summaryrefslogtreecommitdiff
path: root/libjava/classpath/gnu/javax/crypto/cipher
diff options
context:
space:
mode:
authorupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
committerupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
commit554fd8c5195424bdbcabf5de30fdc183aba391bd (patch)
tree976dc5ab7fddf506dadce60ae936f43f58787092 /libjava/classpath/gnu/javax/crypto/cipher
downloadcbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.bz2
cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.xz
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig; imported gcc-4.6.4 source tree from verified upstream tarball. downloading a git-generated archive based on the 'upstream' tag should provide you with a source tree that is binary identical to the one extracted from the above tarball. if you have obtained the source via the command 'git clone', however, do note that line-endings of files in your working directory might differ from line-endings of the respective files in the upstream repository.
Diffstat (limited to 'libjava/classpath/gnu/javax/crypto/cipher')
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Anubis.java491
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java249
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java611
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Cast5.java987
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java129
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/DES.java652
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java195
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java124
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Khazad.java449
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java108
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java704
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Serpent.java1781
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Square.java425
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java257
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/Twofish.java737
-rw-r--r--libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java59
16 files changed, 7958 insertions, 0 deletions
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Anubis.java b/libjava/classpath/gnu/javax/crypto/cipher/Anubis.java
new file mode 100644
index 000000000..3526ad612
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Anubis.java
@@ -0,0 +1,491 @@
+/* Anubis.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Configuration;
+import gnu.java.security.Registry;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.logging.Logger;
+
+/**
+ * Anubis is a 128-bit block cipher that accepts a variable-length key. The
+ * cipher is a uniform substitution-permutation network whose inverse only
+ * differs from the forward operation in the key schedule. The design of both
+ * the round transformation and the key schedule is based upon the Wide Trail
+ * strategy and permits a wide variety of implementation trade-offs.
+ * <p>
+ * References:
+ * <ol>
+ * <li><a
+ * href="http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html">The
+ * ANUBIS Block Cipher</a>.<br>
+ * <a href="mailto:paulo.barreto@terra.com.br">Paulo S.L.M. Barreto</a> and <a
+ * href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li>
+ * </ol>
+ */
+public final class Anubis
+ extends BaseCipher
+{
+ private static final Logger log = Logger.getLogger(Anubis.class.getName());
+ private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes
+ private static final int DEFAULT_KEY_SIZE = 16; // in bytes
+ private static final String Sd = // p. 25 [ANUBIS]
+ "\uBA54\u2F74\u53D3\uD24D\u50AC\u8DBF\u7052\u9A4C"
+ + "\uEAD5\u97D1\u3351\u5BA6\uDE48\uA899\uDB32\uB7FC"
+ + "\uE39E\u919B\uE2BB\u416E\uA5CB\u6B95\uA1F3\uB102"
+ + "\uCCC4\u1D14\uC363\uDA5D\u5FDC\u7DCD\u7F5A\u6C5C"
+ + "\uF726\uFFED\uE89D\u6F8E\u19A0\uF089\u0F07\uAFFB"
+ + "\u0815\u0D04\u0164\uDF76\u79DD\u3D16\u3F37\u6D38"
+ + "\uB973\uE935\u5571\u7B8C\u7288\uF62A\u3E5E\u2746"
+ + "\u0C65\u6861\u03C1\u57D6\uD958\uD866\uD73A\uC83C"
+ + "\uFA96\uA798\uECB8\uC7AE\u694B\uABA9\u670A\u47F2"
+ + "\uB522\uE5EE\uBE2B\u8112\u831B\u0E23\uF545\u21CE"
+ + "\u492C\uF9E6\uB628\u1782\u1A8B\uFE8A\u09C9\u874E"
+ + "\uE12E\uE4E0\uEB90\uA41E\u8560\u0025\uF4F1\u940B"
+ + "\uE775\uEF34\u31D4\uD086\u7EAD\uFD29\u303B\u9FF8"
+ + "\uC613\u0605\uC511\u777C\u7A78\u361C\u3959\u1856"
+ + "\uB3B0\u2420\uB292\uA3C0\u4462\u10B4\u8443\u93C2"
+ + "\u4ABD\u8F2D\uBC9C\u6A40\uCFA2\u804F\u1FCA\uAA42";
+ private static final byte[] S = new byte[256];
+ private static final int[] T0 = new int[256];
+ private static final int[] T1 = new int[256];
+ private static final int[] T2 = new int[256];
+ private static final int[] T3 = new int[256];
+ private static final int[] T4 = new int[256];
+ private static final int[] T5 = new int[256];
+ /**
+ * Anubis round constants. This is the largest possible considering that we
+ * always use R values, R = 8 + N, and 4 &lt;= N &lt;= 10.
+ */
+ private static final int[] rc = new int[18];
+ /**
+ * KAT vector (from ecb_vk): I=83
+ * KEY=000000000000000000002000000000000000000000000000
+ * CT=2E66AB15773F3D32FB6C697509460DF4
+ */
+ private static final byte[] KAT_KEY =
+ Util.toBytesFromString("000000000000000000002000000000000000000000000000");
+ private static final byte[] KAT_CT =
+ Util.toBytesFromString("2E66AB15773F3D32FB6C697509460DF4");
+ /** caches the result of the correctness test, once executed. */
+ private static Boolean valid;
+
+ static
+ {
+ long time = System.currentTimeMillis();
+ int ROOT = 0x11d; // para. 2.1 [ANUBIS]
+ int i, s, s2, s4, s6, s8, t;
+ char c;
+ for (i = 0; i < 256; i++)
+ {
+ c = Sd.charAt(i >>> 1);
+ s = ((i & 1) == 0 ? c >>> 8 : c) & 0xFF;
+ S[i] = (byte) s;
+ s2 = s << 1;
+ if (s2 > 0xFF)
+ s2 ^= ROOT;
+ s4 = s2 << 1;
+ if (s4 > 0xFF)
+ s4 ^= ROOT;
+ s6 = s4 ^ s2;
+ s8 = s4 << 1;
+ if (s8 > 0xFF)
+ s8 ^= ROOT;
+ T0[i] = s << 24 | s2 << 16 | s4 << 8 | s6;
+ T1[i] = s2 << 24 | s << 16 | s6 << 8 | s4;
+ T2[i] = s4 << 24 | s6 << 16 | s << 8 | s2;
+ T3[i] = s6 << 24 | s4 << 16 | s2 << 8 | s;
+ T4[i] = s << 24 | s << 16 | s << 8 | s;
+ T5[s] = s << 24 | s2 << 16 | s6 << 8 | s8;
+ }
+ // compute round constant
+ for (i = 0, s = 0; i < 18;)
+ rc[i++] = S[(s++) & 0xFF] << 24
+ | (S[(s++) & 0xFF] & 0xFF) << 16
+ | (S[(s++) & 0xFF] & 0xFF) << 8
+ | (S[(s++) & 0xFF] & 0xFF);
+ time = System.currentTimeMillis() - time;
+ if (Configuration.DEBUG)
+ {
+ log.fine("Static data");
+ log.fine("T0[]:");
+ StringBuilder sb;
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (t = 0; t < 4; t++)
+ sb.append("0x").append(Util.toString(T0[i * 4 + t])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T1[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (t = 0; t < 4; t++)
+ sb.append("0x").append(Util.toString(T1[i * 4 + t])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T2[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (t = 0; t < 4; t++)
+ sb.append("0x").append(Util.toString(T2[i * 4 + t])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T3[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (t = 0; t < 4; t++)
+ sb.append("0x").append(Util.toString(T3[i * 4 + t])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T4[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (t = 0; t < 4; t++)
+ sb.append("0x").append(Util.toString(T4[i * 4 + t])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T5[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (t = 0; t < 4; t++)
+ sb.append("0x").append(Util.toString(T5[i * 4 + t])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("rc[]:");
+ for (i = 0; i < 18; i++)
+ log.fine("0x" + Util.toString(rc[i]));
+ log.fine("Total initialization time: " + time + " ms.");
+ }
+ }
+
+ /** Trivial 0-arguments constructor. */
+ public Anubis()
+ {
+ super(Registry.ANUBIS_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ private static void anubis(byte[] in, int i, byte[] out, int j, int[][] K)
+ {
+ // extract encryption round keys
+ int R = K.length - 1;
+ int[] Ker = K[0];
+ // mu function + affine key addition
+ int a0 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Ker[0];
+ int a1 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Ker[1];
+ int a2 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Ker[2];
+ int a3 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i] & 0xFF) ) ^ Ker[3];
+ int b0, b1, b2, b3;
+ // round function
+ for (int r = 1; r < R; r++)
+ {
+ Ker = K[r];
+ b0 = T0[ a0 >>> 24 ]
+ ^ T1[ a1 >>> 24 ]
+ ^ T2[ a2 >>> 24 ]
+ ^ T3[ a3 >>> 24 ] ^ Ker[0];
+ b1 = T0[(a0 >>> 16) & 0xFF]
+ ^ T1[(a1 >>> 16) & 0xFF]
+ ^ T2[(a2 >>> 16) & 0xFF]
+ ^ T3[(a3 >>> 16) & 0xFF] ^ Ker[1];
+ b2 = T0[(a0 >>> 8) & 0xFF]
+ ^ T1[(a1 >>> 8) & 0xFF]
+ ^ T2[(a2 >>> 8) & 0xFF]
+ ^ T3[(a3 >>> 8) & 0xFF] ^ Ker[2];
+ b3 = T0[ a0 & 0xFF]
+ ^ T1[ a1 & 0xFF]
+ ^ T2[ a2 & 0xFF]
+ ^ T3[ a3 & 0xFF] ^ Ker[3];
+ a0 = b0;
+ a1 = b1;
+ a2 = b2;
+ a3 = b3;
+ if (Configuration.DEBUG)
+ log.fine("T" + r + "=" + Util.toString(a0) + Util.toString(a1)
+ + Util.toString(a2) + Util.toString(a3));
+ }
+ // last round function
+ Ker = K[R];
+ int tt = Ker[0];
+ out[j++] = (byte)(S[ a0 >>> 24 ] ^ (tt >>> 24));
+ out[j++] = (byte)(S[ a1 >>> 24 ] ^ (tt >>> 16));
+ out[j++] = (byte)(S[ a2 >>> 24 ] ^ (tt >>> 8));
+ out[j++] = (byte)(S[ a3 >>> 24 ] ^ tt);
+ tt = Ker[1];
+ out[j++] = (byte)(S[(a0 >>> 16) & 0xFF] ^ (tt >>> 24));
+ out[j++] = (byte)(S[(a1 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(S[(a2 >>> 16) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(S[(a3 >>> 16) & 0xFF] ^ tt);
+ tt = Ker[2];
+ out[j++] = (byte)(S[(a0 >>> 8) & 0xFF] ^ (tt >>> 24));
+ out[j++] = (byte)(S[(a1 >>> 8) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(S[(a2 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(S[(a3 >>> 8) & 0xFF] ^ tt);
+ tt = Ker[3];
+ out[j++] = (byte)(S[ a0 & 0xFF] ^ (tt >>> 24));
+ out[j++] = (byte)(S[ a1 & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(S[ a2 & 0xFF] ^ (tt >>> 8));
+ out[j ] = (byte)(S[ a3 & 0xFF] ^ tt);
+ if (Configuration.DEBUG)
+ log.fine("T=" + Util.toString(out, j - 15, 16) + "\n");
+ }
+
+ public Object clone()
+ {
+ Anubis result = new Anubis();
+ result.currentBlockSize = this.currentBlockSize;
+
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE));
+
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ for (int n = 4; n < 10; n++)
+ al.add(Integer.valueOf(n * 32 / 8));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ /**
+ * Expands a user-supplied key material into a session key for a designated
+ * <i>block size</i>.
+ *
+ * @param uk the 32N-bit user-supplied key material; 4 &lt;= N &lt;= 10.
+ * @param bs the desired block size in bytes.
+ * @return an Object encapsulating the session key.
+ * @exception IllegalArgumentException if the block size is not 16 (128-bit).
+ * @exception InvalidKeyException if the key data is invalid.
+ */
+ public Object makeKey(byte[] uk, int bs) throws InvalidKeyException
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ if (uk == null)
+ throw new InvalidKeyException("Empty key");
+ if ((uk.length % 4) != 0)
+ throw new InvalidKeyException("Key is not multiple of 32-bit.");
+ int N = uk.length / 4;
+ if (N < 4 || N > 10)
+ throw new InvalidKeyException("Key is not 32N; 4 <= N <= 10");
+ int R = 8 + N;
+ int[][] Ke = new int[R + 1][4]; // encryption round keys
+ int[][] Kd = new int[R + 1][4]; // decryption round keys
+ int[] tk = new int[N];
+ int[] kk = new int[N];
+ int r, i, j, k, k0, k1, k2, k3, tt;
+ // apply mu to k0
+ for (r = 0, i = 0; r < N;)
+ tk[r++] = uk[i++] << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ for (r = 0; r <= R; r++)
+ {
+ if (r > 0)
+ {
+ // psi = key evolution function
+ kk[0] = T0[(tk[0 ] >>> 24) ]
+ ^ T1[(tk[N - 1] >>> 16) & 0xFF]
+ ^ T2[(tk[N - 2] >>> 8) & 0xFF]
+ ^ T3[ tk[N - 3] & 0xFF];
+ kk[1] = T0[(tk[1 ] >>> 24) ]
+ ^ T1[(tk[0 ] >>> 16) & 0xFF]
+ ^ T2[(tk[N - 1] >>> 8) & 0xFF]
+ ^ T3[ tk[N - 2] & 0xFF];
+ kk[2] = T0[(tk[2 ] >>> 24) ]
+ ^ T1[(tk[1 ] >>> 16) & 0xFF]
+ ^ T2[(tk[0 ] >>> 8) & 0xFF]
+ ^ T3[ tk[N - 1] & 0xFF];
+ kk[3] = T0[(tk[3 ] >>> 24) ]
+ ^ T1[(tk[2 ] >>> 16) & 0xFF]
+ ^ T2[(tk[1 ] >>> 8) & 0xFF]
+ ^ T3[ tk[0 ] & 0xFF];
+ for (i = 4; i < N; i++)
+ kk[i] = T0[ tk[i ] >>> 24 ]
+ ^ T1[(tk[i - 1] >>> 16) & 0xFF]
+ ^ T2[(tk[i - 2] >>> 8) & 0xFF]
+ ^ T3[ tk[i - 3] & 0xFF];
+ // apply sigma (affine addition) to round constant
+ tk[0] = rc[r - 1] ^ kk[0];
+ for (i = 1; i < N; i++)
+ tk[i] = kk[i];
+ }
+ // phi = key selection function
+ tt = tk[N - 1];
+ k0 = T4[ tt >>> 24 ];
+ k1 = T4[(tt >>> 16) & 0xFF];
+ k2 = T4[(tt >>> 8) & 0xFF];
+ k3 = T4[ tt & 0xFF];
+ for (k = N - 2; k >= 0; k--)
+ {
+ tt = tk[k];
+ k0 = T4[ tt >>> 24 ]
+ ^ (T5[(k0 >>> 24) & 0xFF] & 0xFF000000)
+ ^ (T5[(k0 >>> 16) & 0xFF] & 0x00FF0000)
+ ^ (T5[(k0 >>> 8) & 0xFF] & 0x0000FF00)
+ ^ (T5 [k0 & 0xFF] & 0x000000FF);
+ k1 = T4[(tt >>> 16) & 0xFF]
+ ^ (T5[(k1 >>> 24) & 0xFF] & 0xFF000000)
+ ^ (T5[(k1 >>> 16) & 0xFF] & 0x00FF0000)
+ ^ (T5[(k1 >>> 8) & 0xFF] & 0x0000FF00)
+ ^ (T5[ k1 & 0xFF] & 0x000000FF);
+ k2 = T4[(tt >>> 8) & 0xFF]
+ ^ (T5[(k2 >>> 24) & 0xFF] & 0xFF000000)
+ ^ (T5[(k2 >>> 16) & 0xFF] & 0x00FF0000)
+ ^ (T5[(k2 >>> 8) & 0xFF] & 0x0000FF00)
+ ^ (T5[ k2 & 0xFF] & 0x000000FF);
+ k3 = T4[ tt & 0xFF]
+ ^ (T5[(k3 >>> 24) & 0xFF] & 0xFF000000)
+ ^ (T5[(k3 >>> 16) & 0xFF] & 0x00FF0000)
+ ^ (T5[(k3 >>> 8) & 0xFF] & 0x0000FF00)
+ ^ (T5[ k3 & 0xFF] & 0x000000FF);
+ }
+ Ke[r][0] = k0;
+ Ke[r][1] = k1;
+ Ke[r][2] = k2;
+ Ke[r][3] = k3;
+ if (r == 0 || r == R)
+ {
+ Kd[R - r][0] = k0;
+ Kd[R - r][1] = k1;
+ Kd[R - r][2] = k2;
+ Kd[R - r][3] = k3;
+ }
+ else
+ {
+ Kd[R - r][0] = T0[S[ k0 >>> 24 ] & 0xFF]
+ ^ T1[S[(k0 >>> 16) & 0xFF] & 0xFF]
+ ^ T2[S[(k0 >>> 8) & 0xFF] & 0xFF]
+ ^ T3[S[ k0 & 0xFF] & 0xFF];
+ Kd[R - r][1] = T0[S[ k1 >>> 24 ] & 0xFF]
+ ^ T1[S[(k1 >>> 16) & 0xFF] & 0xFF]
+ ^ T2[S[(k1 >>> 8) & 0xFF] & 0xFF]
+ ^ T3[S[ k1 & 0xFF] & 0xFF];
+ Kd[R - r][2] = T0[S[ k2 >>> 24 ] & 0xFF]
+ ^ T1[S[(k2 >>> 16) & 0xFF] & 0xFF]
+ ^ T2[S[(k2 >>> 8) & 0xFF] & 0xFF]
+ ^ T3[S[ k2 & 0xFF] & 0xFF];
+ Kd[R - r][3] = T0[S[ k3 >>> 24 ] & 0xFF]
+ ^ T1[S[(k3 >>> 16) & 0xFF] & 0xFF]
+ ^ T2[S[(k3 >>> 8) & 0xFF] & 0xFF]
+ ^ T3[S[ k3 & 0xFF] & 0xFF];
+ }
+ }
+ if (Configuration.DEBUG)
+ {
+ log.fine("Key schedule");
+ log.fine("Ke[]:");
+ StringBuilder sb;
+ for (r = 0; r < R + 1; r++)
+ {
+ sb = new StringBuilder("#").append(r).append(": ");
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(Ke[r][j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("Kd[]:");
+ for (r = 0; r < R + 1; r++)
+ {
+ sb = new StringBuilder("#").append(r).append(": ");
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(Kd[r][j])).append(", ");
+ log.fine(sb.toString());
+ }
+ }
+ return new Object[] { Ke, Kd };
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ int[][] K = (int[][])((Object[]) k)[0];
+ anubis(in, i, out, j, K);
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ int[][] K = (int[][])((Object[]) k)[1];
+ anubis(in, i, out, j, K);
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // do symmetry tests
+ if (result)
+ result = testKat(KAT_KEY, KAT_CT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java b/libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java
new file mode 100644
index 000000000..45aa2d6fd
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/BaseCipher.java
@@ -0,0 +1,249 @@
+/* BaseCipher.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Configuration;
+
+import java.security.InvalidKeyException;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * A basic abstract class to facilitate implementing symmetric key block
+ * ciphers.
+ */
+public abstract class BaseCipher
+ implements IBlockCipher, IBlockCipherSpi
+{
+ private static final Logger log = Logger.getLogger(BaseCipher.class.getName());
+ /** The canonical name prefix of the cipher. */
+ protected String name;
+ /** The default block size, in bytes. */
+ protected int defaultBlockSize;
+ /** The default key size, in bytes. */
+ protected int defaultKeySize;
+ /** The current block size, in bytes. */
+ protected int currentBlockSize;
+ /** The session key for this instance. */
+ protected transient Object currentKey;
+ /** The instance lock. */
+ protected Object lock = new Object();
+
+ /**
+ * Trivial constructor for use by concrete subclasses.
+ *
+ * @param name the canonical name prefix of this instance.
+ * @param defaultBlockSize the default block size in bytes.
+ * @param defaultKeySize the default key size in bytes.
