Mega Code Archive

The Data Encryption Standard DES is a 64-bit block cipher with a 56-bit key

// ---------------------------------------------------------------------------- // $Id: DES.java,v 1.3 2003/10/05 03:41:38 raif Exp $ // // Copyright (C) 2002, 2003 Free Software Foundation, Inc. // // This file is part of GNU Crypto. // // GNU Crypto is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; either version 2, or (at your option) // any later version. // // GNU Crypto is distributed in the hope that it will be useful, but // WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; see the file COPYING. If not, write to the // // Free Software Foundation Inc., // 59 Temple Place - Suite 330, // Boston, MA 02111-1307 // USA // // Linking this library statically or dynamically with other modules is // making a combined work based on this library. Thus, the terms and // conditions of the GNU General Public License cover the whole // combination. // // As a special exception, the copyright holders of this library give // you permission to link this library with independent modules to // produce an executable, regardless of the license terms of these // independent modules, and to copy and distribute the resulting // executable under terms of your choice, provided that you also meet, // for each linked independent module, the terms and conditions of the // license of that module. An independent module is a module which is // not derived from or based on this library. If you modify this // library, you may extend this exception to your version of the // library, but you are not obligated to do so. If you do not wish to // do so, delete this exception statement from your version. // // -------------------------------------------------------------------------- import java.math.BigInteger; import java.security.InvalidKeyException; import java.util.Arrays; import java.util.Collections; import java.util.Iterator; import java.util.Map; /** * The Data Encryption Standard. DES is a 64-bit block cipher with a 56-bit * key, developed by IBM in the 1970's for the standardization process begun by * the National Bureau of Standards (now NIST). * * New applications should not use DES except for compatibility. * * This version is based upon the description and sample implementation in * [1]. * * References: * <ol> * <li>Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and * Source Code in C, Second Edition. (1996 John Wiley and Sons) ISBN * 0-471-11709-9. Pages 265--301, 623--632.</li> * </ol> * * @version $Revision: 1.3 $ */ class DES extends BaseCipher { // Constants and variables // ------------------------------------------------------------------------- /** DES operates on 64 bit blocks. */ public static final int BLOCK_SIZE = 8; /** DES uses 56 bits of a 64 bit parity-adjusted key. */ public static final int KEY_SIZE = 8; // S-Boxes 1 through 8. private static final int[] SP1 = new int[] { 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004 }; private static final int[] SP2 = new int[] { 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000 }; private static final int[] SP3 = new int[] { 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200 }; private static final int[] SP4 = new int[] { 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080 }; private static final int[] SP5 = new int[] { 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100 }; private static final int[] SP6 = new int[] { 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010 }; private static final int[] SP7 = new int[] { 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002 }; private static final int[] SP8 = new int[] { 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000 }; /** * Constants that help in determining whether or not a byte array is parity * adjusted. */ private static final byte[] PARITY = { 8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3, 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, 4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8 }; // Key schedule constants. private static final byte[] ROTARS = { 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 }; private static final byte[] PC1 = { 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 }; private static final byte[] PC2 = { 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 }; /** * Weak keys (parity adjusted): If all the bits in each half are either 0 * or 1, then the key used for any cycle of the algorithm is the same as * all other cycles. */ public static final byte[][] WEAK_KEYS = { Util.toBytesFromString("0101010101010101"), Util.toBytesFromString("01010101FEFEFEFE"), Util.toBytesFromString("FEFEFEFE01010101"), Util.toBytesFromString("FEFEFEFEFEFEFEFE") }; /** * Semi-weak keys (parity adjusted): Some pairs of keys encrypt plain text * to identical cipher text. In other words, one key in the pair can decrypt * messages that were encrypted with the other key. These keys are called * semi-weak keys. This occurs because instead of 16 different sub-keys being * generated, these semi-weak keys produce only two different sub-keys. */ public static final byte[][] SEMIWEAK_KEYS = { Util.toBytesFromString("01FE01FE01FE01FE"), Util.toBytesFromString("FE01FE01FE01FE01"), Util.toBytesFromString("1FE01FE00EF10EF1"), Util.toBytesFromString("E01FE01FF10EF10E"), Util.toBytesFromString("01E001E001F101F1"), Util.toBytesFromString("E001E001F101F101"), Util.toBytesFromString("1FFE1FFE0EFE0EFE"), Util.toBytesFromString("FE1FFE1FFE0EFE0E"), Util.toBytesFromString("011F011F010E010E"), Util.toBytesFromString("1F011F010E010E01"), Util.toBytesFromString("E0FEE0FEF1FEF1FE"), Util.toBytesFromString("FEE0FEE0FEF1FEF1") }; /** Possible