|
 |
69f63c |
From 34e52cf538fab7786be6298de05d7a1ad0b652b7 Mon Sep 17 00:00:00 2001
|
|
|
69f63c |
From: Alexander Scheel <ascheel@redhat.com>
|
|
|
69f63c |
Date: Wed, 14 Aug 2019 14:38:39 -0400
|
|
|
69f63c |
Subject: [PATCH] Remove legacy DSA implementation
|
|
|
69f63c |
|
|
|
69f63c |
This is better suited for NSS via the Mozilla-JSS provider. This entire
|
|
|
69f63c |
provider could eventually be removed if we wished, but certain
|
|
|
69f63c |
functionality required by PKI transitively depends on it. It is never
|
|
|
69f63c |
explicitly added though, so I'm not convinced those places truly use it
|
|
|
69f63c |
via the intended APIs. However, various classes inside the provider are
|
|
|
69f63c |
used directly (such as RSAPublicKey and DSAPublicKey).
|
|
|
69f63c |
|
|
|
69f63c |
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
|
|
69f63c |
---
|
|
|
69f63c |
.../jss/netscape/security/provider/DSA.java | 664 ------------------
|
|
|
69f63c |
.../provider/DSAKeyPairGenerator.java | 389 ----------
|
|
|
69f63c |
.../provider/DSAParameterGenerator.java | 298 --------
|
|
|
69f63c |
.../jss/netscape/security/provider/MD5.java | 378 ----------
|
|
|
69f63c |
.../jss/netscape/security/provider/SHA.java | 349 ---------
|
|
|
69f63c |
.../jss/netscape/security/provider/Sun.java | 43 --
|
|
|
69f63c |
6 files changed, 2121 deletions(-)
|
|
|
69f63c |
delete mode 100644 org/mozilla/jss/netscape/security/provider/DSA.java
|
|
|
69f63c |
delete mode 100644 org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java
|
|
|
69f63c |
delete mode 100644 org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java
|
|
|
69f63c |
delete mode 100644 org/mozilla/jss/netscape/security/provider/MD5.java
|
|
|
69f63c |
delete mode 100644 org/mozilla/jss/netscape/security/provider/SHA.java
|
|
|
69f63c |
|
|
|
69f63c |
diff --git a/org/mozilla/jss/netscape/security/provider/DSA.java b/org/mozilla/jss/netscape/security/provider/DSA.java
|
|
|
69f63c |
deleted file mode 100644
|
|
|
69f63c |
index abc320f4..00000000
|
|
|
69f63c |
--- a/org/mozilla/jss/netscape/security/provider/DSA.java
|
|
|
69f63c |
+++ /dev/null
|
|
|
69f63c |
@@ -1,664 +0,0 @@
|
|
|
69f63c |
-// --- BEGIN COPYRIGHT BLOCK ---
|
|
|
69f63c |
-// This program is free software; you can redistribute it and/or modify
|
|
|
69f63c |
-// it under the terms of the GNU General Public License as published by
|
|
|
69f63c |
-// the Free Software Foundation; version 2 of the License.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// This program is distributed in the hope that it will be useful,
|
|
|
69f63c |
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
69f63c |
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
69f63c |
-// GNU General Public License for more details.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// You should have received a copy of the GNU General Public License along
|
|
|
69f63c |
-// with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
69f63c |
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// (C) 2007 Red Hat, Inc.
|
|
|
69f63c |
-// All rights reserved.
|
|
|
69f63c |
-// --- END COPYRIGHT BLOCK ---
|
|
|
69f63c |
-package org.mozilla.jss.netscape.security.provider;
|
|
|
69f63c |
-
|
|
|
69f63c |
-import java.io.IOException;
|
|
|
69f63c |
-import java.io.PrintStream;
|
|
|
69f63c |
-import java.math.BigInteger;
|
|
|
69f63c |
-import java.security.InvalidKeyException;
|
|
|
69f63c |
-import java.security.InvalidParameterException;
|
|
|
69f63c |
-import java.security.MessageDigest;
|
|
|
69f63c |
-import java.security.NoSuchAlgorithmException;
|
|
|
69f63c |
-import java.security.PrivateKey;
|
|
|
69f63c |
-import java.security.PublicKey;
|
|
|
69f63c |
-import java.security.SecureRandom;
|
|
|
69f63c |
-import java.security.Signature;
|
|
|
69f63c |
-import java.security.SignatureException;
|
|
|
69f63c |
-import java.security.interfaces.DSAParams;
|
|
|
69f63c |
-
|
|
|
69f63c |
-import org.mozilla.jss.netscape.security.util.BigInt;
|
|
|
69f63c |
-import org.mozilla.jss.netscape.security.util.DerInputStream;
|
|
|
69f63c |
-import org.mozilla.jss.netscape.security.util.DerOutputStream;
|
|
|
69f63c |
-import org.mozilla.jss.netscape.security.util.DerValue;
|
|
|
69f63c |
-
|
|
|
69f63c |
-/**
|
|
|
69f63c |
- * The Digital Signature Standard (using the Digital Signature
|
|
|
69f63c |
- * Algorithm), as described in fips186 of the National Instute of
|
|
|
69f63c |
- * Standards and Technology (NIST), using fips180-1 (SHA-1).
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @author Benjamin Renaud
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @version 1.86, 97/09/17
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @see DSAPublicKey
|
|
|
69f63c |
- * @see DSAPrivateKey
|
|
|
69f63c |
- */
|
|
|
69f63c |
-
|
|
|
69f63c |
-public final class DSA extends Signature {
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Are we debugging? */
|
|
|
69f63c |
- private static boolean debug = false;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The parameter object */
|
|
|
69f63c |
- @SuppressWarnings("unused")
|
|
|
69f63c |
- private DSAParams params;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* algorithm parameters */
|
|
|
69f63c |
- private BigInteger presetP, presetQ, presetG;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The public key, if any */
|
|
|
69f63c |
- private BigInteger presetY;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The private key, if any */
|
|
|
69f63c |
- private BigInteger presetX;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The SHA hash for the data */
|
|
|
69f63c |
- private MessageDigest dataSHA;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The random seed used to generate k */
|
|
|
69f63c |
- private int[] Kseed;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The random seed used to generate k (specified by application) */
|
|
|
69f63c |
- private byte[] KseedAsByteArray;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * The random seed used to generate k
|
|
|
69f63c |
- * (prevent the same Kseed from being used twice in a row
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private int[] previousKseed;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The RNG used to output a seed for generating k */
|
|
|
69f63c |
- private SecureRandom signingRandom;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Construct a blank DSA object. It can generate keys, but must be
|
|
|
69f63c |
- * initialized before being usable for signing or verifying.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public DSA() throws NoSuchAlgorithmException {
|
|
|
69f63c |
- super("SHA/DSA");
|
|
|
69f63c |
- dataSHA = MessageDigest.getInstance("SHA");
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initialize the DSA object with a DSA private key.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param privateKey the DSA private key
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @exception InvalidKeyException if the key is not a valid DSA private
|
|
|
69f63c |
- * key.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected void engineInitSign(PrivateKey privateKey)
|
|
|
69f63c |
- throws InvalidKeyException {
|
|
|
69f63c |
- if (!(privateKey instanceof java.security.interfaces.DSAPrivateKey)) {
|
|
|
69f63c |
- throw new InvalidKeyException("not a DSA private key: " +
|
|
|
69f63c |
- privateKey);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- java.security.interfaces.DSAPrivateKey priv =
|
|
|
69f63c |
- (java.security.interfaces.DSAPrivateKey) privateKey;
|
|
|
69f63c |
-
|
|
|
69f63c |
- this.presetX = priv.getX();
|
|
|
69f63c |
- initialize(priv.getParams());
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initialize the DSA object with a DSA public key.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param publicKey the DSA public key.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @exception InvalidKeyException if the key is not a valid DSA public
|
|
|
69f63c |
- * key.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected void engineInitVerify(PublicKey publicKey)
|
|
|
69f63c |
- throws InvalidKeyException {
|
|
|
69f63c |
- if (!(publicKey instanceof java.security.interfaces.DSAPublicKey)) {
|
|
|
69f63c |
- throw new InvalidKeyException("not a DSA public key: " +
|
|
|
69f63c |
- publicKey);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- java.security.interfaces.DSAPublicKey pub =
|
|
|
69f63c |
- (java.security.interfaces.DSAPublicKey) publicKey;
|
|
|
69f63c |
- this.presetY = pub.getY();
|
|
|
69f63c |
- initialize(pub.getParams());
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private void initialize(DSAParams params) {
|
|
|
69f63c |
- dataSHA.reset();
|
|
|
69f63c |
- setParams(params);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Sign all the data thus far updated. The signature is formatted
|
|
|
69f63c |
- * according to the Canonical Encoding Rules, returned as a DER
|
|
|
69f63c |
- * sequence of Integer, r and s.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @return a signature block formatted according to the Canonical
|
|
|
69f63c |
- * Encoding Rules.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @exception SignatureException if the signature object was not
|
|
|
69f63c |
- * properly initialized, or if another exception occurs.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @see org.mozilla.jss.netscape.security.provider.DSA#engineUpdate
|
|
|
69f63c |
- * @see org.mozilla.jss.netscape.security.provider.DSA#engineVerify
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected byte[] engineSign() throws SignatureException {
|
|
|
69f63c |
- BigInteger k = generateK(presetQ);
|
|
|
69f63c |
- BigInteger r = generateR(presetP, presetQ, presetG, k);
|
|
|
69f63c |
- BigInteger s = generateS(presetX, presetQ, r, k);
|
|
|
69f63c |
-
|
|
|
69f63c |
- // got to convert to BigInt...
|
|
|
69f63c |
- BigInt rAsBigInt = new BigInt(r.toByteArray());
|
|
|
69f63c |
- BigInt sAsBigInt = new BigInt(s.toByteArray());
|
|
|
69f63c |
-
|
|
|
69f63c |
- try (DerOutputStream outseq = new DerOutputStream(100)) {
|
|
|
69f63c |
- outseq.putInteger(rAsBigInt);
|
|
|
69f63c |
- outseq.putInteger(sAsBigInt);
|
|
|
69f63c |
- DerValue result = new DerValue(DerValue.tag_Sequence,
|
|
|
69f63c |
- outseq.toByteArray());
|
|
|
69f63c |
-
|
|
|
69f63c |
- return result.toByteArray();
|
|
|
69f63c |
-
|
|
|
69f63c |
- } catch (IOException e) {
|
|
|
69f63c |
- throw new SignatureException("error encoding signature");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Verify all the data thus far updated.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param signature the alledged signature, encoded using the
|
|
|
69f63c |
- * Canonical Encoding Rules, as a sequence of integers, r and s.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @exception SignatureException if the signature object was not
|
|
|
69f63c |
- * properly initialized, or if another exception occurs.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @see org.mozilla.jss.netscape.security.provider.DSA#engineUpdate
|
|
|
69f63c |
- * @see org.mozilla.jss.netscape.security.provider.DSA#engineSign
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected boolean engineVerify(byte[] signature)
|
|
|
69f63c |
- throws SignatureException {
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger r = null;
|
|
|
69f63c |
- BigInteger s = null;
|
|
|
69f63c |
- // first decode the signature.