+ */
+ protected BaseCipher(String name, int defaultBlockSize, int defaultKeySize)
+ {
+ super();
+
+ this.name = name;
+ this.defaultBlockSize = defaultBlockSize;
+ this.defaultKeySize = defaultKeySize;
+ }
+
+ public abstract Object clone();
+
+ public String name()
+ {
+ CPStringBuilder sb = new CPStringBuilder(name).append('-');
+ if (currentKey == null)
+ sb.append(String.valueOf(8 * defaultBlockSize));
+ else
+ sb.append(String.valueOf(8 * currentBlockSize));
+ return sb.toString();
+ }
+
+ public int defaultBlockSize()
+ {
+ return defaultBlockSize;
+ }
+
+ public int defaultKeySize()
+ {
+ return defaultKeySize;
+ }
+
+ public void init(Map attributes) throws InvalidKeyException
+ {
+ synchronized (lock)
+ {
+ if (currentKey != null)
+ throw new IllegalStateException();
+ Integer bs = (Integer) attributes.get(CIPHER_BLOCK_SIZE);
+ if (bs == null) // no block size was specified
+ {
+ if (currentBlockSize == 0) // happy birthday
+ currentBlockSize = defaultBlockSize;
+ // else it's a clone. use as is
+ }
+ else
+ {
+ currentBlockSize = bs.intValue();
+ // ensure that value is valid
+ Iterator it;
+ boolean ok = false;
+ for (it = blockSizes(); it.hasNext();)
+ {
+ ok = (currentBlockSize == ((Integer) it.next()).intValue());
+ if (ok)
+ break;
+ }
+ if (! ok)
+ throw new IllegalArgumentException(IBlockCipher.CIPHER_BLOCK_SIZE);
+ }
+ byte[] k = (byte[]) attributes.get(KEY_MATERIAL);
+ currentKey = makeKey(k, currentBlockSize);
+ }
+ }
+
+ public int currentBlockSize()
+ {
+ if (currentKey == null)
+ throw new IllegalStateException();
+ return currentBlockSize;
+ }
+
+ public void reset()
+ {
+ synchronized (lock)
+ {
+ currentKey = null;
+ }
+ }
+
+ public void encryptBlock(byte[] in, int inOffset, byte[] out, int outOffset)
+ throws IllegalStateException
+ {
+ synchronized (lock)
+ {
+ if (currentKey == null)
+ throw new IllegalStateException();
+ encrypt(in, inOffset, out, outOffset, currentKey, currentBlockSize);
+ }
+ }
+
+ public void decryptBlock(byte[] in, int inOffset, byte[] out, int outOffset)
+ throws IllegalStateException
+ {
+ synchronized (lock)
+ {
+ if (currentKey == null)
+ throw new IllegalStateException();
+ decrypt(in, inOffset, out, outOffset, currentKey, currentBlockSize);
+ }
+ }
+
+ public boolean selfTest()
+ {
+ int ks;
+ Iterator bit;
+ // do symmetry tests for all block-size/key-size combos
+ for (Iterator kit = keySizes(); kit.hasNext();)
+ {
+ ks = ((Integer) kit.next()).intValue();
+ for (bit = blockSizes(); bit.hasNext();)
+ if (! testSymmetry(ks, ((Integer) bit.next()).intValue()))
+ return false;
+ }
+ return true;
+ }
+
+ private boolean testSymmetry(int ks, int bs)
+ {
+ try
+ {
+ byte[] kb = new byte[ks];
+ byte[] pt = new byte[bs];
+ byte[] ct = new byte[bs];
+ byte[] cpt = new byte[bs];
+ int i;
+ for (i = 0; i < ks; i++)
+ kb[i] = (byte) i;
+ for (i = 0; i < bs; i++)
+ pt[i] = (byte) i;
+ Object k = makeKey(kb, bs);
+ encrypt(pt, 0, ct, 0, k, bs);
+ decrypt(ct, 0, cpt, 0, k, bs);
+ return Arrays.equals(pt, cpt);
+ }
+ catch (Exception x)
+ {
+ if (Configuration.DEBUG)
+ log.log(Level.FINE, "Exception in testSymmetry() for " + name(), x);
+ return false;
+ }
+ }
+
+ protected boolean testKat(byte[] kb, byte[] ct)
+ {
+ return testKat(kb, ct, new byte[ct.length]); // all-zero plaintext
+ }
+
+ protected boolean testKat(byte[] kb, byte[] ct, byte[] pt)
+ {
+ try
+ {
+ int bs = pt.length;
+ byte[] t = new byte[bs];
+ Object k = makeKey(kb, bs);
+ // test encryption
+ encrypt(pt, 0, t, 0, k, bs);
+ if (! Arrays.equals(t, ct))
+ return false;
+ // test decryption
+ decrypt(t, 0, t, 0, k, bs);
+ return Arrays.equals(t, pt);
+ }
+ catch (Exception x)
+ {
+ if (Configuration.DEBUG)
+ log.log(Level.FINE, "Exception in testKat() for " + name(), x);
+ return false;
+ }
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java b/libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java
new file mode 100644
index 000000000..0c6d9b12b
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Blowfish.java
@@ -0,0 +1,611 @@
+/* Blowfish.java --
+ Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+// --------------------------------------------------------------------------
+//
+// Based on the C implementation from the GNU Privacy Guard.
+//
+// --------------------------------------------------------------------------
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+import gnu.java.security.util.Sequence;
+import gnu.java.security.util.Util;
+
+import java.util.Collections;
+import java.util.Iterator;
+
+/**
+ * Blowfish is a 16-round, 64-bit Feistel cipher designed by Bruce Schneier. It
+ * accepts a variable-length key of up to 448 bits.
+ * <p>
+ * References:
+ * <ol>
+ * <li>Schneier, Bruce: <i>Applied Cryptography</i>, Second Edition, 336--339,
+ * 647--654 (1996 Bruce Schneier).</li>
+ * <li><a href="http://www.counterpane.com/blowfish.html">The Blowfish
+ * Encryption Algorithm.</a></li>
+ * </ol>
+ */
+public class Blowfish
+ extends BaseCipher
+{
+ private static final int DEFAULT_BLOCK_SIZE = 8;
+ private static final int DEFAULT_KEY_SIZE = 8;
+ private static final int MAX_KEY_LENGTH = 56;
+ /** Initial value of the p-array. */
+ private static final int[] P = {
+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0,
+ 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b };
+ /** Initial value of S-box 1. */
+ static final int[] KS0 = {
+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
+ 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658,
+ 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e,
+ 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6,
+ 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c,
+ 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1,
+ 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a,
+ 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176,
+ 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706,
+ 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b,
+ 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c,
+ 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a,
+ 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760,
+ 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8,
+ 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33,
+ 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0,
+ 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777,
+ 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705,
+ 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e,
+ 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9,
+ 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f,
+ 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a };
+ /** Initial value of S-box 2. */
+ private static final int[] KS1 = {
+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d,
+ 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65,
+ 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9,
+ 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d,
+ 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc,
+ 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908,
+ 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124,
+ 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908,
+ 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b,
+ 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa,
+ 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d,
+ 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5,
+ 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96,
+ 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca,
+ 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77,
+ 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054,
+ 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea,
+ 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646,
+ 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea,
+ 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e,
+ 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd,
+ 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 };
+ /** Initial value of S-box 3. */
+ private static final int[] KS2 = {
+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7,
+ 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af,
+ 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4,
+ 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec,
+ 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332,
+ 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58,
+ 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22,
+ 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60,
+ 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99,
+ 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74,
+ 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3,
+ 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979,
+ 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa,
+ 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086,
+ 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24,
+ 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84,
+ 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09,
+ 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe,
+ 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0,
+ 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188,
+ 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8,
+ 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 };
+ /** Initial value of S-box 4. */
+ private static final int[] KS3 = {
+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742,
+ 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79,
+ 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a,
+ 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1,
+ 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797,
+ 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6,
+ 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba,
+ 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5,
+ 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce,
+ 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd,
+ 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb,
+ 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc,
+ 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc,
+ 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a,
+ 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a,
+ 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b,
+ 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e,
+ 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623,
+ 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a,
+ 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3,
+ 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c,
+ 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 };
+ /** Cache of the self test. */
+ private static Boolean valid;
+ /**
+ * Test vector, as published in
+ * href="http://www.counterpane.com/vectors.txt">http://www.counterpane.com/vectors.txt</a>.
+ *
+ * KEY=0000000000000000
+ * PT=0000000000000000
+ * CT=4EF997456198DD78
+ */
+ private static final byte[] TV_KEY = Util.toBytesFromString("0000000000000000");
+ private static final byte[] TV_CT = Util.toBytesFromString("4EF997456198DD78");
+
+ public Blowfish()
+ {
+ super(Registry.BLOWFISH_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ public Object clone()
+ {
+ Blowfish result = new Blowfish();
+ result.currentBlockSize = currentBlockSize;
+ return result;
+ }
+
+ public Iterator keySizes()
+ {
+ return new Sequence(8, MAX_KEY_LENGTH, 8).iterator();
+ }
+
+ public Iterator blockSizes()
+ {
+ return Collections.singleton(Integer.valueOf(DEFAULT_BLOCK_SIZE)).iterator();
+ }
+
+ public Object makeKey(byte[] k, int bs)
+ {
+ Context ctx = new Context();
+ System.arraycopy(P, 0, ctx.p, 0, P.length);
+ System.arraycopy(KS0, 0, ctx.s0, 0, KS0.length);
+ System.arraycopy(KS1, 0, ctx.s1, 0, KS1.length);
+ System.arraycopy(KS2, 0, ctx.s2, 0, KS2.length);
+ System.arraycopy(KS3, 0, ctx.s3, 0, KS3.length);
+ // XOR the key with the P-box
+ int l = 0;
+ for (int i = 0; i < ctx.p.length; i++)
+ {
+ int data = 0;
+ for (int j = 0; j < 4; j++)
+ {
+ data = (data << 8) | (k[l++] & 0xff);
+ if (l >= k.length)
+ l = 0;
+ }
+ ctx.p[i] ^= data;
+ }
+ // We swap the left and right words here only, so we can avoid
+ // swapping altogether during encryption/decryption.
+ int t;
+ Block x = new Block();
+ x.left = x.right = 0;
+ for (int i = 0; i < ctx.p.length; i += 2)
+ {
+ blowfishEncrypt(x, ctx);
+ ctx.p[i] = x.right;
+ ctx.p[i + 1] = x.left;
+ t = x.right;
+ x.right = x.left;
+ x.left = t;
+ }
+ for (int i = 0; i < ctx.s0.length; i += 2)
+ {
+ blowfishEncrypt(x, ctx);
+ ctx.s0[i] = x.right;
+ ctx.s0[i + 1] = x.left;
+ t = x.right;
+ x.right = x.left;
+ x.left = t;
+ }
+ for (int i = 0; i < ctx.s1.length; i += 2)
+ {
+ blowfishEncrypt(x, ctx);
+ ctx.s1[i] = x.right;
+ ctx.s1[i + 1] = x.left;
+ t = x.right;
+ x.right = x.left;
+ x.left = t;
+ }
+ for (int i = 0; i < ctx.s2.length; i += 2)
+ {
+ blowfishEncrypt(x, ctx);
+ ctx.s2[i] = x.right;
+ ctx.s2[i + 1] = x.left;
+ t = x.right;
+ x.right = x.left;
+ x.left = t;
+ }
+ for (int i = 0; i < ctx.s3.length; i += 2)
+ {
+ blowfishEncrypt(x, ctx);
+ ctx.s3[i] = x.right;
+ ctx.s3[i + 1] = x.left;
+ t = x.right;
+ x.right = x.left;
+ x.left = t;
+ }
+ x.left = x.right = 0;
+ return ctx;
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int o, Object k, int bs)
+ {
+ Block x = new Block();
+ x.left = (in[i ] & 0xff) << 24
+ | (in[i + 1] & 0xff) << 16
+ | (in[i + 2] & 0xff) << 8
+ | (in[i + 3] & 0xff);
+ x.right = (in[i + 4] & 0xff) << 24
+ | (in[i + 5] & 0xff) << 16
+ | (in[i + 6] & 0xff) << 8
+ | (in[i + 7] & 0xff);
+ blowfishEncrypt(x, (Context) k);
+ out[o ] = (byte)(x.right >>> 24);
+ out[o + 1] = (byte)(x.right >>> 16);
+ out[o + 2] = (byte)(x.right >>> 8);
+ out[o + 3] = (byte) x.right;
+ out[o + 4] = (byte)(x.left >>> 24);
+ out[o + 5] = (byte)(x.left >>> 16);
+ out[o + 6] = (byte)(x.left >>> 8);
+ out[o + 7] = (byte) x.left;
+ x.left = x.right = 0;
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int o, Object k, int bs)
+ {
+ Block x = new Block();
+ x.left = (in[i ] & 0xff) << 24
+ | (in[i + 1] & 0xff) << 16
+ | (in[i + 2] & 0xff) << 8
+ | (in[i + 3] & 0xff);
+ x.right = (in[i + 4] & 0xff) << 24
+ | (in[i + 5] & 0xff) << 16
+ | (in[i + 6] & 0xff) << 8
+ | (in[i + 7] & 0xff);
+ blowfishDecrypt(x, (Context) k);
+ out[o ] = (byte)(x.right >>> 24);
+ out[o + 1] = (byte)(x.right >>> 16);
+ out[o + 2] = (byte)(x.right >>> 8);
+ out[o + 3] = (byte) x.right;
+ out[o + 4] = (byte)(x.left >>> 24);
+ out[o + 5] = (byte)(x.left >>> 16);
+ out[o + 6] = (byte)(x.left >>> 8);
+ out[o + 7] = (byte) x.left;
+ x.left = x.right = 0;
+ }
+
+ /** Encrypt a single pair of 32-bit integers. */
+ private void blowfishEncrypt(Block x, Context ctx)
+ {
+ int[] p = ctx.p;
+ int[] s0 = ctx.s0, s1 = ctx.s1, s2 = ctx.s2, s3 = ctx.s3;
+ x.left ^= p[0];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[1];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[2];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[3];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[4];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[5];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[6];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[7];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[8];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[9];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[10];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[11];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[12];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[13];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[14];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[15];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[16];
+ x.right ^= p[17];
+ }
+
+ /** Decrypt a single pair of 32-bit integers. */
+ private void blowfishDecrypt(Block x, Context ctx)
+ {
+ int[] p = ctx.p;
+ int[] s0 = ctx.s0, s1 = ctx.s1, s2 = ctx.s2, s3 = ctx.s3;
+ x.left ^= p[17];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[16];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[15];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[14];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[13];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[12];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[11];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[10];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[9];
+ x.right ^= ((s0[x.left >>> 24]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[8];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[7];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[6];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[5];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[4];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[3];
+ x.right ^= ((s0[x.left >>> 24 ]
+ + s1[x.left >>> 16 & 0xff])
+ ^ s2[x.left >>> 8 & 0xff])
+ + s3[x.left & 0xff] ^ p[2];
+ x.left ^= ((s0[x.right >>> 24 ]
+ + s1[x.right >>> 16 & 0xff])
+ ^ s2[x.right >>> 8 & 0xff])
+ + s3[x.right & 0xff] ^ p[1];
+ x.right ^= p[0];
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // symmetry
+ if (result)
+ result = testKat(TV_KEY, TV_CT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+
+ /** A simple wrapper for the P- and S-boxes. */
+ private class Context
+ implements Cloneable
+ {
+ /** The P-array. */
+ int[] p, s0, s1, s2, s3;
+
+ /** Default 0-arguments constructor. */
+ Context()
+ {
+ p = new int[18];
+ s0 = new int[256];
+ s1 = new int[256];
+ s2 = new int[256];
+ s3 = new int[256];
+ }
+
+ /**
+ * Private constructor for cloneing.
+ *
+ * @param that The instance being cloned.
+ */
+ private Context(Context that)
+ {
+ this.p = (int[]) that.p.clone();
+ this.s0 = (int[]) that.s0.clone();
+ this.s1 = (int[]) that.s1.clone();
+ this.s2 = (int[]) that.s2.clone();
+ this.s3 = (int[]) that.s3.clone();
+ }
+
+ public Object clone()
+ {
+ return new Context(this);
+ }
+ }
+
+ private class Block
+ {
+ int left, right;
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Cast5.java b/libjava/classpath/gnu/javax/crypto/cipher/Cast5.java
new file mode 100644
index 000000000..47b29226f
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Cast5.java
@@ -0,0 +1,987 @@
+/* Cast5.java --
+ Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+
+/**
+ * An implmenetation of the <code>CAST5</code> (a.k.a. CAST-128) algorithm,
+ * as per <i>RFC-2144</i>, dated May 1997.
+ * <p>
+ * In this RFC, <i>Carlisle Adams</i> (the CA in CAST, ST stands for
+ * <i>Stafford Tavares</i>) describes CAST5 as:
+ * <blockquote>
+ * "...a DES-like Substitution-Permutation Network (SPN) cryptosystem which
+ * appears to have good resistance to differential cryptanalysis, linear
+ * cryptanalysis, and related-key cryptanalysis. This cipher also possesses
+ * a number of other desirable cryptographic properties, including avalanche,
+ * Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no
+ * complementation property, and an absence of weak and semi-weak keys."
+ * </blockquote>
+ * <p>
+ * <code>CAST5</code> is a symmetric block cipher with a block-size of 8
+ * bytes and a variable key-size of up to 128 bits. Its authors, and their
+ * employer (Entrust Technologies, a Nortel majority-owned company), made it
+ * available worldwide on a royalty-free basis for commercial and non-commercial
+ * uses.
