern. */ private AnonymousUtil() { super(); } - // Class methods - // ------------------------------------------------------------------------- - static boolean isValidTraceInformation(String traceInformation) { if (traceInformation == null) - { - return false; - } + return false; if (traceInformation.length() == 0) - { - return true; - } + return true; if (SaslUtil.validEmailAddress(traceInformation)) - { - return true; - } + return true; return isValidToken(traceInformation); } static boolean isValidToken(String token) { if (token == null) - { - return false; - } + return false; if (token.length() == 0) - { - return false; - } + return false; if (token.length() > 255) - { - return false; - } + return false; if (token.indexOf('@') != -1) - { - return false; - } + return false; for (int i = 0; i < token.length(); i++) { char c = token.charAt(i); if (c < 0x20 || c > 0x7E) - { - return false; - } + return false; } return true; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5AuthInfoProvider.java b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5AuthInfoProvider.java index cf73b6f982f..dec0366c04c 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5AuthInfoProvider.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5AuthInfoProvider.java @@ -51,44 +51,26 @@ import javax.security.sasl.AuthenticationException; /** * The CRAM-MD5 mechanism authentication information provider implementation. */ -public class CramMD5AuthInfoProvider implements IAuthInfoProvider +public class CramMD5AuthInfoProvider + implements IAuthInfoProvider { - - // Constants and variables - // ------------------------------------------------------------------------- - private PasswordFile passwordFile = null; - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-args constrcutor - // Class methods - // ------------------------------------------------------------------------- - - // IAuthInfoProvider interface implementation - // ------------------------------------------------------------------------- - public void activate(Map context) throws AuthenticationException { try { if (context == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else { String pfn = (String) context.get(CramMD5Registry.PASSWORD_FILE); if (pfn == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else - { - passwordFile = new PasswordFile(pfn); - } + passwordFile = new PasswordFile(pfn); } } catch (IOException x) @@ -105,10 +87,8 @@ public class CramMD5AuthInfoProvider implements IAuthInfoProvider public boolean contains(String userName) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("contains()", - new IllegalStateException()); - } + throw new AuthenticationException("contains()", + new IllegalStateException()); boolean result = false; try { @@ -124,18 +104,13 @@ public class CramMD5AuthInfoProvider implements IAuthInfoProvider public Map lookup(Map userID) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("lookup()", - new IllegalStateException()); - } + throw new AuthenticationException("lookup()", new IllegalStateException()); Map result = new HashMap(); try { String userName = (String) userID.get(Registry.SASL_USERNAME); if (userName == null) - { - throw new NoSuchUserException(""); - } + throw new NoSuchUserException(""); String[] data = passwordFile.lookup(userName); result.put(Registry.SASL_USERNAME, data[0]); result.put(Registry.SASL_PASSWORD, data[1]); @@ -148,9 +123,7 @@ public class CramMD5AuthInfoProvider implements IAuthInfoProvider catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("lookup()", x); } return result; @@ -159,10 +132,7 @@ public class CramMD5AuthInfoProvider implements IAuthInfoProvider public void update(Map userCredentials) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("update()", - new IllegalStateException()); - } + throw new AuthenticationException("update()", new IllegalStateException()); try { String userName = (String) userCredentials.get(Registry.SASL_USERNAME); @@ -174,9 +144,7 @@ public class CramMD5AuthInfoProvider implements IAuthInfoProvider String shell = (String) userCredentials.get(CramMD5Registry.SHELL_FIELD); if (uid == null || gid == null || gecos == null || dir == null || shell == null) - { - passwordFile.changePasswd(userName, password); - } + passwordFile.changePasswd(userName, password); else { String[] attributes = new String[] { uid, gid, gecos, dir, shell }; @@ -186,9 +154,7 @@ public class CramMD5AuthInfoProvider implements IAuthInfoProvider catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("update()", x); } } @@ -197,4 +163,4 @@ public class CramMD5AuthInfoProvider implements IAuthInfoProvider { throw new AuthenticationException("", new UnsupportedOperationException()); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Client.java b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Client.java index 094109ff9aa..c90cbe986a4 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Client.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Client.java @@ -56,25 +56,15 @@ import javax.security.sasl.SaslException; /** * The CRAM-MD5 SASL client-side mechanism. */ -public class CramMD5Client extends ClientMechanism implements SaslClient +public class CramMD5Client + extends ClientMechanism + implements SaslClient { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public CramMD5Client() { super(Registry.SASL_CRAM_MD5_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { } @@ -83,8 +73,6 @@ public class CramMD5Client extends ClientMechanism implements SaslClient { } - // javax.security.sasl.SaslClient interface implementation ----------------- - public boolean hasInitialResponse() { return false; @@ -93,30 +81,22 @@ public class CramMD5Client extends ClientMechanism implements SaslClient public byte[] evaluateChallenge(final byte[] challenge) throws SaslException { if (challenge == null) - { - throw new SaslException("null challenge"); - } + throw new SaslException("null challenge"); try { final String username; final char[] password; Callback[] callbacks; - - if ((!properties.containsKey(Registry.SASL_USERNAME)) - && (!properties.containsKey(Registry.SASL_PASSWORD))) + if ((! properties.containsKey(Registry.SASL_USERNAME)) + && (! properties.containsKey(Registry.SASL_PASSWORD))) { callbacks = new Callback[2]; - final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); final PasswordCallback pwdCB = new PasswordCallback("password: ", false); callbacks[0] = nameCB; @@ -128,47 +108,35 @@ public class CramMD5Client extends ClientMechanism implements SaslClient else { if (properties.containsKey(Registry.SASL_USERNAME)) - { - username = (String) properties.get(Registry.SASL_USERNAME); - } + username = (String) properties.get(Registry.SASL_USERNAME); else { callbacks = new Callback[1]; final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); callbacks[0] = nameCB; this.handler.handle(callbacks); username = nameCB.getName(); } if (properties.containsKey(Registry.SASL_PASSWORD)) - { - password = ((String) properties.get(Registry.SASL_PASSWORD)).toCharArray(); - } + password = ((String) properties.get(Registry.SASL_PASSWORD)).toCharArray(); else { callbacks = new Callback[1]; - final PasswordCallback pwdCB = new PasswordCallback( - "password: ", + final PasswordCallback pwdCB = new PasswordCallback("password: ", false); callbacks[0] = pwdCB; this.handler.handle(callbacks); password = pwdCB.getPassword(); } } - if (password == null) - { - throw new SaslException("null password supplied"); - } + throw new SaslException("null password supplied"); final byte[] digest; try { @@ -181,7 +149,6 @@ public class CramMD5Client extends ClientMechanism implements SaslClient final String response = username + " " + Util.toString(digest).toLowerCase(); this.complete = true; - return response.getBytes("UTF-8"); } catch (UnsupportedCallbackException x) @@ -198,4 +165,4 @@ public class CramMD5Client extends ClientMechanism implements SaslClient { return Registry.QOP_AUTH; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Registry.java b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Registry.java index 1c61cace491..bbd46a3f281 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Registry.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Registry.java @@ -45,22 +45,16 @@ public interface CramMD5Registry { /** Name of the password file (used by the server) property. */ String PASSWORD_FILE = "gnu.crypto.sasl.crammd5.password.file"; - /** Default password file (used by the server) pathname. */ String DEFAULT_PASSWORD_FILE = "/etc/passwd"; - /** Name of the UID field in the plain password file. */ String UID_FIELD = "crammd5.uid"; - /** Name of the GID field in the plain password file. */ String GID_FIELD = "crammd5.gid"; - /** Name of the GECOS field in the plain password file. */ String GECOS_FIELD = "crammd5.gecos"; - /** Name of the DIR field in the plain password file. */ String DIR_FIELD = "crammd5.dir"; - /** Name of the SHELL field in the plain password file. */ String SHELL_FIELD = "crammd5.shell"; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Server.java b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Server.java index d6622b6db4e..9be03414b66 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Server.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Server.java @@ -55,29 +55,19 @@ import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; /** - * <p>The CRAM-MD5 SASL server-side mechanism.</p> + * The CRAM-MD5 SASL server-side mechanism. */ -public class CramMD5Server extends ServerMechanism implements SaslServer +public class CramMD5Server + extends ServerMechanism + implements SaslServer { - - // Constants and variables - // ------------------------------------------------------------------------- - private byte[] msgID; - // Constructor(s) - // ------------------------------------------------------------------------- - public CramMD5Server() { super(Registry.SASL_CRAM_MD5_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { } @@ -86,8 +76,6 @@ public class CramMD5Server extends ServerMechanism implements SaslServer { } - // javax.security.sasl.SaslServer interface implementation ----------------- - public byte[] evaluateResponse(final byte[] response) throws SaslException { if (state == 0) @@ -96,7 +84,6 @@ public class CramMD5Server extends ServerMechanism implements SaslServer state++; return msgID; } - final String responseStr = new String(response); final int index = responseStr.lastIndexOf(" "); final String username = responseStr.substring(0, index); @@ -109,10 +96,8 @@ public class CramMD5Server extends ServerMechanism implements SaslServer { throw new AuthenticationException("evaluateResponse()", x); } - // Look up the password final char[] password = lookupPassword(username); - // Compute the digest byte[] digest; try @@ -125,19 +110,15 @@ public class CramMD5Server extends ServerMechanism implements SaslServer } try { - // digest = (new String(Util.toString(digest).toLowerCase())).getBytes("UTF-8"); digest = Util.toString(digest).toLowerCase().getBytes("UTF-8"); } catch (UnsupportedEncodingException x) { throw new AuthenticationException("evaluateResponse()", x); } - // Compare the received and computed digests - if (!Arrays.equals(digest, responseDigest)) - { - throw new AuthenticationException("Digest mismatch"); - } + if (! Arrays.equals(digest, responseDigest)) + throw new AuthenticationException("Digest mismatch"); state++; return null; } @@ -152,34 +133,26 @@ public class CramMD5Server extends ServerMechanism implements SaslServer return Registry.QOP_AUTH; } - // Other instance methods -------------------------------------------------- - private char[] lookupPassword(final String userName) throws SaslException { try { - if (!authenticator.contains(userName)) - { - throw new NoSuchUserException(userName); - } + if (! authenticator.contains(userName)) + throw new NoSuchUserException(userName); final Map userID = new HashMap(); userID.put(Registry.SASL_USERNAME, userName); final Map credentials = authenticator.lookup(userID); final String password = (String) credentials.get(Registry.SASL_PASSWORD); if (password == null) - { - throw new AuthenticationException("lookupPassword()", - new InternalError()); - } + throw new AuthenticationException("lookupPassword()", + new InternalError()); return password.toCharArray(); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("lookupPassword()", x); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Util.java b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Util.java index 6e753934933..2145512215a 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Util.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/CramMD5Util.java @@ -56,29 +56,17 @@ import javax.security.sasl.SaslException; */ class CramMD5Util { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - private CramMD5Util() { super(); } - // Class methods - // ------------------------------------------------------------------------- - static byte[] createMsgID() throws SaslException { - // <process-ID.clock@hostname> final String encoded; try { - encoded = Util.toBase64(Thread.currentThread().getName().getBytes( - "UTF-8")); + encoded = Util.toBase64(Thread.currentThread().getName().getBytes("UTF-8")); } catch (UnsupportedEncodingException x) { @@ -92,20 +80,15 @@ class CramMD5Util catch (UnknownHostException ignored) { } - final byte[] result; try { - result = new StringBuffer().append("<").append( - encoded.substring( - 0, - encoded.length())).append( - ".").append( - String.valueOf(System.currentTimeMillis())).append( - "@").append( - hostname).append( - ">").toString().getBytes( - "UTF-8"); + result = new StringBuffer("<") + .append(encoded.substring(0,encoded.length())) + .append(".").append(String.valueOf(System.currentTimeMillis())) + .append("@").append(hostname).append(">") + .toString() + .getBytes("UTF-8"); } catch (UnsupportedEncodingException x) { @@ -134,4 +117,4 @@ class CramMD5Util mac.update(data, 0, data.length); return mac.digest(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/PasswordFile.java b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/PasswordFile.java index 081af461521..df952111660 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/crammd5/PasswordFile.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/crammd5/PasswordFile.java @@ -59,26 +59,16 @@ import java.util.StringTokenizer; */ public class PasswordFile { - - // Constants and variables - // ------------------------------------------------------------------------- - private static String DEFAULT_FILE; static { DEFAULT_FILE = System.getProperty(CramMD5Registry.PASSWORD_FILE, CramMD5Registry.DEFAULT_PASSWORD_FILE); } - private HashMap entries; - private File passwdFile; - private long lastmod; - // Constructor(s) - // ------------------------------------------------------------------------- - public PasswordFile() throws IOException { this(DEFAULT_FILE); @@ -95,25 +85,14 @@ public class PasswordFile update(); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public synchronized void add(final String user, final String passwd, final String[] attributes) throws IOException { checkCurrent(); // check if the entry exists if (entries.containsKey(user)) - { - throw new UserAlreadyExistsException(user); - } + throw new UserAlreadyExistsException(user); if (attributes.length != 5) - { - throw new IllegalArgumentException("Wrong number of attributes"); - } - + throw new IllegalArgumentException("Wrong number of attributes"); final String[] fields = new String[7]; // create the new entry fields[0] = user; fields[1] = passwd; @@ -126,33 +105,26 @@ public class PasswordFile throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { // check if the entry exists - throw new NoSuchUserException(user); - } - - final String[] fields = (String[]) entries.get(user); // get the existing entry + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); + final String[] fields = (String[]) entries.get(user); // get existing entry fields[1] = passwd; // modify the password field entries.remove(user); // delete the existing entry entries.put(user, fields); // add the new entry - savePasswd(); } public synchronized String[] lookup(final String user) throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { - throw new NoSuchUserException(user); - } + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); return (String[]) entries.get(user); } public synchronized boolean contains(final String s) throws IOException { checkCurrent(); - return entries.containsKey(s); } @@ -165,9 +137,7 @@ public class PasswordFile private void checkCurrent() throws IOException { if (passwdFile.lastModified() > lastmod) - { - update(); - } + update(); } private synchronized void readPasswd(final InputStream in) throws IOException @@ -183,68 +153,39 @@ public class PasswordFile { fields[0] = st.nextToken(); // username st.nextToken(); - fields[1] = st.nextToken(); // passwd if (fields[1].equals(":")) - { - fields[1] = ""; - } + fields[1] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[2] = st.nextToken(); // uid if (fields[2].equals(":")) - { - fields[2] = ""; - } + fields[2] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[3] = st.nextToken(); // gid if (fields[3].equals(":")) - { - fields[3] = ""; - } + fields[3] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[4] = st.nextToken(); // gecos if (fields[4].equals(":")) - { - fields[4] = ""; - } + fields[4] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[5] = st.nextToken(); // dir if (fields[5].equals(":")) - { - fields[5] = ""; - } + fields[5] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[6] = st.nextToken(); // shell if (fields[6].equals(":")) - { - fields[6] = ""; - } + fields[6] = ""; } catch (NoSuchElementException x) { continue; } - entries.put(fields[0], fields); } } @@ -268,25 +209,21 @@ public class PasswordFile fields = (String[]) entries.get(key); sb = new StringBuffer(fields[0]); for (i = 1; i < fields.length; i++) - { - sb.append(":").append(fields[i]); - } + sb.append(":").append(fields[i]); pw.println(sb.toString()); } } finally { if (pw != null) - { - try - { - pw.flush(); - } - finally - { - pw.close(); - } - } + try + { + pw.flush(); + } + finally + { + pw.close(); + } try { fos.close(); @@ -298,4 +235,4 @@ public class PasswordFile } } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/plain/PasswordFile.java b/libjava/classpath/gnu/javax/crypto/sasl/plain/PasswordFile.java index 4ef6b8541b1..b6fb3f87ead 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/plain/PasswordFile.