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- DerInputStream in = new DerInputStream(signature);
|
|
|
69f63c |
- DerValue[] values = in.getSequence(2);
|
|
|
69f63c |
-
|
|
|
69f63c |
- r = values[0].getInteger().toBigInteger();
|
|
|
69f63c |
- s = values[1].getInteger().toBigInteger();
|
|
|
69f63c |
-
|
|
|
69f63c |
- } catch (IOException e) {
|
|
|
69f63c |
- throw new SignatureException("invalid encoding for signature");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- BigInteger w = generateW(presetP, presetQ, presetG, s);
|
|
|
69f63c |
- BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r);
|
|
|
69f63c |
-
|
|
|
69f63c |
- return v.equals(r);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
|
|
|
69f63c |
- BigInteger k) {
|
|
|
69f63c |
- BigInteger temp = g.modPow(k, p);
|
|
|
69f63c |
- return temp.remainder(q);
|
|
|
69f63c |
-
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger generateS(BigInteger x, BigInteger q,
|
|
|
69f63c |
- BigInteger r, BigInteger k) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- byte[] s2 = dataSHA.digest();
|
|
|
69f63c |
- BigInteger temp = new BigInteger(1, s2);
|
|
|
69f63c |
- BigInteger k1 = k.modInverse(q);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger s = x.multiply(r);
|
|
|
69f63c |
- s = temp.add(s);
|
|
|
69f63c |
- s = k1.multiply(s);
|
|
|
69f63c |
- return s.remainder(q);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger generateW(BigInteger p, BigInteger q,
|
|
|
69f63c |
- BigInteger g, BigInteger s) {
|
|
|
69f63c |
- return s.modInverse(q);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger generateV(BigInteger y, BigInteger p,
|
|
|
69f63c |
- BigInteger q, BigInteger g,
|
|
|
69f63c |
- BigInteger w, BigInteger r) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- byte[] s2 = dataSHA.digest();
|
|
|
69f63c |
- BigInteger temp = new BigInteger(1, s2);
|
|
|
69f63c |
-
|
|
|
69f63c |
- temp = temp.multiply(w);
|
|
|
69f63c |
- BigInteger u1 = temp.remainder(q);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger u2 = (r.multiply(w)).remainder(q);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger t1 = g.modPow(u1, p);
|
|
|
69f63c |
- BigInteger t2 = y.modPow(u2, p);
|
|
|
69f63c |
- BigInteger t3 = t1.multiply(t2);
|
|
|
69f63c |
- BigInteger t5 = t3.remainder(p);
|
|
|
69f63c |
- return t5.remainder(q);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Please read bug report 4044247 for an alternative, faster,
|
|
|
69f63c |
- * NON-FIPS approved method to generate K
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger generateK(BigInteger q) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger k = null;
|
|
|
69f63c |
-
|
|
|
69f63c |
- // The application specified a Kseed for us to use.
|
|
|
69f63c |
- // Note that we do not allow usage of the same Kseed twice in a row
|
|
|
69f63c |
- if (Kseed != null && compareSeeds(Kseed, previousKseed) != 0) {
|
|
|
69f63c |
- k = generateK(Kseed, q);
|
|
|
69f63c |
- if (k.signum() > 0 && k.compareTo(q) < 0) {
|
|
|
69f63c |
- previousKseed = new int[Kseed.length];
|
|
|
69f63c |
- System.arraycopy(Kseed, 0, previousKseed, 0, Kseed.length);
|
|
|
69f63c |
- return k;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // The application did not specify a Kseed for us to use.
|
|
|
69f63c |
- // We'll generate a new Kseed by getting random bytes from
|
|
|
69f63c |
- // a SecureRandom object.
|
|
|
69f63c |
- SecureRandom random = getSigningRandom();
|
|
|
69f63c |
-
|
|
|
69f63c |
- while (true) {
|
|
|
69f63c |
- int[] seed = new int[5];
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (int i = 0; i < 5; i++)
|
|
|
69f63c |
- seed[i] = random.nextInt();
|
|
|
69f63c |
- k = generateK(seed, q);
|
|
|
69f63c |
- if (k.signum() > 0 && k.compareTo(q) < 0) {
|
|
|
69f63c |
- previousKseed = new int[seed.length];
|
|
|
69f63c |
- System.arraycopy(seed, 0, previousKseed, 0, seed.length);
|
|
|
69f63c |
- return k;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Use the application-specified SecureRandom Object if provided.
|
|
|
69f63c |
- // Otherwise, use our default SecureRandom Object.
|
|
|
69f63c |
- private SecureRandom getSigningRandom() {
|
|
|
69f63c |
- if (signingRandom == null) {
|
|
|
69f63c |
- if (appRandom != null)
|
|
|
69f63c |
- signingRandom = appRandom;
|
|
|
69f63c |
- else
|
|
|
69f63c |
- signingRandom = new SecureRandom();
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return signingRandom;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * return 0 if equal
|
|
|
69f63c |
- * return 1 if not equal
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private int compareSeeds(int[] seed1, int[] seed2) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- if (seed1 == null || seed2 == null) {
|
|
|
69f63c |
- return 1;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- if (seed1.length != seed2.length) {
|
|
|
69f63c |
- return 1;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (int i = 0; i < seed1.length; i++) {
|
|
|
69f63c |
- if (seed1[i] != seed2[i])
|
|
|
69f63c |
- return 1;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- return 0;
|
|
|
69f63c |
-
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Compute k for a DSA signature.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param seed the seed for generating k. This seed should be
|
|
|
69f63c |
- * secure. This is what is refered to as the KSEED in the DSA
|
|
|
69f63c |
- * specification.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param g the g parameter from the DSA key pair.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger generateK(int[] seed, BigInteger q) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- // check out t in the spec.
|
|
|
69f63c |
- int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476,
|
|
|
69f63c |
- 0xC3D2E1F0, 0x67452301 };
|
|
|
69f63c |
- //
|
|
|
69f63c |
- int[] tmp = DSA.SHA_7(seed, t);
|
|
|
69f63c |
- byte[] tmpBytes = new byte[tmp.length * 4];
|
|
|
69f63c |
- for (int i = 0; i < tmp.length; i++) {
|
|
|
69f63c |
- int k = tmp[i];
|
|
|
69f63c |
- for (int j = 0; j < 4; j++) {
|
|
|
69f63c |
- tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
- BigInteger k = new BigInteger(1, tmpBytes).mod(q);
|
|
|
69f63c |
- return k;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Constants for each round
|
|
|
69f63c |
- private static final int round1_kt = 0x5a827999;
|
|
|
69f63c |
- private static final int round2_kt = 0x6ed9eba1;
|
|
|
69f63c |
- private static final int round3_kt = 0x8f1bbcdc;
|
|
|
69f63c |
- private static final int round4_kt = 0xca62c1d6;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Computes set 1 thru 7 of SHA-1 on m1.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- static int[] SHA_7(int[] m1, int[] h) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- int[] W = new int[80];
|
|
|
69f63c |
- System.arraycopy(m1, 0, W, 0, m1.length);
|
|
|
69f63c |
- int temp = 0;
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (int t = 16; t <= 79; t++) {
|
|
|
69f63c |
- temp = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
|
|
|
69f63c |
- W[t] = ((temp << 1) | (temp >>> (32 - 1)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- int a = h[0], b = h[1], c = h[2], d = h[3], e = h[4];
|
|
|
69f63c |
- for (int i = 0; i < 20; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- ((b & c) | ((~b) & d)) + e + W[i] + round1_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Round 2
|
|
|
69f63c |
- for (int i = 20; i < 40; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- (b ^ c ^ d) + e + W[i] + round2_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Round 3
|
|
|
69f63c |
- for (int i = 40; i < 60; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- ((b & c) | (b & d) | (c & d)) + e + W[i] + round3_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Round 4
|
|
|
69f63c |
- for (int i = 60; i < 80; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- (b ^ c ^ d) + e + W[i] + round4_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- int[] md = new int[5];
|
|
|
69f63c |
- md[0] = h[0] + a;
|
|
|
69f63c |
- md[1] = h[1] + b;
|
|
|
69f63c |
- md[2] = h[2] + c;
|
|
|
69f63c |
- md[3] = h[3] + d;
|
|
|
69f63c |
- md[4] = h[4] + e;
|
|
|
69f63c |
- return md;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * This implementation recognizes the following parameter:
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * Kseed
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * a byte array.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @deprecated Replaced by engineSetParameter(AlgorithmParameterSpec params)
|
|
|
69f63c |
- */
|
|
|
69f63c |
- @Deprecated
|
|
|
69f63c |
- protected void engineSetParameter(String key, Object param) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- if (key.equals("KSEED")) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- if (param instanceof byte[]) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- Kseed = byteArray2IntArray((byte[]) param);
|
|
|
69f63c |
- KseedAsByteArray = (byte[]) param;
|
|
|
69f63c |
-
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- debug("unrecognized param: " + key);
|
|
|
69f63c |
- throw new InvalidParameterException("Kseed not a byte array");
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- throw new InvalidParameterException("invalid parameter");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Return the value of the requested parameter. Recognized
|
|
|
69f63c |
- * parameters are:
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * Kseed
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * a byte array.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @return the value of the requested parameter.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @deprecated no replacent given
|
|
|
69f63c |
- * @see https://docs.oracle.com/javase/10/docs/api/java/security/SignatureSpi.html#engineGetParameter(java.lang.String)
|
|
|
69f63c |
- */
|
|
|
69f63c |
- @Deprecated
|
|
|
69f63c |
- protected Object engineGetParameter(String key) {
|
|
|
69f63c |
- if (key.equals("KSEED")) {
|
|
|
69f63c |
- return KseedAsByteArray;
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- return null;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Set the algorithm object.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private void setParams(DSAParams params) {
|
|
|
69f63c |
- this.params = params;
|
|
|
69f63c |
- this.presetP = params.getP();
|
|
|
69f63c |
- this.presetQ = params.getQ();
|
|
|
69f63c |
- this.presetG = params.getG();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Update a byte to be signed or verified.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param b the byte to updated.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected void engineUpdate(byte b) {
|
|
|
69f63c |