+ * <p>
+ * The <code>CAST5</code> encryption algorithm has been designed to allow a
+ * key size that can vary from <code>40</code> bits to <code>128</code> bits,
+ * in 8-bit increments (that is, the allowable key sizes are <code>40, 48, 56,
+ * 64, ..., 112, 120,</code> and <code>128</code> bits. For variable keysize
+ * operation, the specification is as follows:
+ * <ol>
+ * <li>For key sizes up to and including <code>80</code> bits (i.e.,
+ * <code>40, 48, 56, 64, 72,</code> and <code>80</code> bits), the algorithm
+ * is exactly as specified but uses <code>12</code> rounds instead of
+ * <code>16</code>;</li>
+ * <li>For key sizes greater than <code>80</code> bits, the algorithm uses
+ * the full <code>16</code> rounds;</li>
+ * <li>For key sizes less than <code>128</code> bits, the key is padded with
+ * zero bytes (in the rightmost, or least significant, positions) out to
+ * <code>128</code> bits (since the <code>CAST5</code> key schedule assumes
+ * an input key of <code>128</code> bits).</li>
+ * </ol>
+ * <p>
+ * References:
+ * <ol>
+ * <li><a href="http://www.ietf.org/rfc/rfc2144.txt">The CAST-128 Encryption
+ * Algorithm</a>.<br>
+ * <a href="mailto:cadams@entrust.com">Carlisle Adams</a>.</li>
+ * </ol>
+ */
+public class Cast5
+ extends BaseCipher
+{
+ private static final int DEFAULT_BLOCK_SIZE = 8; // in bytes
+ private static final int DEFAULT_KEY_SIZE = 5; // in bytes
+ /**
+ * KAT vector (from rfc-2144):
+ * 40-bit key = 01 23 45 67 12
+ * = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
+ * plaintext = 01 23 45 67 89 AB CD EF
+ * ciphertext = 7A C8 16 D1 6E 9B 30 2E
+ */
+ private static final byte[] KAT_KEY = Util.toBytesFromString("0123456712");
+ private static final byte[] KAT_PT = Util.toBytesFromString("0123456789ABCDEF");
+ private static final byte[] KAT_CT = Util.toBytesFromString("7AC816D16E9B302E");
+ /** caches the result of the correctness test, once executed. */
+ private static Boolean valid;
+ // CAST5 S-boxes
+ private static final int[] S1 = {
+ 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A, 0x1E213F2F, 0x9C004DD3,
+ 0x6003E540, 0xCF9FC949, 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
+ 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E, 0x28683B6F, 0xC07FD059,
+ 0xFF2379C8, 0x775F50E2, 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
+ 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F, 0x2ABE32E1, 0xAA54166B,
+ 0x22568E3A, 0xA2D341D0, 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
+ 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7, 0xB82CBAEF, 0xD751D159,
+ 0x6FF7F0ED, 0x5A097A1F, 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
+ 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D, 0xB7332290, 0xE93B159F,
+ 0xB48EE411, 0x4BFF345D, 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
+ 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50, 0x882240F2, 0x0C6E4F38,
+ 0xA4E4BFD7, 0x4F5BA272, 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
+ 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D, 0x57538AD5, 0x6A390493,
+ 0xE63D37E0, 0x2A54F6B3, 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
+ 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167, 0x38901091, 0xC6B505EB,
+ 0x84C7CB8C, 0x2AD75A0F, 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
+ 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9, 0x6C00B32D, 0x73E2BB14,
+ 0xA0BEBC3C, 0x54623779, 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
+ 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2, 0x81383F05, 0x6963C5C8,
+ 0x76CB5AD6, 0xD49974C9, 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
+ 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E, 0x31366241, 0x051EF495,
+ 0xAA573B04, 0x4A805D8D, 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
+ 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5, 0x6B54BFAB, 0x2B0B1426,
+ 0xAB4CC9D7, 0x449CCD82, 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
+ 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC, 0xEADF55B3, 0xD5BD9E98,
+ 0xE31231B2, 0x2AD5AD6C, 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
+ 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC, 0x7B5A41F0, 0xD37CFBAD,
+ 0x1B069505, 0x41ECE491, 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
+ 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE, 0xE01063DA, 0x4736F464,
+ 0x5AD328D8, 0xB347CC96, 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
+ 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A, 0x3F04442F, 0x6188B153,
+ 0xE0397A2E, 0x5727CB79, 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
+ 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779, 0x4744EAD4, 0xB11C3274,
+ 0xDD24CB9E, 0x7E1C54BD, 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
+ 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6, 0x580304F0, 0xCA042CF1,
+ 0x011A37EA, 0x8DBFAADB, 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
+ 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0, 0x7C63B2CF, 0x700B45E1,
+ 0xD5EA50F1, 0x85A92872, 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
+ 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C, 0x474D6AD7, 0x7C0C5E5C,
+ 0xD1231959, 0x381B7298, 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
+ 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571, 0x962BDA1C, 0xE1E696FF,
+ 0xB141AB08, 0x7CCA89B9, 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
+ 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF };
+ private static final int[] S2 = {
+ 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380, 0xFE61CF7A, 0xEEC5207A,
+ 0x55889C94, 0x72FC0651, 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
+ 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3, 0xA0B52F7B, 0x59E83605,
+ 0xEE15B094, 0xE9FFD909, 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
+ 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B, 0x01420DDB, 0xE4E7EF5B,
+ 0x25A1FF41, 0xE180F806, 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
+ 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B, 0xE113C85B, 0xACC40083,
+ 0xD7503525, 0xF7EA615F, 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
+ 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21, 0x071F6181, 0x39F7627F,
+ 0x361E3084, 0xE4EB573B, 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
+ 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C, 0x10843094, 0x2537A95E,
+ 0xF46F6FFE, 0xA1FF3B1F, 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
+ 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D, 0x8A45388C, 0x1D804366,
+ 0x721D9BFD, 0xA58684BB, 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
+ 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD, 0xC5D655DD, 0xEB667064,
+ 0x77840B4D, 0xA1B6A801, 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
+ 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755, 0xB5625DBF, 0x68561BE6,
+ 0x83CA6B94, 0x2D6ED23B, 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
+ 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304, 0x81ED6F61, 0x20E74364,
+ 0xB45E1378, 0xDE18639B, 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
+ 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C, 0x488CB402, 0x1BA4FE5B,
+ 0xA4B09F6B, 0x1CA815CF, 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
+ 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C, 0xEE41E729, 0x6E1D2D7C,
+ 0x50045286, 0x1E6685F3, 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
+ 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9, 0xCDFF33A6, 0xA02B1741,
+ 0x7CBAD9A2, 0x2180036F, 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
+ 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6, 0xCDF0B680, 0x17844D3B,
+ 0x31EEF84D, 0x7E0824E4, 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
+ 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43, 0xB3FAEC54, 0x157FD7FA,
+ 0xEF8579CC, 0xD152DE58, 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
+ 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906, 0xB8DA230C, 0x80823028,
+ 0xDCDEF3C8, 0xD35FB171, 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
+ 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89, 0x8B1C34BC, 0x301E16E6,
+ 0x273BE979, 0xB0FFEAA6, 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
+ 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4, 0xDC8637A0, 0x16A7D3B1,
+ 0x9FC393B7, 0xA7136EEB, 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
+ 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E, 0xDB92F2FB, 0x5EEA29CB,
+ 0x145892F5, 0x91584F7F, 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
+ 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249, 0xB284600C, 0xD835731D,
+ 0xDCB1C647, 0xAC4C56EA, 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
+ 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD, 0x649DA589, 0xA345415E,
+ 0x5C038323, 0x3E5D3BB9, 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
+ 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1 };
+ private static final int[] S3 = {
+ 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907, 0x47607FFF, 0x369FE44B,
+ 0x8C1FC644, 0xAECECA90, 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
+ 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5, 0x11107D9F, 0x07647DB9,
+ 0xB2E3E4D4, 0x3D4F285E, 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
+ 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC, 0x21FFFCEE, 0x825B1BFD,
+ 0x9255C5ED, 0x1257A240, 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
+ 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5, 0xA8C01DB7, 0x579FC264,
+ 0x67094F31, 0xF2BD3F5F, 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
+ 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99, 0xA197C81C, 0x4A012D6E,
+ 0xC5884A28, 0xCCC36F71, 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
+ 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04, 0xA747D2D0, 0x1651192E,
+ 0xAF70BF3E, 0x58C31380, 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
+ 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8, 0x8427F4A0, 0x1EAC5790,
+ 0x796FB449, 0x8252DC15, 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
+ 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2, 0x23EFE941, 0xA903F12E,
+ 0x60270DF2, 0x0276E4B6, 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
+ 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E, 0x842F7D83, 0x340CE5C8,
+ 0x96BBB682, 0x93B4B148, 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
+ 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC, 0x8B907CEE, 0xB51FD240,
+ 0xE7C07CE3, 0xE566B4A1, 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
+ 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C, 0xF76CEDD9, 0xBDA8229C,
+ 0x127DADAA, 0x438A074E, 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
+ 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51, 0x68CC7BFB, 0xD90F2788,
+ 0x12490181, 0x5DE5FFD4, 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
+ 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B, 0x6D498623, 0x193CBCFA,
+ 0x27627545, 0x825CF47A, 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
+ 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B, 0x285BA1C8, 0x3C62F44F,
+ 0x35C0EAA5, 0xE805D231, 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
+ 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889, 0x694BCC11, 0x236A5CAE,
+ 0x12DECA4D, 0x2C3F8CC5, 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
+ 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45, 0x3A609437, 0xEC00C9A9,
+ 0x44715253, 0x0A874B49, 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
+ 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D, 0x07478CD1, 0x006E1888,
+ 0xA2E53F55, 0xB9E6D4BC, 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
+ 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0, 0x947B0001, 0x570075D2,
+ 0xF9BB88F8, 0x8942019E, 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
+ 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767, 0xCF1FEBD2, 0x61EFC8C2,
+ 0xF1AC2571, 0xCC8239C2, 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
+ 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49, 0x5727C148, 0x2BE98A1D,
+ 0x8AB41738, 0x20E1BE24, 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
+ 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0, 0x642B1E31, 0x9C305A00,
+ 0x52BCE688, 0x1B03588A, 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
+ 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783 };
+ private static final int[] S4 = {
+ 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298, 0x4A4F7BDB, 0x64AD8C57,
+ 0x85510443, 0xFA020ED1, 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
+ 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF, 0x28147F5F, 0x4FA2B8CD,
+ 0xC9430040, 0x0CC32220, 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
+ 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE, 0x1A05645F, 0x0C13FEFE,
+ 0x081B08CA, 0x05170121, 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
+ 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25, 0xCE84FFDF, 0xF5718801,
+ 0x3DD64B04, 0xA26F263B, 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
+ 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93, 0xD3772061, 0x11B638E1,
+ 0x72500E03, 0xF80EB2BB, 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
+ 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5, 0x4D351805, 0x7F3D5CE3,
+ 0xA6C866C6, 0x5D5BCCA9, 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
+ 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB, 0x022083B8, 0x3FB6180C,
+ 0x18F8931E, 0x281658E6, 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
+ 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23, 0x69DEAD38, 0x1574CA16,
+ 0xDF871B62, 0x211C40B7, 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
+ 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340, 0x557BE8DE, 0x00EAE4A7,
+ 0x0CE5C2EC, 0x4DB4BBA6, 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
+ 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119, 0x6E85CB75, 0xBE07C002,
+ 0xC2325577, 0x893FF4EC, 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
+ 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205, 0xAAC9548A, 0xECA1D7C7,
+ 0x041AFA32, 0x1D16625A, 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
+ 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79, 0x026A4CEB, 0x52437EFF,
+ 0x2F8F76B4, 0x0DF980A5, 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
+ 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C, 0x1741A254, 0xE5B6A035,
+ 0x213D42F6, 0x2C1C7C26, 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
+ 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB, 0x63315C21, 0x5E0A72EC,
+ 0x49BAFEFD, 0x187908D9, 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
+ 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF, 0x71EAE2A1, 0x1F9AF36E,
+ 0xCFCBD12F, 0xC1DE8417, 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
+ 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2, 0x6F7DE532, 0x58FD7EB6,
+ 0xD01EE900, 0x24ADFFC2, 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
+ 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF, 0x29908415, 0x7FBB977F,
+ 0xAF9EB3DB, 0x29C9ED2A, 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
+ 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919, 0x77079103, 0xDEA03AF6,
+ 0x78A8565E, 0xDEE356DF, 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
+ 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF, 0xAFE67AFB, 0xF470C4B2,
+ 0xF3E0EB5B, 0xD6CC9876, 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
+ 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB, 0xB5676E69, 0x9BD3DDDA,
+ 0xDF7E052F, 0xDB25701C, 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
+ 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43, 0x41823979, 0x932BCDF6,
+ 0xB657C34D, 0x4EDFD282, 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
+ 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2 };
+ private static final int[] S5 = {
+ 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911, 0xB86A7FFF, 0x1DD358F5,
+ 0x44DD9D44, 0x1731167F, 0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
+ 0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A, 0xE6A2E77F, 0xF0C720CD,
+ 0xC4494816, 0xCCF5C180, 0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
+ 0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2, 0x4E40B48D, 0x248EB6FB,
+ 0x8DBA1CFE, 0x41A99B02, 0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
+ 0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A, 0xF2F3F763, 0x68AF8040,
+ 0xED0C9E56, 0x11B4958B, 0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
+ 0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571, 0x0C05372A, 0x578535F2,
+ 0x2261BE02, 0xD642A0C9, 0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
+ 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981, 0x5C1FF900, 0xFE38D399,
+ 0x0C4EFF0B, 0x062407EA, 0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
+ 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263, 0xDF65001F, 0x0EC50966,
+ 0xDFDD55BC, 0x29DE0655, 0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
+ 0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2, 0xBCF3F0AA, 0x87AC36E9,
+ 0xE53A7426, 0x01B3D82B, 0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
+ 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284, 0x636737B6, 0x50F5B616,
+ 0xF24766E3, 0x8ECA36C1, 0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
+ 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA, 0x26E46695, 0xB7566419,
+ 0xF654EFC5, 0xD08D58B7, 0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
+ 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE, 0xC62BF3CD, 0x9E0885F9,
+ 0x68CB3E47, 0x086C010F, 0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
+ 0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA, 0x0AB378D5, 0xD951FB0C,
+ 0xDED7DA56, 0x4124BBE4, 0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
+ 0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561, 0xC3DC0280, 0x05687715,
+ 0x646C6BD7, 0x44904DB3, 0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
+ 0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840, 0x76F0AE02, 0x083BE84D,
+ 0x28421C9A, 0x44489406, 0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
+ 0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472, 0x3CA5D717, 0x7D161BBA,
+ 0x9CAD9010, 0xAF462BA2, 0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
+ 0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7, 0x445F7382, 0x175683F4,
+ 0xCDC66A97, 0x70BE0288, 0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
+ 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2, 0x1C5C1572, 0xF6721B2C,
+ 0x1AD2FFF3, 0x8C25404E, 0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
+ 0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E, 0x44094F85, 0x3F481D87,
+ 0xFCFEAE7B, 0x77B5FF76, 0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
+ 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0, 0xDF3B0874, 0x95055110,
+ 0x1B5AD7A8, 0xF61ED5AD, 0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
+ 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0, 0x5CE96C28, 0xE176EDA3,
+ 0x6BAC307F, 0x376829D2, 0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
+ 0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE, 0xF9E0659A, 0xEEB9491D,
+ 0x34010718, 0xBB30CAB8, 0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
+ 0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4 };
+ private static final int[] S6 = {
+ 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C, 0x95DB08E7, 0x016843B4,
+ 0xECED5CBC, 0x325553AC, 0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
+ 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138, 0x33F14961, 0xC01937BD,
+ 0xF506C6DA, 0xE4625E7E, 0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
+ 0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866, 0xA084DB2D, 0x09A8486F,
+ 0xA888614A, 0x2900AF98, 0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
+ 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072, 0xFD41197E, 0x9305A6B0,
+ 0xE86BE3DA, 0x74BED3CD, 0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
+ 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53, 0x5C3D9C01, 0x64BDB941,
+ 0x2C0E636A, 0xBA7DD9CD, 0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
+ 0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8, 0x284CAF89, 0xAA928223,
+ 0x9334BE53, 0x3B3A21BF, 0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
+ 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807, 0x5B7C5ECC, 0x221DB3A6,
+ 0x9A69A02F, 0x68818A54, 0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
+ 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387, 0x53BDDB65, 0xE76FFBE7,
+ 0xE967FD78, 0x0BA93563, 0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
+ 0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0, 0xE81F994F, 0x9528CD89,
+ 0xFD339FED, 0xB87834BF, 0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
+ 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF, 0x4EC75B95, 0x24F2C3C0,
+ 0x42D15D99, 0xCD0D7FA0, 0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
+ 0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2, 0x372B74AF, 0x692573E4,
+ 0xE9A9D848, 0xF3160289, 0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
+ 0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950, 0x36F73523, 0x4CFB6E87,
+ 0x7DA4CEC0, 0x6C152DAA, 0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
+ 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9, 0x2B05D08D, 0x48B9D585,
+ 0xDC049441, 0xC8098F9B, 0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
+ 0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE, 0xBF32679D, 0xD45B5B75,
+ 0xB353FD00, 0xCBB0E358, 0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
+ 0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397, 0x47CF8E7A, 0xB6C85283,
+ 0x3CC2ACFB, 0x3FC06976, 0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
+ 0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0, 0x3007CD3E, 0x74719EEF,
+ 0xDC872681, 0x073340D4, 0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
+ 0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F, 0x6FE4AC98, 0xB173ECC0,
+ 0xBC60B42A, 0x953498DA, 0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
+ 0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC, 0xE8816F4A, 0x3814F200,
+ 0xA3F94043, 0x9C7A54C2, 0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
+ 0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB, 0xBA5AC7B5, 0xB6F6DEAF,
+ 0x3A479C3A, 0x5302DA25, 0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
+ 0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121, 0xB81A928A, 0x60ED5869,
+ 0x97C55B96, 0xEAEC991B, 0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
+ 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855, 0xD36B4CF1, 0xF544EDEB,
+ 0xB0E93524, 0xBEBB8FBD, 0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
+ 0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F };
+ private static final int[] S7 = {
+ 0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693, 0x2A8D7F6F, 0xAB9BC912,
+ 0xDE6008A1, 0x2028DA1F, 0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
+ 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE, 0xA05FBCF6, 0xCD4181E9,
+ 0xE150210C, 0xE24EF1BD, 0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
+ 0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F, 0x089766BE, 0xBAEEADF4,
+ 0x1286BECF, 0xB6EACB19, 0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
+ 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2, 0x107789BE, 0xB3B2E9CE,
+ 0x0502AA8F, 0x0BC0351E, 0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
+ 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83, 0x334266CE, 0x8C9341B7,
+ 0xD0D854C0, 0xCB3A6C88, 0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
+ 0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816, 0x0A961288, 0xE1A5C06E,
+ 0x13749E67, 0x72FC081A, 0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
+ 0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F, 0xBC8EC511, 0x38BC46E9,
+ 0xC6E6FA14, 0xBAE8584A, 0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
+ 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264, 0x92544A8B, 0x009B4FC3,
+ 0xABA68CED, 0x9AC96F78, 0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
+ 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D, 0xF7DEBB85, 0x61FE033C,
+ 0x16746233, 0x3C034C28, 0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
+ 0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3, 0x0C4FB99A, 0xBB325778,
+ 0x3EC6D97B, 0x6E77A6A9, 0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
+ 0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302, 0xB96D8C32, 0xEBD4E7BE,
+ 0xBE8B9D2D, 0x7979FB06, 0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
+ 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033, 0xF28EBFB0, 0xF5B9C310,
+ 0xA0EAC280, 0x08B9767A, 0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
+ 0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4, 0x826D2BEF, 0x4EEB8476,
+ 0x488DCF25, 0x36C9D566, 0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
+ 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509, 0xF22B017D, 0xA4173F70,
+ 0xDD1E16C3, 0x15E0D7F9, 0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
+ 0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C, 0x93D29A22, 0xE32DBF9A,
+ 0x058745B9, 0x3453DC1E, 0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
+ 0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C, 0x66626C1C, 0x7154C24C,
+ 0xEA082B2A, 0x93EB2939, 0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
+ 0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E, 0xD3A0C108, 0xA1E7160E,
+ 0xE4F2DFA6, 0x693ED285, 0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
+ 0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301, 0xC79F022F, 0x3C997E7E,
+ 0x5E4F9504, 0x3FFAFBBD, 0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
+ 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567, 0x5592A33D, 0xB5229301,
+ 0xCFD2A87F, 0x60AEB767, 0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
+ 0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647, 0x97FD61A9, 0xEA7759F4,
+ 0x2D57539D, 0x569A58CF, 0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
+ 0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2, 0x3FFA50BC, 0x3D40F021,
+ 0xC3C0BDAE, 0x4958C24C, 0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
+ 0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3 };
+ private static final int[] S8 = {
+ 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095, 0x7789F8B7, 0xE6C1121B,
+ 0x0E241600, 0x052CE8B5, 0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
+ 0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC, 0xDE9ADEB1, 0x0A0CC32C,
+ 0xBE197029, 0x84A00940, 0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
+ 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42, 0xC7ECE831, 0x3F8F95E7,
+ 0x72DF191B, 0x7580330D, 0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
+ 0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2, 0x12A8DDEC, 0xFDAA335D,
+ 0x176F43E8, 0x71FB46D4, 0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
+ 0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0, 0x4CFDE06F, 0xC28EC4B8,
+ 0x57E8726E, 0x647A78FC, 0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
+ 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C, 0xBBD35049, 0x2998DF04,
+ 0x980CF42A, 0x9B6DF491, 0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
+ 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B, 0x3CF1D2E2, 0x19B47A38,
+ 0x424F7618, 0x35856039, 0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
+ 0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8, 0x7170C608, 0x2D5E3354,
+ 0xD4DE495A, 0x64C6D006, 0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
+ 0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564, 0xF8D7E54E, 0x3E378160,
+ 0x7895CDA5, 0x859C15A5, 0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
+ 0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472, 0x835FFCB8, 0x6DF4C1F2,
+ 0x96F5B195, 0xFD0AF0FC, 0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
+ 0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8, 0xC4618187, 0xEA7A6E98,
+ 0x7CD16EFC, 0x1436876C, 0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
+ 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB, 0xA842EEDF, 0xFDBA60B4,
+ 0xF1907B75, 0x20E3030F, 0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
+ 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504, 0xF1E47D8D, 0x844A1BE5,
+ 0xBAE7DFDC, 0x42CBDA70, 0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
+ 0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC, 0x77853B53, 0x37EFFCB5,
+ 0xC5068778, 0xE580B3E6, 0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
+ 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD, 0xDD06CAA2, 0x37DF932B,
+ 0xC4248289, 0xACF3EBC3, 0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
+ 0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4, 0xE87B40E4, 0xE98EA084,
+ 0x5889E9E1, 0xEFD390FC, 0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
+ 0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA, 0x646F1282, 0x7523D24A,
+ 0xE0779695, 0xF9C17A8F, 0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
+ 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E, 0x11403092, 0x00DA6D77,
+ 0x4A0CDD61, 0xAD1F4603, 0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
+ 0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37, 0x2DE705CA, 0x8951570F,
+ 0xDF09822B, 0xBD691A6C, 0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
+ 0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384, 0x5938FA0F, 0x42399EF3,
+ 0x36997B07, 0x0E84093D, 0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
+ 0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347, 0x589E8D82, 0x0D2059D1,
+ 0xA466BB1E, 0xF8DA0A82, 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
+ 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E };
+ private static final int _12_ROUNDS = 12;
+ private static final int _16_ROUNDS = 16;
+
+ /** Trivial 0-arguments constructor. */
+ public Cast5()
+ {
+ super(Registry.CAST5_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ /**
+ * Assuming the input is a 32-bit block organised as: b31b30b29...b0, this
+ * method returns an array of 4 Java ints, containing from position 0 onward
+ * the values: {b31b30b29b28, b27b26b25b24, ... , b3b2b1b0}.