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/plain/PasswordFile.java @@ -38,8 +38,7 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.plain; -import gnu.classpath.SystemProperties; - +import gnu.java.security.action.GetPropertyAction; import gnu.javax.crypto.sasl.NoSuchUserException; import gnu.javax.crypto.sasl.UserAlreadyExistsException; @@ -47,41 +46,32 @@ import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; +import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.IOException; import java.io.PrintWriter; +import java.security.AccessController; import java.util.Enumeration; import java.util.Hashtable; -import java.util.StringTokenizer; import java.util.NoSuchElementException; +import java.util.StringTokenizer; /** * A representation of a Plain password file. */ public class PasswordFile { - - // Constants and variables - // ------------------------------------------------------------------------- - private static String DEFAULT_FILE; static { - DEFAULT_FILE = SystemProperties.getProperty(PlainRegistry.PASSWORD_FILE, - PlainRegistry.DEFAULT_PASSWORD_FILE); + DEFAULT_FILE = (String) AccessController.doPrivileged + (new GetPropertyAction(PlainRegistry.PASSWORD_FILE, + PlainRegistry.DEFAULT_PASSWORD_FILE)); } - private Hashtable entries; - private File passwdFile; - - // private String[] last_params; private long lastmod; - // Constructor(s) - // ------------------------------------------------------------------------- - public PasswordFile() throws IOException { this(DEFAULT_FILE); @@ -98,31 +88,20 @@ public class PasswordFile update(); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - public synchronized void add(String user, String passwd, String[] attributes) throws IOException { checkCurrent(); if (entries.containsKey(user)) - { - throw new UserAlreadyExistsException(user); - } + throw new UserAlreadyExistsException(user); if (attributes.length != 5) - { - throw new IllegalArgumentException("Wrong number of attributes"); - } + throw new IllegalArgumentException("Wrong number of attributes"); // create the new entry String[] fields = new String[7]; fields[0] = user; fields[1] = passwd; System.arraycopy(attributes, 0, fields, 2, 5); entries.put(user, fields); - savePasswd(); } @@ -130,26 +109,20 @@ public class PasswordFile throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { - throw new NoSuchUserException(user); - } - + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); String[] fields = (String[]) entries.get(user); // get the existing entry fields[1] = passwd; // modify the password field entries.remove(user); // delete the existing entry entries.put(user, fields); // add the new entry - savePasswd(); } public synchronized String[] lookup(String user) throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { - throw new NoSuchUserException(user); - } + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); return (String[]) entries.get(user); } @@ -159,8 +132,6 @@ public class PasswordFile return entries.containsKey(s); } - //----------------------------------------------------------------// - private synchronized void update() throws IOException { lastmod = passwdFile.lastModified(); @@ -170,9 +141,7 @@ public class PasswordFile private void checkCurrent() throws IOException { if (passwdFile.lastModified() > lastmod) - { - update(); - } + update(); } private synchronized void readPasswd(InputStream in) throws IOException @@ -188,68 +157,39 @@ public class PasswordFile { fields[0] = st.nextToken(); // username st.nextToken(); - fields[1] = st.nextToken(); // passwd if (fields[1].equals(":")) - { - fields[1] = ""; - } + fields[1] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[2] = st.nextToken(); // uid if (fields[2].equals(":")) - { - fields[2] = ""; - } + fields[2] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[3] = st.nextToken(); // gid if (fields[3].equals(":")) - { - fields[3] = ""; - } + fields[3] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[4] = st.nextToken(); // gecos if (fields[4].equals(":")) - { - fields[4] = ""; - } + fields[4] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[5] = st.nextToken(); // dir if (fields[5].equals(":")) - { - fields[5] = ""; - } + fields[5] = ""; else - { - st.nextToken(); - } - + st.nextToken(); fields[6] = st.nextToken(); // shell if (fields[6].equals(":")) - { - fields[6] = ""; - } + fields[6] = ""; } catch (NoSuchElementException ignored) { continue; } - entries.put(fields[0], fields); } } @@ -273,37 +213,31 @@ public class PasswordFile fields = (String[]) entries.get(key); sb = new StringBuffer(fields[0]); for (int i = 1; i < fields.length; i++) - { - sb.append(":" + fields[i]); - } + sb.append(":" + fields[i]); pw.println(sb.toString()); } } finally { if (pw != null) - { - try - { - pw.flush(); - } - finally - { - pw.close(); - } - } + try + { + pw.flush(); + } + finally + { + pw.close(); + } if (fos != null) - { - try - { - fos.close(); - } - catch (IOException ignored) - { - } - } + try + { + fos.close(); + } + catch (IOException ignored) + { + } lastmod = passwdFile.lastModified(); } } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainAuthInfoProvider.java b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainAuthInfoProvider.java index 9882ce9bb48..e0cf82fb60c 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainAuthInfoProvider.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainAuthInfoProvider.java @@ -51,44 +51,26 @@ import javax.security.sasl.AuthenticationException; /** * The PLAIN mechanism authentication information provider implementation. */ -public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry +public class PlainAuthInfoProvider + implements IAuthInfoProvider, PlainRegistry { - - // Constants and variables - // ------------------------------------------------------------------------- - private PasswordFile passwordFile = null; - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-args constrcutor - // Class methods - // ------------------------------------------------------------------------- - - // IAuthInfoProvider interface implementation - // ------------------------------------------------------------------------- - public void activate(Map context) throws AuthenticationException { try { if (context == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else { String pfn = (String) context.get(PASSWORD_FILE); if (pfn == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else - { - passwordFile = new PasswordFile(pfn); - } + passwordFile = new PasswordFile(pfn); } } catch (IOException x) @@ -105,10 +87,8 @@ public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry public boolean contains(String userName) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("contains()", - new IllegalStateException()); - } + throw new AuthenticationException("contains()", + new IllegalStateException()); boolean result = false; try { @@ -124,18 +104,13 @@ public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry public Map lookup(Map userID) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("lookup()", - new IllegalStateException()); - } + throw new AuthenticationException("lookup()", new IllegalStateException()); Map result = new HashMap(); try { String userName = (String) userID.get(Registry.SASL_USERNAME); if (userName == null) - { - throw new NoSuchUserException(""); - } + throw new NoSuchUserException(""); String[] data = passwordFile.lookup(userName); result.put(Registry.SASL_USERNAME, data[0]); result.put(Registry.SASL_PASSWORD, data[1]); @@ -148,13 +123,8 @@ public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } - else - { - throw new AuthenticationException("lookup()", x); - } + throw (AuthenticationException) x; + throw new AuthenticationException("lookup()", x); } return result; } @@ -162,10 +132,7 @@ public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry public void update(Map userCredentials) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("update()", - new IllegalStateException()); - } + throw new AuthenticationException("update()", new IllegalStateException()); try { String userName = (String) userCredentials.get(Registry.SASL_USERNAME); @@ -177,9 +144,7 @@ public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry String shell = (String) userCredentials.get(SHELL_FIELD); if (uid == null || gid == null || gecos == null || dir == null || shell == null) - { - passwordFile.changePasswd(userName, password); - } + passwordFile.changePasswd(userName, password); else { String[] attributes = new String[] { uid, gid, gecos, dir, shell }; @@ -189,13 +154,8 @@ public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } - else - { - throw new AuthenticationException("update()", x); - } + throw (AuthenticationException) x; + throw new AuthenticationException("update()", x); } } @@ -203,4 +163,4 @@ public class PlainAuthInfoProvider implements IAuthInfoProvider, PlainRegistry { throw new AuthenticationException("", new UnsupportedOperationException()); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainClient.java b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainClient.java index 066db377054..5c60578db67 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainClient.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainClient.java @@ -48,30 +48,17 @@ import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; /** - * <p>The PLAIN SASL client-side mechanism.</p> + * The PLAIN SASL client-side mechanism. */ -public class PlainClient extends ClientMechanism implements SaslClient +public class PlainClient + extends ClientMechanism + implements SaslClient { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public PlainClient() { super(Registry.SASL_PLAIN_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { } @@ -80,8 +67,6 @@ public class PlainClient extends ClientMechanism implements SaslClient { } - // javax.security.sasl.SaslClient interface implementation ----------------- - public boolean hasInitialResponse() { return true; @@ -94,22 +79,16 @@ public class PlainClient extends ClientMechanism implements SaslClient final String username; final char[] password; Callback[] callbacks; - - if ((!properties.containsKey(Registry.SASL_USERNAME)) - && (!properties.containsKey(Registry.SASL_PASSWORD))) + if ((! properties.containsKey(Registry.SASL_USERNAME)) + && (! properties.containsKey(Registry.SASL_PASSWORD))) { callbacks = new Callback[2]; - final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); final PasswordCallback pwdCB = new PasswordCallback("password: ", false); callbacks[0] = nameCB; @@ -121,67 +100,49 @@ public class PlainClient extends ClientMechanism implements SaslClient else { if (properties.containsKey(Registry.SASL_USERNAME)) - { - username = (String) properties.get(Registry.SASL_USERNAME); - } + username = (String) properties.get(Registry.SASL_USERNAME); else { callbacks = new Callback[1]; final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); callbacks[0] = nameCB; this.handler.handle(callbacks); username = nameCB.getName(); } - if (properties.containsKey(Registry.SASL_PASSWORD)) - { - password = ((String) properties.get(Registry.SASL_PASSWORD)).toCharArray(); - } + password = ((String) properties.get(Registry.SASL_PASSWORD)).toCharArray(); else { callbacks = new Callback[1]; - final PasswordCallback pwdCB = new PasswordCallback( - "password: ", + final PasswordCallback pwdCB = new PasswordCallback("password: ", false); callbacks[0] = pwdCB; this.handler.handle(callbacks); password = pwdCB.getPassword(); } } - if (password == null) - { - throw new SaslException("null password supplied"); - } + throw new SaslException("null password supplied"); final StringBuffer sb = new StringBuffer(); if (authorizationID != null) - { - sb.append(authorizationID); - } + sb.append(authorizationID); sb.append('\0'); sb.append(username); sb.append('\0'); sb.append(password); this.complete = true; - final byte[] response = sb.toString().getBytes("UTF-8"); return response; } catch (Exception x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("evaluateChallenge()", x); } } @@ -190,4 +151,4 @@ public class PlainClient extends ClientMechanism implements SaslClient { return Registry.QOP_AUTH; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainRegistry.java b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainRegistry.java index 0b48c0ad30d..84e17605345 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainRegistry.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainRegistry.java @@ -40,28 +40,18 @@ package gnu.javax.crypto.sasl.plain; public interface PlainRegistry { - - // Constants - // ------------------------------------------------------------------------- - /** Name of PLAIN password file property. */ String PASSWORD_FILE = "gnu.crypto.sasl.plain.password.file"; - /** Default fully qualified pathname of the PLAIN password file. */ String DEFAULT_PASSWORD_FILE = "/etc/tpasswd"; - /** Name of the UID field in the plain password file. */ String UID_FIELD = "plain.uid"; - /** Name of the GID field in the plain password file. */ String GID_FIELD = "plain.gid"; - /** Name of the GECOS field in the plain password file. */ String GECOS_FIELD = "plain.gecos"; - /** Name of the DIR field in the plain password file. */ String DIR_FIELD = "plain.dir"; - /** Name of the SHELL field in the plain password file. */ String SHELL_FIELD = "plain.shell"; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainServer.java b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainServer.java index 20568847303..52deef51ee9 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainServer.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/plain/PlainServer.java @@ -54,30 +54,17 @@ import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; /** - * <p>The PLAIN SASL server-side mechanism.</p> + * The PLAIN SASL server-side mechanism. */ -public class PlainServer extends ServerMechanism implements SaslServer +public class PlainServer + extends ServerMechanism + implements SaslServer { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - public PlainServer() { super(Registry.SASL_PLAIN_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { } @@ -86,43 +73,27 @@ public class PlainServer extends ServerMechanism implements SaslServer { } - // javax.security.sasl.SaslServer interface implementation ----------------- - public byte[] evaluateResponse(final byte[] response) throws SaslException { if (response == null) - { - return null; - } + return null; try { final String nullStr = new String("\0"); - final StringTokenizer strtok = new StringTokenizer( - new String(response), + final StringTokenizer strtok = new StringTokenizer(new String(response), nullStr, true); - authorizationID = strtok.nextToken(); - if (!authorizationID.equals(nullStr)) - { - strtok.nextToken(); - } + if (! authorizationID.equals(nullStr)) + strtok.nextToken(); else - { - authorizationID = null; - } + authorizationID = null; final String id = strtok.nextToken(); if (id.equals(nullStr)) - { - throw new SaslException("No identity given"); - } + throw new SaslException("No identity given"); if (authorizationID == null) - { - authorizationID = id; - } - if ((!authorizationID.equals(nullStr)) && (!authorizationID.equals(id))) - { - throw new SaslException("Delegation not supported"); - } + authorizationID = id; + if ((! authorizationID.equals(nullStr)) && (! authorizationID.equals(id))) + throw new SaslException("Delegation not supported"); strtok.nextToken(); final byte[] pwd; try @@ -134,9 +105,7 @@ public class PlainServer extends ServerMechanism implements SaslServer throw new SaslException("evaluateResponse()", x); } if (pwd == null) - { - throw new SaslException("No password given"); - } + throw new SaslException("No password given"); final byte[] password; try { @@ -146,10 +115,8 @@ public class PlainServer extends ServerMechanism implements SaslServer { throw new SaslException("evaluateResponse()", x); } - if (!Arrays.equals(pwd, password)) - { - throw new SaslException("Password incorrect"); - } + if (! Arrays.equals(pwd, password)) + throw new SaslException("Password incorrect"); this.complete = true; return null; } @@ -164,33 +131,25 @@ public class PlainServer extends ServerMechanism implements SaslServer return Registry.QOP_AUTH; } - // other methods ----------------------------------------------------------- - private char[] lookupPassword(final String userName) throws SaslException { try { - if (!authenticator.contains(userName)) - { - throw new NoSuchUserException(userName); - } + if (! authenticator.contains(userName)) + throw new NoSuchUserException(userName); final Map userID = new HashMap(); userID.put(Registry.SASL_USERNAME, userName); final Map credentials = authenticator.lookup(userID); final String password = (String) credentials.get(Registry.SASL_PASSWORD); if (password == null) - { - throw new SaslException("lookupPassword()", new InternalError()); - } + throw new SaslException("lookupPassword()", new InternalError()); return password.toCharArray(); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("lookupPassword()", x); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java index 6215783d6a9..308543230b5 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java @@ -58,65 +58,55 @@ import java.util.HashMap; import javax.security.sasl.SaslException; /** - * <p>A Factory class that returns CALG (Confidentiality Algorithm) instances - * that operate as described in the draft-burdis-cat-sasl-srp-08.</p> - * - * <p>The designated CALG block cipher should be used in OFB (Output Feedback + * A Factory class that returns CALG (Confidentiality Algorithm) instances that + * operate as described in the draft-burdis-cat-sasl-srp-08. + * <p> + * The designated CALG block cipher should be used in OFB (Output Feedback * Block) mode in the ISO variant, as described in <i>The Handbook of Applied - * Cryptography</i>, algorithm 7.20.</p> - * - * <p>Let <code>k</code> be the block size of the chosen symmetric key block - * cipher algorithm; e.g. for AES this is <code>128</code> bits or <code>16</code> - * octets. The OFB mode used shall be of length/size <code>k</code>.</p> - * - * <p>It is recommended that block ciphers operating in OFB mode be used with an + * Cryptography</i>, algorithm 7.20. + * <p> + * Let <code>k</code> be the block size of the chosen symmetric key block + * cipher algorithm; e.g. for AES this is <code>128</code> bits or + * <code>16</code> octets. The OFB mode used shall be of length/size + * <code>k</code>. + * <p> + * It is recommended that block ciphers operating in OFB mode be used with an * Initial Vector (the mode's IV). In such a mode of operation - OFB with key * re-use - the IV need not be secret. For the mechanism in question the IVs - * shall be a random octet sequence of <code>k</code> bytes.</p> - * - * The input data to the confidentiality protection algorithm shall be - * a multiple of the symmetric cipher block size <code>k</code>. When the input + * shall be a random octet sequence of <code>k</code> bytes. + * <p> + * The input data to the confidentiality protection algorithm shall be a + * multiple of the symmetric cipher block size <code>k</code>. When the input * length is not a multiple of <code>k</code> octets, the data shall be padded - * according to the following scheme:</p> - * - * <p>Assuming the length of the input is <code>l</code> octets, + * according to the following scheme: + * <p> + * Assuming the length of the input is <code>l</code> octets, * <code>(k - (l mod k))</code> octets, all having the value * <code>(k - (l mod k))</code>, shall be appended to the original data. In * other words, the input is padded at the trailing end with one of the - * following sequences:</p> - * + * following sequences: * <pre> - * - * 01 -- if l mod k = k-1 - * 02 02 -- if l mod k = k-2 - * ... - * ... - * ... - * k k ... k k -- if l mod k = 0 - *</pre> - * - * <p>The padding can be removed unambiguously since all input is padded and no + * + * 01 -- if l mod k = k-1 + * 02 02 -- if l mod k = k-2 + * ... + * ... + * ... + * k k ... k k -- if l mod k = 0 + * </pre> + * <p> + * The padding can be removed unambiguously since all input is padded and no * padding sequence is a suffix of another. This padding method is well-defined * if and only if <code>k < 256</code> octets, which is the case with - * symmetric key block ciphers today, and in the forseeable future.</p> + * symmetric key block ciphers today, and in the forseeable future. */ public final class CALG { - - // Constants and variables - // -------------------------------------------------------------------------- - private Assembly assembly; - private Object modeNdx; // initialisation key of the cascade's attributes - private int blockSize; // the underlying cipher's blocksize == IV length - private int keySize; // the underlying cipher's key size (in bytes). - // Constructor(s) - // -------------------------------------------------------------------------- - /** Private constructor to enforce instantiation through Factory method. */ private CALG(final int blockSize, final int keySize, final Object modeNdx, final Assembly assembly) @@ -129,12 +119,9 @@ public final class CALG this.assembly = assembly; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a SASL-SRP CALG implementation.