- dataSHA.update(b);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Update an array of bytes to be signed or verified.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param data the bytes to be updated.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected void engineUpdate(byte[] data, int off, int len) {
|
|
|
69f63c |
- dataSHA.update(data, off, len);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Return a human readable rendition of the engine.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public String toString() {
|
|
|
69f63c |
- String printable = "DSA Signature";
|
|
|
69f63c |
- if (presetP != null && presetQ != null && presetG != null) {
|
|
|
69f63c |
- printable += "\n\tp: " + presetP.toString(16);
|
|
|
69f63c |
- printable += "\n\tq: " + presetQ.toString(16);
|
|
|
69f63c |
- printable += "\n\tg: " + presetG.toString(16);
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- printable += "\n\t P, Q or G not initialized.";
|
|
|
69f63c |
- }
|
|
|
69f63c |
- if (presetY != null) {
|
|
|
69f63c |
- printable += "\n\ty: " + presetY.toString(16);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- if (presetY == null && presetX == null) {
|
|
|
69f63c |
- printable += "\n\tUNINIIALIZED";
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return printable;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Utility routine for converting a byte array into an int array
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private int[] byteArray2IntArray(byte[] byteArray) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- int j = 0;
|
|
|
69f63c |
- byte[] newBA;
|
|
|
69f63c |
- int mod = byteArray.length % 4;
|
|
|
69f63c |
-
|
|
|
69f63c |
- // guarantee that the incoming byteArray is a multiple of 4
|
|
|
69f63c |
- // (pad with 0's)
|
|
|
69f63c |
- switch (mod) {
|
|
|
69f63c |
- case 3:
|
|
|
69f63c |
- newBA = new byte[byteArray.length + 1];
|
|
|
69f63c |
- break;
|
|
|
69f63c |
- case 2:
|
|
|
69f63c |
- newBA = new byte[byteArray.length + 2];
|
|
|
69f63c |
- break;
|
|
|
69f63c |
- case 1:
|
|
|
69f63c |
- newBA = new byte[byteArray.length + 3];
|
|
|
69f63c |
- break;
|
|
|
69f63c |
- default:
|
|
|
69f63c |
- newBA = new byte[byteArray.length + 0];
|
|
|
69f63c |
- break;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- System.arraycopy(byteArray, 0, newBA, 0, byteArray.length);
|
|
|
69f63c |
-
|
|
|
69f63c |
- // copy each set of 4 bytes in the byte array into an integer
|
|
|
69f63c |
- int[] newSeed = new int[newBA.length / 4];
|
|
|
69f63c |
- for (int i = 0; i < newBA.length; i += 4) {
|
|
|
69f63c |
- newSeed[j] = newBA[i + 3] & 0xFF;
|
|
|
69f63c |
- newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00;
|
|
|
69f63c |
- newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000;
|
|
|
69f63c |
- newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000;
|
|
|
69f63c |
- j++;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- return newSeed;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* We include the test vectors from the DSA specification, FIPS
|
|
|
69f63c |
- 186, and the FIPS 186 Change No 1, which updates the test
|
|
|
69f63c |
- vector using SHA-1 instead of SHA (for both the G function and
|
|
|
69f63c |
- the message hash. */
|
|
|
69f63c |
-
|
|
|
69f63c |
- static void testDSA() throws Exception {
|
|
|
69f63c |
- PrintStream p = System.out;
|
|
|
69f63c |
-
|
|
|
69f63c |
- DSA dsa = new DSA();
|
|
|
69f63c |
- int[] Kseed = { 0x687a66d9, 0x0648f993, 0x867e121f,
|
|
|
69f63c |
- 0x4ddf9ddb, 0x1205584 };
|
|
|
69f63c |
- BigInteger k = dsa.generateK(Kseed, q512);
|
|
|
69f63c |
- p.println("k: " + k.toString(16));
|
|
|
69f63c |
- BigInteger r = dsa.generateR(p512, q512, g512, k);
|
|
|
69f63c |
- p.println("r: " + r.toString(16));
|
|
|
69f63c |
- byte[] abc = { 0x61, 0x62, 0x63 };
|
|
|
69f63c |
- dsa.dataSHA.update(abc);
|
|
|
69f63c |
- BigInteger s = dsa.generateS(x512, q512, r, k);
|
|
|
69f63c |
- p.println("s: " + s.toString(16));
|
|
|
69f63c |
-
|
|
|
69f63c |
- dsa.dataSHA.update(abc);
|
|
|
69f63c |
- BigInteger w = dsa.generateW(p512, q512, g512, s);
|
|
|
69f63c |
- p.println("w: " + w.toString(16));
|
|
|
69f63c |
- BigInteger v = dsa.generateV(y512, p512, q512, g512, w, r);
|
|
|
69f63c |
- p.println("v: " + v.toString(16));
|
|
|
69f63c |
- if (v.equals(r)) {
|
|
|
69f63c |
- p.println("signature verifies.");
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- p.println("signature does not verify.");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Test vector: 512-bit keys generated by our key generator. */
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger p512 =
|
|
|
69f63c |
- new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" +
|
|
|
69f63c |
- "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" +
|
|
|
69f63c |
- "2ed0899bcd132acd50d99151bdc43ee737592e17", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger q512 =
|
|
|
69f63c |
- new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger g512 =
|
|
|
69f63c |
- new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" +
|
|
|
69f63c |
- "4d6486931d2d14271b9e35030b71fd73da179069b32e" +
|
|
|
69f63c |
- "2935630e1c2062354d0da20a6c416e50be794ca4", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger x512 =
|
|
|
69f63c |
- new BigInteger("3406c2d71b04b5fc0db62afcad58a6607d3de688", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger y512 =
|
|
|
69f63c |
- new BigInteger("2d335d76b8ec9d610aa8f2cbb4b149fd96fdd" +
|
|
|
69f63c |
- "3a9a6e62bd6c2e01d406be4d1d72718a2fe08bea6d12f5e452474461f70f4" +
|
|
|
69f63c |
- "dea60508e9fe2eaec23d2ec5d1a866", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Official NIST 512-bit test keys */
|
|
|
69f63c |
-
|
|
|
69f63c |
- static String pString = "8df2a494492276aa3d25759bb06869cbeac0d83afb8d0" +
|
|
|
69f63c |
- "cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec" +
|
|
|
69f63c |
- "0736ee31c80291";
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger testP = new BigInteger(pString, 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static String gString = "626d027839ea0a13413163a55b4cb500299d5522956ce" +
|
|
|
69f63c |
- "fcb3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9cc42e9f6f464b088cc5" +
|
|
|
69f63c |
- "72af53e6d78802";
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger testG = new BigInteger(gString, 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger testQ = new BigInteger("c773218c737ec8ee993b4f2ded30" +
|
|
|
69f63c |
- "f48edace915f", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger testX = new BigInteger("2070b3223dba372fde1c0ffc7b2e" +
|
|
|
69f63c |
- "3b498b260614", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- static String yString = "19131871d75b1612a819f29d78d1b0d7346f7aa77" +
|
|
|
69f63c |
- "bb62a859bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74858fba33f44c06" +
|
|
|
69f63c |
- "699630a76b030ee333";
|
|
|
69f63c |
-
|
|
|
69f63c |
- static BigInteger testY = new BigInteger(yString, 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* End test vector values */
|
|
|
69f63c |
-
|
|
|
69f63c |
- private static void debug(String s) {
|
|
|
69f63c |
- if (debug) {
|
|
|
69f63c |
- System.err.println(s);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
-}
|
|
|
69f63c |
diff --git a/org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java b/org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java
|
|
|
69f63c |
deleted file mode 100644
|
|
|
69f63c |
index c4942dea..00000000
|
|
|
69f63c |
--- a/org/mozilla/jss/netscape/security/provider/DSAKeyPairGenerator.java
|
|
|
69f63c |
+++ /dev/null
|
|
|
69f63c |
@@ -1,389 +0,0 @@
|
|
|
69f63c |
-// --- BEGIN COPYRIGHT BLOCK ---
|
|
|
69f63c |
-// This program is free software; you can redistribute it and/or modify
|
|
|
69f63c |
-// it under the terms of the GNU General Public License as published by
|
|
|
69f63c |
-// the Free Software Foundation; version 2 of the License.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// This program is distributed in the hope that it will be useful,
|
|
|
69f63c |
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
69f63c |
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
69f63c |
-// GNU General Public License for more details.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// You should have received a copy of the GNU General Public License along
|
|
|
69f63c |
-// with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
69f63c |
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// (C) 2007 Red Hat, Inc.
|
|
|
69f63c |
-// All rights reserved.
|
|
|
69f63c |
-// --- END COPYRIGHT BLOCK ---
|
|
|
69f63c |
-package org.mozilla.jss.netscape.security.provider;
|
|
|
69f63c |
-
|
|
|
69f63c |
-import java.math.BigInteger;
|
|
|
69f63c |
-import java.security.AlgorithmParameterGenerator;
|
|
|
69f63c |
-import java.security.InvalidAlgorithmParameterException;
|
|
|
69f63c |
-import java.security.InvalidKeyException;
|
|
|
69f63c |
-import java.security.InvalidParameterException;
|
|
|
69f63c |
-import java.security.KeyPair;
|
|
|
69f63c |
-import java.security.KeyPairGenerator;
|
|
|
69f63c |
-import java.security.NoSuchAlgorithmException;
|
|
|
69f63c |
-import java.security.NoSuchProviderException;
|
|
|
69f63c |
-import java.security.ProviderException;
|
|
|
69f63c |
-import java.security.SecureRandom;
|
|
|
69f63c |
-import java.security.interfaces.DSAParams;
|
|
|
69f63c |
-import java.security.spec.AlgorithmParameterSpec;
|
|
|
69f63c |
-import java.security.spec.DSAParameterSpec;
|
|
|
69f63c |
-import java.security.spec.InvalidParameterSpecException;
|
|
|
69f63c |
-import java.util.Hashtable;
|
|
|
69f63c |
-
|
|
|
69f63c |
-import org.mozilla.jss.netscape.security.x509.AlgIdDSA;
|
|
|
69f63c |
-
|
|
|
69f63c |
-/**
|
|
|
69f63c |
- * This class generates DSA key parameters and public/private key
|
|
|
69f63c |
- * pairs according to the DSS standard NIST FIPS 186. It uses the
|
|
|
69f63c |
- * updated version of SHA, SHA-1 as described in FIPS 180-1.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @author Benjamin Renaud
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @version 1.23, 97/12/10
|
|
|
69f63c |
- */
|
|
|
69f63c |
-
|
|
|
69f63c |
-public class DSAKeyPairGenerator extends KeyPairGenerator
|
|
|
69f63c |
- implements java.security.interfaces.DSAKeyPairGenerator {
|
|
|
69f63c |
-
|
|
|
69f63c |
- private static Hashtable<Integer, AlgIdDSA> precomputedParams;
|
|
|
69f63c |
-
|
|
|
69f63c |
- static {
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* We support precomputed parameter for 512, 768 and 1024 bit
|
|
|
69f63c |
- moduli. In this file we provide both the seed and counter
|
|
|
69f63c |
- value of the generation process for each of these seeds,
|
|
|
69f63c |
- for validation purposes. We also include the test vectors
|
|
|
69f63c |
- from the DSA specification, FIPS 186, and the FIPS 186
|
|
|
69f63c |
- Change No 1, which updates the test vector using SHA-1
|
|
|
69f63c |
- instead of SHA (for both the G function and the message
|
|
|
69f63c |
- hash.