+ *
+ * @param x a 32-bit block.
+ * @return an array of 4 ints, each being the contents of an 8-bit block from
+ * the input.
+ */
+ private static final int[] unscramble(int x)
+ {
+ return new int[] { x >>> 24, (x >>> 16) & 0xFF, (x >>> 8) & 0xFF, x & 0xFF };
+ }
+
+ public Object clone()
+ {
+ Cast5 result = new Cast5();
+ result.currentBlockSize = this.currentBlockSize;
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ for (int n = 5; n < 17; n++)
+ al.add(Integer.valueOf(n));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Object makeKey(byte[] uk, int bs) throws InvalidKeyException
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ if (uk == null)
+ throw new InvalidKeyException("Empty key");
+ int len = uk.length;
+ if (len < 5 || len > 16)
+ throw new InvalidKeyException("Key size (in bytes) is not in the range [5..16]");
+ Cast5Key result = new Cast5Key();
+ result.rounds = (len < 11) ? _12_ROUNDS : _16_ROUNDS;
+ byte[] kk = new byte[16];
+ System.arraycopy(uk, 0, kk, 0, len);
+ int z0z1z2z3, z4z5z6z7, z8z9zAzB, zCzDzEzF;
+ int z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, zA, zB, zC, zD, zE, zF;
+ int x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xA, xB, xC, xD, xE, xF;
+ int[] b;
+ int x0x1x2x3 = kk[0 ] << 24
+ | (kk[1 ] & 0xFF) << 16
+ | (kk[2 ] & 0xFF) << 8
+ | (kk[3 ] & 0xFF);
+ int x4x5x6x7 = kk[4 ] << 24
+ | (kk[5 ] & 0xFF) << 16
+ | (kk[6 ] & 0xFF) << 8
+ | (kk[7 ] & 0xFF);
+ int x8x9xAxB = kk[8 ] << 24
+ | (kk[9 ] & 0xFF) << 16
+ | (kk[10] & 0xFF) << 8
+ | (kk[11] & 0xFF);
+ int xCxDxExF = kk[12] << 24
+ | (kk[13] & 0xFF) << 16
+ | (kk[14] & 0xFF) << 8
+ | (kk[15] & 0xFF);
+ b = unscramble(x0x1x2x3);
+ x0 = b[0];
+ x1 = b[1];
+ x2 = b[2];
+ x3 = b[3];
+ b = unscramble(x4x5x6x7);
+ x4 = b[0];
+ x5 = b[1];
+ x6 = b[2];
+ x7 = b[3];
+ b = unscramble(x8x9xAxB);
+ x8 = b[0];
+ x9 = b[1];
+ xA = b[2];
+ xB = b[3];
+ b = unscramble(xCxDxExF);
+ xC = b[0];
+ xD = b[1];
+ xE = b[2];
+ xF = b[3];
+ z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
+ b = unscramble(z0z1z2z3);
+ z0 = b[0];
+ z1 = b[1];
+ z2 = b[2];
+ z3 = b[3];
+ z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
+ b = unscramble(z4z5z6z7);
+ z4 = b[0];
+ z5 = b[1];
+ z6 = b[2];
+ z7 = b[3];
+ z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
+ b = unscramble(z8z9zAzB);
+ z8 = b[0];
+ z9 = b[1];
+ zA = b[2];
+ zB = b[3];
+ zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
+ b = unscramble(zCzDzEzF);
+ zC = b[0];
+ zD = b[1];
+ zE = b[2];
+ zF = b[3];
+ result.Km0 = S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2];
+ result.Km1 = S5[zA] ^ S6[zB] ^ S7[z5] ^ S8[z4] ^ S6[z6];
+ result.Km2 = S5[zC] ^ S6[zD] ^ S7[z3] ^ S8[z2] ^ S7[z9];
+ result.Km3 = S5[zE] ^ S6[zF] ^ S7[z1] ^ S8[z0] ^ S8[zC];
+ x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
+ b = unscramble(x0x1x2x3);
+ x0 = b[0];
+ x1 = b[1];
+ x2 = b[2];
+ x3 = b[3];
+ x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
+ b = unscramble(x4x5x6x7);
+ x4 = b[0];
+ x5 = b[1];
+ x6 = b[2];
+ x7 = b[3];
+ x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
+ b = unscramble(x8x9xAxB);
+ x8 = b[0];
+ x9 = b[1];
+ xA = b[2];
+ xB = b[3];
+ xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
+ b = unscramble(xCxDxExF);
+ xC = b[0];
+ xD = b[1];
+ xE = b[2];
+ xF = b[3];
+ result.Km4 = S5[x3] ^ S6[x2] ^ S7[xC] ^ S8[xD] ^ S5[x8];
+ result.Km5 = S5[x1] ^ S6[x0] ^ S7[xE] ^ S8[xF] ^ S6[xD];
+ result.Km6 = S5[x7] ^ S6[x6] ^ S7[x8] ^ S8[x9] ^ S7[x3];
+ result.Km7 = S5[x5] ^ S6[x4] ^ S7[xA] ^ S8[xB] ^ S8[x7];
+ z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
+ b = unscramble(z0z1z2z3);
+ z0 = b[0];
+ z1 = b[1];
+ z2 = b[2];
+ z3 = b[3];
+ z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
+ b = unscramble(z4z5z6z7);
+ z4 = b[0];
+ z5 = b[1];
+ z6 = b[2];
+ z7 = b[3];
+ z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
+ b = unscramble(z8z9zAzB);
+ z8 = b[0];
+ z9 = b[1];
+ zA = b[2];
+ zB = b[3];
+ zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
+ b = unscramble(zCzDzEzF);
+ zC = b[0];
+ zD = b[1];
+ zE = b[2];
+ zF = b[3];
+ result.Km8 = S5[z3] ^ S6[z2] ^ S7[zC] ^ S8[zD] ^ S5[z9];
+ result.Km9 = S5[z1] ^ S6[z0] ^ S7[zE] ^ S8[zF] ^ S6[zC];
+ result.Km10 = S5[z7] ^ S6[z6] ^ S7[z8] ^ S8[z9] ^ S7[z2];
+ result.Km11 = S5[z5] ^ S6[z4] ^ S7[zA] ^ S8[zB] ^ S8[z6];
+ x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
+ b = unscramble(x0x1x2x3);
+ x0 = b[0];
+ x1 = b[1];
+ x2 = b[2];
+ x3 = b[3];
+ x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
+ b = unscramble(x4x5x6x7);
+ x4 = b[0];
+ x5 = b[1];
+ x6 = b[2];
+ x7 = b[3];
+ x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
+ b = unscramble(x8x9xAxB);
+ x8 = b[0];
+ x9 = b[1];
+ xA = b[2];
+ xB = b[3];
+ xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
+ b = unscramble(xCxDxExF);
+ xC = b[0];
+ xD = b[1];
+ xE = b[2];
+ xF = b[3];
+ result.Km12 = S5[x8] ^ S6[x9] ^ S7[x7] ^ S8[x6] ^ S5[x3];
+ result.Km13 = S5[xA] ^ S6[xB] ^ S7[x5] ^ S8[x4] ^ S6[x7];
+ result.Km14 = S5[xC] ^ S6[xD] ^ S7[x3] ^ S8[x2] ^ S7[x8];
+ result.Km15 = S5[xE] ^ S6[xF] ^ S7[x1] ^ S8[x0] ^ S8[xD];
+ // The remaining half is identical to what is given above, carrying on
+ // from the last created x0..xF to generate keys K17 - K32. These keys
+ // will be used as the 'rotation' keys and as such only the five least
+ // significant bits are to be considered.
+ z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
+ b = unscramble(z0z1z2z3);
+ z0 = b[0];
+ z1 = b[1];
+ z2 = b[2];
+ z3 = b[3];
+ z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
+ b = unscramble(z4z5z6z7);
+ z4 = b[0];
+ z5 = b[1];
+ z6 = b[2];
+ z7 = b[3];
+ z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
+ b = unscramble(z8z9zAzB);
+ z8 = b[0];
+ z9 = b[1];
+ zA = b[2];
+ zB = b[3];
+ zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
+ b = unscramble(zCzDzEzF);
+ zC = b[0];
+ zD = b[1];
+ zE = b[2];
+ zF = b[3];
+ result.Kr0 = (S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]) & 0x1F;
+ result.Kr1 = (S5[zA] ^ S6[zB] ^ S7[z5] ^ S8[z4] ^ S6[z6]) & 0x1F;
+ result.Kr2 = (S5[zC] ^ S6[zD] ^ S7[z3] ^ S8[z2] ^ S7[z9]) & 0x1F;
+ result.Kr3 = (S5[zE] ^ S6[zF] ^ S7[z1] ^ S8[z0] ^ S8[zC]) & 0x1F;
+ x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
+ b = unscramble(x0x1x2x3);
+ x0 = b[0];
+ x1 = b[1];
+ x2 = b[2];
+ x3 = b[3];
+ x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
+ b = unscramble(x4x5x6x7);
+ x4 = b[0];
+ x5 = b[1];
+ x6 = b[2];
+ x7 = b[3];
+ x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
+ b = unscramble(x8x9xAxB);
+ x8 = b[0];
+ x9 = b[1];
+ xA = b[2];
+ xB = b[3];
+ xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
+ b = unscramble(xCxDxExF);
+ xC = b[0];
+ xD = b[1];
+ xE = b[2];
+ xF = b[3];
+ result.Kr4 = (S5[x3] ^ S6[x2] ^ S7[xC] ^ S8[xD] ^ S5[x8]) & 0x1F;
+ result.Kr5 = (S5[x1] ^ S6[x0] ^ S7[xE] ^ S8[xF] ^ S6[xD]) & 0x1F;
+ result.Kr6 = (S5[x7] ^ S6[x6] ^ S7[x8] ^ S8[x9] ^ S7[x3]) & 0x1F;
+ result.Kr7 = (S5[x5] ^ S6[x4] ^ S7[xA] ^ S8[xB] ^ S8[x7]) & 0x1F;
+ z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
+ b = unscramble(z0z1z2z3);
+ z0 = b[0];
+ z1 = b[1];
+ z2 = b[2];
+ z3 = b[3];
+ z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
+ b = unscramble(z4z5z6z7);
+ z4 = b[0];
+ z5 = b[1];
+ z6 = b[2];
+ z7 = b[3];
+ z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
+ b = unscramble(z8z9zAzB);
+ z8 = b[0];
+ z9 = b[1];
+ zA = b[2];
+ zB = b[3];
+ zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
+ b = unscramble(zCzDzEzF);
+ zC = b[0];
+ zD = b[1];
+ zE = b[2];
+ zF = b[3];
+ result.Kr8 = (S5[z3] ^ S6[z2] ^ S7[zC] ^ S8[zD] ^ S5[z9]) & 0x1F;
+ result.Kr9 = (S5[z1] ^ S6[z0] ^ S7[zE] ^ S8[zF] ^ S6[zC]) & 0x1F;
+ result.Kr10 = (S5[z7] ^ S6[z6] ^ S7[z8] ^ S8[z9] ^ S7[z2]) & 0x1F;
+ result.Kr11 = (S5[z5] ^ S6[z4] ^ S7[zA] ^ S8[zB] ^ S8[z6]) & 0x1F;
+ x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
+ b = unscramble(x0x1x2x3);
+ x0 = b[0];
+ x1 = b[1];
+ x2 = b[2];
+ x3 = b[3];
+ x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
+ b = unscramble(x4x5x6x7);
+ x4 = b[0];
+ x5 = b[1];
+ x6 = b[2];
+ x7 = b[3];
+ x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
+ b = unscramble(x8x9xAxB);
+ x8 = b[0];
+ x9 = b[1];
+ xA = b[2];
+ xB = b[3];
+ xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
+ b = unscramble(xCxDxExF);
+ xC = b[0];
+ xD = b[1];
+ xE = b[2];
+ xF = b[3];
+ result.Kr12 = (S5[x8] ^ S6[x9] ^ S7[x7] ^ S8[x6] ^ S5[x3]) & 0x1F;
+ result.Kr13 = (S5[xA] ^ S6[xB] ^ S7[x5] ^ S8[x4] ^ S6[x7]) & 0x1F;
+ result.Kr14 = (S5[xC] ^ S6[xD] ^ S7[x3] ^ S8[x2] ^ S7[x8]) & 0x1F;
+ result.Kr15 = (S5[xE] ^ S6[xF] ^ S7[x1] ^ S8[x0] ^ S8[xD]) & 0x1F;
+ return result;
+ }
+
+ /**
+ * The full encryption algorithm is given in the following four steps.
+ * <pre>
+ * INPUT: plaintext m1...m64; key K = k1...k128.
+ * OUTPUT: ciphertext c1...c64.
+ * </pre>
+ * <ol>
+ * <li>(key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from a user
+ * key (see makeKey() method).</li>
+ * <li>(L0,R0) <-- (m1...m64). (Split the plaintext into left and right
+ * 32-bit halves L0 = m1...m32 and R0 = m33...m64.).</li>
+ * <li>(16 rounds) for i from 1 to 16, compute Li and Ri as follows:
+ * <ul>
+ * <li>Li = Ri-1;</li>
+ * <li>Ri = Li-1 ^ F(Ri-1,Kmi,Kri), where F is defined in method F() --
+ * f is of Type 1, Type 2, or Type 3, depending on i, and ^ being the
+ * bitwise XOR function.</li>
+ * </ul>
+ * <li>c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and
+ * concatenate to form the ciphertext.)</li>
+ * </ol>
+ * <p>
+ * Decryption is identical to the encryption algorithm given above, except
+ * that the rounds (and therefore the subkey pairs) are used in reverse order
+ * to compute (L0,R0) from (R16,L16).
+ * <p>
+ * Looking at the iterations/rounds in pairs we have:
+ * <pre>
+ * (1a) Li = Ri-1;
+ * (1b) Ri = Li-1 ^ Fi(Ri-1);
+ * (2a) Li+1 = Ri;
+ * (2b) Ri+1 = Li ^ Fi+1(Ri);
+ * </pre>
+ * which by substituting (2a) in (2b) becomes
+ * <pre>
+ * (2c) Ri+1 = Li ^ Fi+1(Li+1);
+ * </pre>
+ * by substituting (1b) in (2a) and (1a) in (2c), we get:
+ * <pre>
+ * (3a) Li+1 = Li-1 ^ Fi(Ri-1);
+ * (3b) Ri+1 = Ri-1 ^ Fi+1(Li+1);
+ * </pre>
+ * Using only one couple of variables L and R, initialised to L0 and R0
+ * respectively, the assignments for each pair of rounds become:
+ * <pre>
+ * (4a) L ^= Fi(R);
+ * (4b) R ^= Fi+1(L);
+ * </pre>
+ *
+ * @param in contains the plain-text 64-bit block.
+ * @param i start index within input where data is considered.
+ * @param out will contain the cipher-text block.
+ * @param j index in out where cipher-text starts.
+ * @param k the session key object.
+ * @param bs the desired block size.
+ */
+ public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ Cast5Key K = (Cast5Key) k;
+ int L = (in[i++] & 0xFF) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | in[i++] & 0xFF;
+ int R = (in[i++] & 0xFF) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | in[i ] & 0xFF;
+ L ^= f1(R, K.Km0, K.Kr0);
+ R ^= f2(L, K.Km1, K.Kr1); // round 2
+ L ^= f3(R, K.Km2, K.Kr2);
+ R ^= f1(L, K.Km3, K.Kr3); // round 4
+ L ^= f2(R, K.Km4, K.Kr4);
+ R ^= f3(L, K.Km5, K.Kr5); // round 6
+ L ^= f1(R, K.Km6, K.Kr6);
+ R ^= f2(L, K.Km7, K.Kr7); // round 8
+ L ^= f3(R, K.Km8, K.Kr8);
+ R ^= f1(L, K.Km9, K.Kr9); // round 10
+ L ^= f2(R, K.Km10, K.Kr10);
+ R ^= f3(L, K.Km11, K.Kr11); // round 12
+ if (K.rounds == _16_ROUNDS)
+ {
+ L ^= f1(R, K.Km12, K.Kr12);
+ R ^= f2(L, K.Km13, K.Kr13); // round 14
+ L ^= f3(R, K.Km14, K.Kr14);
+ R ^= f1(L, K.Km15, K.Kr15); // round 16
+ }
+ out[j++] = (byte)(R >>> 24);
+ out[j++] = (byte)(R >>> 16);
+ out[j++] = (byte)(R >>> 8);
+ out[j++] = (byte) R;
+ out[j++] = (byte)(L >>> 24);
+ out[j++] = (byte)(L >>> 16);
+ out[j++] = (byte)(L >>> 8);
+ out[j ] = (byte) L;
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ Cast5Key K = (Cast5Key) k;
+ int L = (in[i++] & 0xFF) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | in[i++] & 0xFF;
+ int R = (in[i++] & 0xFF) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | in[i ] & 0xFF;
+ if (K.rounds == _16_ROUNDS)
+ {
+ L ^= f1(R, K.Km15, K.Kr15);
+ R ^= f3(L, K.Km14, K.Kr14);
+ L ^= f2(R, K.Km13, K.Kr13);
+ R ^= f1(L, K.Km12, K.Kr12);
+ }
+ L ^= f3(R, K.Km11, K.Kr11);
+ R ^= f2(L, K.Km10, K.Kr10);
+ L ^= f1(R, K.Km9, K.Kr9);
+ R ^= f3(L, K.Km8, K.Kr8);
+ L ^= f2(R, K.Km7, K.Kr7);
+ R ^= f1(L, K.Km6, K.Kr6);
+ L ^= f3(R, K.Km5, K.Kr5);
+ R ^= f2(L, K.Km4, K.Kr4);
+ L ^= f1(R, K.Km3, K.Kr3);
+ R ^= f3(L, K.Km2, K.Kr2);
+ L ^= f2(R, K.Km1, K.Kr1);
+ R ^= f1(L, K.Km0, K.Kr0);
+ out[j++] = (byte)(R >>> 24);
+ out[j++] = (byte)(R >>> 16);
+ out[j++] = (byte)(R >>> 8);
+ out[j++] = (byte) R;
+ out[j++] = (byte)(L >>> 24);
+ out[j++] = (byte)(L >>> 16);
+ out[j++] = (byte)(L >>> 8);
+ out[j ] = (byte) L;
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // do symmetry tests
+ if (result)
+ result = testKat(KAT_KEY, KAT_CT, KAT_PT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+
+ private final int f1(int I, int m, int r)
+ {
+ I = m + I;
+ I = I << r | I >>> (32 - r);
+ return (((S1[(I >>> 24) & 0xFF])
+ ^ S2[(I >>> 16) & 0xFF])
+ - S3[(I >>> 8) & 0xFF])
+ + S4[ I & 0xFF];
+ }
+
+ private final int f2(int I, int m, int r)
+ {
+ I = m ^ I;
+ I = I << r | I >>> (32 - r);
+ return (((S1[(I >>> 24) & 0xFF])
+ - S2[(I >>> 16) & 0xFF])
+ + S3[(I >>> 8) & 0xFF])
+ ^ S4[ I & 0xFF];
+ }
+
+ private final int f3(int I, int m, int r)
+ {
+ I = m - I;
+ I = I << r | I >>> (32 - r);
+ return (((S1[(I >>> 24) & 0xFF])
+ + S2[(I >>> 16) & 0xFF])
+ ^ S3[(I >>> 8) & 0xFF])
+ - S4[ I & 0xFF];
+ }
+
+ /** An opaque CAST5 key object. */
+ private class Cast5Key
+ {
+ int rounds;
+ /** Masking session keys. */
+ int Km0, Km1, Km2, Km3, Km4, Km5, Km6, Km7,
+ Km8, Km9, Km10, Km11, Km12, Km13, Km14, Km15;
+ /** Rotation session keys. */
+ int Kr0, Kr1, Kr2, Kr3, Kr4, Kr5, Kr6, Kr7,
+ Kr8, Kr9, Kr10, Kr11, Kr12, Kr13, Kr14, Kr15;
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java b/libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java
new file mode 100644
index 000000000..fc9023626
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/CipherFactory.java
@@ -0,0 +1,129 @@
+/* CipherFactory.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * A <i>Factory</i> to instantiate symmetric block cipher instances.