</p> - * + * Returns an instance of a SASL-SRP CALG implementation. + * * @param algorithm the name of the symmetric cipher algorithm. * @return an instance of this object. */ @@ -144,118 +131,60 @@ public final class CALG final int blockSize = cipher.defaultBlockSize(); final int keySize = cipher.defaultKeySize(); final Cascade ofbCipher = new Cascade(); - final Object modeNdx = ofbCipher.append(Stage.getInstance( - ModeFactory.getInstance( - Registry.OFB_MODE, - cipher, - blockSize), - Direction.FORWARD)); + IMode ofbMode = ModeFactory.getInstance(Registry.OFB_MODE, + cipher, + blockSize); + Stage modeStage = Stage.getInstance(ofbMode, Direction.FORWARD); + final Object modeNdx = ofbCipher.append(modeStage); final IPad pkcs7 = PadFactory.getInstance(Registry.PKCS7_PAD); - // the passed IV may be longer that what we need. ensure correct length - // byte[] realIV = null; - // if (iv.length == blockSize) { - // realIV = iv; - // } else { - // realIV = new byte[blockSize]; - // if (iv.length > blockSize) { - // System.arraycopy(iv, 0, realIV, 0, blockSize); - // } else { // shouldnt happen - // System.arraycopy(iv, 0, realIV, 0, iv.length); - // } - // } - - // HashMap modeAttributes = new HashMap(); - // modeAttributes.put(IBlockCipher.KEY_MATERIAL, K.clone()); - // modeAttributes.put(IMode.IV, realIV); - final Assembly asm = new Assembly(); asm.addPreTransformer(Transformer.getCascadeTransformer(ofbCipher)); asm.addPreTransformer(Transformer.getPaddingTransformer(pkcs7)); - - // HashMap attributes = new HashMap(); - // attributes.put(Assembly.DIRECTION, dir); - // attributes.put(modeNdx, modeAttributes); - // try { - // asm.init(attributes); - // } catch (TransformerException x) { - // throw new SaslException("getInstance()", x); - // } - return new CALG(blockSize, keySize, modeNdx, asm); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Initialises a SASL-SRP CALG implementation.</p> - * + * Initialises a SASL-SRP CALG implementation. + * * @param kdf the key derivation function. * @param iv the initial vector value to use. * @param dir whether this CALG is used for encryption or decryption. */ - // public void init(byte[] K, byte[] iv, Direction dir) throws SaslException { public void init(final KDF kdf, final byte[] iv, final Direction dir) throws SaslException { - // IBlockCipher cipher = CipherFactory.getInstance(algorithm); - // int blockSize = cipher.defaultBlockSize(); - // Cascade ofbCipher = new Cascade(); - // Object modeNdx = ofbCipher.append( - // Stage.getInstace( - // ModeFactory.getInstance(Registry.OFB_MODE, cipher, blockSize), - // Direction.FORWARD)); - // IPad pkcs7 = PadFactory.getInstance(Registry.PKCS7_PAD); - // the passed IV may be longer that what we need. ensure correct length final byte[] realIV; if (iv.length == blockSize) - { - realIV = iv; - } + realIV = iv; else { realIV = new byte[blockSize]; if (iv.length > blockSize) - { - System.arraycopy(iv, 0, realIV, 0, blockSize); - } - else - { // shouldnt happen - System.arraycopy(iv, 0, realIV, 0, iv.length); - } + System.arraycopy(iv, 0, realIV, 0, blockSize); + else // shouldnt happen + System.arraycopy(iv, 0, realIV, 0, iv.length); } - final HashMap modeAttributes = new HashMap(); - // modeAttributes.put(IBlockCipher.KEY_MATERIAL, K.clone()); final byte[] sk = kdf.derive(keySize); modeAttributes.put(IBlockCipher.KEY_MATERIAL, sk); - //System.out.println("**** Initialised CALG with: "+gnu.crypto.util.Util.dumpString(sk)); modeAttributes.put(IMode.IV, realIV); - - // Assembly asm = new Assembly(); - // asm.addPreTransformer(Transformer.getCascadeTransformer(ofbCipher)); - // asm.addPreTransformer(Transformer.getPaddingTransformer(pkcs7)); - final HashMap attributes = new HashMap(); attributes.put(Assembly.DIRECTION, dir); attributes.put(modeNdx, modeAttributes); try { - // asm.init(attributes); assembly.init(attributes); } catch (TransformerException x) { throw new SaslException("getInstance()", x); } - - // return new CALG(asm); } /** - * <p>Encrypts or decrypts, depending on the mode already set, a designated - * array of bytes and returns the result.</p> - * + * Encrypts or decrypts, depending on the mode already set, a designated array + * of bytes and returns the result. + * * @param data the data to encrypt/decrypt. * @return the decrypted/encrypted result. * @throws ConfidentialityException if an exception occurs duirng the process. @@ -266,9 +195,9 @@ public final class CALG } /** - * <p>Encrypts or decrypts, depending on the mode already set, a designated - * array of bytes and returns the result.</p> - * + * Encrypts or decrypts, depending on the mode already set, a designated array + * of bytes and returns the result. + * * @param data the data to encrypt/decrypt. * @param offset where to start in <code>data</code>. * @param length how many bytes to consider in <code>data</code>. @@ -289,4 +218,4 @@ public final class CALG } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java index ce16f4aa75d..866e610d83d 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java @@ -41,29 +41,19 @@ package gnu.javax.crypto.sasl.srp; import java.util.HashMap; /** - * <p>The client-side implementation of the SRP security context store.</p> + * The client-side implementation of the SRP security context store. */ public class ClientStore { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The underlying singleton. */ private static ClientStore singleton = null; - /** The map of uid --> SASL Security Context record. */ private static final HashMap uid2ssc = new HashMap(); - /** The map of sid --> Session timing record. */ private static final HashMap uid2ttl = new HashMap(); - /** A synchronisation lock. */ private static final Object lock = new Object(); - // Constructor(s) - // ------------------------------------------------------------------------- - /** Private constructor to enforce Singleton pattern. */ private ClientStore() { @@ -72,33 +62,25 @@ public class ClientStore // TODO: add a cleaning timer thread } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the classloader Singleton.</p> - * + * Returns the classloader Singleton. + * * @return the classloader Singleton instance. */ static synchronized final ClientStore instance() { if (singleton == null) - { - singleton = new ClientStore(); - } + singleton = new ClientStore(); return singleton; } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a boolean flag indicating if the designated client's session is - * still alive or not.</p> - * + * Returns a boolean flag indicating if the designated client's session is + * still alive or not. + * * @param uid the identifier of the client whose session to check. * @return <code>true</code> if the designated client's session is still - * alive. <code>false</code> otherwise. + * alive. <code>false</code> otherwise. */ boolean isAlive(final String uid) { @@ -107,11 +89,11 @@ public class ClientStore { final Object obj = uid2ssc.get(uid); result = (obj != null); - if (result) - { // is it still alive? + if (result) // is it still alive? + { final StoreEntry sto = (StoreEntry) uid2ttl.get(uid); - if (!sto.isAlive()) - { // invalidate it + if (! sto.isAlive()) // invalidate it + { uid2ssc.remove(uid); uid2ttl.remove(uid); } @@ -121,11 +103,11 @@ public class ClientStore } /** - * <p>Records a mapping between a client's unique identifier and its security - * context.</p> - * - * @param uid the unique identifier of the SRP client for which the session - * is to be cached. + * Records a mapping between a client's unique identifier and its security + * context. + * + * @param uid the unique identifier of the SRP client for which the session is + * to be cached. * @param ttl the session's Time-To-Live indicator (in seconds). * @param ctx the client's security context. */ @@ -139,9 +121,9 @@ public class ClientStore } /** - * <p>Removes the mapping between the designated SRP client unique identifier - * and the its session security context (and other timing information).</p> - * + * Removes the mapping between the designated SRP client unique identifier and + * the its session security context (and other timing information). + * * @param uid the identifier of the client whose session is to invalidate. */ void invalidateSession(final String uid) @@ -154,9 +136,9 @@ public class ClientStore } /** - * <p>Returns an SRP client's security context record mapped by that client's - * unique identifier.</p> - * + * Returns an SRP client's security context record mapped by that client's + * unique identifier. + * * @param uid the identifier of the client whose session is to restore. * @return the SRP client's security context. */ @@ -170,4 +152,4 @@ public class ClientStore } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java index 51492f9773c..85c93700fbf 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java @@ -48,20 +48,14 @@ import java.util.HashMap; import javax.security.sasl.SaslException; /** - * <p>A Factory class that returns IALG (Integrity Algorithm) instances that - * operate as described in the draft-burdis-cat-sasl-srp-04 and later.</p> + * A Factory class that returns IALG (Integrity Algorithm) instances that + * operate as described in the draft-burdis-cat-sasl-srp-04 and later. */ -public final class IALG implements Cloneable +public final class IALG + implements Cloneable { - - // Constants and variables - // -------------------------------------------------------------------------- - private IMac hmac; - // Constructor(s) - // -------------------------------------------------------------------------- - /** Private constructor to enforce instantiation through Factory method. */ private IALG(final IMac hmac) { @@ -70,12 +64,9 @@ public final class IALG implements Cloneable this.hmac = hmac; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a SASL-SRP IALG implementation.</p> - * + * Returns an instance of a SASL-SRP IALG implementation. + * * @param algorithm the name of the HMAC algorithm. * @return an instance of this object. */ @@ -85,44 +76,24 @@ public final class IALG implements Cloneable final IMac hmac; hmac = MacFactory.getInstance(algorithm); if (hmac == null) - { - throw new SaslException("getInstance()", - new NoSuchAlgorithmException(algorithm)); - } - // try { - // byte[] sk = (byte[]) K.clone(); - // HashMap map = new HashMap(); - // map.put(IMac.MAC_KEY_MATERIAL, sk); - // hmac.init(map); - // } catch (InvalidKeyException x) { - // throw new SaslException("getInstance()", x); - // } + throw new SaslException("getInstance()", + new NoSuchAlgorithmException(algorithm)); return new IALG(hmac); } - // Instance methods - // ------------------------------------------------------------------------- - - // Cloneable interface implementation -------------------------------------- - public Object clone() throws CloneNotSupportedException { return new IALG((IMac) hmac.clone()); } - // other methdds ----------------------------------------------------------- - - // public void init(final byte[] K) throws SaslException { public void init(final KDF kdf) throws SaslException { try { - // final byte[] sk = (byte[]) K.clone(); final byte[] sk = kdf.derive(hmac.macSize()); final HashMap map = new HashMap(); map.put(IMac.MAC_KEY_MATERIAL, sk); hmac.init(map); - //System.out.println("**** Initialised IALG with: "+gnu.crypto.util.Util.dumpString(sk)); } catch (InvalidKeyException x) { @@ -146,8 +117,8 @@ public final class IALG implements Cloneable } /** - * <p>Returns the length (in bytes) of this SASL SRP Integrity Algorithm.</p> - * + * Returns the length (in bytes) of this SASL SRP Integrity Algorithm. + * * @return the length, in bytes, of this integrity protection algorithm. */ public int length() diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java index 0d5eeacd182..aa3edac0c3b 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java @@ -47,67 +47,46 @@ import gnu.javax.crypto.prng.UMacGenerator; import java.util.HashMap; /** - * <p>The SASL-SRP KDF implementation, which is also used, depending on how it - * was instantiated, as a secure Pseudo Random Number Generator.</p> + * The SASL-SRP KDF implementation, which is also used, depending on how it was + * instantiated, as a secure Pseudo Random Number Generator. */ public class KDF { - - // Constants and variables - // ------------------------------------------------------------------------- - - private static final int AES_BLOCK_SIZE = 16; // default block size for the AES - + private static final int AES_BLOCK_SIZE = 16; // default block size for AES private static final int AES_KEY_SIZE = 16; // default key size for the AES - private static final byte[] buffer = new byte[1]; - /** Our default source of randomness. */ private static final PRNG prng = PRNG.getInstance(); - - /** The shared secret K to use. */ - // private byte[] keyMaterial; /** The underlying UMAC Generator instance. */ private UMacGenerator umac = null; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Constructs an instance of the <code>KDF</code> initialised with the - * designated shared secret bytes.</p> - * + * Constructs an instance of the <code>KDF</code> initialised with the + * designated shared secret bytes. + * * @param keyMaterial the SASL SRP shared secret (K) bytes. */ private KDF(final byte[] keyMaterial, final int ndx) { super(); - // if (ndx != 0) { - // this.keyMaterial = (byte[]) keyMaterial.clone(); - // } final HashMap map = new HashMap(); map.put(UMacGenerator.CIPHER, Registry.AES_CIPHER); - map.put(UMacGenerator.INDEX, new Integer(ndx)); - map.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(AES_BLOCK_SIZE)); + map.put(UMacGenerator.INDEX, Integer.valueOf(ndx)); + map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(AES_BLOCK_SIZE)); final byte[] key = new byte[AES_KEY_SIZE]; System.arraycopy(keyMaterial, 0, key, 0, AES_KEY_SIZE); map.put(IBlockCipher.KEY_MATERIAL, key); - umac = new UMacGenerator(); umac.init(map); - //System.out.println("**** Initialised KDF with: "+gnu.crypto.util.Util.dumpString(key)); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>A Factory mehod that returns an instance of a <code>KDF</code> based on - * supplied seed data.</p> - * + * A Factory mehod that returns an instance of a <code>KDF</code> based on + * supplied seed data. + * * @param K the SASL SRP shared secret for a <code>KDF</code> to be used for - * <i>CALG</i> and <i>IALG</i> setup. <code>null</code> otherwise. + * <i>CALG</i> and <i>IALG</i> setup. <code>null</code> otherwise. * @return an instance of a <code>KDF</code>. */ static final KDF getInstance(final byte[] K) @@ -134,36 +113,28 @@ public class KDF return (buffer[0] & 0xFF); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a designated number of bytes suitable for use in the SASL SRP - * mechanism.</p> - * + * Returns a designated number of bytes suitable for use in the SASL SRP + * mechanism. + * * @param length the number of bytes needed. * @return a byte array containing the generated/selected bytes. */ public synchronized byte[] derive(final int length) { final byte[] result = new byte[length]; - // if (keyMaterial == null || length > keyMaterial.length) { try { umac.nextBytes(result, 0, length); } - catch (IllegalStateException x) - { // should not happen + catch (IllegalStateException x) // should not happen + { x.printStackTrace(System.err); } - catch (LimitReachedException x) - { // idem + catch (LimitReachedException x) // idem + { x.printStackTrace(System.err); } - // } else { - // System.arraycopy(keyMaterial, 0, result, 0, length); - // } - return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java index 1628a4167ab..36888df8724 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java @@ -39,7 +39,6 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; import gnu.java.security.Registry; -import gnu.java.security.hash.IMessageDigest; import gnu.java.security.util.Util; import gnu.javax.crypto.key.srp6.SRPAlgorithm; import gnu.javax.crypto.sasl.NoSuchUserException; @@ -50,9 +49,9 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; +import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.IOException; import java.io.PrintWriter; import java.io.UnsupportedEncodingException; import java.math.BigInteger; @@ -62,70 +61,58 @@ import java.util.NoSuchElementException; import java.util.StringTokenizer; /** - * <p>The implementation of SRP password files.</p> - * - * <p>For SRP, there are three (3) files: + * The implementation of SRP password files. + * <p> + * For SRP, there are three (3) files: * <ol> - * <li>The password configuration file: tpasswd.conf. It contains the pairs - * <N,g> indexed by a number for each pair used for a user. By default, - * this file's pathname is constructed from the base password file pathname - * by prepending it with the ".conf" suffix.</li> - * - * <li>The base password file: tpasswd. It contains the related password - * entries for all the users with values computed using SRP's default - * message digest algorithm: SHA-1 (with 160-bit output block size).</li> - * - * <li>The extended password file: tpasswd2. Its name, by default, is - * constructed by adding the suffix "2" to the fully qualified pathname of - * the base password file. It contains, in addition to the same fields as - * the base password file, albeit with a different verifier value, an extra - * field identifying the message digest algorithm used to compute this - * (verifier) value.</li> - * </ol></p> - * - * <p>This implementation assumes the following message digest algorithm codes: + * <li>The password configuration file: tpasswd.conf. It contains the pairs + * <N,g> indexed by a number for each pair used for a user. By default, this + * file's pathname is constructed from the base password file pathname by + * prepending it with the ".conf" suffix.</li> + * <li>The base password file: tpasswd. It contains the related password + * entries for all the users with values computed using SRP's default message + * digest algorithm: SHA-1 (with 160-bit output block size).</li> + * <li>The extended password file: tpasswd2. Its name, by default, is + * constructed by adding the suffix "2" to the fully qualified pathname of the + * base password file. It contains, in addition to the same fields as the base + * password file, albeit with a different verifier value, an extra field + * identifying the message digest algorithm used to compute this (verifier) + * value.</li> + * </ol> + * <p> + * This implementation assumes the following message digest algorithm codes: * <ul> - * <li>0: the default hash algorithm, which is SHA-1 (or its alias SHA-160).</li> - * <li>1: MD5.</li> - * <li>2: RIPEMD-128.</li> - * <li>3: RIPEMD-160.</li> - * <li>4: SHA-256.</li> - * <li>5: SHA-384.</li> - * <li>6: SHA-512.</li> - * </ul></p> - * - * <p><b>IMPORTANT:</b> This method computes the verifiers as described in - * RFC-2945, which differs from the description given on the web page for - * SRP-6.</p> - * - * <p>Reference:</p> + * <li>0: the default hash algorithm, which is SHA-1 (or its alias SHA-160).</li> + * <li>1: MD5.</li> + * <li>2: RIPEMD-128.</li> + * <li>3: RIPEMD-160.</li> + * <li>4: SHA-256.</li> + * <li>5: SHA-384.</li> + * <li>6: SHA-512.</li> + * </ul> + * <p> + * <b>IMPORTANT:</b> This method computes the verifiers as described in + * RFC-2945, which differs from the description given on the web page for SRP-6. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ public class PasswordFile { - - // Constants and variables - // ------------------------------------------------------------------------- - // names of property keys used in this class private static final String USER_FIELD = "user"; - private static final String VERIFIERS_FIELD = "verifier"; - private static final String SALT_FIELD = "salt"; - private static final String CONFIG_FIELD = "config"; - private static String DEFAULT_FILE; static { DEFAULT_FILE = System.getProperty(SRPRegistry.PASSWORD_FILE, SRPRegistry.DEFAULT_PASSWORD_FILE); } - /** The SRP algorithm instances used by this object. */ private static final HashMap srps; static @@ -150,27 +137,19 @@ public class PasswordFile } private String confName, pwName, pw2Name; - private File configFile, passwdFile, passwd2File; - private long lastmodPasswdFile, lastmodPasswd2File; - private HashMap entries = new HashMap(); - private HashMap configurations = new HashMap(); - // default N values to use when creating a new password.conf file private static final BigInteger[] Nsrp = new BigInteger[] { - SRPAlgorithm.N_2048, - SRPAlgorithm.N_1536, - SRPAlgorithm.N_1280, - SRPAlgorithm.N_1024, - SRPAlgorithm.N_768, - SRPAlgorithm.N_640, - SRPAlgorithm.N_512 }; - - // Constructor(s) - // ------------------------------------------------------------------------- + SRPAlgorithm.N_2048, + SRPAlgorithm.N_1536, + SRPAlgorithm.N_1280, + SRPAlgorithm.N_1024, + SRPAlgorithm.N_768, + SRPAlgorithm.N_640, + SRPAlgorithm.N_512 }; public PasswordFile() throws IOException { @@ -206,63 +185,43 @@ public class PasswordFile update(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a string representing the decimal value of an integer - * identifying the message digest algorithm to use for the SRP computations. - * </p> - * + * Returns a string representing the decimal value of an integer identifying + * the message digest algorithm to use for the SRP computations. + * * @param mdName the canonical name of a message digest algorithm. * @return a string representing the decimal value of an ID for that - * algorithm. + * algorithm. */ private static final String nameToID(final String mdName) { if (Registry.SHA_HASH.equalsIgnoreCase(mdName) || Registry.SHA1_HASH.equalsIgnoreCase(mdName) || Registry.SHA160_HASH.equalsIgnoreCase(mdName)) - { - return "0"; - } + return "0"; else if (Registry.MD5_HASH.equalsIgnoreCase(mdName)) - { - return "1"; - } + return "1"; else if (Registry.RIPEMD128_HASH.equalsIgnoreCase(mdName)) - { - return "2"; - } + return "2"; else if (Registry.RIPEMD160_HASH.equalsIgnoreCase(mdName)) - { - return "3"; - } + return "3"; else if (Registry.SHA256_HASH.equalsIgnoreCase(mdName)) - { - return "4"; - } + return "4"; else if (Registry.SHA384_HASH.equalsIgnoreCase(mdName)) - { - return "5"; - } + return "5"; else if (Registry.SHA512_HASH.equalsIgnoreCase(mdName)) - { - return "6"; - } + return "6"; return "0"; } - // SRP password configuration file methods --------------------------------- - /** - * <p>Checks if the current configuration file contains the <N, g> pair - * for the designated <code>index</code>.</p> - * + * Checks if the current configuration file contains the <N, g> pair for + * the designated <code>index</code>. + * * @param index a string representing 1-digit identification of an <N, g> - * pair used. - * @return <code>true</code> if the designated <code>index</code> is that of - * a known <N, g> pair, and <code>false</code> otherwise. + * pair used. + * @return <code>true</code> if the designated <code>index</code> is that + * of a known <N, g> pair, and <code>false</code> otherwise. * @throws IOException if an exception occurs during the process. * @see SRPRegistry#N_2048_BITS * @see SRPRegistry#N_1536_BITS @@ -280,16 +239,16 @@ public class PasswordFile } /** - * <p>Returns a pair of strings representing the pair of <code>N</code> and - * <code>g</code> MPIs for the designated <code>index</code>.</p> - * + * Returns a pair of strings representing the pair of <code>N</code> and + * <code>g</code> MPIs for the designated <code>index</code>. + * * @param index a string representing 1-digit identification of an <N, g> - * pair to look up. + * pair to look up. * @return a pair of strings, arranged in an array, where the first (at index - * position #0) is the repesentation of the MPI <code>N</code>, and the - * second (at index position #1) is the representation of the MPI - * <code>g</code>. If the <code>index</code> refers to an unknown pair, then - * an empty string array is returned. + * position #0) is the repesentation of the MPI <code>N</code>, and + * the second (at index position #1) is the representation of the MPI + * <code>g</code>. If the <code>index</code> refers to an unknown + * pair, then an empty string array is returned. * @throws IOException if an exception occurs during the process. */ public synchronized String[] lookupConfig(final String index) @@ -298,14 +257,10 @@ public class PasswordFile checkCurrent(); String[] result = null; if (configurations.containsKey(index)) - { - result = (String[]) configurations.get(index); - } + result = (String[]) configurations.get(index); return result; } - // SRP base and extended password configuration files methods -------------- - public synchronized boolean contains(final String user) throws IOException { checkCurrent(); @@ -318,9 +273,7 @@ public class PasswordFile { checkCurrent(); if (entries.containsKey(user)) - { - throw new UserAlreadyExistsException(user); - } + throw new UserAlreadyExistsException(user); final HashMap fields = new HashMap(4); fields.put(USER_FIELD, user); // 0 fields.put(VERIFIERS_FIELD, newVerifiers(user, salt, passwd, index)); // 1 @@ -334,10 +287,8 @@ public class PasswordFile throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { - throw new NoSuchUserException(user); - } + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); final HashMap fields = (HashMap) entries.get(user); final byte[] salt; try @@ -369,27 +320,23 @@ public class PasswordFile finally { if (pw1 != null) - { - try - { - pw1.flush(); - } - finally - { - pw1.close(); - } - } + try + { + pw1.flush(); + } + finally + { + pw1.close(); + } if (pw2 != null) - { - try - { - pw2.flush(); - } - finally - { - pw2.close(); - } - } + try + { + pw2.flush(); + } + finally + { + pw2.close(); + } try { f1.close(); @@ -410,24 +357,22 @@ public class PasswordFile } /** - * <p>Returns the triplet: verifier, salt and configuration file index, of a + * Returns the triplet: verifier, salt and configuration file index, of a * designated user, and a designated message digest algorithm name, as an - * array of strings.</p> - * + * array of strings. + * * @param user the username. * @param mdName the canonical name of the SRP's message digest algorithm. * @return a string array containing, in this order, the BASE-64 encodings of - * the verifier, the salt and the index in the password configuration file of - * the MPIs N and g of the designated user. + * the verifier, the salt and the index in the password configuration + * file of the MPIs N and g of the designated user. */ public synchronized String[] lookup(final String user, final String mdName) throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { - throw new NoSuchUserException(user); - } + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); final HashMap fields = (HashMap) entries.get(user); final HashMap verifiers = (HashMap) fields.get(VERIFIERS_FIELD); final String salt = (String) fields.get(SALT_FIELD); @@ -436,8 +381,6 @@ public class PasswordFile return new String[] { verifier, salt, index }; } - // Other instance methods -------------------------------------------------- - private synchronized void readOrCreateConf() throws IOException { configurations.clear(); @@ -469,13 +412,9 @@ public class PasswordFile finally { if (pw0 != null) - { - pw0.close(); - } + pw0.close(); else if (f0 != null) - { - f0.close(); - } + f0.close(); } } } @@ -511,26 +450,27 @@ public class PasswordFile { ndx = (String) it.next(); mpi = (String[]) configurations.get(ndx); - sb = new StringBuffer(ndx).append(":").append(mpi[0]).append(":").append( - mpi[1]); + sb = new StringBuffer(ndx) + .append(":").append(mpi[0]) + .append(":").append(mpi[1]); pw.println(sb.toString()); } } /** - * <p>Compute the new verifiers for the designated username and password.</p> - * - * <p><b>IMPORTANT:</b> This method computes the verifiers as described in + * Compute the new verifiers for the designated username and password. + * <p> + * <b>IMPORTANT:</b> This method computes the verifiers as described in * RFC-2945, which differs from the description given on the web page for - * SRP-6.</p> - * + * SRP-6. + * * @param user the user's name. * @param s the user's salt. * @param password the user's password * @param index the index of the <N, g> pair to use for this user. * @return a {@link java.util.Map} of user verifiers. * @throws UnsupportedEncodingException if the US-ASCII decoder is not - * available on this platform. + * available on this platform. */ private HashMap newVerifiers(final String user, final byte[] s, final String password, final String index) @@ -540,7 +480,6 @@ public class PasswordFile final String[] mpi = (String[]) configurations.get(index); final BigInteger N = new BigInteger(1, Util.fromBase64(mpi[0])); final BigInteger g = new BigInteger(1, Util.fromBase64(mpi[1])); - final HashMap result = new HashMap(srps.size()); BigInteger x, v; SRP srp; @@ -551,7 +490,6 @@ public class PasswordFile x = new BigInteger(1, srp.computeX(s, user, password)); v = g.modPow(x, N); final String verifier = Util.toBase64(v.toByteArray()); - result.put(digestID, verifier); } return result; @@ -560,7 +498,6 @@ public class PasswordFile private synchronized void update() throws IOException { entries.clear(); - FileInputStream fis; passwdFile = new File(pwName); lastmodPasswdFile = passwdFile.lastModified(); @@ -588,9 +525,7 @@ public class PasswordFile { if (passwdFile.lastModified() > lastmodPasswdFile || passwd2File.lastModified() > lastmodPasswd2File) - { - update(); - } + update(); } private void readPasswd(final InputStream in) throws IOException @@ -612,16 +547,13 @@ public class PasswordFile { throw new IOException("SRP base password file corrupt"); } - final HashMap verifiers = new HashMap(6); verifiers.put("0", verifier); - final HashMap fields = new HashMap(4); fields.put(USER_FIELD, user); fields.put(VERIFIERS_FIELD, verifiers); fields.put(SALT_FIELD, salt); fields.put(CONFIG_FIELD, index); - entries.put(user, fields); } } @@ -645,7 +577,6 @@ public class PasswordFile { throw new IOException("SRP extended password file corrupt"); } - fields = (HashMap) entries.get(user); if (fields != null) { @@ -667,33 +598,28 @@ public class PasswordFile { user = (String) i.next(); fields = (HashMap) entries.get(user); - if (!user.equals(fields.get(USER_FIELD))) - { - throw new IOException("Inconsistent SRP password data"); - } + if (! user.equals(fields.get(USER_FIELD))) + throw new IOException("Inconsistent SRP password data"); verifiers = (HashMap) fields.get(VERIFIERS_FIELD); - sb1 = new StringBuffer().append(user).append(":").append( - (String) verifiers.get("0")).append( - ":").append( - (String) fields.get(SALT_FIELD)).append( - ":").append( - (String) fields.get(CONFIG_FIELD)); + sb1 = new StringBuffer(user) + .append(":").append((String) verifiers.get("0")) + .append(":").append((String) fields.get(SALT_FIELD)) + .append(":").append((String) fields.get(CONFIG_FIELD)); pw1.println(sb1.toString()); // write extended information j = verifiers.keySet().iterator(); while (j.hasNext()) { digestID = (String) j.next(); - if (!"0".equals(digestID)) + if (! "0".equals(digestID)) { // #0 is the default digest, already present in tpasswd! - sb2 = new StringBuffer().append(digestID).append(":").append( - user).append( - ":").append( - (String) verifiers.get(digestID)); + sb2 = new StringBuffer(digestID) + .append(":").append(user) + .append(":").append((String) verifiers.get(digestID)); pw2.println(sb2.toString()); } } } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java index d3eb596d4c3..437e42a5a83 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java @@ -47,27 +47,18 @@ import java.math.BigInteger; import java.util.HashMap; /** - * <p>A Factory class that returns SRP Singletons that know all SRP-related + * A Factory class that returns SRP Singletons that know all SRP-related * mathematical computations and protocol-related operations for both the - * client- and server-sides.</p> + * client- and server-sides. */ public final class SRP { - - // Constants and variables - // -------------------------------------------------------------------------- - /** The map of already instantiated SRP algorithm instances. */ private static final HashMap algorithms = new HashMap(); - private static final byte COLON = (byte) 0x3A; - /** The underlying message digest algorithm used for all SRP calculations. */ private IMessageDigest mda; - // Constructor(s) - // -------------------------------------------------------------------------- - /** Trivial private constructor to enforce Singleton pattern. */ private SRP(final IMessageDigest mda) { @@ -76,25 +67,18 @@ public final class SRP this.mda = mda; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of this object that uses the designated message - * digest algorithm as its digest function.</p> - * + * Returns an instance of this object that uses the designated message digest + * algorithm as its digest function. + * * @return an instance of this object for the designated digest name. */ public static synchronized SRP instance(String mdName) { if (mdName != null) - { - mdName = mdName.trim().toLowerCase(); - } + mdName = mdName.trim().toLowerCase(); if (mdName == null || mdName.equals("")) - { - mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; - } + mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; SRP result = (SRP) algorithms.get(mdName); if (result == null) { @@ -110,31 +94,24 @@ public final class SRP { final byte[] result = new byte[length]; for (int i = 0; i < length; ++i) - { - result[i] = (byte) (b1[i] ^ b2[i]); - } + result[i] = (byte)(b1[i] ^ b2[i]); return result; } - // Instance methods - // ------------------------------------------------------------------------- - /** @return the message digest algorithm name used by this instance. */ public String getAlgorithm() { return mda.name(); } - // Message Digest algorithm related methods -------------------------------- - /** - * <p>Returns a new instance of the SRP message digest algorithm --which is + * Returns a new instance of the SRP message digest algorithm --which is * SHA-160 by default, but could be anything else provided the proper - * conditions as specified in the SRP specifications.</p> - * + * conditions as specified in the SRP specifications. + * * @return a new instance of the underlying SRP message digest algorithm. * @throws RuntimeException if the implementation of the message digest - * algorithm does not support cloning. + * algorithm does not support cloning. */ public IMessageDigest newDigest() { @@ -142,12 +119,12 @@ public final class SRP } /** - * <p>Convenience method to return the result of digesting the designated - * input with a new instance of the SRP message digest algorithm.</p> - * + * Convenience method to return the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. + * * @param src some bytes to digest. - * @return the bytes constituting the result of digesting the designated - * input with a new instance of the SRP message digest algorithm. + * @return the bytes constituting the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. */ public byte[] digest(final byte[] src) { @@ -157,13 +134,13 @@ public final class SRP } /** - * <p>Convenience method to return the result of digesting the designated - * input with a new instance of the SRP message digest algorithm.</p> - * + * Convenience method to return the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. + * * @param src a String whose bytes (using US-ASCII encoding) are to be - * digested. - * @return the bytes constituting the result of digesting the designated - * input with a new instance of the SRP message digest algorithm. + * digested. + * @return the bytes constituting the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. * @throws UnsupportedEncodingException if US-ASCII charset is not found. */ public byte[] digest(final String src) throws UnsupportedEncodingException @@ -171,17 +148,15 @@ public final class SRP return digest(src.getBytes("US-ASCII")); } - // Other methods ----------------------------------------------------------- - /** - * <p>Convenience method to XOR N bytes from two arrays; N being the output - * size of the SRP message digest algorithm.</p> - * + * Convenience method to XOR N bytes from two arrays; N being the output size + * of the SRP message digest algorithm. + * * @param a the first byte array. * @param b the second one. * @return N bytes which are the result of the XOR operations on the first N - * bytes from the designated arrays. N is the size of the SRP message digest - * algorithm; eg. 20 for SHA-160. + * bytes from the designated arrays. N is the size of the SRP message + * digest algorithm; eg. 20 for SHA-160. */ public byte[] xor(final byte[] a, final byte[] b) { @@ -212,7 +187,6 @@ public final class SRP hash.update(b, 0, b.length); hash.update(cn, 0, cn.length); hash.update(cCB, 0, cCB.length); - return hash.digest(); } @@ -235,14 +209,13 @@ public final class SRP b = digest(o); hash.update(b, 0, b.length); hash.update(sid, 0, sid.length); - hash.update((byte) (ttl >>> 24)); - hash.update((byte) (ttl >>> 16)); - hash.update((byte) (ttl >>> 8)); + hash.update((byte)(ttl >>> 24)); + hash.update((byte)(ttl >>> 16)); + hash.update((byte)(ttl >>> 8)); hash.update((byte) ttl); hash.update(cIV, 0, cIV.length); hash.update(sIV, 0, sIV.length); hash.update(sCB, 0, sCB.length); - return hash.digest(); } @@ -252,7 +225,6 @@ public final class SRP hash.update(K, 0, K.length); hash.update(cn, 0, cn.length); hash.update(sn, 0, sn.length); - return hash.digest(); } @@ -276,10 +248,8 @@ public final class SRP hash.update(COLON); hash.update(p, 0, p.length); final byte[] up = hash.digest(); - hash.update(s, 0, s.length); hash.update(up, 0, up.length); - return hash.digest(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java index 9ea21efb6c2..3a43a94a0b5 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java @@ -50,37 +50,21 @@ import java.util.Map; import javax.security.sasl.AuthenticationException; /** - * <p>The SRP mechanism authentication information provider implementation.