|
|
|
69f63c |
- */
|
|
|
69f63c |
-
|
|
|
69f63c |
- precomputedParams = new Hashtable<Integer, AlgIdDSA>();
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * L = 512
|
|
|
69f63c |
- * SEED = b869c82b35d70e1b1ff91b28e37a62ecdc34409b
|
|
|
69f63c |
- * counter = 123
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger p512 =
|
|
|
69f63c |
- new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" +
|
|
|
69f63c |
- "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" +
|
|
|
69f63c |
- "2ed0899bcd132acd50d99151bdc43ee737592e17", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger q512 =
|
|
|
69f63c |
- new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger g512 =
|
|
|
69f63c |
- new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" +
|
|
|
69f63c |
- "4d6486931d2d14271b9e35030b71fd73da179069b32e" +
|
|
|
69f63c |
- "2935630e1c2062354d0da20a6c416e50be794ca4", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * L = 768
|
|
|
69f63c |
- * SEED = 77d0f8c4dad15eb8c4f2f8d6726cefd96d5bb399
|
|
|
69f63c |
- * counter = 263
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger p768 =
|
|
|
69f63c |
- new BigInteger("e9e642599d355f37c97ffd3567120b8e25c9cd43e" +
|
|
|
69f63c |
- "927b3a9670fbec5d890141922d2c3b3ad24800937" +
|
|
|
69f63c |
- "99869d1e846aab49fab0ad26d2ce6a22219d470bc" +
|
|
|
69f63c |
- "e7d777d4a21fbe9c270b57f607002f3cef8393694" +
|
|
|
69f63c |
- "cf45ee3688c11a8c56ab127a3daf", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger q768 =
|
|
|
69f63c |
- new BigInteger("9cdbd84c9f1ac2f38d0f80f42ab952e7338bf511",
|
|
|
69f63c |
- 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger g768 =
|
|
|
69f63c |
- new BigInteger("30470ad5a005fb14ce2d9dcd87e38bc7d1b1c5fac" +
|
|
|
69f63c |
- "baecbe95f190aa7a31d23c4dbbcbe06174544401a" +
|
|
|
69f63c |
- "5b2c020965d8c2bd2171d3668445771f74ba084d2" +
|
|
|
69f63c |
- "029d83c1c158547f3a9f1a2715be23d51ae4d3e5a" +
|
|
|
69f63c |
- "1f6a7064f316933a346d3f529252", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * L = 1024
|
|
|
69f63c |
- * SEED = 8d5155894229d5e689ee01e6018a237e2cae64cd
|
|
|
69f63c |
- * counter = 92
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger p1024 =
|
|
|
69f63c |
- new BigInteger("fd7f53811d75122952df4a9c2eece4e7f611b7523c" +
|
|
|
69f63c |
- "ef4400c31e3f80b6512669455d402251fb593d8d58" +
|
|
|
69f63c |
- "fabfc5f5ba30f6cb9b556cd7813b801d346ff26660" +
|
|
|
69f63c |
- "b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c6" +
|
|
|
69f63c |
- "1bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554" +
|
|
|
69f63c |
- "135a169132f675f3ae2b61d72aeff22203199dd148" +
|
|
|
69f63c |
- "01c7", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger q1024 =
|
|
|
69f63c |
- new BigInteger("9760508f15230bccb292b982a2eb840bf0581cf5",
|
|
|
69f63c |
- 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger g1024 =
|
|
|
69f63c |
- new BigInteger("f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa" +
|
|
|
69f63c |
- "3aea82f9574c0b3d0782675159578ebad4594fe671" +
|
|
|
69f63c |
- "07108180b449167123e84c281613b7cf09328cc8a6" +
|
|
|
69f63c |
- "e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f" +
|
|
|
69f63c |
- "0bfa213562f1fb627a01243bcca4f1bea8519089a8" +
|
|
|
69f63c |
- "83dfe15ae59f06928b665e807b552564014c3bfecf" +
|
|
|
69f63c |
- "492a", 16);
|
|
|
69f63c |
-
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- AlgIdDSA alg512 = new AlgIdDSA(p512, q512, g512);
|
|
|
69f63c |
- AlgIdDSA alg768 = new AlgIdDSA(p768, q768, g768);
|
|
|
69f63c |
- AlgIdDSA alg1024 = new AlgIdDSA(p1024, q1024, g1024);
|
|
|
69f63c |
-
|
|
|
69f63c |
- precomputedParams.put(Integer.valueOf(512), alg512);
|
|
|
69f63c |
- precomputedParams.put(Integer.valueOf(768), alg768);
|
|
|
69f63c |
- precomputedParams.put(Integer.valueOf(1024), alg1024);
|
|
|
69f63c |
-
|
|
|
69f63c |
- } catch (Exception e) {
|
|
|
69f63c |
- throw new InternalError("initializing precomputed " +
|
|
|
69f63c |
- "algorithm parameters for Sun DSA");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The modulus length */
|
|
|
69f63c |
- private int modlen = 1024;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Generate new parameters, even if we have precomputed ones. */
|
|
|
69f63c |
- boolean generateNewParameters = false;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* preset algorithm parameters. */
|
|
|
69f63c |
- private BigInteger presetP, presetQ, presetG;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The source of random bits to use */
|
|
|
69f63c |
- SecureRandom random;
|
|
|
69f63c |
-
|
|
|
69f63c |
- public DSAKeyPairGenerator() {
|
|
|
69f63c |
- super("DSA");
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- public void initialize(int strength, SecureRandom random) {
|
|
|
69f63c |
- if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) {
|
|
|
69f63c |
- throw new InvalidParameterException("Modulus size must range from 512 to 1024 "
|
|
|
69f63c |
- + "and be a multiple of 64");
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Set the random */
|
|
|
69f63c |
- this.random = random;
|
|
|
69f63c |
- if (this.random == null) {
|
|
|
69f63c |
- this.random = new SecureRandom();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- this.modlen = strength;
|
|
|
69f63c |
- DSAParams params = null;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Find the precomputed parameters, if any */
|
|
|
69f63c |
- if (!generateNewParameters) {
|
|
|
69f63c |
- Integer mod = Integer.valueOf(this.modlen);
|
|
|
69f63c |
- params = precomputedParams.get(mod);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- if (params != null) {
|
|
|
69f63c |
- setParams(params);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initializes the DSA key pair generator. If genParams is false, a set of pre-computed parameters is
|
|
|
69f63c |
- * used. In this case, modelen must be 512, 768, or 1024.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public void initialize(int modlen, boolean genParams, SecureRandom random)
|
|
|
69f63c |
- throws InvalidParameterException {
|
|
|
69f63c |
- if (genParams == false && modlen != 512 && modlen != 768
|
|
|
69f63c |
- && modlen != 1024) {
|
|
|
69f63c |
- throw new InvalidParameterException("No precomputed parameters for requested modulus size "
|
|
|
69f63c |
- + "available");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- this.generateNewParameters = genParams;
|
|
|
69f63c |
- initialize(modlen, random);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initializes the DSA object using a DSA parameter object.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param params a fully initialized DSA parameter object.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public void initialize(DSAParams params, SecureRandom random)
|
|
|
69f63c |
- throws InvalidParameterException {
|
|
|
69f63c |
- initialize(params.getP().bitLength(), random);
|
|
|
69f63c |
- setParams(params);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initializes the DSA object using a parameter object.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param params the parameter set to be used to generate
|
|
|
69f63c |
- * the keys.
|
|
|
69f63c |
- * @param random the source of randomness for this generator.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @exception InvalidAlgorithmParameterException if the given parameters
|
|
|
69f63c |
- * are inappropriate for this key pair generator
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public void initialize(AlgorithmParameterSpec params, SecureRandom random)
|
|
|
69f63c |
- throws InvalidAlgorithmParameterException {
|
|
|
69f63c |
- if (!(params instanceof DSAParameterSpec)) {
|
|
|
69f63c |
- throw new InvalidAlgorithmParameterException("Inappropriate parameter");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- initialize(((DSAParameterSpec) params).getP().bitLength(),
|
|
|
69f63c |
- random);
|
|
|
69f63c |
- setParams((DSAParameterSpec) params);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Generates a pair of keys usable by any JavaSecurity compliant
|
|
|
69f63c |
- * DSA implementation.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param rnd the source of random bits from which the random key
|
|
|
69f63c |
- * generation parameters are drawn. In particular, this includes
|
|
|
69f63c |
- * the XSEED parameter.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @exception InvalidParameterException if the modulus is not
|
|
|
69f63c |
- * between 512 and 1024.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public KeyPair generateKeyPair() {
|
|
|
69f63c |
-
|
|
|
69f63c |
- // set random if initialize() method has been skipped
|
|
|
69f63c |
- if (this.random == null) {
|
|
|
69f63c |
- this.random = new SecureRandom();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- if (presetP == null || presetQ == null || presetG == null ||
|
|
|
69f63c |
- generateNewParameters) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- AlgorithmParameterGenerator dsaParamGen;
|
|
|
69f63c |
-
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- dsaParamGen = AlgorithmParameterGenerator.getInstance("DSA",
|
|
|
69f63c |
- "SUN");
|
|
|
69f63c |
- } catch (NoSuchAlgorithmException e) {
|
|
|
69f63c |
- // this should never happen, because we provide it
|
|
|
69f63c |
- throw new RuntimeException(e.getMessage());
|
|
|
69f63c |
- } catch (NoSuchProviderException e) {
|
|
|
69f63c |
- // this should never happen, because we provide it
|
|
|
69f63c |
- throw new RuntimeException(e.getMessage());
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- dsaParamGen.init(modlen, random);
|
|
|
69f63c |
-
|
|
|
69f63c |
- DSAParameterSpec dsaParamSpec;
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- dsaParamSpec = dsaParamGen.generateParameters().getParameterSpec
|
|
|
69f63c |
- (DSAParameterSpec.class);
|
|
|
69f63c |
- } catch (InvalidParameterSpecException e) {
|
|
|
69f63c |
- // this should never happen
|
|
|
69f63c |
- throw new RuntimeException(e.getMessage());
|
|
|
69f63c |
- }
|
|
|
69f63c |
- presetP = dsaParamSpec.getP();
|
|
|
69f63c |
- presetQ = dsaParamSpec.getQ();
|
|
|
69f63c |
- presetG = dsaParamSpec.getG();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- return generateKeyPair(presetP, presetQ, presetG, random);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g,
|
|
|
69f63c |
- SecureRandom random) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger x = generateX(random, q);
|
|
|
69f63c |
- BigInteger y = generateY(x, p, g);
|
|
|
69f63c |
-
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- DSAPublicKey pub = new DSAPublicKey(y, p, q, g);
|
|
|
69f63c |
- DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g);
|
|
|
69f63c |
-
|
|
|
69f63c |
- KeyPair pair = new KeyPair(pub, priv);
|
|
|
69f63c |
- return pair;
|
|
|
69f63c |
-
|
|
|
69f63c |
- } catch (InvalidKeyException e) {
|
|
|
69f63c |
- throw new ProviderException(e.getMessage());
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Generate the private key component of the key pair using the
|
|
|
69f63c |
- * provided source of random bits. This method uses the random but
|
|
|
69f63c |
- * source passed to generate a seed and then calls the seed-based
|
|
|
69f63c |
- * generateX method.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private BigInteger generateX(SecureRandom random, BigInteger q) {
|
|
|
69f63c |
- BigInteger x = null;
|
|
|
69f63c |
- while (true) {
|
|
|
69f63c |
- int[] seed = new int[5];
|
|
|
69f63c |
- for (int i = 0; i < 5; i++) {
|
|
|
69f63c |
- seed[i] = random.nextInt();
|
|
|
69f63c |
- }
|
|
|
69f63c |
- x = generateX(seed, q);
|
|
|
69f63c |
- if (x.signum() > 0 && (x.compareTo(q) < 0)) {
|
|
|
69f63c |
- break;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return x;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Given a seed, generate the private key component of the key
|
|
|
69f63c |
- * pair. In the terminology used in the DSA specification
|
|
|
69f63c |
- * (FIPS-186) seed is the XSEED quantity.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param seed the seed to use to generate the private key.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger generateX(int[] seed, BigInteger q) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Test vector
|
|
|
69f63c |
- int[] tseed = { 0xbd029bbe, 0x7f51960b, 0xcf9edb2b,
|
|
|
69f63c |
- 0x61f06f0f, 0xeb5a38b6 };
|
|
|
69f63c |
- seed = tseed;
|
|
|
69f63c |
- */
|
|
|
69f63c |
- // check out t in the spec.
|
|
|
69f63c |
- int[] t = { 0x67452301, 0xEFCDAB89, 0x98BADCFE,
|
|
|
69f63c |
- 0x10325476, 0xC3D2E1F0 };
|
|
|
69f63c |
- //
|
|
|
69f63c |
-
|
|
|
69f63c |
- int[] tmp = DSA.SHA_7(seed, t);
|
|
|
69f63c |
- byte[] tmpBytes = new byte[tmp.length * 4];
|
|
|
69f63c |
- for (int i = 0; i < tmp.length; i++) {
|
|
|
69f63c |
- int k = tmp[i];
|
|
|
69f63c |
- for (int j = 0; j < 4; j++) {
|
|
|
69f63c |
- tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
- BigInteger x = new BigInteger(1, tmpBytes).mod(q);
|
|
|
69f63c |
- return x;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Generate the public key component y of the key pair.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param x the private key component.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param p the base parameter.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger generateY(BigInteger x, BigInteger p, BigInteger g) {
|
|
|
69f63c |
- BigInteger y = g.modPow(x, p);
|
|
|
69f63c |
- return y;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Set the parameters.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private void setParams(DSAParams params) {
|
|
|
69f63c |
- presetP = params.getP();
|
|
|
69f63c |
- presetQ = params.getQ();
|
|
|
69f63c |
- presetG = params.getG();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Set the parameters.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private void setParams(DSAParameterSpec params) {
|
|
|
69f63c |
- presetP = params.getP();
|
|
|
69f63c |
- presetQ = params.getQ();
|
|
|
69f63c |
- presetG = params.getG();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-}
|
|
|
69f63c |
diff --git a/org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java b/org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java
|
|
|
69f63c |
deleted file mode 100644
|
|
|
69f63c |
index 5cd86c79..00000000
|
|
|
69f63c |
--- a/org/mozilla/jss/netscape/security/provider/DSAParameterGenerator.java
|
|
|
69f63c |
+++ /dev/null
|
|
|
69f63c |
@@ -1,298 +0,0 @@
|
|
|
69f63c |
-// --- BEGIN COPYRIGHT BLOCK ---
|
|
|
69f63c |
-// This program is free software; you can redistribute it and/or modify
|
|
|
69f63c |
-// it under the terms of the GNU General Public License as published by
|
|
|
69f63c |
-// the Free Software Foundation; version 2 of the License.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// This program is distributed in the hope that it will be useful,
|
|
|
69f63c |
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
69f63c |
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
69f63c |
-// GNU General Public License for more details.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// You should have received a copy of the GNU General Public License along
|
|
|
69f63c |
-// with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
69f63c |
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// (C) 2007 Red Hat, Inc.