weak keys (parity adjusted) --produce 4 instead of 16 subkeys. */ public static final byte[][] POSSIBLE_WEAK_KEYS = { Util.toBytesFromString("1F1F01010E0E0101"), Util.toBytesFromString("011F1F01010E0E01"), Util.toBytesFromString("1F01011F0E01010E"), Util.toBytesFromString("01011F1F01010E0E"), Util.toBytesFromString("E0E00101F1F10101"), Util.toBytesFromString("FEFE0101FEFE0101"), Util.toBytesFromString("FEE01F01FEF10E01"), Util.toBytesFromString("E0FE1F01F1FE0E01"), Util.toBytesFromString("FEE0011FFEF1010E"), Util.toBytesFromString("E0FE011FF1FE010E"), Util.toBytesFromString("E0E01F1FF1F10E0E"), Util.toBytesFromString("FEFE1F1FFEFE0E0E"), Util.toBytesFromString("1F1F01010E0E0101"), Util.toBytesFromString("011F1F01010E0E01"), Util.toBytesFromString("1F01011F0E01010E"), Util.toBytesFromString("01011F1F01010E0E"), Util.toBytesFromString("01E0E00101F1F101"), Util.toBytesFromString("1FFEE0010EFEF001"), Util.toBytesFromString("1FE0FE010EF1FE01"), Util.toBytesFromString("01FEFE0101FEFE01"), Util.toBytesFromString("1FE0E01F0EF1F10E"), Util.toBytesFromString("01FEE01F01FEF10E"), Util.toBytesFromString("01E0FE1F01F1FE0E"), Util.toBytesFromString("1FFEFE1F0EFEFE0E"), Util.toBytesFromString("E00101E0F10101F1"), Util.toBytesFromString("FE1F01E0FE0E0EF1"), Util.toBytesFromString("FE011FE0FE010EF1"), Util.toBytesFromString("E01F1FE0F10E0EF1"), Util.toBytesFromString("FE0101FEFE0101FE"), Util.toBytesFromString("E01F01FEF10E01FE"), Util.toBytesFromString("E0011FFEF1010EFE"), Util.toBytesFromString("FE1F1FFEFE0E0EFE"), Util.toBytesFromString("1FFE01E00EFE01F1"), Util.toBytesFromString("01FE1FE001FE0EF1"), Util.toBytesFromString("1FE001FE0EF101FE"), Util.toBytesFromString("01E01FFE01F10EFE"), Util.toBytesFromString("0101E0E00101F1F1"), Util.toBytesFromString("1F1FE0E00E0EF1F1"), Util.toBytesFromString("1F01FEE00E01FEF1"), Util.toBytesFromString("011FFEE0010EFEF1"), Util.toBytesFromString("1F01E0FE0E01F1FE"), Util.toBytesFromString("011FE0FE010EF1FE"), Util.toBytesFromString("0101FEFE0001FEFE"), Util.toBytesFromString("1F1FFEFE0E0EFEFE"), Util.toBytesFromString("FEFEE0E0FEFEF1F1"), Util.toBytesFromString("E0FEFEE0F1FEFEF1"), Util.toBytesFromString("FEE0E0FEFEF1F1FE"), Util.toBytesFromString("E0E0FEFEF1F1FEFE") }; // Constructor(s) // ------------------------------------------------------------------------- /** Default 0-argument constructor. */ public DES() { super("des", BLOCK_SIZE, KEY_SIZE); } // Class methods // ------------------------------------------------------------------------- /** * Adjust the parity for a raw key array. This essentially means that each * byte in the array will have an odd number of '1' bits (the last bit in * each byte is unused. * * @param kb The key array, to be parity-adjusted. * @param offset The starting index into the key bytes. */ public static void adjustParity(byte[] kb, int offset) { for (int i = offset; i < KEY_SIZE; i++) { kb[i] ^= (PARITY[kb[i] & 0xff] == 8) ? 1 : 0; } } /** * Test if a byte array, which must be at least 8 bytes long, is parity * adjusted. * * @param kb The key bytes. * @param offset The starting index into the key bytes. * @return <code>true</code> if the first 8 bytes of kb have been * parity adjusted. <code>false</code> otherwise. */ public static boolean isParityAdjusted(byte[] kb, int offset) { int w = 0x88888888; int n = PARITY[kb[offset+0] & 0xff]; n <<= 4; n |= PARITY[kb[offset+1] & 0xff]; n <<= 4; n |= PARITY[kb[offset+2] & 0xff]; n <<= 4; n |= PARITY[kb[offset+3] & 0xff]; n <<= 4; n |= PARITY[kb[offset+4] & 0xff]; n <<= 4; n |= PARITY[kb[offset+5] & 0xff]; n <<= 4; n |= PARITY[kb[offset+6] & 0xff]; n <<= 4; n |= PARITY[kb[offset+7] & 0xff]; return (n & w) == 0; } /** * Test if a key is a weak key. * * @param kb The key to test. * @return <code>true</code> if the key is weak. */ public static boolean isWeak(byte[] kb) { // return Arrays.equals(kb, WEAK_KEYS[0]) || Arrays.equals(kb, WEAK_KEYS[1]) // || Arrays.equals(kb, WEAK_KEYS[2]) || Arrays.equals(kb, WEAK_KEYS[3]) // || Arrays.equals(kb, WEAK_KEYS[4]) || Arrays.equals(kb, WEAK_KEYS[5]) // || Arrays.equals(kb, WEAK_KEYS[6]) || Arrays.equals(kb, WEAK_KEYS[7]); for (int i = 0; i < WEAK_KEYS.length; i++) { if (Arrays.equals(WEAK_KEYS[i], kb)) { return true; } } return false; } /** * Test if a key is a semi-weak key. * * @param kb The key to test. * @return <code>true</code> if this key is semi-weak. */ public static boolean isSemiWeak(byte[] kb) { // return Arrays.equals(kb, SEMIWEAK_KEYS[0]) // || Arrays.equals(kb, SEMIWEAK_KEYS[1]) // || Arrays.equals(kb, SEMIWEAK_KEYS[2]) // || Arrays.equals(kb, SEMIWEAK_KEYS[3]) // || Arrays.equals(kb, SEMIWEAK_KEYS[4]) // || Arrays.equals(kb, SEMIWEAK_KEYS[5]) // || Arrays.equals(kb, SEMIWEAK_KEYS[6]) // || Arrays.equals(kb, SEMIWEAK_KEYS[7]) // || Arrays.equals(kb, SEMIWEAK_KEYS[8]) // || Arrays.equals(kb, SEMIWEAK_KEYS[9]) // || Arrays.equals(kb, SEMIWEAK_KEYS[10]) // || Arrays.equals(kb, SEMIWEAK_KEYS[11]); for (int i = 0; i < SEMIWEAK_KEYS.length; i++) { if (Arrays.equals(SEMIWEAK_KEYS[i], kb)) { return true; } } return false; } /** * Test if the designated byte array represents a possibly weak key. * * @param kb the byte array to test. * @return <code>true</code> if <code>kb</code>represents a possibly weak key. * Returns <code>false</code> otherwise. */ public static boolean isPossibleWeak(byte[] kb) { for (int i = 0; i < POSSIBLE_WEAK_KEYS.length; i++) { if (Arrays.equals(POSSIBLE_WEAK_KEYS[i], kb)) { return true; } } return false; } /** * The core DES function. This is used for both encryption and decryption, * the only difference being the