+ */
+public class CipherFactory
+ implements Registry
+{
+ /** Trivial constructor to enforce Singleton pattern. */
+ private CipherFactory()
+ {
+ super();
+ }
+
+ /**
+ * Returns an instance of a block cipher given its name.
+ *
+ * @param name the case-insensitive name of the symmetric-key block cipher
+ * algorithm.
+ * @return an instance of the designated cipher algorithm, or
+ * <code>null</code> if none is found.
+ * @exception InternalError if the implementation does not pass its self-test.
+ */
+ public static final IBlockCipher getInstance(String name)
+ {
+ if (name == null)
+ return null;
+ name = name.trim();
+ IBlockCipher result = null;
+ if (name.equalsIgnoreCase(ANUBIS_CIPHER))
+ result = new Anubis();
+ else if (name.equalsIgnoreCase(BLOWFISH_CIPHER))
+ result = new Blowfish();
+ else if (name.equalsIgnoreCase(DES_CIPHER))
+ result = new DES();
+ else if (name.equalsIgnoreCase(KHAZAD_CIPHER))
+ result = new Khazad();
+ else if (name.equalsIgnoreCase(RIJNDAEL_CIPHER)
+ || name.equalsIgnoreCase(AES_CIPHER))
+ result = new Rijndael();
+ else if (name.equalsIgnoreCase(SERPENT_CIPHER))
+ result = new Serpent();
+ else if (name.equalsIgnoreCase(SQUARE_CIPHER))
+ result = new Square();
+ else if (name.equalsIgnoreCase(TRIPLEDES_CIPHER)
+ || name.equalsIgnoreCase(DESEDE_CIPHER))
+ result = new TripleDES();
+ else if (name.equalsIgnoreCase(TWOFISH_CIPHER))
+ result = new Twofish();
+ else if (name.equalsIgnoreCase(CAST5_CIPHER)
+ || (name.equalsIgnoreCase(CAST128_CIPHER)
+ || (name.equalsIgnoreCase(CAST_128_CIPHER))))
+ result = new Cast5();
+ else if (name.equalsIgnoreCase(NULL_CIPHER))
+ result = new NullCipher();
+
+ if (result != null && ! result.selfTest())
+ throw new InternalError(result.name());
+
+ return result;
+ }
+
+ /**
+ * Returns a {@link Set} of symmetric key block cipher implementation names
+ * supported by this <i>Factory</i>.
+ *
+ * @return a {@link Set} of block cipher names (Strings).
+ */
+ public static final Set getNames()
+ {
+ HashSet hs = new HashSet();
+ hs.add(ANUBIS_CIPHER);
+ hs.add(BLOWFISH_CIPHER);
+ hs.add(DES_CIPHER);
+ hs.add(KHAZAD_CIPHER);
+ hs.add(RIJNDAEL_CIPHER);
+ hs.add(SERPENT_CIPHER);
+ hs.add(SQUARE_CIPHER);
+ hs.add(TRIPLEDES_CIPHER);
+ hs.add(TWOFISH_CIPHER);
+ hs.add(CAST5_CIPHER);
+ hs.add(NULL_CIPHER);
+ return Collections.unmodifiableSet(hs);
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/DES.java b/libjava/classpath/gnu/javax/crypto/cipher/DES.java
new file mode 100644
index 000000000..ce538b75a
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/DES.java
@@ -0,0 +1,652 @@
+/* DES.java --
+ Copyright (C) 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+import gnu.java.security.Properties;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Iterator;
+
+/**
+ * The Data Encryption Standard. DES is a 64-bit block cipher with a 56-bit
+ * key, developed by IBM in the 1970's for the standardization process begun by
+ * the National Bureau of Standards (now NIST).
+ * <p>
+ * New applications should not use DES except for compatibility.
+ * <p>
+ * This version is based upon the description and sample implementation in
+ * [1].
+ * <p>
+ * References:
+ * <ol>
+ * <li>Bruce Schneier, <i>Applied Cryptography: Protocols, Algorithms, and
+ * Source Code in C, Second Edition</i>. (1996 John Wiley and Sons) ISBN
+ * 0-471-11709-9. Pages 265--301, 623--632.</li>
+ * </ol>
+ */
+public class DES
+ extends BaseCipher
+{
+ /** DES operates on 64 bit blocks. */
+ public static final int BLOCK_SIZE = 8;
+ /** DES uses 56 bits of a 64 bit parity-adjusted key. */
+ public static final int KEY_SIZE = 8;
+ // S-Boxes 1 through 8.
+ private static final int[] SP1 = new int[] {
+ 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
+ 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
+ 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
+ 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+ 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
+ 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
+ 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
+ 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+ 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
+ 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
+ 0x00010004, 0x00010400, 0x00000000, 0x01010004 };
+ private static final int[] SP2 = new int[] {
+ 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
+ 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
+ 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
+ 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+ 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
+ 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
+ 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
+ 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+ 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
+ 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
+ 0x80000000, 0x80100020, 0x80108020, 0x00108000 };
+ private static final int[] SP3 = new int[] {
+ 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
+ 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
+ 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
+ 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+ 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
+ 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
+ 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
+ 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+ 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
+ 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
+ 0x00020208, 0x00000008, 0x08020008, 0x00020200 };
+ private static final int[] SP4 = new int[] {
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
+ 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
+ 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+ 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
+ 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
+ 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
+ 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
+ 0x00000080, 0x00800000, 0x00002000, 0x00802080 };
+ private static final int[] SP5 = new int[] {
+ 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
+ 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
+ 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
+ 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+ 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
+ 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
+ 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
+ 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+ 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
+ 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
+ 0x00000000, 0x40080000, 0x02080100, 0x40000100 };
+ private static final int[] SP6 = new int[] {
+ 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
+ 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
+ 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
+ 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+ 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
+ 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
+ 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
+ 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+ 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
+ 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
+ 0x20404000, 0x20000000, 0x00400010, 0x20004010 };
+ private static final int[] SP7 = new int[] {
+ 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
+ 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
+ 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
+ 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+ 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
+ 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
+ 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
+ 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+ 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
+ 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
+ 0x04000002, 0x04000800, 0x00000800, 0x00200002 };
+ private static final int[] SP8 = new int[] {
+ 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
+ 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
+ 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
+ 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+ 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
+ 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
+ 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
+ 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+ 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
+ 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
+ 0x00001040, 0x00040040, 0x10000000, 0x10041000 };
+ /**
+ * Constants that help in determining whether or not a byte array is parity
+ * adjusted.
+ */
+ private static final byte[] PARITY = {
+ 8, 1, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 2, 8,
+ 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 3,
+ 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0,
+ 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8,
+ 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0,
+ 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8,
+ 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8,
+ 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0,
+ 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0,
+ 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8,
+ 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8,
+ 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0,
+ 8, 0, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 0, 8,
+ 0, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0,
+ 4, 8, 8, 0, 8, 0, 0, 8, 8, 0, 0, 8, 0, 8, 8, 0,
+ 8, 5, 0, 8, 0, 8, 8, 0, 0, 8, 8, 0, 8, 0, 6, 8 };
+ // Key schedule constants.
+ private static final byte[] ROTARS = {
+ 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 };
+ private static final byte[] PC1 = {
+ 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1,
+ 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38,
+ 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36,
+ 28, 20, 12, 4, 27, 19, 11, 3 };
+ private static final byte[] PC2 = {
+ 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3,
+ 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39,
+ 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
+ /**
+ * Weak keys (parity adjusted): If all the bits in each half are either 0
+ * or 1, then the key used for any cycle of the algorithm is the same as
+ * all other cycles.
+ */
+ public static final byte[][] WEAK_KEYS = {
+ Util.toBytesFromString("0101010101010101"),
+ Util.toBytesFromString("01010101FEFEFEFE"),
+ Util.toBytesFromString("FEFEFEFE01010101"),
+ Util.toBytesFromString("FEFEFEFEFEFEFEFE") };
+ /**
+ * Semi-weak keys (parity adjusted): Some pairs of keys encrypt plain text
+ * to identical cipher text. In other words, one key in the pair can decrypt
+ * messages that were encrypted with the other key. These keys are called
+ * semi-weak keys. This occurs because instead of 16 different sub-keys being
+ * generated, these semi-weak keys produce only two different sub-keys.
+ */
+ public static final byte[][] SEMIWEAK_KEYS = {
+ Util.toBytesFromString("01FE01FE01FE01FE"),
+ Util.toBytesFromString("FE01FE01FE01FE01"),
+ Util.toBytesFromString("1FE01FE00EF10EF1"),
+ Util.toBytesFromString("E01FE01FF10EF10E"),
+ Util.toBytesFromString("01E001E001F101F1"),
+ Util.toBytesFromString("E001E001F101F101"),
+ Util.toBytesFromString("1FFE1FFE0EFE0EFE"),
+ Util.toBytesFromString("FE1FFE1FFE0EFE0E"),
+ Util.toBytesFromString("011F011F010E010E"),
+ Util.toBytesFromString("1F011F010E010E01"),
+ Util.toBytesFromString("E0FEE0FEF1FEF1FE"),
+ Util.toBytesFromString("FEE0FEE0FEF1FEF1") };
+ /** Possible weak keys (parity adjusted) --produce 4 instead of 16 subkeys. */
+ public static final byte[][] POSSIBLE_WEAK_KEYS = {
+ Util.toBytesFromString("1F1F01010E0E0101"),
+ Util.toBytesFromString("011F1F01010E0E01"),
+ Util.toBytesFromString("1F01011F0E01010E"),
+ Util.toBytesFromString("01011F1F01010E0E"),
+ Util.toBytesFromString("E0E00101F1F10101"),
+ Util.toBytesFromString("FEFE0101FEFE0101"),
+ Util.toBytesFromString("FEE01F01FEF10E01"),
+ Util.toBytesFromString("E0FE1F01F1FE0E01"),
+ Util.toBytesFromString("FEE0011FFEF1010E"),
+ Util.toBytesFromString("E0FE011FF1FE010E"),
+ Util.toBytesFromString("E0E01F1FF1F10E0E"),
+ Util.toBytesFromString("FEFE1F1FFEFE0E0E"),
+ Util.toBytesFromString("1F1F01010E0E0101"),
+ Util.toBytesFromString("011F1F01010E0E01"),
+ Util.toBytesFromString("1F01011F0E01010E"),
+ Util.toBytesFromString("01011F1F01010E0E"),
+ Util.toBytesFromString("01E0E00101F1F101"),
+ Util.toBytesFromString("1FFEE0010EFEF001"),
+ Util.toBytesFromString("1FE0FE010EF1FE01"),
+ Util.toBytesFromString("01FEFE0101FEFE01"),
+ Util.toBytesFromString("1FE0E01F0EF1F10E"),
+ Util.toBytesFromString("01FEE01F01FEF10E"),
+ Util.toBytesFromString("01E0FE1F01F1FE0E"),
+ Util.toBytesFromString("1FFEFE1F0EFEFE0E"),
+
+ Util.toBytesFromString("E00101E0F10101F1"),
+ Util.toBytesFromString("FE1F01E0FE0E0EF1"),
+ Util.toBytesFromString("FE011FE0FE010EF1"),
+ Util.toBytesFromString("E01F1FE0F10E0EF1"),
+ Util.toBytesFromString("FE0101FEFE0101FE"),
+ Util.toBytesFromString("E01F01FEF10E01FE"),
+ Util.toBytesFromString("E0011FFEF1010EFE"),
+ Util.toBytesFromString("FE1F1FFEFE0E0EFE"),
+ Util.toBytesFromString("1FFE01E00EFE01F1"),
+ Util.toBytesFromString("01FE1FE001FE0EF1"),
+ Util.toBytesFromString("1FE001FE0EF101FE"),
+ Util.toBytesFromString("01E01FFE01F10EFE"),
+ Util.toBytesFromString("0101E0E00101F1F1"),
+ Util.toBytesFromString("1F1FE0E00E0EF1F1"),
+ Util.toBytesFromString("1F01FEE00E01FEF1"),
+ Util.toBytesFromString("011FFEE0010EFEF1"),
+ Util.toBytesFromString("1F01E0FE0E01F1FE"),
+ Util.toBytesFromString("011FE0FE010EF1FE"),
+ Util.toBytesFromString("0101FEFE0001FEFE"),
+ Util.toBytesFromString("1F1FFEFE0E0EFEFE"),
+ Util.toBytesFromString("FEFEE0E0FEFEF1F1"),
+ Util.toBytesFromString("E0FEFEE0F1FEFEF1"),
+ Util.toBytesFromString("FEE0E0FEFEF1F1FE"),
+ Util.toBytesFromString("E0E0FEFEF1F1FEFE") };
+
+ /** Default 0-argument constructor. */
+ public DES()
+ {
+ super(Registry.DES_CIPHER, BLOCK_SIZE, KEY_SIZE);
+ }
+
+ /**
+ * Adjust the parity for a raw key array. This essentially means that each
+ * byte in the array will have an odd number of '1' bits (the last bit in
+ * each byte is unused.
+ *
+ * @param kb The key array, to be parity-adjusted.
+ * @param offset The starting index into the key bytes.
+ */
+ public static void adjustParity(byte[] kb, int offset)
+ {
+ for (int i = offset; i < offset + KEY_SIZE; i++)
+ kb[i] ^= (PARITY[kb[i] & 0xff] == 8) ? 1 : 0;
+ }
+
+ /**
+ * Test if a byte array, which must be at least 8 bytes long, is parity
+ * adjusted.
+ *
+ * @param kb The key bytes.
+ * @param offset The starting index into the key bytes.
+ * @return <code>true</code> if the first 8 bytes of <i>kb</i> have been
+ * parity adjusted. <code>false</code> otherwise.
+ */
+ public static boolean isParityAdjusted(byte[] kb, int offset)
+ {
+ int w = 0x88888888;
+ int n = PARITY[kb[offset + 0] & 0xff];
+ n <<= 4;
+ n |= PARITY[kb[offset + 1] & 0xff];
+ n <<= 4;
+ n |= PARITY[kb[offset + 2] & 0xff];
+ n <<= 4;
+ n |= PARITY[kb[offset + 3] & 0xff];
+ n <<= 4;
+ n |= PARITY[kb[offset + 4] & 0xff];
+ n <<= 4;
+ n |= PARITY[kb[offset + 5] & 0xff];
+ n <<= 4;
+ n |= PARITY[kb[offset + 6] & 0xff];
+ n <<= 4;
+ n |= PARITY[kb[offset + 7] & 0xff];
+ return (n & w) == 0;
+ }
+
+ /**
+ * Test if a key is a weak key.
+ *
+ * @param kb The key to test.
+ * @return <code>true</code> if the key is weak.
+ */
+ public static boolean isWeak(byte[] kb)
+ {
+ for (int i = 0; i < WEAK_KEYS.length; i++)
+ if (Arrays.equals(WEAK_KEYS[i], kb))
+ return true;
+ return false;
+ }
+
+ /**
+ * Test if a key is a semi-weak key.
+ *
+ * @param kb The key to test.
+ * @return <code>true</code> if this key is semi-weak.
+ */
+ public static boolean isSemiWeak(byte[] kb)
+ {
+ for (int i = 0; i < SEMIWEAK_KEYS.length; i++)
+ if (Arrays.equals(SEMIWEAK_KEYS[i], kb))
+ return true;
+ return false;
+ }
+
+ /**
+ * Test if the designated byte array represents a possibly weak key.
+ *
+ * @param kb the byte array to test.
+ * @return <code>true</code> if <code>kb</code>represents a possibly weak key.
+ * Returns <code>false</code> otherwise.
+ */
+ public static boolean isPossibleWeak(byte[] kb)
+ {
+ for (int i = 0; i < POSSIBLE_WEAK_KEYS.length; i++)
+ if (Arrays.equals(POSSIBLE_WEAK_KEYS[i], kb))
+ return true;
+ return false;
+ }
+
+ /**
+ * The core DES function. This is used for both encryption and decryption,
+ * the only difference being the key.
+ *
+ * @param in The input bytes.
+ * @param i The starting offset into the input bytes.
+ * @param out The output bytes.
+ * @param o The starting offset into the output bytes.
+ * @param key The working key.
+ */
+ private static void desFunc(byte[] in, int i, byte[] out, int o, int[] key)
+ {
+ int right, left, work;
+ // Load.
+ left = (in[i++] & 0xff) << 24
+ | (in[i++] & 0xff) << 16
+ | (in[i++] & 0xff) << 8
+ | in[i++] & 0xff;
+ right = (in[i++] & 0xff) << 24
+ | (in[i++] & 0xff) << 16
+ | (in[i++] & 0xff) << 8
+ | in[i ] & 0xff;
+ // Initial permutation.
+ work = ((left >>> 4) ^ right) & 0x0F0F0F0F;
+ left ^= work << 4;
+ right ^= work;
+
+ work = ((left >>> 16) ^ right) & 0x0000FFFF;
+ left ^= work << 16;
+ right ^= work;
+
+ work = ((right >>> 2) ^ left) & 0x33333333;
+ right ^= work << 2;
+ left ^= work;
+
+ work = ((right >>> 8) ^ left) & 0x00FF00FF;
+ right ^= work << 8;
+ left ^= work;
+
+ right = ((right << 1) | ((right >>> 31) & 1)) & 0xFFFFFFFF;
+ work = (left ^ right) & 0xAAAAAAAA;
+ left ^= work;
+ right ^= work;
+ left = ((left << 1) | ((left >>> 31) & 1)) & 0xFFFFFFFF;
+
+ int k = 0, t;
+ for (int round = 0; round < 8; round++)
+ {
+ work = right >>> 4 | right << 28;
+ work ^= key[k++];
+ t = SP7[work & 0x3F];
+ work >>>= 8;
+ t |= SP5[work & 0x3F];
+ work >>>= 8;
+ t |= SP3[work & 0x3F];
+ work >>>= 8;
+ t |= SP1[work & 0x3F];
+ work = right ^ key[k++];
+ t |= SP8[work & 0x3F];
+ work >>>= 8;
+ t |= SP6[work & 0x3F];
+ work >>>= 8;
+ t |= SP4[work & 0x3F];
+ work >>>= 8;
+ t |= SP2[work & 0x3F];
+ left ^= t;
+
+ work = left >>> 4 | left << 28;
+ work ^= key[k++];
+ t = SP7[work & 0x3F];
+ work >>>= 8;
+ t |= SP5[work & 0x3F];
+ work >>>= 8;
+ t |= SP3[work & 0x3F];
+ work >>>= 8;
+ t |= SP1[work & 0x3F];
+ work = left ^ key[k++];
+ t |= SP8[work & 0x3F];
+ work >>>= 8;
+ t |= SP6[work & 0x3F];
+ work >>>= 8;
+ t |= SP4[work & 0x3F];
+ work >>>= 8;
+ t |= SP2[work & 0x3F];
+ right ^= t;
+ }
+ // The final permutation.
+ right = (right << 31) | (right >>> 1);
+ work = (left ^ right) & 0xAAAAAAAA;
+ left ^= work;
+ right ^= work;
+ left = (left << 31) | (left >>> 1);
+
+ work = ((left >>> 8) ^ right) & 0x00FF00FF;
+ left ^= work << 8;
+ right ^= work;
+
+ work = ((left >>> 2) ^ right) & 0x33333333;
+ left ^= work << 2;
+ right ^= work;
+
+ work = ((right >>> 16) ^ left) & 0x0000FFFF;
+ right ^= work << 16;
+ left ^= work;
+
+ work = ((right >>> 4) ^ left) & 0x0F0F0F0F;
+ right ^= work << 4;
+ left ^= work;
+
+ out[o++] = (byte)(right >>> 24);
+ out[o++] = (byte)(right >>> 16);
+ out[o++] = (byte)(right >>> 8);
+ out[o++] = (byte) right;
+ out[o++] = (byte)(left >>> 24);
+ out[o++] = (byte)(left >>> 16);
+ out[o++] = (byte)(left >>> 8);
+ out[o ] = (byte) left;
+ }
+
+ public Object clone()
+ {
+ return new DES();
+ }
+
+ public Iterator blockSizes()
+ {
+ return Collections.singleton(Integer.valueOf(BLOCK_SIZE)).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ return Collections.singleton(Integer.valueOf(KEY_SIZE)).iterator();
+ }
+
+ public Object makeKey(byte[] kb, int bs) throws InvalidKeyException
+ {
+ if (kb == null || kb.length != KEY_SIZE)
+ throw new InvalidKeyException("DES keys must be 8 bytes long");
+
+ if (Properties.checkForWeakKeys()
+ && (isWeak(kb) || isSemiWeak(kb) || isPossibleWeak(kb)))
+ throw new WeakKeyException();
+
+ int i, j, l, m, n;
+ long pc1m = 0, pcr = 0;
+
+ for (i = 0; i < 56; i++)
+ {
+ l = PC1[i];
+ pc1m |= ((kb[l >>> 3] & (0x80 >>> (l & 7))) != 0) ? (1L << (55 - i))
+ : 0;
+ }
+ Context ctx = new Context();
+ // Encryption key first.