|
|
|
69f63c |
-// All rights reserved.
|
|
|
69f63c |
-// --- END COPYRIGHT BLOCK ---
|
|
|
69f63c |
-package org.mozilla.jss.netscape.security.provider;
|
|
|
69f63c |
-
|
|
|
69f63c |
-import java.math.BigInteger;
|
|
|
69f63c |
-import java.security.AlgorithmParameterGeneratorSpi;
|
|
|
69f63c |
-import java.security.AlgorithmParameters;
|
|
|
69f63c |
-import java.security.InvalidAlgorithmParameterException;
|
|
|
69f63c |
-import java.security.InvalidParameterException;
|
|
|
69f63c |
-import java.security.NoSuchAlgorithmException;
|
|
|
69f63c |
-import java.security.NoSuchProviderException;
|
|
|
69f63c |
-import java.security.SecureRandom;
|
|
|
69f63c |
-import java.security.spec.AlgorithmParameterSpec;
|
|
|
69f63c |
-import java.security.spec.DSAParameterSpec;
|
|
|
69f63c |
-import java.security.spec.InvalidParameterSpecException;
|
|
|
69f63c |
-
|
|
|
69f63c |
-/*
|
|
|
69f63c |
- * This class generates parameters for the DSA algorithm. It uses a default
|
|
|
69f63c |
- * prime modulus size of 1024 bits, which can be overwritten during
|
|
|
69f63c |
- * initialization.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @author Jan Luehe
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @version 1.4, 97/12/10
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @see java.security.AlgorithmParameters
|
|
|
69f63c |
- * @see java.security.spec.AlgorithmParameterSpec
|
|
|
69f63c |
- * @see DSAParameters
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @since JDK1.2
|
|
|
69f63c |
- */
|
|
|
69f63c |
-
|
|
|
69f63c |
-public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
|
|
|
69f63c |
-
|
|
|
69f63c |
- // the modulus length
|
|
|
69f63c |
- private int modLen = 1024; // default
|
|
|
69f63c |
-
|
|
|
69f63c |
- // the source of randomness
|
|
|
69f63c |
- private SecureRandom random;
|
|
|
69f63c |
-
|
|
|
69f63c |
- // useful constants
|
|
|
69f63c |
- private static final BigInteger ONE = BigInteger.valueOf(1);
|
|
|
69f63c |
- private static final BigInteger TWO = BigInteger.valueOf(2);
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Make a SHA-1 hash function
|
|
|
69f63c |
- private SHA sha;
|
|
|
69f63c |
-
|
|
|
69f63c |
- public DSAParameterGenerator() {
|
|
|
69f63c |
- this.sha = new SHA();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initializes this parameter generator for a certain strength
|
|
|
69f63c |
- * and source of randomness.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param strength the strength (size of prime) in bits
|
|
|
69f63c |
- * @param random the source of randomness
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected void engineInit(int strength, SecureRandom random) {
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Bruce Schneier, "Applied Cryptography", 2nd Edition,
|
|
|
69f63c |
- * Description of DSA:
|
|
|
69f63c |
- * [...] The algorithm uses the following parameter:
|
|
|
69f63c |
- * p=a prime number L bits long, when L ranges from 512 to 1024 and is
|
|
|
69f63c |
- * a multiple of 64. [...]
|
|
|
69f63c |
- */
|
|
|
69f63c |
- if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) {
|
|
|
69f63c |
- throw new InvalidParameterException("Prime size must range from 512 to 1024 "
|
|
|
69f63c |
- + "and be a multiple of 64");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- this.modLen = strength;
|
|
|
69f63c |
- this.random = random;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initializes this parameter generator with a set of
|
|
|
69f63c |
- * algorithm-specific parameter generation values.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param params the set of algorithm-specific parameter generation values
|
|
|
69f63c |
- * @param random the source of randomness
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @exception InvalidAlgorithmParameterException if the given parameter
|
|
|
69f63c |
- * generation values are inappropriate for this parameter generator
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected void engineInit(AlgorithmParameterSpec genParamSpec,
|
|
|
69f63c |
- SecureRandom random)
|
|
|
69f63c |
- throws InvalidAlgorithmParameterException {
|
|
|
69f63c |
- throw new InvalidAlgorithmParameterException("Invalid parameter");
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Generates the parameters.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @return the new AlgorithmParameters object
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected AlgorithmParameters engineGenerateParameters() {
|
|
|
69f63c |
- AlgorithmParameters algParams = null;
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- if (this.random == null) {
|
|
|
69f63c |
- this.random = new SecureRandom();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger[] pAndQ = generatePandQ(this.random, this.modLen);
|
|
|
69f63c |
- BigInteger paramP = pAndQ[0];
|
|
|
69f63c |
- BigInteger paramQ = pAndQ[1];
|
|
|
69f63c |
- BigInteger paramG = generateG(paramP, paramQ);
|
|
|
69f63c |
-
|
|
|
69f63c |
- DSAParameterSpec dsaParamSpec = new DSAParameterSpec(paramP,
|
|
|
69f63c |
- paramQ,
|
|
|
69f63c |
- paramG);
|
|
|
69f63c |
- algParams = AlgorithmParameters.getInstance("DSA", "SUN");
|
|
|
69f63c |
- algParams.init(dsaParamSpec);
|
|
|
69f63c |
- } catch (InvalidParameterSpecException e) {
|
|
|
69f63c |
- // this should never happen
|
|
|
69f63c |
- throw new RuntimeException(e.getMessage());
|
|
|
69f63c |
- } catch (NoSuchAlgorithmException e) {
|
|
|
69f63c |
- // this should never happen, because we provide it
|
|
|
69f63c |
- throw new RuntimeException(e.getMessage());
|
|
|
69f63c |
- } catch (NoSuchProviderException e) {
|
|
|
69f63c |
- // this should never happen, because we provide it
|
|
|
69f63c |
- throw new RuntimeException(e.getMessage());
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- return algParams;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Generates the prime and subprime parameters for DSA,
|
|
|
69f63c |
- * using the provided source of randomness.
|
|
|
69f63c |
- * This method will generate new seeds until a suitable
|
|
|
69f63c |
- * seed has been found.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param random the source of randomness to generate the
|
|
|
69f63c |
- * seed
|
|
|
69f63c |
- * @param L the size of p, in bits.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @return an array of BigInteger, with p at index 0 and
|
|
|
69f63c |
- * q at index 1.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger[] generatePandQ(SecureRandom random, int L) {
|
|
|
69f63c |
- BigInteger[] result = null;
|
|
|
69f63c |
- byte[] seed = new byte[20];
|
|
|
69f63c |
-
|
|
|
69f63c |
- while (result == null) {
|
|
|
69f63c |
- for (int i = 0; i < 20; i++) {
|
|
|
69f63c |
- seed[i] = (byte) random.nextInt();
|
|
|
69f63c |
- }
|
|
|
69f63c |
- result = generatePandQ(seed, L);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return result;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Generates the prime and subprime parameters for DSA.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * The seed parameter corresponds to the SEED parameter
|
|
|
69f63c |
- * referenced in the FIPS specification of the DSA algorithm,
|
|
|
69f63c |
- * and L is the size of p, in bits.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param seed the seed to generate the parameters
|
|
|
69f63c |
- * @param L the size of p, in bits.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @return an array of BigInteger, with p at index 0,
|
|
|
69f63c |
- * q at index 1, the seed at index 2, and the counter value
|
|
|
69f63c |
- * at index 3, or null if the seed does not yield suitable numbers.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger[] generatePandQ(byte[] seed, int L) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Useful variables */
|
|
|
69f63c |
- int g = seed.length * 8;
|
|
|
69f63c |
- int n = (L - 1) / 160;
|
|
|
69f63c |
- int b = (L - 1) % 160;
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger SEED = new BigInteger(1, seed);
|
|
|
69f63c |
- BigInteger TWOG = TWO.pow(2 * g);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 2 (Step 1 is getting seed). */
|
|
|
69f63c |
- byte[] U1 = SHA(seed);
|
|
|
69f63c |
- byte[] U2 = SHA(toByteArray((SEED.add(ONE)).mod(TWOG)));
|
|
|
69f63c |
-
|
|
|
69f63c |
- xor(U1, U2);
|
|
|
69f63c |
- byte[] U = U1;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 3: For q by setting the msb and lsb to 1 */
|
|
|
69f63c |
- U[0] |= 0x80;
|
|
|
69f63c |
- U[19] |= 1;
|
|
|
69f63c |
- BigInteger q = new BigInteger(1, U);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 5 */
|
|
|
69f63c |
- if (!q.isProbablePrime(40)) {
|
|
|
69f63c |
- return null;
|
|
|
69f63c |
-
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- BigInteger V[] = new BigInteger[n + 1];
|
|
|
69f63c |
- BigInteger offset = TWO;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 6 */
|
|
|
69f63c |
- for (int counter = 0; counter < 4096; counter++) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 7 */
|
|
|
69f63c |
- for (int k = 0; k <= n; k++) {
|
|
|
69f63c |
- BigInteger K = BigInteger.valueOf(k);
|
|
|
69f63c |
- BigInteger tmp = (SEED.add(offset).add(K)).mod(TWOG);
|
|
|
69f63c |
- V[k] = new BigInteger(1, SHA(toByteArray(tmp)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 8 */
|
|
|
69f63c |
- BigInteger W = V[0];
|
|
|
69f63c |
- for (int i = 1; i < n; i++) {
|
|
|
69f63c |
- W = W.add(V[i].multiply(TWO.pow(i * 160)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
- W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * 160)));
|
|
|
69f63c |
-
|
|
|
69f63c |
- BigInteger TWOLm1 = TWO.pow(L - 1);
|
|
|
69f63c |
- BigInteger X = W.add(TWOLm1);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 9 */
|
|
|
69f63c |
- BigInteger c = X.mod(q.multiply(TWO));
|
|
|
69f63c |
- BigInteger p = X.subtract(c.subtract(ONE));
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Step 10 - 13 */
|
|
|
69f63c |
- if (p.compareTo(TWOLm1) > -1 && p.isProbablePrime(15)) {
|
|
|
69f63c |
- BigInteger[] result = { p, q, SEED,
|
|
|
69f63c |
- BigInteger.valueOf(counter) };
|
|
|
69f63c |
- return result;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- offset = offset.add(BigInteger.valueOf(n)).add(ONE);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return null;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Generates the g parameter for DSA.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param p the prime, p.