key. * * @param in The input bytes. * @param i The starting offset into the input bytes. * @param out The output bytes. * @param o The starting offset into the output bytes. * @param key The working key. */ private static void desFunc(byte[] in, int i, byte[] out, int o, int[] key) { int right, left, work; // Load. left = (in[i++] & 0xff) << 24 | (in[i++] & 0xff) << 16 | (in[i++] & 0xff) << 8 | in[i++] & 0xff; right = (in[i++] & 0xff) << 24 | (in[i++] & 0xff) << 16 | (in[i++] & 0xff) << 8 | in[i ] & 0xff; // Initial permutation. work = ((left >>> 4) ^ right) & 0x0F0F0F0F; left ^= work << 4; right ^= work; work = ((left >>> 16) ^ right) & 0x0000FFFF; left ^= work << 16; right ^= work; work = ((right >>> 2) ^ left) & 0x33333333; right ^= work << 2; left ^= work; work = ((right >>> 8) ^ left) & 0x00FF00FF; right ^= work << 8; left ^= work; right = ((right << 1) | ((right >>> 31) & 1)) & 0xFFFFFFFF; work = (left ^ right) & 0xAAAAAAAA; left ^= work; right ^= work; left = ((left << 1) | ((left >>> 31) & 1)) & 0xFFFFFFFF; int k = 0, t; for (int round = 0; round < 8; round++) { work = right >>> 4 | right << 28; work ^= key[k++]; t = SP7[work & 0x3F]; work >>>= 8; t |= SP5[work & 0x3F]; work >>>= 8; t |= SP3[work & 0x3F]; work >>>= 8; t |= SP1[work & 0x3F]; work = right ^ key[k++]; t |= SP8[work & 0x3F]; work >>>= 8; t |= SP6[work & 0x3F]; work >>>= 8; t |= SP4[work & 0x3F]; work >>>= 8; t |= SP2[work & 0x3F]; left ^= t; work = left >>> 4 | left << 28; work ^= key[k++]; t = SP7[work & 0x3F]; work >>>= 8; t |= SP5[work & 0x3F]; work >>>= 8; t |= SP3[work & 0x3F]; work >>>= 8; t |= SP1[work & 0x3F]; work = left ^ key[k++]; t |= SP8[work & 0x3F]; work >>>= 8; t |= SP6[work & 0x3F]; work >>>= 8; t |= SP4[work & 0x3F]; work >>>= 8; t |= SP2[work & 0x3F]; right ^= t; } // The final permutation. right = (right << 31) | (right >>> 1); work = (left ^ right) & 0xAAAAAAAA; left ^= work; right ^= work; left = (left << 31) | (left >>> 1); work = ((left >>> 8) ^ right) & 0x00FF00FF; left ^= work << 8; right ^= work; work = ((left >>> 2) ^ right) & 0x33333333; left ^= work << 2; right ^= work; work = ((right >>> 16) ^ left) & 0x0000FFFF; right ^= work << 16; left ^= work; work = ((right >>> 4) ^ left) & 0x0F0F0F0F; right ^= work << 4; left ^= work; out[o++] = (byte)(right >>> 24); out[o++] = (byte)(right >>> 16); out[o++] = (byte)(right >>> 8); out[o++] = (byte) right; out[o++] = (byte)(left >>> 24); out[o++] = (byte)(left >>> 16); out[o++] = (byte)(left >>> 8); out[o ] = (byte) left; } // Instance methods implementing BaseCipher // ------------------------------------------------------------------------- public Object clone() { return new DES(); } public Iterator blockSizes() { return Collections.singleton(new Integer(BLOCK_SIZE)).iterator(); } public Iterator keySizes() { return Collections.singleton(new Integer(KEY_SIZE)).iterator(); } public Object makeKey(byte[] kb, int bs) throws InvalidKeyException { if (kb == null || kb.length != KEY_SIZE) throw new InvalidKeyException("DES keys must be 8 bytes long"); // if (Properties.checkForWeakKeys() // && (isWeak(kb) || isSemiWeak(kb) || isPossibleWeak(kb))) { // throw new WeakKeyException(); // } int i, j, l, m, n; long pc1m = 0, pcr = 0; for (i = 0; i < 56; i++) { l = PC1[i]; pc1m |= ((kb[l >>> 3] & (0x80 >>> (l & 7))) != 0) ? (1L << (55 - i)) : 0; } Context ctx = new Context(); // Encryption key first. for (i = 0; i < 16; i++) { pcr = 0; m = i << 1; n = m + 1; for (j = 0; j < 28; j++) { l = j + ROTARS[i]; if (l < 28) pcr |= ((pc1m & 1L << (55 - l)) != 0) ? (1L << (55 - j)) : 0; else pcr |= ((pc1m & 1L << (55 - (l - 28))) != 0) ? (1L << (55 - j)) : 0; } for (j = 28; j < 56; j++) { l = j + ROTARS[i]; if (l < 56) pcr |= ((pc1m & 1L << (55 - l)) != 0) ? (1L << (55 - j)) : 0; else pcr |= ((pc1m & 1L << (55 - (l - 28))) != 0) ? (1L << (55 - j)) : 0; } for (j = 0; j < 24; j++) { if ((pcr & 1L << (55 - PC2[j ])) != 0) ctx.ek[m] |= 1 << (23 - j); if ((pcr & 1L << (55 - PC2[j+24])) != 0) ctx.ek[n] |= 1 << (23 - j); } } // The decryption key is the same, but in reversed order. for (i = 0; i < Context.EXPANDED_KEY_SIZE; i += 2) { ctx.dk[30 - i] = ctx.ek[i]; ctx.dk[31 - i] = ctx.ek[i+1]; } // "Cook" the keys. for (i = 0; i < 32; i += 2) { int x, y; x = ctx.ek[i ]; y = ctx.ek[i+1]; ctx.ek[i ] = ((x & 0x00FC0000) << 6) | ((x & 0x00000FC0) << 10) | ((y & 0x00FC0000) >>> 10) | ((y & 0x00000FC0) >>> 6); ctx.ek[i+1] = ((x & 0x0003F000) << 12) | ((x & 0x0000003F) << 16) | ((y & 0x0003F000) >>> 4) | (y & 0x0000003F); x = ctx.dk[i ]; y = ctx.dk[i+1]; ctx.dk[i ] = ((x & 0x00FC0000) << 6) | ((x & 0x00000FC0) << 10) | ((y & 0x00FC0000) >>> 10) | ((y & 0x00000FC0) >>> 6); ctx.dk[i+1] = ((x & 0x0003F000) << 12) | ((x & 0x0000003F) << 16) | ((y & 0x0003F000) >>> 4) | (y & 0x0000003F); } return ctx; } public void encrypt(byte[] in, int i, byte[] out, int o, Object K, int bs) { desFunc(in, i, out, o, ((Context) K).ek); } public void decrypt(byte[] in, int i, byte[] out, int o, Object K, int bs) { desFunc(in, i, out, o, ((Context) K).dk); } // Inner classe(s) /** * Simple wrapper class around the session keys. Package-private so TripleDES * can see it. */ final class Context { // Constants and variables // ---------------------------------------------------------------------- private static final int EXPANDED_KEY_SIZE = 32; /** The encryption key. */ int[] ek; /** The decryption key. */ int[] dk; // Constructor(s) // ---------------------------------------------------------------------- /** Default 0-arguments constructor. */ Context() { ek = new int[EXPANDED_KEY_SIZE]; dk = new int[EXPANDED_KEY_SIZE]; } // Class methods // ---------------------------------------------------------------------- // Instance methods // ---------------------------------------------------------------------- byte[] getEncryptionKeyBytes() { return toByteArray(ek); } byte[] getDecryptionKeyBytes() { return toByteArray(dk); } byte[] toByteArray(int[] k) { byte[] result = new byte[4 * k.length]; for (int i = 0, j = 0; i < k.length; i++) { result[j++] = (byte)(k[i] >>> 24); result[j++] = (byte)(k[i] >>> 16); result[j++] = (byte)(k[i] >>> 8); result[j++] = (byte) k[i]; } return result; } } } /** * A collection of utility methods used throughout this project. * * @version $Revision: 1.10 $ */ class Util { // Constants and variables // ------------------------------------------------------------------------- // Hex charset private static final char[] HEX_DIGITS = "0123456789ABCDEF".toCharArray(); // Base-64 charset private static final String BASE64_CHARS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; private static final char[] BASE64_CHARSET = BASE64_CHARS.toCharArray(); // Constructor(s) // ------------------------------------------------------------------------- /** Trivial constructor to enforce Singleton pattern. */ private Util() { super(); } // Class methods // ------------------------------------------------------------------------- /** * Returns a string of hexadecimal digits from a byte array. Each byte is * converted to 2 hex symbols; zero(es) included. * * This method calls the method with same name and three arguments as: * * <pre> * toString(ba, 0, ba.length); * </pre> * * @param ba the byte array to convert. * @return a string of hexadecimal characters (two for each byte) * representing the designated input byte array. */ public static String toString(byte[] ba) { return toString(ba, 0, ba.length); } /** * Returns a string of hexadecimal digits from a byte array, starting at * <code>offset</code> and consisting of <code>length</code> bytes. Each byte * is converted to 2 hex symbols; zero(es) included. * * @param ba the byte array to convert. * @param offset the index from which to start considering the bytes to * convert. * @param length the count of bytes, starting from the designated offset to * convert. * @return a string of hexadecimal characters (two for each byte) * representing the designated input byte sub-array. */ public static final String toString(byte[] ba, int offset, int length) { char[] buf = new char[length * 2]; for (int i = 0, j = 0, k; i < length; ) { k = ba[offset + i++]; buf[j++] = HEX_DIGITS[(k >>> 4) & 0x0F]; buf[j++] = HEX_DIGITS[ k & 0x0F]; } return new String(buf); } /** * Returns a string of hexadecimal digits from a byte array. Each byte is * converted to 2 hex symbols; zero(es) included. The argument is * treated as a large little-endian integer and is returned as a * large big-endian integer. * * This method calls the method with same name and three arguments as: * * <pre> * toReversedString(ba, 0, ba.length); * </pre> * * @param ba the byte array to convert. * @return a string of hexadecimal characters (two for each byte) * representing the designated input byte array. */ public static String toReversedString(byte[] ba) { return toReversedString(ba, 0, ba.length); } /** * Returns a string of hexadecimal digits from a byte array, starting at * <code>offset</code> and consisting of <code>length</code> bytes. Each byte * is converted to 2 hex symbols; zero(es) included. * * The byte array is treated as a large little-endian integer, and * is returned as a large big-endian integer. * * @param ba the byte array to convert. * @param offset the index from which to start considering the bytes to * convert. * @param length the count of bytes, starting from the designated offset to * convert. * @return a string of hexadecimal characters (two for each byte) * representing the designated input byte sub-array. */ public static final String toReversedString(byte[] ba, int offset, int length) { char[] buf = new char[length * 2]; for (int i = offset+length-1, j = 0, k; i >= offset; ) { k = ba[offset + i--]; buf[j++] = HEX_DIGITS[(k >>> 4) & 0x0F]; buf[j++] = HEX_DIGITS[ k & 0x0F]; } return new String(buf); } /** * Returns a byte array from a string of hexadecimal digits. * * @param s a string of hexadecimal ASCII characters * @return the decoded byte array from the input hexadecimal string. */ public static byte[] toBytesFromString(String s) { int limit = s.length(); byte[] result = new byte[((limit + 1) / 2)]; int i = 0, j = 0; if ((limit % 2) == 1) { result[j++] = (byte) fromDigit(s.charAt(i++)); } while (i < limit) { result[j ] = (byte) (fromDigit(s.charAt(i++)) << 4); result[j++] |= (byte) fromDigit(s.charAt(i++)); } return result; } /** * Returns a byte array from a string of hexadecimal digits, interpreting * them as a large big-endian integer and returning it as a large * little-endian integer. * * @param s a string of hexadecimal ASCII characters * @return the decoded byte array from the input hexadecimal string. */ public static byte[] toReversedBytesFromString(String s) { int limit = s.length(); byte[] result = new byte[((limit + 1) / 2)]; int i = 0; if ((limit % 2) == 1) { result[i++] = (byte) fromDigit(s.charAt(--limit)); } while (limit > 0) { result[i ] = (byte) fromDigit(s.charAt(--limit)); result[i++] |= (byte) (fromDigit(s.charAt(--limit)) << 4); } return result; } /** * Returns a number from <code>0</code> to <code>15</code> corresponding * to the designated hexadecimal digit. * * @param c a hexadecimal ASCII symbol. */ public static int fromDigit(char c) { if (c >= '0' && c <= '9') { return c - '0'; } else if (c >= 'A' && c <= 'F') { return c - 'A' + 10; } else