</p> + * The SRP mechanism authentication information provider implementation. */ -public class SRPAuthInfoProvider implements IAuthInfoProvider +public class SRPAuthInfoProvider + implements IAuthInfoProvider { - - // Constants and variables - // ------------------------------------------------------------------------- - private PasswordFile passwordFile = null; - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-args constrcutor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // IAuthInfoProvider interface implementation ------------------------------ - public void activate(Map context) throws AuthenticationException { try { if (context == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else { passwordFile = (PasswordFile) context.get(SRPRegistry.PASSWORD_DB); @@ -88,13 +72,9 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider { String pfn = (String) context.get(SRPRegistry.PASSWORD_FILE); if (pfn == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else - { - passwordFile = new PasswordFile(pfn); - } + passwordFile = new PasswordFile(pfn); } } } @@ -112,10 +92,8 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider public boolean contains(String userName) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("contains()", - new IllegalStateException()); - } + throw new AuthenticationException("contains()", + new IllegalStateException()); boolean result = false; try { @@ -131,20 +109,14 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider public Map lookup(Map userID) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("lookup()", - new IllegalStateException()); - } + throw new AuthenticationException("lookup()", new IllegalStateException()); Map result = new HashMap(); try { String userName = (String) userID.get(Registry.SASL_USERNAME); if (userName == null) - { - throw new NoSuchUserException(""); - } + throw new NoSuchUserException(""); String mdName = (String) userID.get(SRPRegistry.MD_NAME_FIELD); - String[] data = passwordFile.lookup(userName, mdName); result.put(SRPRegistry.USER_VERIFIER_FIELD, data[0]); result.put(SRPRegistry.SALT_FIELD, data[1]); @@ -153,9 +125,7 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("lookup()", x); } return result; @@ -165,7 +135,6 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider { if (passwordFile == null) throw new AuthenticationException("update()", new IllegalStateException()); - try { String userName = (String) userCredentials.get(Registry.SASL_USERNAME); @@ -173,20 +142,14 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider String salt = (String) userCredentials.get(SRPRegistry.SALT_FIELD); String config = (String) userCredentials.get(SRPRegistry.CONFIG_NDX_FIELD); if (salt == null || config == null) - { - passwordFile.changePasswd(userName, password); - } + passwordFile.changePasswd(userName, password); else - { - passwordFile.add(userName, password, Util.fromBase64(salt), config); - } + passwordFile.add(userName, password, Util.fromBase64(salt), config); } catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("update()", x); } } @@ -194,10 +157,8 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider public Map getConfiguration(String mode) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("getConfiguration()", - new IllegalStateException()); - } + throw new AuthenticationException("getConfiguration()", + new IllegalStateException()); Map result = new HashMap(); try { @@ -208,11 +169,9 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("getConfiguration()", x); } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java index 1a1664ff79d..f4ef4cc34c1 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java @@ -38,151 +38,91 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.hash.MD5; import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; - +import gnu.javax.crypto.assembly.Direction; +import gnu.javax.crypto.cipher.CipherFactory; +import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.key.IKeyAgreementParty; import gnu.javax.crypto.key.IncomingMessage; -import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.KeyAgreementException; +import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.OutgoingMessage; import gnu.javax.crypto.key.srp6.SRP6KeyAgreement; -import gnu.javax.crypto.assembly.Direction; -import gnu.javax.crypto.cipher.CipherFactory; -import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.sasl.ClientMechanism; import gnu.javax.crypto.sasl.IllegalMechanismStateException; import gnu.javax.crypto.sasl.InputBuffer; import gnu.javax.crypto.sasl.IntegrityException; import gnu.javax.crypto.sasl.OutputBuffer; - import gnu.javax.security.auth.Password; -import java.io.IOException; -import java.io.PrintWriter; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.HashMap; import java.util.StringTokenizer; +import java.util.logging.Logger; +import javax.security.auth.DestroyFailedException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; -import javax.security.auth.DestroyFailedException; import javax.security.sasl.AuthenticationException; import javax.security.sasl.SaslClient; import javax.security.sasl.SaslException; /** - * <p>The SASL-SRP client-side mechanism.</p> + * The SASL-SRP client-side mechanism. */ -public class SRPClient extends ClientMechanism implements SaslClient +public class SRPClient + extends ClientMechanism + implements SaslClient { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SRPClient"; - - // private static final String ERROR = "ERROR"; - // private static final String WARN = " WARN"; - private static final String INFO = " INFO"; - - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(final String level, final Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - - // private static final HashMap uid2ctx = new HashMap(); - + private static final Logger log = Logger.getLogger(SRPClient.class.getName()); private String uid; // the unique key for this type of client - private String U; // the authentication identity - BigInteger N, g, A, B; - private Password password; // the authentication credentials - private byte[] s; // the user's salt - private byte[] cIV, sIV; // client+server IVs, when confidentiality is on - private byte[] M1, M2; // client+server evidences - private byte[] cn, sn; // client's and server's nonce - private SRP srp; // SRP algorithm instance used by this client - private byte[] sid; // session ID when re-used - private int ttl; // session time-to-live in seconds - private byte[] sCB; // the peer's channel binding data - private String L; // available options - private String o; - private String chosenIntegrityAlgorithm; - private String chosenConfidentialityAlgorithm; - private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT; - private byte[] K; // shared session key - private boolean replayDetection = true; // whether Replay Detection is on - private int inCounter = 0; // messages sequence numbers - private int outCounter = 0; - private IALG inMac, outMac; // if !null, use for integrity - private CALG inCipher, outCipher; // if !null, use for confidentiality - - private IKeyAgreementParty clientHandler = KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA); - + private IKeyAgreementParty clientHandler = + KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA); /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public SRPClient() { super(Registry.SASL_SRP_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { - // we shall keep track of the sid (and the security context of this - // SRP client) based on the initialisation parameters of an SRP session. + // we shall keep track of the sid (and the security context of this SRP + // client) based on the initialisation parameters of an SRP session. // we shall compute a unique key for those parameters and key the sid // (and the security context) accordingly. // 1. compute the mapping key. use MD5 (the fastest) for this purpose @@ -195,9 +135,8 @@ public class SRPClient extends ClientMechanism implements SaslClient b = protocol.getBytes(); md.update(b, 0, b.length); if (channelBinding.length > 0) - { - md.update(channelBinding, 0, channelBinding.length); - } + md.update(channelBinding, 0, channelBinding.length); + uid = Util.toBase64(md.digest()); if (ClientStore.instance().isAlive(uid)) { @@ -246,15 +185,12 @@ public class SRPClient extends ClientMechanism implements SaslClient sIV = null; inMac = outMac = null; inCipher = outCipher = null; - sid = null; ttl = 0; cn = null; sn = null; } - // javax.security.sasl.SaslClient interface implementation ----------------- - public boolean hasInitialResponse() { return true; @@ -282,7 +218,7 @@ public class SRPClient extends ClientMechanism implements SaslClient } return result; case 2: // should only occur if session re-use was rejected - if (!complete) + if (! complete) { state++; return receiveEvidence(challenge); @@ -296,211 +232,139 @@ public class SRPClient extends ClientMechanism implements SaslClient protected byte[] engineUnwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineUnwrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineUnwrap"); if (inMac == null && inCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - + throw new IllegalStateException("connection is not protected"); // at this point one, or both, of confidentiality and integrity protection // services are active. - final byte[] result; try { - // final InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len); - // result = frameIn.getEOS(); if (inMac != null) { // integrity bytes are at the end of the stream final int macBytesCount = inMac.length(); final int payloadLength = len - macBytesCount; - // final byte[] received_mac = frameIn.getOS(); final byte[] received_mac = new byte[macBytesCount]; System.arraycopy(incoming, offset + payloadLength, received_mac, 0, macBytesCount); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got C (received MAC): " - + Util.dumpString(received_mac)); - // inMac.update(result); + if (Configuration.DEBUG) + log.fine("Got C (received MAC): " + Util.dumpString(received_mac)); inMac.update(incoming, offset, payloadLength); if (replayDetection) { inCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "inCounter=" + String.valueOf(inCounter)); - inMac.update(new byte[] { (byte) (inCounter >>> 24), - (byte) (inCounter >>> 16), - (byte) (inCounter >>> 8), - (byte) inCounter }); + if (Configuration.DEBUG) + log.fine("inCounter=" + inCounter); + inMac.update(new byte[] { + (byte)(inCounter >>> 24), + (byte)(inCounter >>> 16), + (byte)(inCounter >>> 8), + (byte) inCounter }); } - final byte[] computed_mac = inMac.doFinal(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac)); - if (!Arrays.equals(received_mac, computed_mac)) - { - throw new IntegrityException("engineUnwrap()"); - } - + if (Configuration.DEBUG) + log.fine("Computed MAC: " + Util.dumpString(computed_mac)); + if (! Arrays.equals(received_mac, computed_mac)) + throw new IntegrityException("engineUnwrap()"); // deal with the payload, which can be either plain or encrypted if (inCipher != null) - { - result = inCipher.doFinal(incoming, offset, payloadLength); - } + result = inCipher.doFinal(incoming, offset, payloadLength); else { result = new byte[len - macBytesCount]; System.arraycopy(incoming, offset, result, 0, result.length); } } - else - { // no integrity protection; just confidentiality - // if (inCipher != null) { - result = inCipher.doFinal(incoming, offset, len); - // } else { - // result = new byte[len]; - // System.arraycopy(incoming, offset, result, 0, len); - // } - } - // if (inCipher != null) { - // result = inCipher.doFinal(result); - // } + else // no integrity protection; just confidentiality + result = inCipher.doFinal(incoming, offset, len); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineUnwrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineUnwrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineUnwrap"); return result; } protected byte[] engineWrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineWrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineWrap"); if (outMac == null && outCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - + throw new IllegalStateException("connection is not protected"); // at this point one, or both, of confidentiality and integrity protection // services are active. - - // byte[] data = new byte[len]; - // System.arraycopy(outgoing, offset, data, 0, len); byte[] result; try { - // OutputBuffer frameOut = new OutputBuffer(); final ByteArrayOutputStream out = new ByteArrayOutputStream(); // Process the data if (outCipher != null) { - // data = outCipher.doFinal(data); result = outCipher.doFinal(outgoing, offset, len); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding c (encrypted plaintext): " - + Util.dumpString(result)); - - // frameOut.setEOS(data); + if (Configuration.DEBUG) + log.fine("Encoding c (encrypted plaintext): " + + Util.dumpString(result)); out.write(result); - if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); - // frameOut.setOS(C); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - } // else confidentiality only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); + } + // else confidentiality only; do nothing } - else - { // no confidentiality; just integrity [+ replay detection] - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding p (plaintext): " - + Util.dumpString(outgoing, offset, len)); - - // frameOut.setEOS(data); + else // no confidentiality; just integrity [+ replay detection] + { + if (Configuration.DEBUG) + log.fine("Encoding p (plaintext): " + + Util.dumpString(outgoing, offset, len)); out.write(outgoing, offset, len); - - // if (outMac != null) { - // outMac.update(data); outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); - // frameOut.setOS(C); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - // } + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); } - - // frameOut.setEOS(data); - // - // if (outMac != null) { - // outMac.update(data); - // if (replayDetection) { - // outCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter)); - // outMac.update(new byte[] { - // (byte)(outCounter >>> 24), - // (byte)(outCounter >>> 16), - // (byte)(outCounter >>> 8), - // (byte) outCounter }); - // } - // byte[] C = outMac.doFinal(); - // frameOut.setOS(C); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); - // } - - // result = frameOut.wrap(); result = out.toByteArray(); - } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineWrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineWrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineWrap"); return result; } @@ -509,13 +373,8 @@ public class SRPClient extends ClientMechanism implements SaslClient if (inMac != null) { if (inCipher != null) - { - return Registry.QOP_AUTH_CONF; - } - else - { - return Registry.QOP_AUTH_INT; - } + return Registry.QOP_AUTH_CONF; + return Registry.QOP_AUTH_INT; } return Registry.QOP_AUTH; } @@ -525,13 +384,8 @@ public class SRPClient extends ClientMechanism implements SaslClient if (inMac != null) { if (inCipher != null) - { - return Registry.STRENGTH_HIGH; - } - else - { - return Registry.STRENGTH_MEDIUM; - } + return Registry.STRENGTH_HIGH; + return Registry.STRENGTH_MEDIUM; } return Registry.STRENGTH_LOW; } @@ -546,23 +400,18 @@ public class SRPClient extends ClientMechanism implements SaslClient return Registry.REUSE_TRUE; } - // other methods ----------------------------------------------------------- - private byte[] sendIdentities() throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendIdentities()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "sendIdentities"); // If necessary, prompt the client for the username and password getUsernameAndPassword(); - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Password: \"" + new String(password.getPassword()) + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding U (username): \"" + U + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding I (userid): \"" + authorizationID + "\""); - + if (Configuration.DEBUG) + { + log.fine("Password: \"" + new String(password.getPassword()) + "\""); + log.fine("Encoding U (username): \"" + U + "\""); + log.fine("Encoding I (userid): \"" + authorizationID + "\""); + } // if session re-use generate new 16-byte nonce if (sid.length != 0) { @@ -570,10 +419,7 @@ public class SRPClient extends ClientMechanism implements SaslClient getDefaultPRNG().nextBytes(cn); } else - { - cn = new byte[0]; - } - + cn = new byte[0]; final OutputBuffer frameOut = new OutputBuffer(); try { @@ -586,36 +432,30 @@ public class SRPClient extends ClientMechanism implements SaslClient catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendIdentities()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendIdentities()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "C: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " U = " + U); - if (DEBUG && debuglevel > 2) - debug(INFO, " I = " + authorizationID); - if (DEBUG && debuglevel > 2) - debug(INFO, "sid = " + new String(sid)); - if (DEBUG && debuglevel > 2) - debug(INFO, " cn = " + Util.dumpString(cn)); - if (DEBUG && debuglevel > 2) - debug(INFO, "cCB = " + Util.dumpString(channelBinding)); + if (Configuration.DEBUG) + { + log.fine("C: " + Util.dumpString(result)); + log.fine(" U = " + U); + log.fine(" I = " + authorizationID); + log.fine("sid = " + new String(sid)); + log.fine(" cn = " + Util.dumpString(cn)); + log.fine("cCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendIdentities"); + } return result; } private byte[] sendPublicKey(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendPublicKey()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "S: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendPublicKey"); + log.fine("S: " + Util.dumpString(input)); + } // Server sends [00], N, g, s, B, L // or [FF], sn, sCB final InputBuffer frameIn = new InputBuffer(input); @@ -623,60 +463,50 @@ public class SRPClient extends ClientMechanism implements SaslClient try { ack = (int) frameIn.getScalar(1); - if (ack == 0x00) - { // new session + if (ack == 0x00) // new session + { N = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got N (modulus): " + Util.dump(N)); + if (Configuration.DEBUG) + log.fine("Got N (modulus): " + Util.dump(N)); g = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got g (generator): " + Util.dump(g)); + if (Configuration.DEBUG) + log.fine("Got g (generator): " + Util.dump(g)); s = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got s (salt): " + Util.dumpString(s)); + if (Configuration.DEBUG) + log.fine("Got s (salt): " + Util.dumpString(s)); B = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got B (server ephermeral public key): " - + Util.dump(B)); + if (Configuration.DEBUG) + log.fine("Got B (server ephermeral public key): " + Util.dump(B)); L = frameIn.getText(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got L (available options): \"" + L + "\""); + if (Configuration.DEBUG) + log.fine("Got L (available options): \"" + L + "\""); } - else if (ack == 0xFF) - { // session re-use + else if (ack == 0xFF) // session re-use + { sn = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sn (server nonce): " + Util.dumpString(sn)); + if (Configuration.DEBUG) + log.fine("Got sn (server nonce): " + Util.dumpString(sn)); sCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sCB (server channel binding): " - + Util.dumpString(sCB)); - } - else - { // unexpected scalar - throw new SaslException("sendPublicKey(): Invalid scalar (" + ack - + ") in server's request"); + if (Configuration.DEBUG) + log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB)); } + else // unexpected scalar + throw new SaslException("sendPublicKey(): Invalid scalar (" + ack + + ") in server's request"); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("sendPublicKey()", x); } - if (ack == 0x00) { // new session --------------------------------------- o = createO(L.toLowerCase()); // do this first to initialise the SRP hash - final byte[] pBytes; // use ASCII encoding to inter-operate w/ non-java pBytes = password.getBytes(); - // ---------------------------------------------------------------------- final HashMap mapA = new HashMap(); - // mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapA.put(SRP6KeyAgreement.USER_IDENTITY, U); mapA.put(SRP6KeyAgreement.USER_PASSWORD, pBytes); @@ -689,9 +519,6 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new SaslException("sendPublicKey()", x); } - - // ---------------------------------------------------------------------- - // ------------------------------------------------------------------- try { @@ -702,7 +529,6 @@ public class SRPClient extends ClientMechanism implements SaslClient out.writeMPI(B); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = clientHandler.processMessage(in); - in = new IncomingMessage(out.toByteArray()); A = in.readMPI(); K = clientHandler.getSharedSecret(); @@ -712,13 +538,11 @@ public class SRPClient extends ClientMechanism implements SaslClient throw new SaslException("sendPublicKey()", x); } // ------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "K: " + Util.dumpString(K)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding A (client ephemeral public key): " - + Util.dump(A)); - + if (Configuration.DEBUG) + { + log.fine("K: " + Util.dumpString(K)); + log.fine("Encoding A (client ephemeral public key): " + Util.dump(A)); + } try { M1 = srp.generateM1(N, g, U, s, A, B, K, authorizationID, L, cn, @@ -728,13 +552,11 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new AuthenticationException("sendPublicKey()", x); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding o (client chosen options): \"" + o + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding cIV (client IV): \"" + Util.dumpString(cIV) - + "\""); - + if (Configuration.DEBUG) + { + log.fine("Encoding o (client chosen options): \"" + o + "\""); + log.fine("Encoding cIV (client IV): \"" + Util.dumpString(cIV) + "\""); + } final OutputBuffer frameOut = new OutputBuffer(); try { @@ -746,74 +568,65 @@ public class SRPClient extends ClientMechanism implements SaslClient catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendPublicKey()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendPublicKey()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "New session, or session re-use rejected..