+ for (i = 0; i < 16; i++)
+ {
+ pcr = 0;
+ m = i << 1;
+ n = m + 1;
+ for (j = 0; j < 28; j++)
+ {
+ l = j + ROTARS[i];
+ if (l < 28)
+ pcr |= ((pc1m & 1L << (55 - l)) != 0) ? (1L << (55 - j)) : 0;
+ else
+ pcr |= ((pc1m & 1L << (55 - (l - 28))) != 0) ? (1L << (55 - j))
+ : 0;
+ }
+ for (j = 28; j < 56; j++)
+ {
+ l = j + ROTARS[i];
+ if (l < 56)
+ pcr |= ((pc1m & 1L << (55 - l)) != 0) ? (1L << (55 - j)) : 0;
+ else
+ pcr |= ((pc1m & 1L << (55 - (l - 28))) != 0) ? (1L << (55 - j))
+ : 0;
+ }
+ for (j = 0; j < 24; j++)
+ {
+ if ((pcr & 1L << (55 - PC2[j])) != 0)
+ ctx.ek[m] |= 1 << (23 - j);
+ if ((pcr & 1L << (55 - PC2[j + 24])) != 0)
+ ctx.ek[n] |= 1 << (23 - j);
+ }
+ }
+ // The decryption key is the same, but in reversed order.
+ for (i = 0; i < Context.EXPANDED_KEY_SIZE; i += 2)
+ {
+ ctx.dk[30 - i] = ctx.ek[i];
+ ctx.dk[31 - i] = ctx.ek[i + 1];
+ }
+ // "Cook" the keys.
+ for (i = 0; i < 32; i += 2)
+ {
+ int x, y;
+ x = ctx.ek[i];
+ y = ctx.ek[i + 1];
+ ctx.ek[i ] = ((x & 0x00FC0000) << 6)
+ | ((x & 0x00000FC0) << 10)
+ | ((y & 0x00FC0000) >>> 10)
+ | ((y & 0x00000FC0) >>> 6);
+ ctx.ek[i + 1] = ((x & 0x0003F000) << 12)
+ | ((x & 0x0000003F) << 16)
+ | ((y & 0x0003F000) >>> 4)
+ | (y & 0x0000003F);
+ x = ctx.dk[i];
+ y = ctx.dk[i + 1];
+ ctx.dk[i ] = ((x & 0x00FC0000) << 6)
+ | ((x & 0x00000FC0) << 10)
+ | ((y & 0x00FC0000) >>> 10)
+ | ((y & 0x00000FC0) >>> 6);
+ ctx.dk[i + 1] = ((x & 0x0003F000) << 12)
+ | ((x & 0x0000003F) << 16)
+ | ((y & 0x0003F000) >>> 4)
+ | (y & 0x0000003F);
+ }
+ return ctx;
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int o, Object K, int bs)
+ {
+ desFunc(in, i, out, o, ((Context) K).ek);
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int o, Object K, int bs)
+ {
+ desFunc(in, i, out, o, ((Context) K).dk);
+ }
+
+ /**
+ * Simple wrapper class around the session keys. Package-private so TripleDES
+ * can see it.
+ */
+ final class Context
+ {
+ private static final int EXPANDED_KEY_SIZE = 32;
+
+ /** The encryption key. */
+ int[] ek;
+
+ /** The decryption key. */
+ int[] dk;
+
+ /** Default 0-arguments constructor. */
+ Context()
+ {
+ ek = new int[EXPANDED_KEY_SIZE];
+ dk = new int[EXPANDED_KEY_SIZE];
+ }
+
+ byte[] getEncryptionKeyBytes()
+ {
+ return toByteArray(ek);
+ }
+
+ byte[] getDecryptionKeyBytes()
+ {
+ return toByteArray(dk);
+ }
+
+ byte[] toByteArray(int[] k)
+ {
+ byte[] result = new byte[4 * k.length];
+ for (int i = 0, j = 0; i < k.length; i++)
+ {
+ result[j++] = (byte)(k[i] >>> 24);
+ result[j++] = (byte)(k[i] >>> 16);
+ result[j++] = (byte)(k[i] >>> 8);
+ result[j++] = (byte) k[i];
+ }
+ return result;
+ }
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java
new file mode 100644
index 000000000..86f8b34e0
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipher.java
@@ -0,0 +1,195 @@
+/* IBlockCipher.java --
+ Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import java.security.InvalidKeyException;
+import java.util.Iterator;
+import java.util.Map;
+
+/**
+ * The basic visible methods of any symmetric key block cipher.
+ * <p>
+ * A symmetric key block cipher is a function that maps n-bit plaintext blocks
+ * to n-bit ciphertext blocks; n being the cipher's <i>block size</i>. This
+ * encryption function is parameterised by a k-bit key, and is invertible. Its
+ * inverse is the decryption function.
+ * <p>
+ * Possible initialisation values for an instance of this type are:
+ * <ul>
+ * <li>The block size in which to operate this block cipher instance. This
+ * value is <b>optional</b>, if unspecified, the block cipher's default block
+ * size shall be used.</li>
+ * <li>The byte array containing the user supplied key material to use for
+ * generating the cipher's session key(s). This value is <b>mandatory</b> and
+ * should be included in the initialisation parameters. If it isn't, an
+ * {@link IllegalStateException} will be thrown if any method, other than
+ * <code>reset()</code> is invoked on the instance. Furthermore, the size of
+ * this key material shall be taken as an indication on the key size in which to
+ * operate this instance.</li>
+ * </ul>
+ * <p>
+ * <b>IMPLEMENTATION NOTE</b>: Although all the concrete classes in this
+ * package implement the {@link Cloneable} interface, it is important to note
+ * here that such an operation <b>DOES NOT</b> clone any session key material
+ * that may have been used in initialising the source cipher (the instance to be
+ * cloned). Instead a clone of an already initialised cipher is another instance
+ * that operates with the <b>same block size</b> but without any knowledge of
+ * neither key material nor key size.
+ */
+public interface IBlockCipher
+ extends Cloneable
+{
+ /**
+ * Property name of the block size in which to operate a block cipher. The
+ * value associated with this property name is taken to be an {@link Integer}.
+ */
+ String CIPHER_BLOCK_SIZE = "gnu.crypto.cipher.block.size";
+ /**
+ * Property name of the user-supplied key material. The value associated to
+ * this property name is taken to be a byte array.
+ */
+ String KEY_MATERIAL = "gnu.crypto.cipher.key.material";
+
+ /**
+ * Returns the canonical name of this instance.
+ *
+ * @return the canonical name of this instance.
+ */
+ String name();
+
+ /**
+ * Returns the default value, in bytes, of the algorithm's block size.
+ *
+ * @return the default value, in bytes, of the algorithm's block size.
+ */
+ int defaultBlockSize();
+
+ /**
+ * Returns the default value, in bytes, of the algorithm's key size.
+ *
+ * @return the default value, in bytes, of the algorithm's key size.
+ */
+ int defaultKeySize();
+
+ /**
+ * Returns an {@link Iterator} over the supported block sizes. Each element
+ * returned by this object is an {@link Integer}.
+ *
+ * @return an {@link Iterator} over the supported block sizes.
+ */
+ Iterator blockSizes();
+
+ /**
+ * Returns an {@link Iterator} over the supported key sizes. Each element
+ * returned by this object is an {@link Integer}.
+ *
+ * @return an {@link Iterator} over the supported key sizes.
+ */
+ Iterator keySizes();
+
+ /**
+ * Returns a clone of this instance.
+ *
+ * @return a clone copy of this instance.
+ */
+ Object clone();
+
+ /**
+ * Initialises the algorithm with designated attributes. Permissible names and
+ * values are described in the class documentation above.
+ *
+ * @param attributes a set of name-value pairs that describes the desired
+ * future behaviour of this instance.
+ * @exception InvalidKeyException if the key data is invalid.
+ * @exception IllegalStateException if the instance is already initialised.
+ * @see #KEY_MATERIAL
+ * @see #CIPHER_BLOCK_SIZE
+ */
+ void init(Map attributes) throws InvalidKeyException, IllegalStateException;
+
+ /**
+ * Returns the currently set block size for this instance.
+ *
+ * @return the current block size for this instance.
+ * @exception IllegalStateException if the instance is not initialised.
+ */
+ int currentBlockSize() throws IllegalStateException;
+
+ /**
+ * Resets the algorithm instance for re-initialisation and use with other
+ * characteristics. This method always succeeds.
+ */
+ void reset();
+
+ /**
+ * Encrypts exactly one block of plaintext.
+ *
+ * @param in the plaintext.
+ * @param inOffset index of <code>in</code> from which to start considering
+ * data.
+ * @param out the ciphertext.
+ * @param outOffset index of <code>out</code> from which to store result.
+ * @exception IllegalStateException if the instance is not initialised.
+ */
+ void encryptBlock(byte[] in, int inOffset, byte[] out, int outOffset)
+ throws IllegalStateException;
+
+ /**
+ * Decrypts exactly one block of ciphertext.
+ *
+ * @param in the plaintext.
+ * @param inOffset index of <code>in</code> from which to start considering
+ * data.
+ * @param out the ciphertext.
+ * @param outOffset index of <code>out</code> from which to store result.
+ * @exception IllegalStateException if the instance is not initialised.
+ */
+ void decryptBlock(byte[] in, int inOffset, byte[] out, int outOffset)
+ throws IllegalStateException;
+
+ /**
+ * A <i>correctness</i> test that consists of basic symmetric encryption /
+ * decryption test(s) for all supported block and key sizes, as well as one
+ * (1) variable key Known Answer Test (KAT).
+ *
+ * @return <code>true</code> if the implementation passes simple
+ * <i>correctness</i> tests. Returns <code>false</code> otherwise.
+ */
+ boolean selfTest();
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java
new file mode 100644
index 000000000..9b2172158
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/IBlockCipherSpi.java
@@ -0,0 +1,124 @@
+/* IBlockCipherSpi.java --
+ Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import java.security.InvalidKeyException;
+import java.util.Iterator;
+
+/**
+ * Package-private interface exposing mandatory methods to be implemented by
+ * concrete {@link BaseCipher} sub-classes.
+ */
+interface IBlockCipherSpi
+ extends Cloneable
+{
+ /**
+ * Returns an {@link Iterator} over the supported block sizes. Each element
+ * returned by this object is a {@link java.lang.Integer}.
+ *
+ * @return an <code>Iterator</code> over the supported block sizes.
+ */
+ Iterator blockSizes();
+
+ /**
+ * Returns an {@link Iterator} over the supported key sizes. Each element
+ * returned by this object is a {@link java.lang.Integer}.
+ *
+ * @return an <code>Iterator</code> over the supported key sizes.
+ */
+ Iterator keySizes();
+
+ /**
+ * Expands a user-supplied key material into a session key for a designated
+ * <i>block size</i>.
+ *
+ * @param k the user-supplied key material.
+ * @param bs the desired block size in bytes.
+ * @return an Object encapsulating the session key.
+ * @exception IllegalArgumentException if the block size is invalid.
+ * @exception InvalidKeyException if the key data is invalid.
+ */
+ Object makeKey(byte[] k, int bs) throws InvalidKeyException;
+
+ /**
+ * Encrypts exactly one block of plaintext.
+ *
+ * @param in the plaintext.
+ * @param inOffset index of <code>in</code> from which to start considering
+ * data.
+ * @param out the ciphertext.
+ * @param outOffset index of <code>out</code> from which to store the
+ * result.
+ * @param k the session key to use.
+ * @param bs the block size to use.
+ * @exception IllegalArgumentException if the block size is invalid.
+ * @exception ArrayIndexOutOfBoundsException if there is not enough room in
+ * either the plaintext or ciphertext buffers.
+ */
+ void encrypt(byte[] in, int inOffset, byte[] out, int outOffset, Object k,
+ int bs);
+
+ /**
+ * Decrypts exactly one block of ciphertext.
+ *
+ * @param in the ciphertext.
+ * @param inOffset index of <code>in</code> from which to start considering
+ * data.
+ * @param out the plaintext.
+ * @param outOffset index of <code>out</code> from which to store the
+ * result.
+ * @param k the session key to use.
+ * @param bs the block size to use.
+ * @exception IllegalArgumentException if the block size is invalid.
+ * @exception ArrayIndexOutOfBoundsException if there is not enough room in
+ * either the plaintext or ciphertext buffers.
+ */
+ void decrypt(byte[] in, int inOffset, byte[] out, int outOffset, Object k,
+ int bs);
+
+ /**
+ * A <i>correctness</i> test that consists of basic symmetric encryption /
+ * decryption test(s) for all supported block and key sizes, as well as one
+ * (1) variable key Known Answer Test (KAT).
+ *
+ * @return <code>true</code> if the implementation passes simple
+ * <i>correctness</i> tests. Returns <code>false</code> otherwise.
+ */
+ boolean selfTest();
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Khazad.java b/libjava/classpath/gnu/javax/crypto/cipher/Khazad.java
new file mode 100644
index 000000000..55e42628b
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Khazad.java
@@ -0,0 +1,449 @@
+/* Khazad.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Configuration;
+import gnu.java.security.Registry;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.logging.Logger;
+
+/**
+ * Khazad is a 64-bit (legacy-level) block cipher that accepts a 128-bit key.
+ * The cipher is a uniform substitution-permutation network whose inverse only
+ * differs from the forward operation in the key schedule. The overall cipher
+ * design follows the Wide Trail strategy, favours component reuse, and permits
+ * a wide variety of implementation trade-offs.
+ * <p>
+ * References:
+ * <ol>
+ * <li><a
+ * href="http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html">The
+ * Khazad Block Cipher</a>.<br>
+ * <a href="mailto:paulo.barreto@terra.com.br">Paulo S.L.M. Barreto</a> and <a
+ * href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li>
+ * </ol>
+ */
+public final class Khazad
+ extends BaseCipher
+{
+ private static final Logger log = Logger.getLogger(Khazad.class.getName());
+ private static final int DEFAULT_BLOCK_SIZE = 8; // in bytes
+ private static final int DEFAULT_KEY_SIZE = 16; // in bytes
+ private static final int R = 8; // standard number of rounds; para. 3.7
+ private static final String Sd = // p. 20 [KHAZAD]
+ "\uBA54\u2F74\u53D3\uD24D\u50AC\u8DBF\u7052\u9A4C"
+ + "\uEAD5\u97D1\u3351\u5BA6\uDE48\uA899\uDB32\uB7FC"
+ + "\uE39E\u919B\uE2BB\u416E\uA5CB\u6B95\uA1F3\uB102"
+ + "\uCCC4\u1D14\uC363\uDA5D\u5FDC\u7DCD\u7F5A\u6C5C"
+ + "\uF726\uFFED\uE89D\u6F8E\u19A0\uF089\u0F07\uAFFB"
+ + "\u0815\u0D04\u0164\uDF76\u79DD\u3D16\u3F37\u6D38"
+ + "\uB973\uE935\u5571\u7B8C\u7288\uF62A\u3E5E\u2746"
+ + "\u0C65\u6861\u03C1\u57D6\uD958\uD866\uD73A\uC83C"
+ + "\uFA96\uA798\uECB8\uC7AE\u694B\uABA9\u670A\u47F2"
+ + "\uB522\uE5EE\uBE2B\u8112\u831B\u0E23\uF545\u21CE"
+ + "\u492C\uF9E6\uB628\u1782\u1A8B\uFE8A\u09C9\u874E"
+ + "\uE12E\uE4E0\uEB90\uA41E\u8560\u0025\uF4F1\u940B"
+ + "\uE775\uEF34\u31D4\uD086\u7EAD\uFD29\u303B\u9FF8"
+ + "\uC613\u0605\uC511\u777C\u7A78\u361C\u3959\u1856"
+ + "\uB3B0\u2420\uB292\uA3C0\u4462\u10B4\u8443\u93C2"
+ + "\u4ABD\u8F2D\uBC9C\u6A40\uCFA2\u804F\u1FCA\uAA42";
+ private static final byte[] S = new byte[256];
+ private static final int[] T0 = new int[256];
+ private static final int[] T1 = new int[256];
+ private static final int[] T2 = new int[256];
+ private static final int[] T3 = new int[256];
+ private static final int[] T4 = new int[256];
+ private static final int[] T5 = new int[256];
+ private static final int[] T6 = new int[256];
+ private static final int[] T7 = new int[256];
+ private static final int[][] rc = new int[R + 1][2]; // round constants
+ /**
+ * KAT vector (from ecb_vk): I=120 KEY=00000000000000000000000000000100
+ * CT=A0C86A1BBE2CBF4C
+ */
+ private static final byte[] KAT_KEY =
+ Util.toBytesFromString("00000000000000000000000000000100");
+ private static final byte[] KAT_CT = Util.toBytesFromString("A0C86A1BBE2CBF4C");
+ /** caches the result of the correctness test, once executed. */
+ private static Boolean valid;
+
+ static
+ {
+ long time = System.currentTimeMillis();
+ long ROOT = 0x11d; // para. 2.1 [KHAZAD]
+ int i, j;
+ int s, s2, s3, s4, s5, s6, s7, s8, sb;
+ char c;
+ for (i = 0; i < 256; i++)
+ {
+ c = Sd.charAt(i >>> 1);
+ s = ((i & 1) == 0 ? c >>> 8 : c) & 0xFF;
+ S[i] = (byte) s;
+ s2 = s << 1;
+ if (s2 > 0xFF)
+ s2 ^= ROOT;
+ s3 = s2 ^ s;
+ s4 = s2 << 1;
+ if (s4 > 0xFF)
+ s4 ^= ROOT;
+ s5 = s4 ^ s;
+ s6 = s4 ^ s2;
+ s7 = s6 ^ s;
+ s8 = s4 << 1;
+ if (s8 > 0xFF)
+ s8 ^= ROOT;
+ sb = s8 ^ s2 ^ s;
+ T0[i] = s << 24 | s3 << 16 | s4 << 8 | s5;
+ T1[i] = s3 << 24 | s << 16 | s5 << 8 | s4;
+ T2[i] = s4 << 24 | s5 << 16 | s << 8 | s3;
+ T3[i] = s5 << 24 | s4 << 16 | s3 << 8 | s;
+ T4[i] = s6 << 24 | s8 << 16 | sb << 8 | s7;
+ T5[i] = s8 << 24 | s6 << 16 | s7 << 8 | sb;
+ T6[i] = sb << 24 | s7 << 16 | s6 << 8 | s8;
+ T7[i] = s7 << 24 | sb << 16 | s8 << 8 | s6;
+ }
+ for (i = 0, j = 0; i < R + 1; i++) // compute round constant
+ {
+ rc[i][0] = S[j++] << 24
+ | (S[j++] & 0xFF) << 16
+ | (S[j++] & 0xFF) << 8
+ | (S[j++] & 0xFF);
+ rc[i][1] = S[j++] << 24
+ | (S[j++] & 0xFF) << 16
+ | (S[j++] & 0xFF) << 8
+ | (S[j++] & 0xFF);
+ }
+ time = System.currentTimeMillis() - time;
+ if (Configuration.DEBUG)
+ {
+ log.fine("Static data");
+ log.fine("T0[]:");
+ StringBuilder b;
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T0[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("T1[]:");
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T1[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("T2[]:");
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T2[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("T3[]:");
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T3[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("T4[]:");
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T4[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("T5[]:");
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T5[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("T6[]:");
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T6[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("T7[]:");
+ for (i = 0; i < 64; i++)
+ {
+ b = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ b.append("0x").append(Util.toString(T7[i * 4 + j])).append(", ");
+ log.fine(b.toString());
+ }
+ log.fine("rc[]:");
+ for (i = 0; i < R + 1; i++)
+ log.fine("0x" + Util.toString(rc[i][0]) + Util.toString(rc[i][1]));
+ log.fine("Total initialization time: " + time + " ms.");
+ }
+ }
+
+ /** Trivial 0-arguments constructor. */
+ public Khazad()
+ {
+ super(Registry.KHAZAD_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ private static void khazad(byte[] in, int i, byte[] out, int j, int[][] K)
+ {
+ // sigma(K[0])
+ int k0 = K[0][0];
+ int k1 = K[0][1];
+ int a0 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ k0;
+ int a1 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i ] & 0xFF) ) ^ k1;
+ int b0, b1;
+ // round function
+ for (int r = 1; r < R; r++)
+ {
+ k0 = K[r][0];
+ k1 = K[r][1];
+ b0 = T0[ a0 >>> 24 ]
+ ^ T1[(a0 >>> 16) & 0xFF]
+ ^ T2[(a0 >>> 8) & 0xFF]
+ ^ T3[ a0 & 0xFF]
+ ^ T4[ a1 >>> 24 ]
+ ^ T5[(a1 >>> 16) & 0xFF]
+ ^ T6[(a1 >>> 8) & 0xFF]
+ ^ T7[ a1 & 0xFF] ^ k0;
+ b1 = T0[ a1 >>> 24 ]
+ ^ T1[(a1 >>> 16) & 0xFF]
+ ^ T2[(a1 >>> 8) & 0xFF]
+ ^ T3[ a1 & 0xFF]
+ ^ T4[ a0 >>> 24 ]
+ ^ T5[(a0 >>> 16) & 0xFF]
+ ^ T6[(a0 >>> 8) & 0xFF]
+ ^ T7[ a0 & 0xFF] ^ k1;
+ a0 = b0;
+ a1 = b1;
+ if (Configuration.DEBUG)
+ log.fine("T" + r + "=" + Util.toString(a0) + Util.toString(a1));
+ }
+ // sigma(K[R]) o gamma applied to previous output
+ k0 = K[R][0];
+ k1 = K[R][1];
+ out[j++] = (byte)(S[ a0 >>> 24 ] ^ (k0 >>> 24));
+ out[j++] = (byte)(S[(a0 >>> 16) & 0xFF] ^ (k0 >>> 16));
+ out[j++] = (byte)(S[(a0 >>> 8) & 0xFF] ^ (k0 >>> 8));
+ out[j++] = (byte)(S[ a0 & 0xFF] ^ k0 );
+ out[j++] = (byte)(S[ a1 >>> 24 ] ^ (k1 >>> 24));
+ out[j++] = (byte)(S[(a1 >>> 16) & 0xFF] ^ (k1 >>> 16));
+ out[j++] = (byte)(S[(a1 >>> 8) & 0xFF] ^ (k1 >>> 8));
+ out[j ] = (byte)(S[ a1 & 0xFF] ^ k1 );
+ if (Configuration.DEBUG)
+ log.fine("T=" + Util.toString(out, j - 7, 8) + "\n");
+ }
+
+ public Object clone()
+ {
+ Khazad result = new Khazad();
+ result.currentBlockSize = this.currentBlockSize;
+
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE));
+
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(DEFAULT_KEY_SIZE));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ /**
+ * Expands a user-supplied key material into a session key for a designated
+ * <i>block size</i>.