|
|
|
69f63c |
- * @param q the subprime, q.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param the g
|
|
|
69f63c |
- */
|
|
|
69f63c |
- BigInteger generateG(BigInteger p, BigInteger q) {
|
|
|
69f63c |
- BigInteger h = ONE;
|
|
|
69f63c |
- BigInteger pMinusOneOverQ = (p.subtract(ONE)).divide(q);
|
|
|
69f63c |
- BigInteger g = ONE;
|
|
|
69f63c |
- while (g.compareTo(TWO) < 0) {
|
|
|
69f63c |
- g = h.modPow(pMinusOneOverQ, p);
|
|
|
69f63c |
- h = h.add(ONE);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return g;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Returns the SHA-1 digest of some data
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private byte[] SHA(byte[] array) {
|
|
|
69f63c |
- sha.engineReset();
|
|
|
69f63c |
- sha.engineUpdate(array, 0, array.length);
|
|
|
69f63c |
- return sha.engineDigest();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Converts the result of a BigInteger.toByteArray call to an exact
|
|
|
69f63c |
- * signed magnitude representation for any positive number.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private byte[] toByteArray(BigInteger bigInt) {
|
|
|
69f63c |
- byte[] result = bigInt.toByteArray();
|
|
|
69f63c |
- if (result[0] == 0) {
|
|
|
69f63c |
- byte[] tmp = new byte[result.length - 1];
|
|
|
69f63c |
- System.arraycopy(result, 1, tmp, 0, tmp.length);
|
|
|
69f63c |
- result = tmp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return result;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * XORs U2 into U1
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private void xor(byte[] U1, byte[] U2) {
|
|
|
69f63c |
- for (int i = 0; i < U1.length; i++) {
|
|
|
69f63c |
- U1[i] ^= U2[i];
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-}
|
|
|
69f63c |
diff --git a/org/mozilla/jss/netscape/security/provider/MD5.java b/org/mozilla/jss/netscape/security/provider/MD5.java
|
|
|
69f63c |
deleted file mode 100644
|
|
|
69f63c |
index d46da4fc..00000000
|
|
|
69f63c |
--- a/org/mozilla/jss/netscape/security/provider/MD5.java
|
|
|
69f63c |
+++ /dev/null
|
|
|
69f63c |
@@ -1,378 +0,0 @@
|
|
|
69f63c |
-// --- BEGIN COPYRIGHT BLOCK ---
|
|
|
69f63c |
-// This program is free software; you can redistribute it and/or modify
|
|
|
69f63c |
-// it under the terms of the GNU General Public License as published by
|
|
|
69f63c |
-// the Free Software Foundation; version 2 of the License.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// This program is distributed in the hope that it will be useful,
|
|
|
69f63c |
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
69f63c |
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
69f63c |
-// GNU General Public License for more details.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// You should have received a copy of the GNU General Public License along
|
|
|
69f63c |
-// with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
69f63c |
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// (C) 2007 Red Hat, Inc.
|
|
|
69f63c |
-// All rights reserved.
|
|
|
69f63c |
-// --- END COPYRIGHT BLOCK ---
|
|
|
69f63c |
-package org.mozilla.jss.netscape.security.provider;
|
|
|
69f63c |
-
|
|
|
69f63c |
-import java.security.DigestException;
|
|
|
69f63c |
-import java.security.MessageDigestSpi;
|
|
|
69f63c |
-
|
|
|
69f63c |
-/**
|
|
|
69f63c |
- * The MD5 class is used to compute an MD5 message digest over a given
|
|
|
69f63c |
- * buffer of bytes. It is an implementation of the RSA Data Security Inc
|
|
|
69f63c |
- * MD5 algorithim as described in internet RFC 1321.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @version 1.24 97/12/10
|
|
|
69f63c |
- * @author Chuck McManis
|
|
|
69f63c |
- * @author Benjamin Renaud
|
|
|
69f63c |
- */
|
|
|
69f63c |
-
|
|
|
69f63c |
-public final class MD5 extends MessageDigestSpi implements Cloneable {
|
|
|
69f63c |
-
|
|
|
69f63c |
- /** contains the computed message digest */
|
|
|
69f63c |
- private byte[] digestBits;
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int state[];
|
|
|
69f63c |
- private long count; // bit count AND buffer[] index aid
|
|
|
69f63c |
- private byte buffer[];
|
|
|
69f63c |
- private int transformBuffer[];
|
|
|
69f63c |
-
|
|
|
69f63c |
- private static final int S11 = 7;
|
|
|
69f63c |
- private static final int S12 = 12;
|
|
|
69f63c |
- private static final int S13 = 17;
|
|
|
69f63c |
- private static final int S14 = 22;
|
|
|
69f63c |
- private static final int S21 = 5;
|
|
|
69f63c |
- private static final int S22 = 9;
|
|
|
69f63c |
- private static final int S23 = 14;
|
|
|
69f63c |
- private static final int S24 = 20;
|
|
|
69f63c |
- private static final int S31 = 4;
|
|
|
69f63c |
- private static final int S32 = 11;
|
|
|
69f63c |
- private static final int S33 = 16;
|
|
|
69f63c |
- private static final int S34 = 23;
|
|
|
69f63c |
- private static final int S41 = 6;
|
|
|
69f63c |
- private static final int S42 = 10;
|
|
|
69f63c |
- private static final int S43 = 15;
|
|
|
69f63c |
- private static final int S44 = 21;
|
|
|
69f63c |
-
|
|
|
69f63c |
- private static final int MD5_LENGTH = 16;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Standard constructor, creates a new MD5 instance, allocates its
|
|
|
69f63c |
- * buffers from the heap.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public MD5() {
|
|
|
69f63c |
- init();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* **********************************************************
|
|
|
69f63c |
- * The MD5 Functions. These are copied verbatim from
|
|
|
69f63c |
- * the RFC to insure accuracy. The results of this
|
|
|
69f63c |
- * implementation were checked against the RSADSI version.
|
|
|
69f63c |
- * **********************************************************
|
|
|
69f63c |
- */
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int F(int x, int y, int z) {
|
|
|
69f63c |
- return ((x & y) | ((~x) & z));
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int G(int x, int y, int z) {
|
|
|
69f63c |
- return ((x & z) | (y & (~z)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int H(int x, int y, int z) {
|
|
|
69f63c |
- return ((x ^ y) ^ z);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int I(int x, int y, int z) {
|
|
|
69f63c |
- return (y ^ (x | (~z)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int rotateLeft(int a, int n) {
|
|
|
69f63c |
- return ((a << n) | (a >>> (32 - n)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int FF(int a, int b, int c, int d, int x, int s, int ac) {
|
|
|
69f63c |
- a += F(b, c, d) + x + ac;
|
|
|
69f63c |
- a = rotateLeft(a, s);
|
|
|
69f63c |
- a += b;
|
|
|
69f63c |
- return a;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int GG(int a, int b, int c, int d, int x, int s, int ac) {
|
|
|
69f63c |
- a += G(b, c, d) + x + ac;
|
|
|
69f63c |
- a = rotateLeft(a, s);
|
|
|
69f63c |
- a += b;
|
|
|
69f63c |
- return a;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int HH(int a, int b, int c, int d, int x, int s, int ac) {
|
|
|
69f63c |
- a += H(b, c, d) + x + ac;
|
|
|
69f63c |
- a = rotateLeft(a, s);
|
|
|
69f63c |
- a += b;
|
|
|
69f63c |
- return a;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int II(int a, int b, int c, int d, int x, int s, int ac) {
|
|
|
69f63c |
- a += I(b, c, d) + x + ac;
|
|
|
69f63c |
- a = rotateLeft(a, s);
|
|
|
69f63c |
- a += b;
|
|
|
69f63c |
- return a;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * This is where the functions come together as the generic MD5
|
|
|
69f63c |
- * transformation operation, it is called by update() which is
|
|
|
69f63c |
- * synchronized (to protect transformBuffer). It consumes sixteen
|
|
|
69f63c |
- * bytes from the buffer, beginning at the specified offset.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- void transform(byte buf[], int offset) {
|
|
|
69f63c |
- int a, b, c, d;
|
|
|
69f63c |
- int x[] = transformBuffer;
|
|
|
69f63c |
-
|
|
|
69f63c |
- a = state[0];
|
|
|
69f63c |
- b = state[1];
|
|
|
69f63c |
- c = state[2];
|
|
|
69f63c |
- d = state[3];
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (int i = 0; i < 16; i++) {
|
|
|
69f63c |
- x[i] = buf[i * 4 + offset] & 0xff;
|
|
|
69f63c |
- for (int j = 1; j < 4; j++) {
|
|
|
69f63c |
- x[i] += (buf[i * 4 + j + offset] & 0xff) << (j * 8);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Round 1 */
|
|
|
69f63c |
- a = FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
|
|
|
69f63c |
- d = FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
|
|
|
69f63c |
- c = FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
|
|
|
69f63c |
- b = FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
|
|
|
69f63c |
- a = FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
|
|
|
69f63c |
- d = FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
|
|
|
69f63c |
- c = FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
|
|
|
69f63c |
- b = FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
|
|
|
69f63c |
- a = FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
|
|
|
69f63c |
- d = FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
|
|
|
69f63c |
- c = FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
|
|
|
69f63c |
- b = FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
|
|
|
69f63c |
- a = FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
|
|
|
69f63c |
- d = FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
|
|
|
69f63c |
- c = FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
|
|
|
69f63c |
- b = FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Round 2 */
|
|
|
69f63c |
- a = GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
|
|
|
69f63c |
- d = GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
|
|
|
69f63c |
- c = GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
|
|
|
69f63c |
- b = GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
|
|
|
69f63c |
- a = GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
|
|
|
69f63c |
- d = GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
|
|
|
69f63c |
- c = GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
|
|
|
69f63c |
- b = GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
|
|
|
69f63c |
- a = GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
|
|
|
69f63c |
- d = GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
|
|
|
69f63c |
- c = GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
|
|
|
69f63c |
- b = GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
|
|
|
69f63c |
- a = GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
|
|
|
69f63c |
- d = GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
|
|
|
69f63c |
- c = GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
|
|
|
69f63c |
- b = GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Round 3 */
|
|
|
69f63c |
- a = HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
|
|
|
69f63c |
- d = HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
|
|
|
69f63c |
- c = HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
|
|
|
69f63c |
- b = HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
|
|
|
69f63c |
- a = HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
|
|
|
69f63c |
- d = HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
|
|
|
69f63c |
- c = HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
|
|
|
69f63c |
- b = HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
|
|
|
69f63c |
- a = HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
|
|
|
69f63c |
- d = HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
|
|
|
69f63c |
- c = HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
|
|
|
69f63c |
- b = HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
|
|
|
69f63c |
- a = HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
|
|
|
69f63c |
- d = HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
|
|
|
69f63c |
- c = HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
|
|
|
69f63c |
- b = HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Round 4 */
|
|
|
69f63c |
- a = II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
|
|
|
69f63c |
- d = II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
|
|
|
69f63c |
- c = II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
|
|
|
69f63c |
- b = II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
|
|
|
69f63c |
- a = II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
|
|
|
69f63c |
- d = II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
|
|
|
69f63c |
- c = II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
|
|
|
69f63c |
- b = II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
|
|
|
69f63c |
- a = II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
|
|
|
69f63c |
- d = II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
|
|
|
69f63c |
- c = II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
|
|
|
69f63c |
- b = II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
|
|
|
69f63c |
- a = II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
|
|
|
69f63c |
- d = II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
|
|
|
69f63c |
- c = II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
|
|
|
69f63c |
- b = II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
|
|
|
69f63c |
-
|
|
|
69f63c |
- state[0] += a;
|
|
|
69f63c |
- state[1] += b;
|
|
|
69f63c |
- state[2] += c;
|
|
|
69f63c |
- state[3] += d;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Initialize the MD5 state information and reset the bit count
|
|
|
69f63c |
- * to 0. Given this implementation you are constrained to counting
|
|
|
69f63c |
- * 2^64 bits.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public void init() {
|
|
|
69f63c |
- state = new int[4];
|
|
|
69f63c |
- transformBuffer = new int[16];
|
|
|
69f63c |
- synchronized (this) {
|
|
|
69f63c |
- buffer = new byte[64];
|
|
|
69f63c |
- }
|
|
|
69f63c |
- digestBits = new byte[16];
|
|
|
69f63c |
- count = 0;
|
|
|
69f63c |
- // Load magic initialization constants.