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "C: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " A = 0x" + A.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " M1 = " + Util.dumpString(M1)); - if (DEBUG && debuglevel > 2) - debug(INFO, " o = " + o); - if (DEBUG && debuglevel > 2) - debug(INFO, "cIV = " + Util.dumpString(cIV)); - + if (Configuration.DEBUG) + { + log.fine("New session, or session re-use rejected..."); + log.fine("C: " + Util.dumpString(result)); + log.fine(" A = 0x" + A.toString(16)); + log.fine(" M1 = " + Util.dumpString(M1)); + log.fine(" o = " + o); + log.fine("cIV = " + Util.dumpString(cIV)); + log.exiting(this.getClass().getName(), "sendPublicKey"); + } return result; } - else - { // session re-use accepted ------------------------------------- + else // session re-use accepted ------------------------------------------- + { setupSecurityServices(true); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendPublicKey()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "Session re-use accepted..."); + if (Configuration.DEBUG) + { + log.fine("Session re-use accepted..."); + log.exiting(this.getClass().getName(), "sendPublicKey"); + } return null; } } private byte[] receiveEvidence(byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> receiveEvidence()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "S: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "receiveEvidence"); + log.fine("S: " + Util.dumpString(input)); + } // Server send M2, sIV, sCB, sid, ttl final InputBuffer frameIn = new InputBuffer(input); try { M2 = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got M2 (server evidence): " + Util.dumpString(M2)); + if (Configuration.DEBUG) + log.fine("Got M2 (server evidence): " + Util.dumpString(M2)); sIV = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sIV (server IV): " + Util.dumpString(sIV)); + if (Configuration.DEBUG) + log.fine("Got sIV (server IV): " + Util.dumpString(sIV)); sid = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sid (session ID): " + new String(sid)); + if (Configuration.DEBUG) + log.fine("Got sid (session ID): " + new String(sid)); ttl = (int) frameIn.getScalar(4); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got ttl (session time-to-live): " + ttl + "sec."); + if (Configuration.DEBUG) + log.fine("Got ttl (session time-to-live): " + ttl + "sec."); sCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sCB (server channel binding): " - + Util.dumpString(sCB)); + if (Configuration.DEBUG) + log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("receiveEvidence()", x); } @@ -827,18 +640,13 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new AuthenticationException("receiveEvidence()", x); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Expected: " + Util.dumpString(expected)); - if (!Arrays.equals(M2, expected)) - { - throw new AuthenticationException("M2 mismatch"); - } - + if (Configuration.DEBUG) + log.fine("Expected: " + Util.dumpString(expected)); + if (! Arrays.equals(M2, expected)) + throw new AuthenticationException("M2 mismatch"); setupSecurityServices(false); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== receiveEvidence()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "receiveEvidence"); return null; } @@ -846,19 +654,15 @@ public class SRPClient extends ClientMechanism implements SaslClient { try { - if ((!properties.containsKey(Registry.SASL_USERNAME)) - && (!properties.containsKey(Registry.SASL_PASSWORD))) + if ((! properties.containsKey(Registry.SASL_USERNAME)) + && (! properties.containsKey(Registry.SASL_PASSWORD))) { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); final PasswordCallback pwdCB = new PasswordCallback("password: ", false); handler.handle(new Callback[] { nameCB, pwdCB }); @@ -868,21 +672,15 @@ public class SRPClient extends ClientMechanism implements SaslClient else { if (properties.containsKey(Registry.SASL_USERNAME)) - { - this.U = (String) properties.get(Registry.SASL_USERNAME); - } + this.U = (String) properties.get(Registry.SASL_USERNAME); else { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); this.handler.handle(new Callback[] { nameCB }); this.U = nameCB.getName(); } @@ -897,14 +695,12 @@ public class SRPClient extends ClientMechanism implements SaslClient else if (pw instanceof String) password = new Password(((String) pw).toCharArray()); else - throw new IllegalArgumentException( - pw.getClass().getName() - + "is not a valid password class"); + throw new IllegalArgumentException(pw.getClass().getName() + + "is not a valid password class"); } else { - final PasswordCallback pwdCB = new PasswordCallback( - "password: ", + final PasswordCallback pwdCB = new PasswordCallback("password: ", false); this.handler.handle(new Callback[] { pwdCB }); password = new Password(pwdCB.getPassword()); @@ -912,13 +708,9 @@ public class SRPClient extends ClientMechanism implements SaslClient } if (U == null) - { - throw new AuthenticationException("null username supplied"); - } + throw new AuthenticationException("null username supplied"); if (password == null) - { - throw new AuthenticationException("null password supplied"); - } + throw new AuthenticationException("null password supplied"); } catch (UnsupportedCallbackException x) { @@ -935,9 +727,8 @@ public class SRPClient extends ClientMechanism implements SaslClient // to us by the client. private String createO(final String aol) throws AuthenticationException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> createO(\"" + aol + "\")"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "createO", aol); boolean replaydetectionAvailable = false; boolean integrityAvailable = false; boolean confidentialityAvailable = false; @@ -945,7 +736,6 @@ public class SRPClient extends ClientMechanism implements SaslClient int i; String mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; - final StringTokenizer st = new StringTokenizer(aol, ","); while (st.hasMoreTokens()) { @@ -953,55 +743,45 @@ public class SRPClient extends ClientMechanism implements SaslClient if (option.startsWith(SRPRegistry.OPTION_SRP_DIGEST + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "mda: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("mda: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.SRP_ALGORITHMS[i].equals(option)) - { - mdName = option; - break; - } - } + if (SRPRegistry.SRP_ALGORITHMS[i].equals(option)) + { + mdName = option; + break; + } } else if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) - { - replaydetectionAvailable = true; - } + replaydetectionAvailable = true; else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "ialg: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("ialg: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) - { - chosenIntegrityAlgorithm = option; - integrityAvailable = true; - break; - } - } + if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) + { + chosenIntegrityAlgorithm = option; + integrityAvailable = true; + break; + } } else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "calg: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("calg: <" + option + ">"); for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) - { - chosenConfidentialityAlgorithm = option; - confidentialityAvailable = true; - break; - } - } + if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) + { + chosenConfidentialityAlgorithm = option; + confidentialityAvailable = true; + break; + } } else if (option.startsWith(SRPRegistry.OPTION_MANDATORY + "=")) - { - mandatory = option.substring(option.indexOf('=') + 1); - } + mandatory = option.substring(option.indexOf('=') + 1); else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=")) { final String maxBufferSize = option.substring(option.indexOf('=') + 1); @@ -1010,32 +790,27 @@ public class SRPClient extends ClientMechanism implements SaslClient rawSendSize = Integer.parseInt(maxBufferSize); if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT || rawSendSize < 1) - { - throw new AuthenticationException( - "Illegal value for 'maxbuffersize' option"); - } + throw new AuthenticationException( + "Illegal value for 'maxbuffersize' option"); } catch (NumberFormatException x) { throw new AuthenticationException( - SRPRegistry.OPTION_MAX_BUFFER_SIZE - + "=" - + String.valueOf(maxBufferSize), - x); + SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=" + maxBufferSize, x); } } } - - replayDetection = replaydetectionAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue(); - boolean integrity = integrityAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue(); - boolean confidentiality = confidentialityAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue(); - + String s; + Boolean flag; + s = (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION); + flag = Boolean.valueOf(s); + replayDetection = replaydetectionAvailable && flag.booleanValue(); + s = (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION); + flag = Boolean.valueOf(s); + boolean integrity = integrityAvailable && flag.booleanValue(); + s = (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY); + flag = Boolean.valueOf(s); + boolean confidentiality = confidentialityAvailable && flag.booleanValue(); // make sure we do the right thing if (SRPRegistry.OPTION_REPLAY_DETECTION.equals(mandatory)) { @@ -1043,95 +818,68 @@ public class SRPClient extends ClientMechanism implements SaslClient integrity = true; } else if (SRPRegistry.OPTION_INTEGRITY.equals(mandatory)) - { - integrity = true; - } + integrity = true; else if (SRPRegistry.OPTION_CONFIDENTIALITY.equals(mandatory)) - { - confidentiality = true; - } + confidentiality = true; + if (replayDetection) { if (chosenIntegrityAlgorithm == null) - { - throw new AuthenticationException( - "Replay detection is required but no " - + "integrity protection algorithm was chosen"); - } + throw new AuthenticationException( + "Replay detection is required but no integrity protection " + + "algorithm was chosen"); } if (integrity) { if (chosenIntegrityAlgorithm == null) - { - throw new AuthenticationException( - "Integrity protection is required but no " - + "algorithm was chosen"); - } + throw new AuthenticationException( + "Integrity protection is required but no algorithm was chosen"); } if (confidentiality) { if (chosenConfidentialityAlgorithm == null) - { - throw new AuthenticationException( - "Confidentiality protection is required " - + "but no algorithm was chosen"); - } + throw new AuthenticationException( + "Confidentiality protection is required but no algorithm was chosen"); } - // 1. check if we'll be using confidentiality; if not set IV to 0-byte if (chosenConfidentialityAlgorithm == null) - { - cIV = new byte[0]; - } + cIV = new byte[0]; else { // 2. get the block size of the cipher final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm); if (cipher == null) - { - throw new AuthenticationException("createO()", - new NoSuchAlgorithmException()); - } + throw new AuthenticationException("createO()", + new NoSuchAlgorithmException()); final int blockSize = cipher.defaultBlockSize(); // 3. generate random iv cIV = new byte[blockSize]; getDefaultPRNG().nextBytes(cIV); } - srp = SRP.instance(mdName); - // Now create the options list specifying which of the available options // we have chosen. // For now we just select the defaults. Later we need to add support for // properties (perhaps in a file) where a user can specify the list of // algorithms they would prefer to use. - final StringBuffer sb = new StringBuffer(); - sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append(mdName).append( - ","); + sb.append(SRPRegistry.OPTION_SRP_DIGEST) + .append("=").append(mdName).append(","); if (replayDetection) - { - sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); - } + sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); if (integrity) - { - sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append( - chosenIntegrityAlgorithm).append( - ","); - } + sb.append(SRPRegistry.OPTION_INTEGRITY) + .append("=").append(chosenIntegrityAlgorithm).append(","); if (confidentiality) - { - sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append( - chosenConfidentialityAlgorithm).append( - ","); - } - final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append( - "=").append( - Registry.SASL_BUFFER_MAX_LIMIT).toString(); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== createO() --> " + result); + sb.append(SRPRegistry.OPTION_CONFIDENTIALITY) + .append("=").append(chosenConfidentialityAlgorithm).append(","); + + final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE) + .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT) + .toString(); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "createO", result); return result; } @@ -1139,33 +887,30 @@ public class SRPClient extends ClientMechanism implements SaslClient throws SaslException { complete = true; // signal end of authentication phase - if (!sessionReUse) + if (! sessionReUse) { outCounter = inCounter = 0; // instantiate cipher if confidentiality protection filter is active if (chosenConfidentialityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating confidentiality protection filter"); + if (Configuration.DEBUG) + log.fine("Activating confidentiality protection filter"); inCipher = CALG.getInstance(chosenConfidentialityAlgorithm); outCipher = CALG.getInstance(chosenConfidentialityAlgorithm); } // instantiate hmacs if integrity protection filter is active if (chosenIntegrityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating integrity protection filter"); + if (Configuration.DEBUG) + log.fine("Activating integrity protection filter"); inMac = IALG.getInstance(chosenIntegrityAlgorithm); outMac = IALG.getInstance(chosenIntegrityAlgorithm); } } - else - { // same session new Keys - K = srp.generateKn(K, cn, sn); - } + else // same session new Keys + K = srp.generateKn(K, cn, sn); final KDF kdf = KDF.getInstance(K); - // initialise in/out ciphers if confidentiality protection is used if (inCipher != null) { @@ -1178,16 +923,13 @@ public class SRPClient extends ClientMechanism implements SaslClient inMac.init(kdf); outMac.init(kdf); } - if (sid != null && sid.length != 0) { // update the security context and save in map - if (DEBUG && debuglevel > 2) - debug(INFO, "Updating security context for UID = " + uid); - ClientStore.instance().cacheSession( - uid, + if (Configuration.DEBUG) + log.fine("Updating security context for UID = " + uid); + ClientStore.instance().cacheSession(uid, ttl, - new SecurityContext( - srp.getAlgorithm(), + new SecurityContext(srp.getAlgorithm(), sid, K, cIV, @@ -1205,7 +947,6 @@ public class SRPClient extends ClientMechanism implements SaslClient { if (prng == null) prng = PRNG.getInstance(); - return prng; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java index 262cbcba305..d474cb6f8c2 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java @@ -41,35 +41,29 @@ package gnu.javax.crypto.sasl.srp; import gnu.java.security.Registry; /** - * <p>A list of key names designating the values exchanged between the server - * and client in an SRP communication authentication phase.</p> + * A list of key names designating the values exchanged between the server + * and client in an SRP communication authentication phase. */ public interface SRPRegistry { - /** Indices of (N, g) parameter values for SRP (.conf) password database. */ String N_2048_BITS = "1"; - String N_1536_BITS = "2"; - String N_1280_BITS = "3"; - String N_1024_BITS = "4"; - String N_768_BITS = "5"; - String N_640_BITS = "6"; - String N_512_BITS = "7"; - /** Available hash algorithms for all SRP calculations. */ - String[] SRP_ALGORITHMS = { Registry.SHA160_HASH, // the default one - Registry.MD5_HASH, Registry.RIPEMD128_HASH, - Registry.RIPEMD160_HASH, - - Registry.SHA256_HASH, Registry.SHA384_HASH, - Registry.SHA512_HASH }; - + String[] SRP_ALGORITHMS = { + Registry.SHA160_HASH, // the default one + Registry.MD5_HASH, + Registry.RIPEMD128_HASH, + Registry.RIPEMD160_HASH, + + Registry.SHA256_HASH, + Registry.SHA384_HASH, + Registry.SHA512_HASH }; /** * The name of the default message digest algorithm to use when no name is * explicitely given. In this implementation it is the <b>first</b> among @@ -77,143 +71,95 @@ public interface SRPRegistry * 160-bit output. */ String SRP_DEFAULT_DIGEST_NAME = SRP_ALGORITHMS[0]; - /** * The property name of the message digest algorithm name to use in a given * SRP incarnation. */ String SRP_DIGEST_NAME = "srp.digest.name"; - /** The public shared modulus: n. */ String SHARED_MODULUS = "srp.N"; - /** The GF generator used: g. */ String FIELD_GENERATOR = "srp.g"; - /** The list of server's available security options. */ String AVAILABLE_OPTIONS = "srp.L"; - /** The client's chosen security options. */ String CHOSEN_OPTIONS = "srp.o"; - /** The client's username. */ String USER_NAME = "srp.U"; - /** The client's authorization ID. */ String USER_ROLE = "srp.I"; - /** The user's salt. */ String USER_SALT = "srp.s"; - /** The user's password verifier. */ String PASSWORD_VERIFIER = "srp.v"; - /** The client's public ephemeral exponent: A. */ String CLIENT_PUBLIC_KEY = "srp.A"; - /** The server's public ephemeral exponent: B. */ String SERVER_PUBLIC_KEY = "srp.B"; - /** The client's evidence: M1. */ String CLIENT_EVIDENCE = "srp.M1"; - /** The server's evidence: M2. */ String SERVER_EVIDENCE = "srp.M2"; - /** Name of underlying hash algorithm for use with all SRP calculations. */ String SRP_HASH = "gnu.crypto.sasl.srp.hash"; - /** Name of SRP mandatory service property. */ String SRP_MANDATORY = "gnu.crypto.sasl.srp.mandatory"; - /** Name of SRP replay detection property. */ String SRP_REPLAY_DETECTION = "gnu.crypto.sasl.srp.replay.detection"; - /** Name of SRP integrity protection property. */ String SRP_INTEGRITY_PROTECTION = "gnu.crypto.sasl.srp.integrity"; - /** Name of SRP confidentiality protection property. */ String SRP_CONFIDENTIALITY = "gnu.crypto.sasl.srp.confidentiality"; - /** Name of the main SRP password file pathname property. */ String PASSWORD_FILE = "gnu.crypto.sasl.srp.password.file"; - /** * Name of the SRP password database property --a reference to - * {@link gnu.crypto.sasl.srp.PasswordFile} object. + * {@link PasswordFile} object. */ String PASSWORD_DB = "gnu.crypto.sasl.srp.password.db"; - /** Default fully qualified pathname of the SRP password file. */ String DEFAULT_PASSWORD_FILE = "/etc/tpasswd"; - /** Default value for replay detection security service. */ boolean DEFAULT_REPLAY_DETECTION = true; - /** Default value for integrity protection security service. */ boolean DEFAULT_INTEGRITY = true; // implied by the previous option - /** Default value for confidentiality protection security service. */ boolean DEFAULT_CONFIDENTIALITY = false; - // constants defining HMAC names String HMAC_SHA1 = "hmac-sha1"; - String HMAC_MD5 = "hmac-md5"; - String HMAC_RIPEMD_160 = "hmac-ripemd-160"; - /** Available HMAC algorithms for integrity protection. */ String[] INTEGRITY_ALGORITHMS = { HMAC_SHA1, HMAC_MD5, HMAC_RIPEMD_160 }; - // constants defining Cipher names String AES = "aes"; - String BLOWFISH = "blowfish"; - /** Available Cipher algorithms for confidentiality protection. */ String[] CONFIDENTIALITY_ALGORITHMS = { AES, BLOWFISH }; - /** String for mandatory replay detection. */ String OPTION_MANDATORY = "mandatory"; - /** String for mda: the SRP digest algorithm name. */ String OPTION_SRP_DIGEST = "mda"; - /** String for mandatory replay detection. */ String OPTION_REPLAY_DETECTION = "replay_detection"; - /** String for mandatory integrity protection. */ String OPTION_INTEGRITY = "integrity"; - /** String for mandatory confidentiality protection. */ String OPTION_CONFIDENTIALITY = "confidentiality"; - /** String for mandatory replay detection. */ String OPTION_MAX_BUFFER_SIZE = "maxbuffersize"; - /** String for no mandatory security service. */ String MANDATORY_NONE = "none"; - /** Default mandatory security service required. */ - // String DEFAULT_MANDATORY = MANDATORY_NONE; String DEFAULT_MANDATORY = OPTION_REPLAY_DETECTION; - - // String DEFAULT_MANDATORY = OPTION_INTEGRITY; - // String DEFAULT_MANDATORY = OPTION_CONFIDENTIALITY; - /** Name of the UID field in the plain password file. */ String MD_NAME_FIELD = "srp.md.name"; - /** Name of the GID field in the plain password file. */ String USER_VERIFIER_FIELD = "srp.user.verifier"; - /** Name of the GECOS field in the plain password file. */ String SALT_FIELD = "srp.salt"; - /** Name of the SHELL field in the plain password file. */ String CONFIG_NDX_FIELD = "srp.config.ndx"; - /** Minimum bitlength of the SRP public modulus. */ int MINIMUM_MODULUS_BITLENGTH = 512; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java index 672660b261c..ff7e4e9d689 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java @@ -38,18 +38,18 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; - import gnu.javax.crypto.assembly.Direction; import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.key.IKeyAgreementParty; -import gnu.javax.crypto.key.KeyAgreementFactory; +import gnu.javax.crypto.key.IncomingMessage; import gnu.javax.crypto.key.KeyAgreementException; +import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.OutgoingMessage; -import gnu.javax.crypto.key.IncomingMessage; import gnu.javax.crypto.key.srp6.SRP6KeyAgreement; import gnu.javax.crypto.sasl.IllegalMechanismStateException; import gnu.javax.crypto.sasl.InputBuffer; @@ -57,114 +57,58 @@ import gnu.javax.crypto.sasl.IntegrityException; import gnu.javax.crypto.sasl.OutputBuffer; import gnu.javax.crypto.sasl.ServerMechanism; -import java.io.IOException; -import java.io.PrintWriter; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.util.Arrays; import java.util.HashMap; import java.util.StringTokenizer; +import java.util.logging.Logger; import javax.security.sasl.AuthenticationException; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; /** - * <p>The SASL-SRP server-side mechanism.