+ *
+ * @param uk the 128-bit user-supplied key material.
+ * @param bs the desired block size in bytes.
+ * @return an Object encapsulating the session key.
+ * @exception IllegalArgumentException if the block size is not 16 (128-bit).
+ * @exception InvalidKeyException if the key data is invalid.
+ */
+ public Object makeKey(byte[] uk, int bs) throws InvalidKeyException
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ if (uk == null)
+ throw new InvalidKeyException("Empty key");
+ if (uk.length != 16)
+ throw new InvalidKeyException("Key is not 128-bit.");
+ int[][] Ke = new int[R + 1][2]; // encryption round keys
+ int[][] Kd = new int[R + 1][2]; // decryption round keys
+ int r, i;
+ int k20, k21, k10, k11, rc0, rc1, kr0, kr1;
+ i = 0;
+ k20 = uk[i++] << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ k21 = uk[i++] << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ k10 = uk[i++] << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ k11 = uk[i++] << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ for (r = 0, i = 0; r <= R; r++)
+ {
+ rc0 = rc[r][0];
+ rc1 = rc[r][1];
+ kr0 = T0[ k10 >>> 24 ]
+ ^ T1[(k10 >>> 16) & 0xFF]
+ ^ T2[(k10 >>> 8) & 0xFF]
+ ^ T3[ k10 & 0xFF]
+ ^ T4[(k11 >>> 24) & 0xFF]
+ ^ T5[(k11 >>> 16) & 0xFF]
+ ^ T6[(k11 >>> 8) & 0xFF]
+ ^ T7[ k11 & 0xFF] ^ rc0 ^ k20;
+ kr1 = T0[ k11 >>> 24 ]
+ ^ T1[(k11 >>> 16) & 0xFF]
+ ^ T2[(k11 >>> 8) & 0xFF]
+ ^ T3[ k11 & 0xFF]
+ ^ T4[(k10 >>> 24) & 0xFF]
+ ^ T5[(k10 >>> 16) & 0xFF]
+ ^ T6[(k10 >>> 8) & 0xFF]
+ ^ T7[ k10 & 0xFF] ^ rc1 ^ k21;
+ Ke[r][0] = kr0;
+ Ke[r][1] = kr1;
+ k20 = k10;
+ k21 = k11;
+ k10 = kr0;
+ k11 = kr1;
+ if (r == 0 || r == R)
+ {
+ Kd[R - r][0] = kr0;
+ Kd[R - r][1] = kr1;
+ }
+ else
+ {
+ Kd[R - r][0] = T0[S[ kr0 >>> 24 ] & 0xFF]
+ ^ T1[S[(kr0 >>> 16) & 0xFF] & 0xFF]
+ ^ T2[S[(kr0 >>> 8) & 0xFF] & 0xFF]
+ ^ T3[S[ kr0 & 0xFF] & 0xFF]
+ ^ T4[S[ kr1 >>> 24 ] & 0xFF]
+ ^ T5[S[(kr1 >>> 16) & 0xFF] & 0xFF]
+ ^ T6[S[(kr1 >>> 8) & 0xFF] & 0xFF]
+ ^ T7[S[ kr1 & 0xFF] & 0xFF];
+ Kd[R - r][1] = T0[S[ kr1 >>> 24 ] & 0xFF]
+ ^ T1[S[(kr1 >>> 16) & 0xFF] & 0xFF]
+ ^ T2[S[(kr1 >>> 8) & 0xFF] & 0xFF]
+ ^ T3[S[ kr1 & 0xFF] & 0xFF]
+ ^ T4[S[ kr0 >>> 24 ] & 0xFF]
+ ^ T5[S[(kr0 >>> 16) & 0xFF] & 0xFF]
+ ^ T6[S[(kr0 >>> 8) & 0xFF] & 0xFF]
+ ^ T7[S[ kr0 & 0xFF] & 0xFF];
+ }
+ }
+ if (Configuration.DEBUG)
+ {
+ log.fine("Key schedule");
+ log.fine("Ke[]:");
+ for (r = 0; r < R + 1; r++)
+ log.fine("#" + r + ": 0x" + Util.toString(Ke[r][0])
+ + Util.toString(Ke[r][1]));
+ log.fine("Kd[]:");
+ for (r = 0; r < R + 1; r++)
+ log.fine("#" + r + ": 0x" + Util.toString(Kd[r][0])
+ + Util.toString(Kd[r][1]));
+ }
+ return new Object[] { Ke, Kd };
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ int[][] K = (int[][])((Object[]) k)[0];
+ khazad(in, i, out, j, K);
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ int[][] K = (int[][])((Object[]) k)[1];
+ khazad(in, i, out, j, K);
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // do symmetry tests
+ if (result)
+ result = testKat(KAT_KEY, KAT_CT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java b/libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java
new file mode 100644
index 000000000..f23ea489f
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/NullCipher.java
@@ -0,0 +1,108 @@
+/* NullCipher.java --
+ Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+
+/**
+ * The implementation of a Null block cipher.
+ * <p>
+ * This cipher does not alter its input at all, claims to process block sizes
+ * 128-, 192- and 256-bit long, and key sizes from 64- to 512-bit in 8-bit
+ * increments.
+ */
+public final class NullCipher
+ extends BaseCipher
+{
+ /** Trivial 0-arguments constructor. */
+ public NullCipher()
+ {
+ super(Registry.NULL_CIPHER, 16, 16);
+ }
+
+ public Object clone()
+ {
+ NullCipher result = new NullCipher();
+ result.currentBlockSize = this.currentBlockSize;
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(64 / 8));
+ al.add(Integer.valueOf(128 / 8));
+ al.add(Integer.valueOf(192 / 8));
+ al.add(Integer.valueOf(256 / 8));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ for (int n = 8; n < 64; n++)
+ al.add(Integer.valueOf(n));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Object makeKey(byte[] uk, int bs) throws InvalidKeyException
+ {
+ return new Object();
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ System.arraycopy(in, i, out, j, bs);
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ System.arraycopy(in, i, out, j, bs);
+ }
+
+ public boolean selfTest()
+ {
+ return true;
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java b/libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java
new file mode 100644
index 000000000..0463fe51d
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Rijndael.java
@@ -0,0 +1,704 @@
+/* Rijndael.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Configuration;
+import gnu.java.security.Registry;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.logging.Logger;
+
+/**
+ * Rijndael --pronounced Reindaal-- is the AES. It is a variable block-size
+ * (128-, 192- and 256-bit), variable key-size (128-, 192- and 256-bit)
+ * symmetric key block cipher.
+ * <p>
+ * References:
+ * <ol>
+ * <li><a href="http://www.esat.kuleuven.ac.be/~rijmen/rijndael/">The Rijndael
+ * Block Cipher - AES Proposal</a>.<br>
+ * <a href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a> and
+ * <a href="mailto:daemen.j@protonworld.com">Joan Daemen</a>.</li>
+ * </ol>
+ */
+public final class Rijndael
+ extends BaseCipher
+{
+ private static final Logger log = Logger.getLogger(Rijndael.class.getName());
+ private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes
+ private static final int DEFAULT_KEY_SIZE = 16; // in bytes
+ private static final String SS =
+ "\u637C\u777B\uF26B\u6FC5\u3001\u672B\uFED7\uAB76"
+ + "\uCA82\uC97D\uFA59\u47F0\uADD4\uA2AF\u9CA4\u72C0"
+ + "\uB7FD\u9326\u363F\uF7CC\u34A5\uE5F1\u71D8\u3115"
+ + "\u04C7\u23C3\u1896\u059A\u0712\u80E2\uEB27\uB275"
+ + "\u0983\u2C1A\u1B6E\u5AA0\u523B\uD6B3\u29E3\u2F84"
+ + "\u53D1\u00ED\u20FC\uB15B\u6ACB\uBE39\u4A4C\u58CF"
+ + "\uD0EF\uAAFB\u434D\u3385\u45F9\u027F\u503C\u9FA8"
+ + "\u51A3\u408F\u929D\u38F5\uBCB6\uDA21\u10FF\uF3D2"
+ + "\uCD0C\u13EC\u5F97\u4417\uC4A7\u7E3D\u645D\u1973"
+ + "\u6081\u4FDC\u222A\u9088\u46EE\uB814\uDE5E\u0BDB"
+ + "\uE032\u3A0A\u4906\u245C\uC2D3\uAC62\u9195\uE479"
+ + "\uE7C8\u376D\u8DD5\u4EA9\u6C56\uF4EA\u657A\uAE08"
+ + "\uBA78\u252E\u1CA6\uB4C6\uE8DD\u741F\u4BBD\u8B8A"
+ + "\u703E\uB566\u4803\uF60E\u6135\u57B9\u86C1\u1D9E"
+ + "\uE1F8\u9811\u69D9\u8E94\u9B1E\u87E9\uCE55\u28DF"
+ + "\u8CA1\u890D\uBFE6\u4268\u4199\u2D0F\uB054\uBB16";
+ private static final byte[] S = new byte[256];
+ private static final byte[] Si = new byte[256];
+ private static final int[] T1 = new int[256];
+ private static final int[] T2 = new int[256];
+ private static final int[] T3 = new int[256];
+ private static final int[] T4 = new int[256];
+ private static final int[] T5 = new int[256];
+ private static final int[] T6 = new int[256];
+ private static final int[] T7 = new int[256];
+ private static final int[] T8 = new int[256];
+ private static final int[] U1 = new int[256];
+ private static final int[] U2 = new int[256];
+ private static final int[] U3 = new int[256];
+ private static final int[] U4 = new int[256];
+ private static final byte[] rcon = new byte[30];
+ private static final int[][][] shifts = new int[][][] {
+ { { 0, 0 }, { 1, 3 }, { 2, 2 }, { 3, 1 } },
+ { { 0, 0 }, { 1, 5 }, { 2, 4 }, { 3, 3 } },
+ { { 0, 0 }, { 1, 7 }, { 3, 5 }, { 4, 4 } } };
+ /**
+ * KAT vector (from ecb_vk): I=96
+ * KEY=0000000000000000000000010000000000000000000000000000000000000000
+ * CT=E44429474D6FC3084EB2A6B8B46AF754
+ */
+ private static final byte[] KAT_KEY = Util.toBytesFromString(
+ "0000000000000000000000010000000000000000000000000000000000000000");
+ private static final byte[] KAT_CT = Util.toBytesFromString(
+ "E44429474D6FC3084EB2A6B8B46AF754");
+ /** caches the result of the correctness test, once executed. */
+ private static Boolean valid;
+
+ static
+ {
+ long time = System.currentTimeMillis();
+ int ROOT = 0x11B;
+ int i, j = 0;
+ // S-box, inverse S-box, T-boxes, U-boxes
+ int s, s2, s3, i2, i4, i8, i9, ib, id, ie, t;
+ char c;
+ for (i = 0; i < 256; i++)
+ {
+ c = SS.charAt(i >>> 1);
+ S[i] = (byte)(((i & 1) == 0) ? c >>> 8 : c & 0xFF);
+ s = S[i] & 0xFF;
+ Si[s] = (byte) i;
+ s2 = s << 1;
+ if (s2 >= 0x100)
+ s2 ^= ROOT;
+ s3 = s2 ^ s;
+ i2 = i << 1;
+ if (i2 >= 0x100)
+ i2 ^= ROOT;
+ i4 = i2 << 1;
+ if (i4 >= 0x100)
+ i4 ^= ROOT;
+ i8 = i4 << 1;
+ if (i8 >= 0x100)
+ i8 ^= ROOT;
+ i9 = i8 ^ i;
+ ib = i9 ^ i2;
+ id = i9 ^ i4;
+ ie = i8 ^ i4 ^ i2;
+ T1[i] = t = (s2 << 24) | (s << 16) | (s << 8) | s3;
+ T2[i] = (t >>> 8) | (t << 24);
+ T3[i] = (t >>> 16) | (t << 16);
+ T4[i] = (t >>> 24) | (t << 8);
+ T5[s] = U1[i] = t = (ie << 24) | (i9 << 16) | (id << 8) | ib;
+ T6[s] = U2[i] = (t >>> 8) | (t << 24);
+ T7[s] = U3[i] = (t >>> 16) | (t << 16);
+ T8[s] = U4[i] = (t >>> 24) | (t << 8);
+ }
+ // round constants
+ int r = 1;
+ rcon[0] = 1;
+ for (i = 1; i < 30; i++)
+ {
+ r <<= 1;
+ if (r >= 0x100)
+ r ^= ROOT;
+ rcon[i] = (byte) r;
+ }
+ time = System.currentTimeMillis() - time;
+ if (Configuration.DEBUG)
+ {
+ log.fine("Static Data");
+ log.fine("S[]:");
+ StringBuilder sb;
+ for (i = 0; i < 16; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 16; j++)
+ sb.append("0x").append(Util.toString(S[i * 16 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("Si[]:");
+ for (i = 0; i < 16; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 16; j++)
+ sb.append("0x").append(Util.toString(Si[i * 16 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+
+ log.fine("T1[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T1[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T2[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T2[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T3[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T3[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T4[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T4[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T5[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T5[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T6[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T6[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T7[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T7[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("T8[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(T8[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+
+ log.fine("U1[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(U1[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("U2[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(U2[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("U3[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(U3[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("U4[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(U4[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+
+ log.fine("rcon[]:");
+ for (i = 0; i < 5; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 6; j++)
+ sb.append("0x").append(Util.toString(rcon[i * 6 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("Total initialization time: " + time + " ms.");
+ }
+ }
+
+ /** Trivial 0-arguments constructor. */
+ public Rijndael()
+ {
+ super(Registry.RIJNDAEL_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ /**
+ * Returns the number of rounds for a given Rijndael's key and block sizes.
+ *
+ * @param ks the size of the user key material in bytes.
+ * @param bs the desired block size in bytes.
+ * @return the number of rounds for a given Rijndael's key and block sizes.