if (c >= 'a' && c <= 'f') { return c - 'a' + 10; } else throw new IllegalArgumentException("Invalid hexadecimal digit: " + c); } /** * Returns a string of 8 hexadecimal digits (most significant digit first) * corresponding to the unsigned integer <code>n</code>. * * @param n the unsigned integer to convert. * @return a hexadecimal string 8-character long. */ public static String toString(int n) { char[] buf = new char[8]; for (int i = 7; i >= 0; i--) { buf[i] = HEX_DIGITS[n & 0x0F]; n >>>= 4; } return new String(buf); } /** * Returns a string of hexadecimal digits from an integer array. Each int * is converted to 4 hex symbols. */ public static String toString(int[] ia) { int length = ia.length; char[] buf = new char[length * 8]; for (int i = 0, j = 0, k; i < length; i++) { k = ia[i]; buf[j++] = HEX_DIGITS[(k >>> 28) & 0x0F]; buf[j++] = HEX_DIGITS[(k >>> 24) & 0x0F]; buf[j++] = HEX_DIGITS[(k >>> 20) & 0x0F]; buf[j++] = HEX_DIGITS[(k >>> 16) & 0x0F]; buf[j++] = HEX_DIGITS[(k >>> 12) & 0x0F]; buf[j++] = HEX_DIGITS[(k >>> 8) & 0x0F]; buf[j++] = HEX_DIGITS[(k >>> 4) & 0x0F]; buf[j++] = HEX_DIGITS[ k & 0x0F]; } return new String(buf); } /** * Returns a string of 16 hexadecimal digits (most significant digit first) * corresponding to the unsigned long <code>n</code>. * * @param n the unsigned long to convert. * @return a hexadecimal string 16-character long. */ public static String toString(long n) { char[] b = new char[16]; for (int i = 15; i >= 0; i--) { b[i] = HEX_DIGITS[(int)(n & 0x0FL)]; n >>>= 4; } return new String(b); } /** * Similar to the <code>toString()</code> method except that the Unicode * escape character is inserted before every pair of bytes. Useful to * externalise byte arrays that will be constructed later from such strings; * eg. s-box values. * * @throws ArrayIndexOutOfBoundsException if the length is odd. */ public static String toUnicodeString(byte[] ba) { return toUnicodeString(ba, 0, ba.length); } /** * Similar to the <code>toString()</code> method except that the Unicode * escape character is inserted before every pair of bytes. Useful to * externalise byte arrays that will be constructed later from such strings; * eg. s-box values. * * @throws ArrayIndexOutOfBoundsException if the length is odd. */ public static final String toUnicodeString(byte[] ba, int offset, int length) { StringBuffer sb = new StringBuffer(); int i = 0; int j = 0; int k; sb.append('\n').append("\""); while (i < length) { sb.append("\\u"); k = ba[offset + i++]; sb.append(HEX_DIGITS[(k >>> 4) & 0x0F]); sb.append(HEX_DIGITS[ k & 0x0F]); k = ba[offset + i++]; sb.append(HEX_DIGITS[(k >>> 4) & 0x0F]); sb.append(HEX_DIGITS[ k & 0x0F]); if ((++j % 8) == 0) { sb.append("\"+").append('\n').append("\""); } } sb.append("\"").append('\n'); return sb.toString(); } /** * Similar to the <code>toString()</code> method except that the Unicode * escape character is inserted before every pair of bytes. Useful to * externalise integer arrays that will be constructed later from such * strings; eg. s-box values. * * @throws ArrayIndexOutOfBoundsException if the length is not a multiple of 4. */ public static String toUnicodeString(int[] ia) { StringBuffer sb = new StringBuffer(); int i = 0; int j = 0; int k; sb.append('\n').append("\""); while (i < ia.length) { k = ia[i++]; sb.append("\\u"); sb.append(HEX_DIGITS[(k >>> 28) & 0x0F]); sb.append(HEX_DIGITS[(k >>> 24) & 0x0F]); sb.append(HEX_DIGITS[(k >>> 20) & 0x0F]); sb.append(HEX_DIGITS[(k >>> 16) & 0x0F]); sb.append("\\u"); sb.append(HEX_DIGITS[(k >>> 12) & 0x0F]); sb.append(HEX_DIGITS[(k >>> 8) & 0x0F]); sb.append(HEX_DIGITS[(k >>> 4) & 0x0F]); sb.append(HEX_DIGITS[ k & 0x0F]); if ((++j % 4) == 0) { sb.append("\"+").append('\n').append("\""); } } sb.append("\"").append('\n'); return sb.toString(); } public static byte[] toBytesFromUnicode(String s) { int limit = s.length() * 2; byte[] result = new byte[limit]; char c; for (int i = 0; i < limit; i++) { c = s.charAt(i >>> 1); result[i] = (byte)(((i & 1) == 0) ? c >>> 8 : c); } return result; } /** * Dumps a byte array as a string, in a format that is easy to read for * debugging. The string <code>m</code> is prepended to the start of each * line. * * If <code>offset</code> and <code>length</code> are omitted, the whole * array is used. If <code>m</code> is omitted, nothing is prepended to each * line. * * @param data the byte array to be dumped. * @param offset the offset within data to start from. * @param length the number of bytes to dump. * @param m a string to be prepended to each line. * @return a string containing the result. */ public static String dumpString(byte[] data, int offset, int length, String m) { if (data == null) { return m + "null\n"; } StringBuffer sb = new StringBuffer(length * 3); if (length > 32) { sb.append(m).append("Hexadecimal dump of ").append(length).append(" bytes...