|
|
|
69f63c |
- state[0] = 0x67452301;
|
|
|
69f63c |
- state[1] = 0xefcdab89;
|
|
|
69f63c |
- state[2] = 0x98badcfe;
|
|
|
69f63c |
- state[3] = 0x10325476;
|
|
|
69f63c |
- for (int i = 0; i < digestBits.length; i++)
|
|
|
69f63c |
- digestBits[i] = 0;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- protected void engineReset() {
|
|
|
69f63c |
- init();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Return the digest length in bytes
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected int engineGetDigestLength() {
|
|
|
69f63c |
- return (MD5_LENGTH);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Update adds the passed byte to the digested data.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected synchronized void engineUpdate(byte b) {
|
|
|
69f63c |
- int index;
|
|
|
69f63c |
-
|
|
|
69f63c |
- index = (int) ((count >>> 3) & 0x3f);
|
|
|
69f63c |
- count += 8;
|
|
|
69f63c |
- buffer[index] = b;
|
|
|
69f63c |
- if (index >= 63) {
|
|
|
69f63c |
- transform(buffer, 0);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Update adds the selected part of an array of bytes to the digest.
|
|
|
69f63c |
- * This version is more efficient than the byte-at-a-time version;
|
|
|
69f63c |
- * it avoids data copies and reduces per-byte call overhead.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected synchronized void engineUpdate(byte input[], int offset,
|
|
|
69f63c |
- int len) {
|
|
|
69f63c |
- int i;
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (i = offset; len > 0;) {
|
|
|
69f63c |
- int index = (int) ((count >>> 3) & 0x3f);
|
|
|
69f63c |
-
|
|
|
69f63c |
- if (index == 0 && len > 64) {
|
|
|
69f63c |
- count += (64 * 8);
|
|
|
69f63c |
- transform(input, i);
|
|
|
69f63c |
- len -= 64;
|
|
|
69f63c |
- i += 64;
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- count += 8;
|
|
|
69f63c |
- buffer[index] = input[i];
|
|
|
69f63c |
- if (index >= 63)
|
|
|
69f63c |
- transform(buffer, 0);
|
|
|
69f63c |
- i++;
|
|
|
69f63c |
- len--;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Perform the final computations, any buffered bytes are added
|
|
|
69f63c |
- * to the digest, the count is added to the digest, and the resulting
|
|
|
69f63c |
- * digest is stored. After calling final you will need to call
|
|
|
69f63c |
- * init() again to do another digest.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private void finish() {
|
|
|
69f63c |
- byte bits[] = new byte[8];
|
|
|
69f63c |
- byte padding[];
|
|
|
69f63c |
- int i, index, padLen;
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (i = 0; i < 8; i++) {
|
|
|
69f63c |
- bits[i] = (byte) ((count >>> (i * 8)) & 0xff);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- index = (int) (count >> 3) & 0x3f;
|
|
|
69f63c |
- padLen = (index < 56) ? (56 - index) : (120 - index);
|
|
|
69f63c |
- padding = new byte[padLen];
|
|
|
69f63c |
- padding[0] = (byte) 0x80;
|
|
|
69f63c |
- engineUpdate(padding, 0, padding.length);
|
|
|
69f63c |
- engineUpdate(bits, 0, bits.length);
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (i = 0; i < 4; i++) {
|
|
|
69f63c |
- for (int j = 0; j < 4; j++) {
|
|
|
69f63c |
- digestBits[i * 4 + j] = (byte) ((state[i] >>> (j * 8)) & 0xff);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected byte[] engineDigest() {
|
|
|
69f63c |
- finish();
|
|
|
69f63c |
-
|
|
|
69f63c |
- byte[] result = new byte[MD5_LENGTH];
|
|
|
69f63c |
- System.arraycopy(digestBits, 0, result, 0, MD5_LENGTH);
|
|
|
69f63c |
-
|
|
|
69f63c |
- init();
|
|
|
69f63c |
-
|
|
|
69f63c |
- return result;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected int engineDigest(byte[] buf, int offset, int len)
|
|
|
69f63c |
- throws DigestException {
|
|
|
69f63c |
- finish();
|
|
|
69f63c |
-
|
|
|
69f63c |
- if (len < MD5_LENGTH)
|
|
|
69f63c |
- throw new DigestException("partial digests not returned");
|
|
|
69f63c |
- if (buf.length - offset < MD5_LENGTH)
|
|
|
69f63c |
- throw new DigestException("insufficient space in the output " +
|
|
|
69f63c |
- "buffer to store the digest");
|
|
|
69f63c |
-
|
|
|
69f63c |
- System.arraycopy(digestBits, 0, buf, offset, MD5_LENGTH);
|
|
|
69f63c |
-
|
|
|
69f63c |
- init();
|
|
|
69f63c |
-
|
|
|
69f63c |
- return MD5_LENGTH;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Clones this object.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public Object clone() {
|
|
|
69f63c |
- MD5 that = null;
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- that = (MD5) super.clone();
|
|
|
69f63c |
- that.state = this.state.clone();
|
|
|
69f63c |
- that.transformBuffer = this.transformBuffer.clone();
|
|
|
69f63c |
- that.buffer = this.buffer.clone();
|
|
|
69f63c |
- that.digestBits = this.digestBits.clone();
|
|
|
69f63c |
- that.count = this.count;
|
|
|
69f63c |
- return that;
|
|
|
69f63c |
- } catch (CloneNotSupportedException e) {
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return that;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-}
|
|
|
69f63c |
diff --git a/org/mozilla/jss/netscape/security/provider/SHA.java b/org/mozilla/jss/netscape/security/provider/SHA.java
|
|
|
69f63c |
deleted file mode 100644
|
|
|
69f63c |
index a911e386..00000000
|
|
|
69f63c |
--- a/org/mozilla/jss/netscape/security/provider/SHA.java
|
|
|
69f63c |
+++ /dev/null
|
|
|
69f63c |
@@ -1,349 +0,0 @@
|
|
|
69f63c |
-// --- BEGIN COPYRIGHT BLOCK ---
|
|
|
69f63c |
-// This program is free software; you can redistribute it and/or modify
|
|
|
69f63c |
-// it under the terms of the GNU General Public License as published by
|
|
|
69f63c |
-// the Free Software Foundation; version 2 of the License.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// This program is distributed in the hope that it will be useful,
|
|
|
69f63c |
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
69f63c |
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
69f63c |
-// GNU General Public License for more details.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// You should have received a copy of the GNU General Public License along
|
|
|
69f63c |
-// with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
69f63c |
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
69f63c |
-//
|
|
|
69f63c |
-// (C) 2007 Red Hat, Inc.
|
|
|
69f63c |
-// All rights reserved.
|
|
|
69f63c |
-// --- END COPYRIGHT BLOCK ---
|
|
|
69f63c |
-package org.mozilla.jss.netscape.security.provider;
|
|
|
69f63c |
-
|
|
|
69f63c |
-import java.security.DigestException;
|
|
|
69f63c |
-import java.security.MessageDigestSpi;
|
|
|
69f63c |
-
|
|
|
69f63c |
-/**
|
|
|
69f63c |
- * This class implements the Secure Hash Algorithm (SHA) developed by
|
|
|
69f63c |
- * the National Institute of Standards and Technology along with the
|
|
|
69f63c |
- * National Security Agency. This is the updated version of SHA
|
|
|
69f63c |
- * fip-180 as superseded by fip-180-1.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * It implement JavaSecurity MessageDigest, and can be used by in the Java Security framework, as a pluggable
|
|
|
69f63c |
- * implementation, as a filter for the digest stream classes.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @version 1.30 97/12/10
|
|
|
69f63c |
- * @author Roger Riggs
|
|
|
69f63c |
- * @author Benjamin Renaud
|
|
|
69f63c |
- */
|
|
|
69f63c |
-
|
|
|
69f63c |
-public class SHA extends MessageDigestSpi implements Cloneable {
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* This private hookm controlled by the appropriate constructor,
|
|
|
69f63c |
- causes this class to implement the first version of SHA,
|
|
|
69f63c |
- as defined in FIPS 180, as opposed to FIPS 180-1. This was
|
|
|
69f63c |
- useful for DSA testing. */
|
|
|
69f63c |
- private int version = 1;
|
|
|
69f63c |
-
|
|
|
69f63c |
- private static final int SHA_LENGTH = 20;
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Buffer of int's and count of characters accumulated
|
|
|
69f63c |
- // 64 bytes are included in each hash block so the low order
|
|
|
69f63c |
- // bits of count are used to know how to pack the bytes into ints
|
|
|
69f63c |
- // and to know when to compute the block and start the next one.
|
|
|
69f63c |
- private int W[] = new int[80];
|
|
|
69f63c |
- private long count = 0;
|
|
|
69f63c |
- private final int countmax = 64;
|
|
|
69f63c |
- private final int countmask = (countmax - 1);
|
|
|
69f63c |
-
|
|
|
69f63c |
- private int AA, BB, CC, DD, EE;
|
|
|
69f63c |
-
|
|
|
69f63c |
- SHA(int version) {
|
|
|
69f63c |
- this();
|
|
|
69f63c |
- this.version = version;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Creates a new SHA object.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public SHA() {
|
|
|
69f63c |
- init();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Return the length of the digest in bytes
|
|
|
69f63c |
- */
|
|
|
69f63c |
- protected int engineGetDigestLength() {
|
|
|
69f63c |
- return (SHA_LENGTH);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- public void engineUpdate(byte b) {
|
|
|
69f63c |
- engineUpdate((int) b);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Update a byte.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param b the byte
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private void engineUpdate(int b) {
|
|
|
69f63c |
- int word;
|
|
|
69f63c |
- int offset;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* compute word offset and bit offset within word the low bits
|
|
|
69f63c |
- of count are inverted to make put the bytes in the write
|
|
|
69f63c |
- order */
|
|
|
69f63c |
- word = ((int) count & countmask) >>> 2;
|
|
|
69f63c |
- offset = (~(int) count & 3) << 3;
|
|
|
69f63c |
-
|
|
|
69f63c |
- W[word] = (W[word] & ~(0xff << offset)) | ((b & 0xff) << offset);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* If this is the last byte of a block, compute the partial hash */
|
|
|
69f63c |
- if (((int) count & countmask) == countmask) {
|
|
|
69f63c |
- computeBlock();
|
|
|
69f63c |
- }
|
|
|
69f63c |
- count++;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Update a buffer.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * @param b the data to be updated.