</p> + * The SASL-SRP server-side mechanism. */ -public class SRPServer extends ServerMechanism implements SaslServer +public class SRPServer + extends ServerMechanism + implements SaslServer { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SRPServer"; - - // private static final String ERROR = "ERROR"; - private static final String WARN = " WARN"; - - private static final String INFO = " INFO"; - - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(final String level, final Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SRPServer.class.getName()); private String U = null; // client's username - private BigInteger N, g, A, B; - private byte[] s; // salt - private byte[] cIV, sIV; // client+server IVs, when confidentiality is on - private byte[] cn, sn; // client's and server's nonce - private SRP srp; // SRP algorithm instance used by this server - private byte[] sid; // session ID when re-used - private int ttl = 360; // session time-to-live in seconds - private byte[] cCB; // peer's channel binding' - private String mandatory; // List of available options - private String L = null; - private String o; - private String chosenIntegrityAlgorithm; - private String chosenConfidentialityAlgorithm; - private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT; - private byte[] K; // shared session key - private boolean replayDetection = true; // whether Replay Detection is on - private int inCounter = 0; // messages sequence numbers - private int outCounter = 0; - private IALG inMac, outMac; // if !null, use for integrity - private CALG inCipher, outCipher; // if !null, use for confidentiality - - private IKeyAgreementParty serverHandler = KeyAgreementFactory.getPartyBInstance(Registry.SRP_SASL_KA); - + private IKeyAgreementParty serverHandler = + KeyAgreementFactory.getPartyBInstance(Registry.SRP_SASL_KA); /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public SRPServer() { super(Registry.SASL_SRP_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { // TODO: @@ -183,25 +127,20 @@ public class SRPServer extends ServerMechanism implements SaslServer K = null; inMac = outMac = null; inCipher = outCipher = null; - sid = null; } - // javax.security.sasl.SaslServer interface implementation ----------------- - public byte[] evaluateResponse(final byte[] response) throws SaslException { switch (state) { case 0: if (response == null) - { - return null; - } + return null; state++; return sendProtocolElements(response); case 1: - if (!complete) + if (! complete) { state++; return sendEvidence(response); @@ -215,65 +154,15 @@ public class SRPServer extends ServerMechanism implements SaslServer protected byte[] engineUnwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineUnwrap()"); - // - // if (inMac == null && inCipher == null) { - // throw new IllegalStateException("connection is not protected"); - // } - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (before security): "+Util.dumpString(incoming, offset, len)); - // - // byte[] data = null; - // try { - // InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len); - // data = frameIn.getEOS(); - // if (inMac != null) { - // byte[] received_mac = frameIn.getOS(); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Got C (received MAC): "+Util.dumpString(received_mac)); - // inMac.update(data); - // if (replayDetection) { - // inCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "inCounter="+String.valueOf(inCounter)); - // inMac.update(new byte[] { - // (byte)(inCounter >>> 24), - // (byte)(inCounter >>> 16), - // (byte)(inCounter >>> 8), - // (byte) inCounter }); - // } - // final byte[] computed_mac = inMac.doFinal(); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Computed MAC: "+Util.dumpString(computed_mac)); - // if (!Arrays.equals(received_mac, computed_mac)) - // throw new IntegrityException("engineUnwrap()"); - // } - // if (inCipher != null) { - // data = inCipher.doFinal(data); - // } - // } catch (IOException x) { - // if (x instanceof SaslException) { - // throw (SaslException) x; - // } - // throw new SaslException("engineUnwrap()", x); - // } - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (after security): "+Util.dumpString(data)); - // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineUnwrap()"); - // return data; - - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineUnwrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineUnwrap"); if (inMac == null && inCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (before security): " - + Util.dumpString(incoming, offset, len)); - + throw new IllegalStateException("connection is not protected"); + if (Configuration.DEBUG) + log.fine("Incoming buffer (before security): " + + Util.dumpString(incoming, offset, len)); // at this point one, or both, of confidentiality and integrity protection // services are active. - final byte[] result; try { @@ -284,137 +173,67 @@ public class SRPServer extends ServerMechanism implements SaslServer final byte[] received_mac = new byte[macBytesCount]; System.arraycopy(incoming, offset + payloadLength, received_mac, 0, macBytesCount); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got C (received MAC): " - + Util.dumpString(received_mac)); + if (Configuration.DEBUG) + log.fine("Got C (received MAC): " + Util.dumpString(received_mac)); inMac.update(incoming, offset, payloadLength); if (replayDetection) { inCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "inCounter=" + String.valueOf(inCounter)); - inMac.update(new byte[] { (byte) (inCounter >>> 24), - (byte) (inCounter >>> 16), - (byte) (inCounter >>> 8), - (byte) inCounter }); + if (Configuration.DEBUG) + log.fine("inCounter=" + String.valueOf(inCounter)); + inMac.update(new byte[] { + (byte)(inCounter >>> 24), + (byte)(inCounter >>> 16), + (byte)(inCounter >>> 8), + (byte) inCounter }); } - final byte[] computed_mac = inMac.doFinal(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac)); - if (!Arrays.equals(received_mac, computed_mac)) - { - throw new IntegrityException("engineUnwrap()"); - } - + if (Configuration.DEBUG) + log.fine("Computed MAC: " + Util.dumpString(computed_mac)); + if (! Arrays.equals(received_mac, computed_mac)) + throw new IntegrityException("engineUnwrap()"); // deal with the payload, which can be either plain or encrypted if (inCipher != null) - { - result = inCipher.doFinal(incoming, offset, payloadLength); - } + result = inCipher.doFinal(incoming, offset, payloadLength); else { result = new byte[payloadLength]; System.arraycopy(incoming, offset, result, 0, result.length); } } - else - { // no integrity protection; just confidentiality - // if (inCipher != null) { - result = inCipher.doFinal(incoming, offset, len); - // } else { - // result = new byte[len]; - // System.arraycopy(incoming, offset, result, 0, len); - // } - } + else // no integrity protection; just confidentiality + result = inCipher.doFinal(incoming, offset, len); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineUnwrap()", x); } - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (after security): " - + Util.dumpString(result)); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineUnwrap()"); + if (Configuration.DEBUG) + { + log.fine("Incoming buffer (after security): " + Util.dumpString(result)); + log.exiting(this.getClass().getName(), "engineUnwrap"); + } return result; } protected byte[] engineWrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineWrap()"); - // - // if (outMac == null && outCipher == null) { - // throw new IllegalStateException("connection is not protected"); - // } - // - // byte[] data = new byte[len]; - // System.arraycopy(outgoing, offset, data, 0, len); - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (hex): "+Util.dumpString(data)); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (str): \""+new String(data)+"\""); - // - // final byte[] result; - // try { - // OutputBuffer frameOut = new OutputBuffer(); - // // Process the data - // if (outCipher != null) { - // data = outCipher.doFinal(data); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding c (encrypted plaintext): "+Util.dumpString(data)); - // } else { - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data)); - // } - // frameOut.setEOS(data); - // if (outMac != null) { - // outMac.update(data); - // if (replayDetection) { - // outCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter)); - // outMac.update(new byte[] { - // (byte)(outCounter >>> 24), - // (byte)(outCounter >>> 16), - // (byte)(outCounter >>> 8), - // (byte) outCounter}); - // } - // byte[] C = outMac.doFinal(); - // frameOut.setOS(C); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); - // } - // result = frameOut.wrap(); - // - // } catch (IOException x) { - // if (x instanceof SaslException) { - // throw (SaslException) x; - // } - // throw new SaslException("engineWrap()", x); - // } - // - // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineWrap()"); - // return result; - - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineWrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineWrap"); if (outMac == null && outCipher == null) + throw new IllegalStateException("connection is not protected"); + if (Configuration.DEBUG) { - throw new IllegalStateException("connection is not protected"); + log.fine("Outgoing buffer (before security) (hex): " + + Util.dumpString(outgoing, offset, len)); + log.fine("Outgoing buffer (before security) (str): \"" + + new String(outgoing, offset, len) + "\""); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (hex): " - + Util.dumpString(outgoing, offset, len)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (str): \"" - + new String(outgoing, offset, len) + "\""); - // at this point one, or both, of confidentiality and integrity protection // services are active. - byte[] result; try { @@ -422,74 +241,64 @@ public class SRPServer extends ServerMechanism implements SaslServer if (outCipher != null) { result = outCipher.doFinal(outgoing, offset, len); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding c (encrypted plaintext): " - + Util.dumpString(result)); - + if (Configuration.DEBUG) + log.fine("Encoding c (encrypted plaintext): " + + Util.dumpString(result)); out.write(result); - if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - } // else ciphertext only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); + } + // else ciphertext only; do nothing } - else - { // no confidentiality; just integrity [+ replay detection] - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding p (plaintext): " - + Util.dumpString(outgoing, offset, len)); - + else // no confidentiality; just integrity [+ replay detection] + { + if (Configuration.DEBUG) + log.fine("Encoding p (plaintext): " + + Util.dumpString(outgoing, offset, len)); out.write(outgoing, offset, len); - - // if (outMac != null) { outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - // } // else plaintext only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); } - result = out.toByteArray(); - } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineWrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineWrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineWrap"); return result; } @@ -498,13 +307,8 @@ public class SRPServer extends ServerMechanism implements SaslServer if (inMac != null) { if (inCipher != null) - { - return Registry.QOP_AUTH_CONF; - } - else - { - return Registry.QOP_AUTH_INT; - } + return Registry.QOP_AUTH_CONF; + return Registry.QOP_AUTH_INT; } return Registry.QOP_AUTH; } @@ -514,13 +318,8 @@ public class SRPServer extends ServerMechanism implements SaslServer if (inMac != null) { if (inCipher != null) - { - return Registry.STRENGTH_HIGH; - } - else - { - return Registry.STRENGTH_MEDIUM; - } + return Registry.STRENGTH_HIGH; + return Registry.STRENGTH_MEDIUM; } return Registry.STRENGTH_LOW; } @@ -535,45 +334,39 @@ public class SRPServer extends ServerMechanism implements SaslServer return Registry.REUSE_TRUE; } - // other methods ----------------------------------------------------------- - private byte[] sendProtocolElements(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendProtocolElements()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "C: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendProtocolElements"); + log.fine("C: " + Util.dumpString(input)); + } // Client send U, I, sid, cn final InputBuffer frameIn = new InputBuffer(input); try { U = frameIn.getText(); // Extract username - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got U (username): \"" + U + "\""); + if (Configuration.DEBUG) + log.fine("Got U (username): \"" + U + "\""); authorizationID = frameIn.getText(); // Extract authorisation ID - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got I (userid): \"" + authorizationID + "\""); + if (Configuration.DEBUG) + log.fine("Got I (userid): \"" + authorizationID + "\""); sid = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sid (session ID): " + new String(sid)); + if (Configuration.DEBUG) + log.fine("Got sid (session ID): " + new String(sid)); cn = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cn (client nonce): " + Util.dumpString(cn)); + if (Configuration.DEBUG) + log.fine("Got cn (client nonce): " + Util.dumpString(cn)); cCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cCB (client channel binding): " - + Util.dumpString(cCB)); + if (Configuration.DEBUG) + log.fine("Got cCB (client channel binding): " + Util.dumpString(cCB)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } - // do/can we re-use? if (ServerStore.instance().isAlive(sid)) { @@ -589,15 +382,10 @@ public class SRPServer extends ServerMechanism implements SaslServer outMac = ctx.getOutMac(); inCipher = ctx.getInCipher(); outCipher = ctx.getOutCipher(); - if (sn == null || sn.length != 16) - { - sn = new byte[16]; - } + sn = new byte[16]; getDefaultPRNG().nextBytes(sn); - setupSecurityServices(false); - final OutputBuffer frameOut = new OutputBuffer(); try { @@ -608,34 +396,27 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendProtocolElements()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "Old session..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sn = " + Util.dumpString(sn)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sCB = " + Util.dumpString(channelBinding)); + if (Configuration.DEBUG) + { + log.fine("Old session..."); + log.fine("S: " + Util.dumpString(result)); + log.fine(" sn = " + Util.dumpString(sn)); + log.fine(" sCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendProtocolElements"); + } return result; } else { // new session authenticator.activate(properties); - // ------------------------------------------------------------------- final HashMap mapB = new HashMap(); - // mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapB.put(SRP6KeyAgreement.HOST_PASSWORD_DB, authenticator); - try { serverHandler.init(mapB); @@ -643,7 +424,6 @@ public class SRPServer extends ServerMechanism implements SaslServer out.writeString(U); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = serverHandler.processMessage(in); - in = new IncomingMessage(out.toByteArray()); N = in.readMPI(); g = in.readMPI(); @@ -655,26 +435,22 @@ public class SRPServer extends ServerMechanism implements SaslServer throw new SaslException("sendProtocolElements()", x); } // ------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding N (modulus): " + Util.dump(N)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding g (generator): " + Util.dump(g)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding s (client's salt): " + Util.dumpString(s)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding B (server ephemeral public key): " - + Util.dump(B)); - + if (Configuration.DEBUG) + { + log.fine("Encoding N (modulus): " + Util.dump(N)); + log.fine("Encoding g (generator): " + Util.dump(g)); + log.fine("Encoding s (client's salt): " + Util.dumpString(s)); + log.fine("Encoding B (server ephemeral public key): " + Util.dump(B)); + } // The server creates an options list (L), which consists of a // comma-separated list of option strings that specify the security // service options the server supports. L = createL(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding L (available options): \"" + L + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding sIV (server IV): " + Util.dumpString(sIV)); - + if (Configuration.DEBUG) + { + log.fine("Encoding L (available options): \"" + L + "\""); + log.fine("Encoding sIV (server IV): " + Util.dumpString(sIV)); + } final OutputBuffer frameOut = new OutputBuffer(); try { @@ -688,69 +464,58 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendProtocolElements()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "New session..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " N = 0x" + N.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " g = 0x" + g.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " s = " + Util.dumpString(s)); - if (DEBUG && debuglevel > 2) - debug(INFO, " B = 0x" + B.