\n"); } // each line will list 32 bytes in 4 groups of 8 each int end = offset + length; String s; int l = Integer.toString(length).length(); if (l < 4) { l = 4; } for ( ; offset < end; offset += 32) { if (length > 32) { s = " " + offset; sb.append(m).append(s.substring(s.length()-l)).append(": "); } int i = 0; for ( ; i < 32 && offset + i + 7 < end; i += 8) { sb.append(toString(data, offset + i, 8)).append(' '); } if (i < 32) { for ( ; i < 32 && offset + i < end; i++) { sb.append(byteToString(data[offset + i])); } } sb.append('\n'); } return sb.toString(); } public static String dumpString(byte[] data) { return (data == null) ? "null\n" : dumpString(data, 0, data.length, ""); } public static String dumpString(byte[] data, String m) { return (data == null) ? "null\n" : dumpString(data, 0, data.length, m); } public static String dumpString(byte[] data, int offset, int length) { return dumpString(data, offset, length, ""); } /** * Returns a string of 2 hexadecimal digits (most significant digit first) * corresponding to the lowest 8 bits of <code>n</code>. * * @param n the byte value to convert. * @return a string of 2 hex characters representing the input. */ public static String byteToString(int n) { char[] buf = { HEX_DIGITS[(n >>> 4) & 0x0F], HEX_DIGITS[n & 0x0F] }; return new String(buf); } /** * Converts a designated byte array to a Base-64 representation, with the * exceptions that (a) leading 0-byte(s) are ignored, and (b) the character * '.' (dot) shall be used instead of "+' (plus). * * Used by SASL password file manipulation primitives. * * @param buffer an arbitrary sequence of bytes to represent in Base-64. * @return unpadded (without the '=' character(s)) Base-64 representation of * the input. */ public static final String toBase64(byte[] buffer) { int len = buffer.length, pos = len % 3; byte b0 = 0, b1 = 0, b2 = 0; switch (pos) { case 1: b2 = buffer[0]; break; case 2: b1 = buffer[0]; b2 = buffer[1]; break; } StringBuffer sb = new StringBuffer(); int c; boolean notleading = false; do { c = (b0 & 0xFC) >>> 2; if (notleading || c != 0) { sb.append(BASE64_CHARSET[c]); notleading = true; } c = ((b0 & 0x03) << 4) | ((b1 & 0xF0) >>> 4); if (notleading || c != 0) { sb.append(BASE64_CHARSET[c]); notleading = true; } c = ((b1 & 0x0F) << 2) | ((b2 & 0xC0) >>> 6); if (notleading || c != 0) { sb.append(BASE64_CHARSET[c]); notleading = true; } c = b2 & 0x3F; if (notleading || c != 0) { sb.append(BASE64_CHARSET[c]); notleading = true; } if (pos >= len) { break; } else { try { b0 = buffer[pos++]; b1 = buffer[pos++]; b2 = buffer[pos++]; } catch (ArrayIndexOutOfBoundsException x) { break; } } } while (true); if (notleading) { return sb.toString(); } return "0"; } /** * The inverse function of the above. * * Converts a string representing the encoding of some bytes in Base-64 * to their original form. * * @param str the Base-64 encoded representation of some byte(s). * @return the bytes represented by the <code>str</code>. * @throws NumberFormatException if <code>str</code> is <code>null</code>, or * <code>str</code> contains an illegal Base-64 character. * @see #toBase64(byte[]) */ public static final byte[] fromBase64(String str) { int len = str.length(); if (len == 0) { throw new NumberFormatException("Empty string"); } byte[] a = new byte[len + 1]; int i, j; for (i = 0; i < len; i++) { try { a[i] = (byte) BASE64_CHARS.indexOf(str.charAt(i)); } catch (ArrayIndexOutOfBoundsException x) { throw new NumberFormatException("Illegal character at #"+i); } } i = len - 1; j = len; try { while (true) { a[j] = a[i]; if (--i < 0) { break; } a[j] |= (a[i] & 0x03) << 6; j--; a[j] = (byte)((a[i] & 0x3C) >>> 2); if (--i < 0) { break; } a[j] |= (a[i] & 0x0F) << 4; j--; a[j] = (byte)((a[i] & 0x30) >>> 4); if (--i < 0) { break; } a[j] |= (a[i] << 2); j--; a[j] = 0; if (--i < 0) { break; } } } catch (Exception ignored) { } try { // ignore leading 0-bytes while(a[j] == 0) { j++; } } catch (Exception x) { return new byte[1]; // one 0-byte } byte[] result = new byte[len - j + 1]; System.arraycopy(a, j, result, 0, len - j + 1); return result; } // BigInteger utilities ---------------------------------------------------- /** * Treats the input as the MSB representation of a number, and discards * leading zero elements. For efficiency, the input is simply returned if no * leading zeroes are found. * * @param n the {@link BigInteger} to trim. * @return the byte array representation of the designated {@link BigInteger} * with no leading 0-bytes. */ public static final byte[] trim(BigInteger n) { byte[] in = n.toByteArray(); if (in.length == 0 || in[0] != 0) { return in; } int len = in.length; int i = 1; while (in[i] == 0 && i < len) { ++i; } byte[] result = new byte[len - i]; System.arraycopy(in, i, result, 0, len - i); return result; } /** * Returns a hexadecimal dump of the trimmed bytes of a {@link BigInteger}. * * * @param x the {@link BigInteger} to display. * @return the string representation of the designated {@link BigInteger}. */ public static final String dump(BigInteger x) { return dumpString(trim(x)); } } /** * A basic abstract class to facilitate implementing symmetric key block * ciphers. * * @version $Revision: 1.10 $ */ abstract class BaseCipher implements IBlockCipher, IBlockCipherSpi { // Constants and variables // ------------------------------------------------------------------------- /** The canonical name prefix of the cipher. */ protected String name; /** The default block size, in bytes. */ protected int defaultBlockSize; /** The default key size, in bytes. */ protected int defaultKeySize; /** The current block size, in bytes. */ protected int currentBlockSize; /** The session key for this instance. */ protected transient Object currentKey; /** The instance lock. */ protected Object lock = new Object(); // Constructor(s) // ------------------------------------------------------------------------- /** * Trivial constructor for use by concrete subclasses. * * @param name the canonical name prefix of this instance. * @param defaultBlockSize the default block size in bytes. * @param defaultKeySize the default key size in bytes. */ protected BaseCipher(String name, int defaultBlockSize, int defaultKeySize) { super(); this.name = name; this.defaultBlockSize = defaultBlockSize; this.defaultKeySize = defaultKeySize; } // Class methods // ------------------------------------------------------------------------- // Instance methods // ------------------------------------------------------------------------- // IBlockCipher interface implementation ----------------------------------- public abstract Object clone(); public String name() { StringBuffer sb = new StringBuffer(name).append('-'); if (currentKey == null) { sb.append(String.valueOf(8*defaultBlockSize)); } else { sb.append(String.valueOf(8*currentBlockSize)); } return sb.toString(); } public int defaultBlockSize() { return defaultBlockSize; } public int defaultKeySize() { return defaultKeySize; } public void init(Map attributes) throws InvalidKeyException { synchronized(lock) { if (currentKey != null) { throw new IllegalStateException(); } Integer bs = (Integer) attributes.get(CIPHER_BLOCK_SIZE); if (bs == null) { // no block size was specified. if (currentBlockSize == 0) { // happy birthday currentBlockSize = defaultBlockSize; } // else it's a clone. use as is } else { currentBlockSize = bs.intValue(); // ensure that value is valid Iterator it; boolean ok = false; for (it = blockSizes(); it.hasNext(); ) { ok = (currentBlockSize == ((Integer) it.next()).intValue()); if (ok) { break; } } if (!ok) { throw new IllegalArgumentException(IBlockCipher.CIPHER_BLOCK_SIZE); } } byte[] k = (byte[]) attributes.get(KEY_MATERIAL); currentKey = makeKey(k, currentBlockSize); } } public int currentBlockSize() { if (currentKey == null) { throw new IllegalStateException(); } return currentBlockSize; } public void reset() { synchronized(lock) { // currentBlockSize = 0; currentKey = null; } } public void encryptBlock(byte[] in, int inOffset, byte[] out, int outOffset) throws IllegalStateException { synchronized(lock) { if (currentKey == null) { throw new IllegalStateException(); } encrypt(in, inOffset, out, outOffset, currentKey, currentBlockSize); } } public void decryptBlock(byte[] in, int inOffset, byte[] out, int outOffset) throws IllegalStateException { synchronized(lock) { if (currentKey == null) { throw new IllegalStateException(); } decrypt(in, inOffset, out, outOffset, currentKey, currentBlockSize); } } public boolean selfTest() { int ks; Iterator bit; // do symmetry tests for all block-size/key-size combos for (Iterator kit = keySizes(); kit.hasNext(); ) { ks = ((Integer) kit.next()).intValue(); for (bit = blockSizes(); bit.hasNext(); ) { if (!testSymmetry(ks, ((Integer) bit.next()).intValue())) { return false; } } } return true; } // own methods ------------------------------------------------------------- private boolean testSymmetry(int ks, int bs) { try { byte[] kb = new byte[ks]; byte[] pt = new byte[bs]; byte[] ct = new byte[bs]; byte[] cpt = new byte[bs]; int i; for (i = 0; i < ks; i++) { kb[i] = (byte) i; } for (i = 0; i < bs; i++) { pt[i] = (byte) i; } Object k = makeKey(kb, bs); encrypt(pt, 0, ct, 0, k, bs); decrypt(ct, 0, cpt, 0, k, bs); return Arrays.equals(pt, cpt); } catch (Exception x) { x.printStackTrace(System.err); return false; } } protected boolean testKat(byte[] kb, byte[] ct) { return testKat(kb, ct, new byte[ct.length]); // all-zero plaintext } protected boolean testKat(byte[] kb, byte[] ct, byte[] pt) { try { int bs = pt.length; byte[] t = new byte[bs]; Object k = makeKey(kb, bs); // test encryption encrypt(pt, 0, t, 0, k, bs); if (!Arrays.equals(t, ct)) { return false; } // test decryption decrypt(t, 0, t, 0, k, bs); return Arrays.equals(t, pt); } catch (Exception x) { x.printStackTrace(System.err); return false; } } } /** * Package-private interface exposing mandatory methods to be implemented by * concrete {@link gnu.crypto.cipher.BaseCipher} sub-classes. * * @version $Revision: 1.4 $ */ interface IBlockCipherSpi extends Cloneable { // Constants // ------------------------------------------------------------------------- // Methods // ------------------------------------------------------------------------- /** * Returns an {@link java.util.Iterator} over the supported block sizes. * Each element returned by this object is a {@link java.lang.Integer}. * * @return an <code>Iterator</code> over the supported block sizes. */ Iterator blockSizes(); /** * Returns an {@link java.util.Iterator} over the supported key sizes. * Each element returned by this object is a {@link java.lang.Integer}. * * @return an <code>Iterator</code> over the supported key sizes. */ Iterator keySizes(); /** * Expands a user-supplied key material into a session key for a * designated block size. * * @param k the user-supplied key material. * @param bs the desired block size in bytes. * @return an Object encapsulating the session key. * @exception IllegalArgumentException if the block size is invalid. * @exception InvalidKeyException if the key data is invalid. */ Object makeKey(byte[]k, int bs) throws InvalidKeyException; /** * Encrypts exactly one block of plaintext. * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store the result. * @param k the session key to use. * @param bs the block size to use. * @exception IllegalArgumentException if the block size is invalid. * @exception ArrayIndexOutOfBoundsException if there is not enough room in * either the plaintext or ciphertext buffers. */ void encrypt(byte[] in, int inOffset, byte[] out, int outOffset, Object k, int bs); /** * Decrypts exactly one block of ciphertext. * * @param in the ciphertext. * @param inOffset index of <code>in</code> from which to start considering * data. * @param out the plaintext. * @param outOffset index of <code>out</code> from which to store the result. * @param k the session key to use. * @param bs the block size to use. * @exception IllegalArgumentException if the block size is invalid. * @exception ArrayIndexOutOfBoundsException if there is not