|
|
|
69f63c |
- * @param off the start offset in the data
|
|
|
69f63c |
- * @param len the number of bytes to be updated.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public void engineUpdate(byte b[], int off, int len) {
|
|
|
69f63c |
- int word;
|
|
|
69f63c |
-
|
|
|
69f63c |
- if ((off < 0) || (len < 0) || (off + len > b.length))
|
|
|
69f63c |
- throw new ArrayIndexOutOfBoundsException();
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Use single writes until integer aligned
|
|
|
69f63c |
- while ((len > 0) &&
|
|
|
69f63c |
- ((int) count & 3) != 0) {
|
|
|
69f63c |
- engineUpdate(b[off]);
|
|
|
69f63c |
- off++;
|
|
|
69f63c |
- len--;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Assemble groups of 4 bytes to be inserted in integer array */
|
|
|
69f63c |
- for (; len >= 4; len -= 4, off += 4) {
|
|
|
69f63c |
-
|
|
|
69f63c |
- word = ((int) count & countmask) >> 2;
|
|
|
69f63c |
-
|
|
|
69f63c |
- W[word] = ((b[off] & 0xff) << 24) |
|
|
|
69f63c |
- ((b[off + 1] & 0xff) << 16) |
|
|
|
69f63c |
- ((b[off + 2] & 0xff) << 8) |
|
|
|
69f63c |
- ((b[off + 3] & 0xff));
|
|
|
69f63c |
-
|
|
|
69f63c |
- count += 4;
|
|
|
69f63c |
- if (((int) count & countmask) == 0) {
|
|
|
69f63c |
- computeBlock();
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Use single writes for last few bytes */
|
|
|
69f63c |
- for (; len > 0; len--, off++) {
|
|
|
69f63c |
- engineUpdate(b[off]);
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Resets the buffers and hash value to start a new hash.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public void init() {
|
|
|
69f63c |
- AA = 0x67452301;
|
|
|
69f63c |
- BB = 0xefcdab89;
|
|
|
69f63c |
- CC = 0x98badcfe;
|
|
|
69f63c |
- DD = 0x10325476;
|
|
|
69f63c |
- EE = 0xc3d2e1f0;
|
|
|
69f63c |
-
|
|
|
69f63c |
- for (int i = 0; i < 80; i++)
|
|
|
69f63c |
- W[i] = 0;
|
|
|
69f63c |
- count = 0;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Resets the buffers and hash value to start a new hash.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public void engineReset() {
|
|
|
69f63c |
- init();
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Computes the final hash and returns the final value as a
|
|
|
69f63c |
- * byte[20] array. The object is reset to be ready for further
|
|
|
69f63c |
- * use, as specified in the JavaSecurity MessageDigest
|
|
|
69f63c |
- * specification.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public byte[] engineDigest() {
|
|
|
69f63c |
- byte hashvalue[] = new byte[SHA_LENGTH];
|
|
|
69f63c |
-
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- engineDigest(hashvalue, 0, hashvalue.length);
|
|
|
69f63c |
- } catch (DigestException e) {
|
|
|
69f63c |
- throw new InternalError("");
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return hashvalue;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Computes the final hash and returns the final value as a
|
|
|
69f63c |
- * byte[20] array. The object is reset to be ready for further
|
|
|
69f63c |
- * use, as specified in the JavaSecurity MessageDigest
|
|
|
69f63c |
- * specification.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public int engineDigest(byte[] hashvalue, int offset, int len)
|
|
|
69f63c |
- throws DigestException {
|
|
|
69f63c |
-
|
|
|
69f63c |
- if (len < SHA_LENGTH)
|
|
|
69f63c |
- throw new DigestException("partial digests not returned");
|
|
|
69f63c |
- if (hashvalue.length - offset < SHA_LENGTH)
|
|
|
69f63c |
- throw new DigestException("insufficient space in the output " +
|
|
|
69f63c |
- "buffer to store the digest");
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* The number of bits before padding occurs */
|
|
|
69f63c |
- long bits = count << 3;
|
|
|
69f63c |
-
|
|
|
69f63c |
- engineUpdate(0x80);
|
|
|
69f63c |
-
|
|
|
69f63c |
- /* Pad with zeros until length is a multiple of 448 (the last two
|
|
|
69f63c |
- 32 ints are used a holder for bits (see above). */
|
|
|
69f63c |
- while ((int) (count & countmask) != 56) {
|
|
|
69f63c |
- engineUpdate(0);
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- W[14] = (int) (bits >>> 32);
|
|
|
69f63c |
- W[15] = (int) (bits & 0xffffffff);
|
|
|
69f63c |
-
|
|
|
69f63c |
- count += 8;
|
|
|
69f63c |
- computeBlock();
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Copy out the result
|
|
|
69f63c |
- hashvalue[offset + 0] = (byte) (AA >>> 24);
|
|
|
69f63c |
- hashvalue[offset + 1] = (byte) (AA >>> 16);
|
|
|
69f63c |
- hashvalue[offset + 2] = (byte) (AA >>> 8);
|
|
|
69f63c |
- hashvalue[offset + 3] = (byte) (AA >>> 0);
|
|
|
69f63c |
-
|
|
|
69f63c |
- hashvalue[offset + 4] = (byte) (BB >>> 24);
|
|
|
69f63c |
- hashvalue[offset + 5] = (byte) (BB >>> 16);
|
|
|
69f63c |
- hashvalue[offset + 6] = (byte) (BB >>> 8);
|
|
|
69f63c |
- hashvalue[offset + 7] = (byte) (BB >>> 0);
|
|
|
69f63c |
-
|
|
|
69f63c |
- hashvalue[offset + 8] = (byte) (CC >>> 24);
|
|
|
69f63c |
- hashvalue[offset + 9] = (byte) (CC >>> 16);
|
|
|
69f63c |
- hashvalue[offset + 10] = (byte) (CC >>> 8);
|
|
|
69f63c |
- hashvalue[offset + 11] = (byte) (CC >>> 0);
|
|
|
69f63c |
-
|
|
|
69f63c |
- hashvalue[offset + 12] = (byte) (DD >>> 24);
|
|
|
69f63c |
- hashvalue[offset + 13] = (byte) (DD >>> 16);
|
|
|
69f63c |
- hashvalue[offset + 14] = (byte) (DD >>> 8);
|
|
|
69f63c |
- hashvalue[offset + 15] = (byte) (DD >>> 0);
|
|
|
69f63c |
-
|
|
|
69f63c |
- hashvalue[offset + 16] = (byte) (EE >>> 24);
|
|
|
69f63c |
- hashvalue[offset + 17] = (byte) (EE >>> 16);
|
|
|
69f63c |
- hashvalue[offset + 18] = (byte) (EE >>> 8);
|
|
|
69f63c |
- hashvalue[offset + 19] = (byte) (EE >>> 0);
|
|
|
69f63c |
-
|
|
|
69f63c |
- engineReset(); // remove the evidence
|
|
|
69f63c |
-
|
|
|
69f63c |
- return SHA_LENGTH;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Constants for each round
|
|
|
69f63c |
- private final int round1_kt = 0x5a827999;
|
|
|
69f63c |
- private final int round2_kt = 0x6ed9eba1;
|
|
|
69f63c |
- private final int round3_kt = 0x8f1bbcdc;
|
|
|
69f63c |
- private final int round4_kt = 0xca62c1d6;
|
|
|
69f63c |
-
|
|
|
69f63c |
- /**
|
|
|
69f63c |
- * Compute a the hash for the current block.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- * This is in the same vein as Peter Gutmann's algorithm listed in
|
|
|
69f63c |
- * the back of Applied Cryptography, Compact implementation of
|
|
|
69f63c |
- * "old" NIST Secure Hash Algorithm.
|
|
|
69f63c |
- *
|
|
|
69f63c |
- */
|
|
|
69f63c |
- private void computeBlock() {
|
|
|
69f63c |
- int temp, a, b, c, d, e;
|
|
|
69f63c |
-
|
|
|
69f63c |
- // The first 16 ints have the byte stream, compute the rest of
|
|
|
69f63c |
- // the buffer
|
|
|
69f63c |
- for (int t = 16; t <= 79; t++) {
|
|
|
69f63c |
- if (version == 0) {
|
|
|
69f63c |
- W[t] = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
|
|
|
69f63c |
- } else {
|
|
|
69f63c |
- temp = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
|
|
|
69f63c |
- W[t] = ((temp << 1) | (temp >>> (32 - 1)));
|
|
|
69f63c |
- }
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- a = AA;
|
|
|
69f63c |
- b = BB;
|
|
|
69f63c |
- c = CC;
|
|
|
69f63c |
- d = DD;
|
|
|
69f63c |
- e = EE;
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Round 1
|
|
|
69f63c |
- for (int i = 0; i < 20; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- ((b & c) | ((~b) & d)) + e + W[i] + round1_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Round 2
|
|
|
69f63c |
- for (int i = 20; i < 40; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- (b ^ c ^ d) + e + W[i] + round2_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Round 3
|
|
|
69f63c |
- for (int i = 40; i < 60; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- ((b & c) | (b & d) | (c & d)) + e + W[i] + round3_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- // Round 4
|
|
|
69f63c |
- for (int i = 60; i < 80; i++) {
|
|
|
69f63c |
- temp = ((a << 5) | (a >>> (32 - 5))) +
|
|
|
69f63c |
- (b ^ c ^ d) + e + W[i] + round4_kt;
|
|
|
69f63c |
- e = d;
|
|
|
69f63c |
- d = c;
|
|
|
69f63c |
- c = ((b << 30) | (b >>> (32 - 30)));
|
|
|
69f63c |
- b = a;
|
|
|
69f63c |
- a = temp;
|
|
|
69f63c |
- }
|
|
|
69f63c |
- AA += a;
|
|
|
69f63c |
- BB += b;
|
|
|
69f63c |
- CC += c;
|
|
|
69f63c |
- DD += d;
|
|
|
69f63c |
- EE += e;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Clones this object.
|
|
|
69f63c |
- */
|
|
|
69f63c |
- public Object clone() {
|
|
|
69f63c |
- SHA that = null;
|
|
|
69f63c |
- try {
|
|
|
69f63c |
- that = (SHA) super.clone();
|
|
|
69f63c |
- that.W = new int[80];
|
|
|
69f63c |
- System.arraycopy(this.W, 0, that.W, 0, W.length);
|
|
|
69f63c |
- return that;
|
|
|
69f63c |
- } catch (CloneNotSupportedException e) {
|
|
|
69f63c |
- }
|
|
|
69f63c |
- return that;
|
|
|
69f63c |
- }
|
|
|
69f63c |
-}
|
|
|
69f63c |
diff --git a/org/mozilla/jss/netscape/security/provider/Sun.java b/org/mozilla/jss/netscape/security/provider/Sun.java
|
|
|
69f63c |
index 94e72ef4..dd12d26d 100644
|
|
|
69f63c |
--- a/org/mozilla/jss/netscape/security/provider/Sun.java
|
|
|
69f63c |
+++ b/org/mozilla/jss/netscape/security/provider/Sun.java
|
|
|
69f63c |
@@ -68,54 +68,11 @@ public final class Sun extends Provider {
|
|
|
69f63c |
|
|
|
69f63c |
// AccessController.beginPrivileged();
|
|
|
69f63c |
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Signature engines
|
|
|
69f63c |
- */
|
|
|
69f63c |
- put("Signature.DSA", "org.mozilla.jss.netscape.security.provider.DSA");
|
|
|
69f63c |
-
|
|
|
69f63c |
- put("Alg.Alias.Signature.SHA/DSA", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.SHA1/DSA", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.SHA-1/DSA", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.DSS", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.OID.1.3.14.3.2.13", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.OID.1.3.14.3.2.27", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "DSA");
|
|
|
69f63c |
- // the following are not according to our formal spec but
|
|
|
69f63c |
- // are still supported
|
|
|
69f63c |
- put("Alg.Alias.Signature.1.3.14.3.2.13", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.1.3.14.3.2.27", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.SHAwithDSA", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.Signature.SHA1withDSA", "DSA");
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Key Pair Generator engines
|
|
|
69f63c |
- */
|
|
|
69f63c |
- put("KeyPairGenerator.DSA",
|
|
|
69f63c |
- "org.mozilla.jss.netscape.security.provider.DSAKeyPairGenerator");
|
|
|
69f63c |
-
|
|
|
69f63c |
- put("Alg.Alias.KeyPairGenerator.OID.1.3.14.3.2.12", "DSA");
|
|
|
69f63c |
- put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
|
|
|
69f63c |
// the following are not according to our formal spec but
|
|
|
69f63c |
// are still supported
|
|
|
69f63c |
put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
|
|
|
69f63c |
put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
|
|
|
69f63c |
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Digest engines
|
|
|
69f63c |
- */
|
|
|
69f63c |
- put("MessageDigest.MD5", "org.mozilla.jss.netscape.security.provider.MD5");
|
|
|
69f63c |
- put("MessageDigest.SHA-1", "org.mozilla.jss.netscape.security.provider.SHA");
|
|
|
69f63c |
-
|
|
|
69f63c |
- put("Alg.Alias.MessageDigest.SHA", "SHA-1");
|
|
|
69f63c |
- put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
|
|
|
69f63c |
-
|
|
|
69f63c |
- /*
|
|
|
69f63c |
- * Algorithm Parameter Generator engines
|
|
|
69f63c |
- */
|
|
|
69f63c |
- put("AlgorithmParameterGenerator.DSA",
|
|
|
69f63c |
- "org.mozilla.jss.netscape.security.provider.DSAParameterGenerator");
|
|
|
69f63c |
-
|
|
|
69f63c |
/*
|
|
|
69f63c |
* Algorithm Parameter engines
|
|
|
69f63c |
*/
|
|
|
69f63c |
--
|
|
|
69f63c |
2.21.0
|
|
|
69f63c |
|