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " L = " + L); + if (Configuration.DEBUG) + { + log.fine("New session..."); + log.fine("S: " + Util.dumpString(result)); + log.fine(" N = 0x" + N.toString(16)); + log.fine(" g = 0x" + g.toString(16)); + log.fine(" s = " + Util.dumpString(s)); + log.fine(" B = 0x" + B.toString(16)); + log.fine(" L = " + L); + log.exiting(this.getClass().getName(), "sendProtocolElements"); + } return result; } } private byte[] sendEvidence(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendEvidence()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "C: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendEvidence"); + log.fine("C: " + Util.dumpString(input)); + } // Client send A, M1, o, cIV final InputBuffer frameIn = new InputBuffer(input); final byte[] M1; try { A = frameIn.getMPI(); // Extract client's ephemeral public key - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got A (client ephemeral public key): " + Util.dump(A)); + if (Configuration.DEBUG) + log.fine("Got A (client ephemeral public key): " + Util.dump(A)); M1 = frameIn.getOS(); // Extract evidence - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got M1 (client evidence): " + Util.dumpString(M1)); + if (Configuration.DEBUG) + log.fine("Got M1 (client evidence): " + Util.dumpString(M1)); o = frameIn.getText(); // Extract client's options list - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got o (client chosen options): \"" + o + "\""); + if (Configuration.DEBUG) + log.fine("Got o (client chosen options): \"" + o + "\""); cIV = frameIn.getOS(); // Extract client's IV - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cIV (client IV): " + Util.dumpString(cIV)); + if (Configuration.DEBUG) + log.fine("Got cIV (client IV): " + Util.dumpString(cIV)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendEvidence()", x); } - // Parse client's options and set security layer variables parseO(o); - // ---------------------------------------------------------------------- try { @@ -765,10 +530,8 @@ public class SRPServer extends ServerMechanism implements SaslServer throw new SaslException("sendEvidence()", x); } // ---------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "K: " + Util.dumpString(K)); - + if (Configuration.DEBUG) + log.fine("K: " + Util.dumpString(K)); final byte[] expected; try { @@ -779,15 +542,10 @@ public class SRPServer extends ServerMechanism implements SaslServer { throw new AuthenticationException("sendEvidence()", x); } - // Verify client evidence - if (!Arrays.equals(M1, expected)) - { - throw new AuthenticationException("M1 mismatch"); - } - + if (! Arrays.equals(M1, expected)) + throw new AuthenticationException("M1 mismatch"); setupSecurityServices(true); - final byte[] M2; try { @@ -798,7 +556,6 @@ public class SRPServer extends ServerMechanism implements SaslServer { throw new AuthenticationException("sendEvidence()", x); } - final OutputBuffer frameOut = new OutputBuffer(); try { @@ -811,93 +568,71 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendEvidence()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " M2 = " + Util.dumpString(M2)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sIV = " + Util.dumpString(sIV)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sid = " + new String(sid)); - if (DEBUG && debuglevel > 2) - debug(INFO, " ttl = " + ttl); - if (DEBUG && debuglevel > 2) - debug(INFO, " sCB = " + Util.dumpString(channelBinding)); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendEvidence()"); + if (Configuration.DEBUG) + { + log.fine("S: " + Util.dumpString(result)); + log.fine(" M2 = " + Util.dumpString(M2)); + log.fine(" sIV = " + Util.dumpString(sIV)); + log.fine(" sid = " + new String(sid)); + log.fine(" ttl = " + ttl); + log.fine(" sCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendEvidence"); + } return result; } private String createL() { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> createL()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "createL()"); String s = (String) properties.get(SRPRegistry.SRP_MANDATORY); if (s == null) + s = SRPRegistry.DEFAULT_MANDATORY; + + if (! SRPRegistry.MANDATORY_NONE.equals(s) + && ! SRPRegistry.OPTION_REPLAY_DETECTION.equals(s) + && ! SRPRegistry.OPTION_INTEGRITY.equals(s) + && ! SRPRegistry.OPTION_CONFIDENTIALITY.equals(s)) { + if (Configuration.DEBUG) + log.fine("Unrecognised mandatory option (" + s + "). Using default..."); s = SRPRegistry.DEFAULT_MANDATORY; } - if (!SRPRegistry.MANDATORY_NONE.equals(s) - && !SRPRegistry.OPTION_REPLAY_DETECTION.equals(s) - && !SRPRegistry.OPTION_INTEGRITY.equals(s) - && !SRPRegistry.OPTION_CONFIDENTIALITY.equals(s)) - { - if (DEBUG && debuglevel > 4) - debug(WARN, "Unrecognised mandatory option (" + s - + "). Using default..."); - s = SRPRegistry.DEFAULT_MANDATORY; - } - mandatory = s; - s = (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY); final boolean confidentiality = (s == null ? SRPRegistry.DEFAULT_CONFIDENTIALITY - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); s = (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION); boolean integrity = (s == null ? SRPRegistry.DEFAULT_INTEGRITY - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); s = (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION); final boolean replayDetection = (s == null ? SRPRegistry.DEFAULT_REPLAY_DETECTION - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); final StringBuffer sb = new StringBuffer(); - sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append( - srp.getAlgorithm()).append( - ","); + sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=") + .append(srp.getAlgorithm()).append(","); + + if (! SRPRegistry.MANDATORY_NONE.equals(mandatory)) + sb.append(SRPRegistry.OPTION_MANDATORY) + .append("=").append(mandatory).append(","); - if (!SRPRegistry.MANDATORY_NONE.equals(mandatory)) - { - sb.append(SRPRegistry.OPTION_MANDATORY).append("=").append(mandatory).append( - ","); - } if (replayDetection) { sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); // if replay detection is on then force integrity protection integrity = true; } - int i; if (integrity) { for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append( - SRPRegistry.INTEGRITY_ALGORITHMS[i]).append( - ","); - } + sb.append(SRPRegistry.OPTION_INTEGRITY).append("=") + .append(SRPRegistry.INTEGRITY_ALGORITHMS[i]).append(","); } - if (confidentiality) { IBlockCipher cipher; @@ -905,19 +640,15 @@ public class SRPServer extends ServerMechanism implements SaslServer { cipher = CipherFactory.getInstance(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]); if (cipher != null) - { - sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append( - SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append( - ","); - } + sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=") + .append(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append(","); } } - - final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append( - "=").append( - Registry.SASL_BUFFER_MAX_LIMIT).toString(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== createL()"); + final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE) + .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT) + .toString(); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "createL"); return result; } @@ -934,69 +665,51 @@ public class SRPServer extends ServerMechanism implements SaslServer while (st.hasMoreTokens()) { option = st.nextToken(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "option: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("option: <" + option + ">"); if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) - { - replayDetection = true; - } + replayDetection = true; else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "=")) { if (integrity) + throw new AuthenticationException( + "Only one integrity algorithm may be chosen"); + option = option.substring(option.indexOf('=') + 1); + if (Configuration.DEBUG) + log.fine("algorithm: <" + option + ">"); + for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) { - throw new AuthenticationException( - "Only one integrity algorithm may be chosen"); - } - else - { - option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "algorithm: <" + option + ">"); - for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) - { - chosenIntegrityAlgorithm = option; - integrity = true; - break; - } - } - if (!integrity) + if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) { - throw new AuthenticationException( - "Unknown integrity algorithm: " - + option); + chosenIntegrityAlgorithm = option; + integrity = true; + break; } } + if (! integrity) + throw new AuthenticationException("Unknown integrity algorithm: " + + option); } else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "=")) { if (confidentiality) + throw new AuthenticationException( + "Only one confidentiality algorithm may be chosen"); + option = option.substring(option.indexOf('=') + 1); + if (Configuration.DEBUG) + log.fine("algorithm: <" + option + ">"); + for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) { - throw new AuthenticationException( - "Only one confidentiality algorithm may be chosen"); - } - else - { - option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "algorithm: <" + option + ">"); - for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) - { - chosenConfidentialityAlgorithm = option; - confidentiality = true; - break; - } - } - if (!confidentiality) + if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) { - throw new AuthenticationException( - "Unknown confidentiality algorithm: " - + option); + chosenConfidentialityAlgorithm = option; + confidentiality = true; + break; } } + if (! confidentiality) + throw new AuthenticationException("Unknown confidentiality algorithm: " + + option); } else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=")) { @@ -1007,70 +720,51 @@ public class SRPServer extends ServerMechanism implements SaslServer if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT || rawSendSize < 1) throw new AuthenticationException( - "Illegal value for 'maxbuffersize' option"); + "Illegal value for 'maxbuffersize' option"); } catch (NumberFormatException x) { throw new AuthenticationException( - SRPRegistry.OPTION_MAX_BUFFER_SIZE - + "=" - + String.valueOf(maxBufferSize), - x); + SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=" + maxBufferSize, x); } } } - // check if client did the right thing if (replayDetection) { - if (!integrity) - { - throw new AuthenticationException( - "Missing integrity protection algorithm " - + "but replay detection is chosen"); - } + if (! integrity) + throw new AuthenticationException( + "Missing integrity protection algorithm but replay detection is chosen"); } if (mandatory.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) { - if (!replayDetection) - { - throw new AuthenticationException( - "Replay detection is mandatory but was not chosen"); - } + if (! replayDetection) + throw new AuthenticationException( + "Replay detection is mandatory but was not chosen"); } if (mandatory.equals(SRPRegistry.OPTION_INTEGRITY)) { - if (!integrity) - { - throw new AuthenticationException( - "Integrity protection is mandatory but was not chosen"); - } + if (! integrity) + throw new AuthenticationException( + "Integrity protection is mandatory but was not chosen"); } if (mandatory.equals(SRPRegistry.OPTION_CONFIDENTIALITY)) { - if (!confidentiality) - { - throw new AuthenticationException( - "Confidentiality is mandatory but was not chosen"); - } + if (! confidentiality) + throw new AuthenticationException( + "Confidentiality is mandatory but was not chosen"); } - int blockSize = 0; if (chosenConfidentialityAlgorithm != null) { final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm); if (cipher != null) - { - blockSize = cipher.defaultBlockSize(); - } - else - { // should not happen - throw new AuthenticationException("Confidentiality algorithm (" - + chosenConfidentialityAlgorithm - + ") not available"); - } + blockSize = cipher.defaultBlockSize(); + else // should not happen + throw new AuthenticationException("Confidentiality algorithm (" + + chosenConfidentialityAlgorithm + + ") not available"); } - sIV = new byte[blockSize]; if (blockSize > 0) getDefaultPRNG().nextBytes(sIV); @@ -1086,30 +780,26 @@ public class SRPServer extends ServerMechanism implements SaslServer // instantiate cipher if confidentiality protection filter is active if (chosenConfidentialityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating confidentiality protection filter"); + if (Configuration.DEBUG) + log.fine("Activating confidentiality protection filter"); inCipher = CALG.getInstance(chosenConfidentialityAlgorithm); outCipher = CALG.getInstance(chosenConfidentialityAlgorithm); } // instantiate hmacs if integrity protection filter is active if (chosenIntegrityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating integrity protection filter"); + if (Configuration.DEBUG) + log.fine("Activating integrity protection filter"); inMac = IALG.getInstance(chosenIntegrityAlgorithm); outMac = IALG.getInstance(chosenIntegrityAlgorithm); } - // generate a new sid if at least integrity is used sid = (inMac != null ? ServerStore.getNewSessionID() : new byte[0]); } - else - { // same session new keys - K = srp.generateKn(K, cn, sn); - } + else // same session new keys + K = srp.generateKn(K, cn, sn); final KDF kdf = KDF.getInstance(K); - // initialise in/out ciphers if confidentaility protection is used if (inCipher != null) { @@ -1122,15 +812,12 @@ public class SRPServer extends ServerMechanism implements SaslServer outMac.init(kdf); inMac.init(kdf); } - if (sid != null && sid.length != 0) { // update the security context and save in map - if (DEBUG && debuglevel > 2) - debug(INFO, "Updating security context for sid = " + new String(sid)); - ServerStore.instance().cacheSession( - ttl, - new SecurityContext( - srp.getAlgorithm(), + if (Configuration.DEBUG) + log.fine("Updating security context for sid = " + new String(sid)); + ServerStore.instance().cacheSession(ttl, + new SecurityContext(srp.getAlgorithm(), sid, K, cIV, @@ -1148,7 +835,6 @@ public class SRPServer extends ServerMechanism implements SaslServer { if (prng == null) prng = PRNG.getInstance(); - return prng; } } diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java index feca25cadb8..1111d95b4f0 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java @@ -39,41 +39,23 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; /** - * <p>A package-private placeholder for an SRP security context.</p> + * A package-private placeholder for an SRP security context. */ class SecurityContext { - - // Constants and variables - // ------------------------------------------------------------------------- - private String mdName; - private byte[] sid; - private byte[] K; - private byte[] cIV; - private byte[] sIV; - private boolean replayDetection; - private int inCounter; - private int outCounter; - private IALG inMac; - private IALG outMac; - private CALG inCipher; - private CALG outCipher; - // Constructor(s) - // ------------------------------------------------------------------------- - SecurityContext(final String mdName, final byte[] sid, final byte[] K, final byte[] cIV, final byte[] sIV, final boolean replayDetection, final int inCounter, @@ -96,12 +78,6 @@ class SecurityContext this.outCipher = outCipher; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - String getMdName() { return mdName; @@ -161,4 +137,4 @@ class SecurityContext { return outCipher; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java index 99bf96a9444..e9b1a728273 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java @@ -41,32 +41,21 @@ package gnu.javax.crypto.sasl.srp; import java.util.HashMap; /** - * <p>The server-side implementation of the SRP security context store.</p> + * The server-side implementation of the SRP security context store. */ public class ServerStore { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The underlying singleton. */ private static ServerStore singleton = null; - /** The map of sid --> Security Context record. */ private static final HashMap sid2ssc = new HashMap(); - /** The map of sid --> Session timing record. */ private static final HashMap sid2ttl = new HashMap(); - /** A synchronisation lock. */ private static final Object lock = new Object(); - /** A counter to generate legible SIDs. */ private static int counter = 0; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Private constructor to enforce Singleton pattern. */ private ServerStore() { @@ -75,48 +64,38 @@ public class ServerStore // TODO: add a cleaning timer thread } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the classloader Singleton.</p> - * + * Returns the classloader Singleton. + * * @return the classloader Singleton instance. */ static synchronized final ServerStore instance() { if (singleton == null) - { - singleton = new ServerStore(); - } + singleton = new ServerStore(); return singleton; } /** - * <p>Returns a legible new session identifier.</p> - * + * Returns a legible new session identifier. + * * @return a new session identifier. */ static synchronized final byte[] getNewSessionID() { final String sid = String.valueOf(++counter); - return new StringBuffer("SID-").append( - "0000000000".substring( - 0, - 10 - sid.length())).append( - sid).toString().getBytes(); + return new StringBuffer("SID-") + .append("0000000000".substring(0, 10 - sid.length())).append(sid) + .toString().getBytes(); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a boolean flag indicating if the designated session is still - * alive or not.</p> - * + * Returns a boolean flag indicating if the designated session is still alive + * or not. + * * @param sid the identifier of the session to check. * @return <code>true</code> if the designated session is still alive. - * <code>false</code> otherwise. + * <code>false</code> otherwise. */ boolean isAlive(final byte[] sid) { @@ -130,8 +109,8 @@ public class ServerStore if (ctx != null) { result = ctx.isAlive(); - if (!result) - { // invalidate it en-passant + if (! result) // invalidate it en-passant + { sid2ssc.remove(key); sid2ttl.remove(key); } @@ -142,9 +121,9 @@ public class ServerStore } /** - * <p>Records a mapping between a session identifier and the Security Context - * of the designated SRP server mechanism instance.</p> - * + * Records a mapping between a session identifier and the Security Context of + * the designated SRP server mechanism instance. + * * @param ttl the session's Time-To-Live indicator (in seconds). * @param ctx the server's security context. */ @@ -159,11 +138,11 @@ public class ServerStore } /** - * <p>Updates the mapping between the designated session identifier and the - * designated server's SASL Security Context. In the process, computes - * and return the underlying mechanism server's evidence that shall be - * returned to the client in a session re-use exchange.</p> - * + * Updates the mapping between the designated session identifier and the + * designated server's SASL Security Context. In the process, computes and + * return the underlying mechanism server's evidence that shall be returned to + * the client in a session re-use exchange. + * * @param sid the identifier of the session to restore. * @return an SRP server's security context. */ @@ -180,8 +159,8 @@ public class ServerStore } /** - * <p>Removes all information related to the designated session ID.</p> - * + * Removes all information related to the designated session ID. + * * @param sid the identifier of the seesion to invalidate. */ void invalidateSession(final byte[] sid) @@ -193,4 +172,4 @@ public class ServerStore sid2ttl.remove(key); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java index c5041fa4b38..130678ebd7a 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java @@ -39,21 +39,13 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; /** - * <p>A simple timing-related object for use by SRP re-use code.</p> + * A simple timing-related object for use by SRP re-use code. */ class StoreEntry { - - // Constants and variables - // ------------------------------------------------------------------------- - private boolean perenial; - private long timeToDie; - // Constructor(s) - // ------------------------------------------------------------------------- - StoreEntry(int ttl) { super(); @@ -70,20 +62,14 @@ class StoreEntry } } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns <code>true</code> if the Time-To_live period has not elapsed.</p> - * + * Returns <code>true</code> if the Time-To_live period has not elapsed. + * * @return <code>true</code> if the Time-To-Live period (in seconds) has not - * elapsed yet; <code>false</code> otherwise. + * elapsed yet; <code>false</code> otherwise. */ boolean isAlive() { return (perenial ? true : (System.currentTimeMillis() < timeToDie)); } -}
\ No newline at end of file +} |