enough room in * either the plaintext or ciphertext buffers. */ void decrypt(byte[] in, int inOffset, byte[] out, int outOffset, Object k, int bs); /** * A correctness test that consists of basic symmetric encryption / * decryption test(s) for all supported block and key sizes, as well as one * (1) variable key Known Answer Test (KAT). * * @return <code>true</code> if the implementation passes simple * correctness tests. Returns <code>false</code> otherwise. */ boolean selfTest(); } /** * The basic visible methods of any symmetric key block cipher. * * A symmetric key block cipher is a function that maps n-bit plaintext * blocks to n-bit ciphertext blocks; n being the cipher's block size. * This encryption function is parameterised by a k-bit key, and is invertible. * Its inverse is the decryption function. * * Possible initialisation values for an instance of this type are: * * <ul> * <li>The block size in which to operate this block cipher instance. This * value is optional, if unspecified, the block cipher's default * block size shall be used.</li> * * <li>The byte array containing the user supplied key material to use for * generating the cipher's session key(s). This value is mandatory * and should be included in the initialisation parameters. If it isn't, * an {@link IllegalStateException} will be thrown if any method, other than * <code>reset()</code> is invoked on the instance. Furthermore, the size of * this key material shall be taken as an indication on the key size in which * to operate this instance.</li> * </ul> * * IMPLEMENTATION NOTE: Although all the concrete classes in this * package implement the {@link Cloneable} interface, it is important to note * here that such an operation DOES NOT clone any session key material * that may have been used in initialising the source cipher (the instance to be * cloned). Instead a clone of an already initialised cipher is another instance * that operates with the same block size but without any knowledge of * neither key material nor key size. * * @version $Revision: 1.7 $ */ interface IBlockCipher extends Cloneable { // Constants // ------------------------------------------------------------------------- /** * Property name of the block size in which to operate a block cipher. * The value associated with this property name is taken to be an * {@link Integer}. */ String CIPHER_BLOCK_SIZE = "gnu.crypto.cipher.block.size"; /** * Property name of the user-supplied key material. The value associated * to this property name is taken to be a byte array. */ String KEY_MATERIAL = "gnu.crypto.cipher.key.material"; // Methods // ------------------------------------------------------------------------- /** * Returns the canonical name of this instance. * * @return the canonical name of this instance. */ String name(); /** * Returns the default value, in bytes, of the algorithm's block size. * * @return the default value, in bytes, of the algorithm's block size. */ int defaultBlockSize(); /** * Returns the default value, in bytes, of the algorithm's key size. * * @return the default value, in bytes, of the algorithm's key size. */ int defaultKeySize(); /** * Returns an {@link Iterator} over the supported block sizes. Each * element returned by this object is an {@link Integer}. * * @return an {@link Iterator} over the supported block sizes. */ Iterator blockSizes(); /** * Returns an {@link Iterator} over the supported key sizes. Each element * returned by this object is an {@link Integer}. * * @return an {@link Iterator} over the supported key sizes. */ Iterator keySizes(); /** * Returns a clone of this instance. * * @return a clone copy of this instance. */ Object clone(); /** * Initialises the algorithm with designated attributes. Permissible names * and values are described in the class documentation above. * * @param attributes a set of name-value pairs that describes the desired * future behaviour of this instance. * @exception InvalidKeyException if the key data is invalid. * @exception IllegalStateException if the instance is already initialised. * @see #KEY_MATERIAL * @see #CIPHER_BLOCK_SIZE */ void init(Map attributes) throws InvalidKeyException, IllegalStateException; /** * Returns the currently set block size for this instance. * * @return the current block size for this instance. * @exception IllegalStateException if the instance is not initialised. */ int currentBlockSize() throws IllegalStateException; /** * Resets the algorithm instance for re-initialisation and use with other * characteristics. This method always succeeds. */ void reset(); /** * Encrypts exactly one block of plaintext. * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store result. * @exception IllegalStateException if the instance is not initialised. */ void encryptBlock(byte[] in, int inOffset, byte[] out, int outOffset) throws IllegalStateException; /** * Decrypts exactly one block of ciphertext. * * @param in the plaintext. * @param inOffset index of <code>in</code> from which to start considering * data. * @param out the ciphertext. * @param outOffset index of <code>out</code> from which to store result. * @exception IllegalStateException if the instance is not initialised. */ void decryptBlock(byte[] in, int inOffset, byte[] out, int outOffset) throws IllegalStateException; /** * A correctness test that consists of basic symmetric encryption / * decryption test(s) for all supported block and key sizes, as well as one * (1) variable key Known Answer Test (KAT). * * @return <code>true</code> if the implementation passes simple * correctness tests. Returns <code>false</code> otherwise. */ boolean selfTest(); }