+ */
+ public static int getRounds(int ks, int bs)
+ {
+ switch (ks)
+ {
+ case 16:
+ return bs == 16 ? 10 : (bs == 24 ? 12 : 14);
+ case 24:
+ return bs != 32 ? 12 : 14;
+ default: // 32 bytes = 256 bits
+ return 14;
+ }
+ }
+
+ private static void rijndaelEncrypt(byte[] in, int inOffset, byte[] out,
+ int outOffset, Object sessionKey, int bs)
+ {
+ Object[] sKey = (Object[]) sessionKey; // extract encryption round keys
+ int[][] Ke = (int[][]) sKey[0];
+ int BC = bs / 4;
+ int ROUNDS = Ke.length - 1;
+ int SC = BC == 4 ? 0 : (BC == 6 ? 1 : 2);
+ int s1 = shifts[SC][1][0];
+ int s2 = shifts[SC][2][0];
+ int s3 = shifts[SC][3][0];
+ int[] a = new int[BC];
+ int[] t = new int[BC]; // temporary work array
+ int i, tt;
+ for (i = 0; i < BC; i++) // plaintext to ints + key
+ t[i] = (in[inOffset++] << 24
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) ) ^ Ke[0][i];
+ for (int r = 1; r < ROUNDS; r++) // apply round transforms
+ {
+ for (i = 0; i < BC; i++)
+ a[i] = (T1[(t[ i ] >>> 24) ]
+ ^ T2[(t[(i + s1) % BC] >>> 16) & 0xFF]
+ ^ T3[(t[(i + s2) % BC] >>> 8) & 0xFF]
+ ^ T4[ t[(i + s3) % BC] & 0xFF]) ^ Ke[r][i];
+ System.arraycopy(a, 0, t, 0, BC);
+ if (Configuration.DEBUG)
+ log.fine("CT" + r + "=" + Util.toString(t));
+ }
+ for (i = 0; i < BC; i++) // last round is special
+ {
+ tt = Ke[ROUNDS][i];
+ out[outOffset++] = (byte)(S[(t[ i ] >>> 24) ] ^ (tt >>> 24));
+ out[outOffset++] = (byte)(S[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[outOffset++] = (byte)(S[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[outOffset++] = (byte)(S[ t[(i + s3) % BC] & 0xFF] ^ tt );
+ }
+ if (Configuration.DEBUG)
+ log.fine("CT=" + Util.toString(out, outOffset - bs, bs));
+ }
+
+ private static void rijndaelDecrypt(byte[] in, int inOffset, byte[] out,
+ int outOffset, Object sessionKey, int bs)
+ {
+ Object[] sKey = (Object[]) sessionKey; // extract decryption round keys
+ int[][] Kd = (int[][]) sKey[1];
+ int BC = bs / 4;
+ int ROUNDS = Kd.length - 1;
+ int SC = BC == 4 ? 0 : (BC == 6 ? 1 : 2);
+ int s1 = shifts[SC][1][1];
+ int s2 = shifts[SC][2][1];
+ int s3 = shifts[SC][3][1];
+ int[] a = new int[BC];
+ int[] t = new int[BC]; // temporary work array
+ int i, tt;
+ for (i = 0; i < BC; i++) // ciphertext to ints + key
+ t[i] = (in[inOffset++] << 24
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) ) ^ Kd[0][i];
+ for (int r = 1; r < ROUNDS; r++) // apply round transforms
+ {
+ for (i = 0; i < BC; i++)
+ a[i] = (T5[(t[ i ] >>> 24) ]
+ ^ T6[(t[(i + s1) % BC] >>> 16) & 0xFF]
+ ^ T7[(t[(i + s2) % BC] >>> 8) & 0xFF]
+ ^ T8[ t[(i + s3) % BC] & 0xFF]) ^ Kd[r][i];
+ System.arraycopy(a, 0, t, 0, BC);
+ if (Configuration.DEBUG)
+ log.fine("PT" + r + "=" + Util.toString(t));
+ }
+ for (i = 0; i < BC; i++) // last round is special
+ {
+ tt = Kd[ROUNDS][i];
+ out[outOffset++] = (byte)(Si[(t[ i ] >>> 24) ] ^ (tt >>> 24));
+ out[outOffset++] = (byte)(Si[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[outOffset++] = (byte)(Si[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[outOffset++] = (byte)(Si[ t[(i + s3) % BC] & 0xFF] ^ tt );
+ }
+ if (Configuration.DEBUG)
+ log.fine("PT=" + Util.toString(out, outOffset - bs, bs));
+ }
+
+ private static void aesEncrypt(byte[] in, int i, byte[] out, int j, Object key)
+ {
+ int[][] Ke = (int[][])((Object[]) key)[0]; // extract encryption round keys
+ int ROUNDS = Ke.length - 1;
+ int[] Ker = Ke[0];
+ // plaintext to ints + key
+ int t0 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Ker[0];
+ int t1 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Ker[1];
+ int t2 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Ker[2];
+ int t3 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Ker[3];
+ int a0, a1, a2, a3;
+ for (int r = 1; r < ROUNDS; r++) // apply round transforms
+ {
+ Ker = Ke[r];
+ a0 = (T1[(t0 >>> 24) ]
+ ^ T2[(t1 >>> 16) & 0xFF]
+ ^ T3[(t2 >>> 8) & 0xFF]
+ ^ T4[ t3 & 0xFF]) ^ Ker[0];
+ a1 = (T1[(t1 >>> 24) ]
+ ^ T2[(t2 >>> 16) & 0xFF]
+ ^ T3[(t3 >>> 8) & 0xFF]
+ ^ T4[ t0 & 0xFF]) ^ Ker[1];
+ a2 = (T1[(t2 >>> 24) ]
+ ^ T2[(t3 >>> 16) & 0xFF]
+ ^ T3[(t0 >>> 8) & 0xFF]
+ ^ T4[ t1 & 0xFF]) ^ Ker[2];
+ a3 = (T1[(t3 >>> 24) ]
+ ^ T2[(t0 >>> 16) & 0xFF]
+ ^ T3[(t1 >>> 8) & 0xFF]
+ ^ T4[ t2 & 0xFF]) ^ Ker[3];
+ t0 = a0;
+ t1 = a1;
+ t2 = a2;
+ t3 = a3;
+ if (Configuration.DEBUG)
+ log.fine("CT" + r + "=" + Util.toString(t0) + Util.toString(t1)
+ + Util.toString(t2) + Util.toString(t3));
+ }
+ // last round is special
+ Ker = Ke[ROUNDS];
+ int tt = Ker[0];
+ out[j++] = (byte)(S[(t0 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(S[(t1 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(S[(t2 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(S[ t3 & 0xFF] ^ tt );
+ tt = Ker[1];
+ out[j++] = (byte)(S[(t1 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(S[ t0 & 0xFF] ^ tt );
+ tt = Ker[2];
+ out[j++] = (byte)(S[(t2 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(S[ t1 & 0xFF] ^ tt );
+ tt = Ker[3];
+ out[j++] = (byte)(S[(t3 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(S[ t2 & 0xFF] ^ tt );
+ if (Configuration.DEBUG)
+ log.fine("CT=" + Util.toString(out, j - 16, 16));
+ }
+
+ private static void aesDecrypt(byte[] in, int i, byte[] out, int j, Object key)
+ {
+ int[][] Kd = (int[][])((Object[]) key)[1]; // extract decryption round keys
+ int ROUNDS = Kd.length - 1;
+ int[] Kdr = Kd[0];
+ // ciphertext to ints + key
+ int t0 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Kdr[0];
+ int t1 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Kdr[1];
+ int t2 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Kdr[2];
+ int t3 = (in[i++] << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ Kdr[3];
+
+ int a0, a1, a2, a3;
+ for (int r = 1; r < ROUNDS; r++) // apply round transforms
+ {
+ Kdr = Kd[r];
+ a0 = (T5[(t0 >>> 24) ]
+ ^ T6[(t3 >>> 16) & 0xFF]
+ ^ T7[(t2 >>> 8) & 0xFF]
+ ^ T8[ t1 & 0xFF]) ^ Kdr[0];
+ a1 = (T5[(t1 >>> 24) ]
+ ^ T6[(t0 >>> 16) & 0xFF]
+ ^ T7[(t3 >>> 8) & 0xFF]
+ ^ T8[ t2 & 0xFF]) ^ Kdr[1];
+ a2 = (T5[(t2 >>> 24) ]
+ ^ T6[(t1 >>> 16) & 0xFF]
+ ^ T7[(t0 >>> 8) & 0xFF]
+ ^ T8[ t3 & 0xFF]) ^ Kdr[2];
+ a3 = (T5[(t3 >>> 24) ]
+ ^ T6[(t2 >>> 16) & 0xFF]
+ ^ T7[(t1 >>> 8) & 0xFF]
+ ^ T8[ t0 & 0xFF]) ^ Kdr[3];
+ t0 = a0;
+ t1 = a1;
+ t2 = a2;
+ t3 = a3;
+ if (Configuration.DEBUG)
+ log.fine("PT" + r + "=" + Util.toString(t0) + Util.toString(t1)
+ + Util.toString(t2) + Util.toString(t3));
+ }
+ // last round is special
+ Kdr = Kd[ROUNDS];
+ int tt = Kdr[0];
+ out[j++] = (byte)(Si[(t0 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(Si[(t3 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(Si[(t2 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(Si[ t1 & 0xFF] ^ tt );
+ tt = Kdr[1];
+ out[j++] = (byte)(Si[(t1 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(Si[(t0 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(Si[(t3 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(Si[ t2 & 0xFF] ^ tt );
+ tt = Kdr[2];
+ out[j++] = (byte)(Si[(t2 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(Si[(t1 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(Si[(t0 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(Si[ t3 & 0xFF] ^ tt );
+ tt = Kdr[3];
+ out[j++] = (byte)(Si[(t3 >>> 24) ] ^ (tt >>> 24));
+ out[j++] = (byte)(Si[(t2 >>> 16) & 0xFF] ^ (tt >>> 16));
+ out[j++] = (byte)(Si[(t1 >>> 8) & 0xFF] ^ (tt >>> 8));
+ out[j++] = (byte)(Si[ t0 & 0xFF] ^ tt );
+ if (Configuration.DEBUG)
+ log.fine("PT=" + Util.toString(out, j - 16, 16));
+ }
+
+ public Object clone()
+ {
+ Rijndael result = new Rijndael();
+ result.currentBlockSize = this.currentBlockSize;
+
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(128 / 8));
+ al.add(Integer.valueOf(192 / 8));
+ al.add(Integer.valueOf(256 / 8));
+
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(128 / 8));
+ al.add(Integer.valueOf(192 / 8));
+ al.add(Integer.valueOf(256 / 8));
+
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ /**
+ * Expands a user-supplied key material into a session key for a designated
+ * <i>block size</i>.
+ *
+ * @param k the 128/192/256-bit user-key to use.
+ * @param bs the block size in bytes of this Rijndael.
+ * @return an Object encapsulating the session key.
+ * @exception IllegalArgumentException if the block size is not 16, 24 or 32.
+ * @exception InvalidKeyException if the key data is invalid.
+ */
+ public Object makeKey(byte[] k, int bs) throws InvalidKeyException
+ {
+ if (k == null)
+ throw new InvalidKeyException("Empty key");
+ if (! (k.length == 16 || k.length == 24 || k.length == 32))
+ throw new InvalidKeyException("Incorrect key length");
+ if (! (bs == 16 || bs == 24 || bs == 32))
+ throw new IllegalArgumentException();
+ int ROUNDS = getRounds(k.length, bs);
+ int BC = bs / 4;
+ int[][] Ke = new int[ROUNDS + 1][BC]; // encryption round keys
+ int[][] Kd = new int[ROUNDS + 1][BC]; // decryption round keys
+ int ROUND_KEY_COUNT = (ROUNDS + 1) * BC;
+ int KC = k.length / 4;
+ int[] tk = new int[KC];
+ int i, j;
+ // copy user material bytes into temporary ints
+ for (i = 0, j = 0; i < KC;)
+ tk[i++] = k[j++] << 24
+ | (k[j++] & 0xFF) << 16
+ | (k[j++] & 0xFF) << 8
+ | (k[j++] & 0xFF);
+ // copy values into round key arrays
+ int t = 0;
+ for (j = 0; (j < KC) && (t < ROUND_KEY_COUNT); j++, t++)
+ {
+ Ke[t / BC][t % BC] = tk[j];
+ Kd[ROUNDS - (t / BC)][t % BC] = tk[j];
+ }
+ int tt, rconpointer = 0;
+ while (t < ROUND_KEY_COUNT)
+ {
+ // extrapolate using phi (the round key evolution function)
+ tt = tk[KC - 1];
+ tk[0] ^= (S[(tt >>> 16) & 0xFF] & 0xFF) << 24
+ ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 16
+ ^ (S[ tt & 0xFF] & 0xFF) << 8
+ ^ (S[(tt >>> 24) ] & 0xFF) ^ rcon[rconpointer++] << 24;
+ if (KC != 8)
+ for (i = 1, j = 0; i < KC;)
+ tk[i++] ^= tk[j++];
+ else
+ {
+ for (i = 1, j = 0; i < KC / 2;)
+ tk[i++] ^= tk[j++];
+ tt = tk[KC / 2 - 1];
+ tk[KC / 2] ^= (S[ tt & 0xFF] & 0xFF)
+ ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 8
+ ^ (S[(tt >>> 16) & 0xFF] & 0xFF) << 16
+ ^ S[(tt >>> 24) & 0xFF] << 24;
+ for (j = KC / 2, i = j + 1; i < KC;)
+ tk[i++] ^= tk[j++];
+ }
+ // copy values into round key arrays
+ for (j = 0; (j < KC) && (t < ROUND_KEY_COUNT); j++, t++)
+ {
+ Ke[t / BC][t % BC] = tk[j];
+ Kd[ROUNDS - (t / BC)][t % BC] = tk[j];
+ }
+ }
+ for (int r = 1; r < ROUNDS; r++) // inverse MixColumn where needed
+ for (j = 0; j < BC; j++)
+ {
+ tt = Kd[r][j];
+ Kd[r][j] = U1[(tt >>> 24) ]
+ ^ U2[(tt >>> 16) & 0xFF]
+ ^ U3[(tt >>> 8) & 0xFF]
+ ^ U4[ tt & 0xFF];
+ }
+ return new Object[] { Ke, Kd };
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (! (bs == 16 || bs == 24 || bs == 32))
+ throw new IllegalArgumentException();
+ if (bs == DEFAULT_BLOCK_SIZE)
+ aesEncrypt(in, i, out, j, k);
+ else
+ rijndaelEncrypt(in, i, out, j, k, bs);
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (! (bs == 16 || bs == 24 || bs == 32))
+ throw new IllegalArgumentException();
+ if (bs == DEFAULT_BLOCK_SIZE)
+ aesDecrypt(in, i, out, j, k);
+ else
+ rijndaelDecrypt(in, i, out, j, k, bs);
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // do symmetry tests
+ if (result)
+ result = testKat(KAT_KEY, KAT_CT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Serpent.java b/libjava/classpath/gnu/javax/crypto/cipher/Serpent.java
new file mode 100644
index 000000000..1175fcfd2
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Serpent.java
@@ -0,0 +1,1781 @@
+/* Serpent.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+
+/**
+ * Serpent is a 32-round substitution-permutation network block cipher,
+ * operating on 128-bit blocks and accepting keys of 128, 192, and 256 bits in
+ * length. At each round the plaintext is XORed with a 128 bit portion of the
+ * session key -- a 4224 bit key computed from the input key -- then one of
+ * eight S-boxes are applied, and finally a simple linear transformation is
+ * done. Decryption does the exact same thing in reverse order, and using the
+ * eight inverses of the S-boxes.
+ * <p>
+ * Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen as a
+ * proposed cipher for the Advanced Encryption Standard.
+ * <p>
+ * Serpent can be sped up greatly by replacing S-box substitution with a
+ * sequence of binary operations, and the optimal implementation depends upon
+ * finding the fastest sequence of binary operations that reproduce this
+ * substitution. This implementation uses the S-boxes discovered by <a
+ * href="http://www.ii.uib.no/~osvik/">Dag Arne Osvik</a>, which are optimized
+ * for the Pentium family of processors.
+ * <p>
+ * References:
+ * <ol>
+ * <li><a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">Serpent: A
+ * Candidate Block Cipher for the Advanced Encryption Standard.</a></li>
+ * </ol>
+ */
+public class Serpent
+ extends BaseCipher
+{
+ private static final int DEFAULT_KEY_SIZE = 16;
+ private static final int DEFAULT_BLOCK_SIZE = 16;
+ private static final int ROUNDS = 32;
+ /** The fractional part of the golden ratio, (sqrt(5)+1)/2. */
+ private static final int PHI = 0x9e3779b9;
+ /**
+ * KAT vector (from ecb_vk): I=9
+ * KEY=008000000000000000000000000000000000000000000000
+ * CT=5587B5BCB9EE5A28BA2BACC418005240
+ */
+ private static final byte[] KAT_KEY = Util.toReversedBytesFromString(
+ "008000000000000000000000000000000000000000000000");
+ private static final byte[] KAT_CT =
+ Util.toReversedBytesFromString("5587B5BCB9EE5A28BA2BACC418005240");
+ /** caches the result of the correctness test, once executed. */
+ private static Boolean valid;
+ private int x0, x1, x2, x3, x4;
+
+ /** Trivial zero-argument constructor. */
+ public Serpent()
+ {
+ super(Registry.SERPENT_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ public Object clone()
+ {
+ Serpent result = new Serpent();
+ result.currentBlockSize = this.currentBlockSize;
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ return Collections.singleton(Integer.valueOf(DEFAULT_BLOCK_SIZE)).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList keySizes = new ArrayList();
+ keySizes.add(Integer.valueOf(16));
+ keySizes.add(Integer.valueOf(24));
+ keySizes.add(Integer.valueOf(32));
+ return Collections.unmodifiableList(keySizes).iterator();
+ }
+
+ public Object makeKey(byte[] kb, int blockSize) throws InvalidKeyException
+ {
+ // Not strictly true, but here to conform with the AES proposal.
+ // This restriction can be removed if deemed necessary.
+ if (kb.length != 16 && kb.length != 24 && kb.length != 32)
+ throw new InvalidKeyException("Key length is not 16, 24, or 32 bytes");
+ Key key = new Key();
+ // Here w is our "pre-key".
+ int[] w = new int[4 * (ROUNDS + 1)];
+ int i, j;
+ for (i = 0, j = 0; i < 8 && j < kb.length; i++)
+ w[i] = (kb[j++] & 0xff)
+ | (kb[j++] & 0xff) << 8
+ | (kb[j++] & 0xff) << 16
+ | (kb[j++] & 0xff) << 24;
+ // Pad key if < 256 bits.
+ if (i != 8)
+ w[i] = 1;
+ // Transform using w_i-8 ... w_i-1
+ for (i = 8, j = 0; i < 16; i++)
+ {
+ int t = w[j] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ j++;
+ w[i] = t << 11 | t >>> 21;
+ }
+ // Translate by 8.
+ for (i = 0; i < 8; i++)
+ w[i] = w[i + 8];
+ // Transform the rest of the key.
+ for (; i < w.length; i++)
+ {
+ int t = w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i;
+ w[i] = t << 11 | t >>> 21;
+ }
+ // After these s-boxes the pre-key (w, above) will become the
+ // session key (key, below).
+ sbox3(w[0], w[1], w[2], w[3]);
+ key.k0 = x0;
+ key.k1 = x1;
+ key.k2 = x2;
+ key.k3 = x3;
+ sbox2(w[4], w[5], w[6], w[7]);
+ key.k4 = x0;
+ key.k5 = x1;
+ key.k6 = x2;
+ key.k7 = x3;
+ sbox1(w[8], w[9], w[10], w[11]);
+ key.k8 = x0;
+ key.k9 = x1;
+ key.k10 = x2;
+ key.k11 = x3;
+ sbox0(w[12], w[13], w[14], w[15]);
+ key.k12 = x0;
+ key.k13 = x1;
+ key.k14 = x2;
+ key.k15 = x3;
+ sbox7(w[16], w[17], w[18], w[19]);
+ key.k16 = x0;
+ key.k17 = x1;
+ key.k18 = x2;
+ key.k19 = x3;
+ sbox6(w[20], w[21], w[22], w[23]);
+ key.k20 = x0;
+ key.k21 = x1;
+ key.k22 = x2;
+ key.k23 = x3;
+ sbox5(w[24], w[25], w[26], w[27]);
+ key.k24 = x0;
+ key.k25 = x1;
+ key.k26 = x2;
+ key.k27 = x3;
+ sbox4(w[28], w[29], w[30], w[31]);
+ key.k28 = x0;
+ key.k29 = x1;
+ key.k30 = x2;
+ key.k31 = x3;
+ sbox3(w[32], w[33], w[34], w[35]);
+ key.k32 = x0;
+ key.k33 = x1;
+ key.k34 = x2;
+ key.k35 = x3;
+ sbox2(w[36], w[37], w[38], w[39]);
+ key.k36 = x0;
+ key.k37 = x1;
+ key.k38 = x2;
+ key.k39 = x3;
+ sbox1(w[40], w[41], w[42], w[43]);
+ key.k40 = x0;
+ key.k41 = x1;
+ key.k42 = x2;
+ key.k43 = x3;
+ sbox0(w[44], w[45], w[46], w[47]);
+ key.k44 = x0;
+ key.k45 = x1;
+ key.k46 = x2;
+ key.k47 = x3;
+ sbox7(w[48], w[49], w[50], w[51]);
+ key.k48 = x0;
+ key.k49 = x1;
+ key.k50 = x2;
+ key.k51 = x3;
+ sbox6(w[52], w[53], w[54], w[55]);
+ key.k52 = x0;
+ key.k53 = x1;
+ key.k54 = x2;
+ key.k55 = x3;
+ sbox5(w[56], w[57], w[58], w[59]);
+ key.k56 = x0;
+ key.k57 = x1;
+ key.k58 = x2;
+ key.k59 = x3;
+ sbox4(w[60], w[61], w[62], w[63]);
+ key.k60 = x0;
+ key.k61 = x1;
+ key.k62 = x2;
+ key.k63 = x3;
+ sbox3(w[64], w[65], w[66], w[67]);
+ key.k64 = x0;
+ key.k65 = x1;
+ key.k66 = x2;
+ key.k67 = x3;
+ sbox2(w[68], w[69], w[70], w[71]);
+ key.k68 = x0;
+ key.k69 = x1;
+ key.k70 = x2;
+ key.k71 = x3;
+ sbox1(w[72], w[73], w[74], w[75]);
+ key.k72 = x0;
+ key.k73 = x1;
+ key.k74 = x2;
+ key.k75 = x3;
+ sbox0(w[76], w[77], w[78], w[79]);
+ key.k76 = x0;
+ key.k77 = x1;
+ key.k78 = x2;
+ key.k79 = x3;
+ sbox7(w[80], w[81], w[82], w[83]);
+ key.k80 = x0;
+ key.k81 = x1;
+ key.k82 = x2;
+ key.k83 = x3;
+ sbox6(w[84], w[85], w[86], w[87]);
+ key.k84 = x0;
+ key.k85 = x1;
+ key.k86 = x2;
+ key.k87 = x3;
+ sbox5(w[88], w[89], w[90], w[91]);
+ key.k88 = x0;
+ key.k89 = x1;
+ key.k90 = x2;
+ key.k91 = x3;
+ sbox4(w[92], w[93], w[94], w[95]);
+ key.k92 = x0;
+ key.k93 = x1;
+ key.k94 = x2;
+ key.k95 = x3;
+ sbox3(w[96], w[97], w[98], w[99]);
+ key.k96 = x0;
+ key.k97 = x1;
+ key.k98 = x2;
+ key.k99 = x3;
+ sbox2(w[100], w[101], w[102], w[103]);
+ key.k100 = x0;
+ key.k101 = x1;
+ key.k102 = x2;
+ key.k103 = x3;
+ sbox1(w[104], w[105], w[106], w[107]);
+ key.k104 = x0;
+ key.k105 = x1;
+ key.k106 = x2;
+ key.k107 = x3;
+ sbox0(w[108], w[109], w[110], w[111]);
+ key.k108 = x0;
+ key.k109 = x1;
+ key.k110 = x2;
+ key.k111 = x3;
+ sbox7(w[112], w[113], w[114], w[115]);
+ key.k112 = x0;
+ key.k113 = x1;
+ key.k114 = x2;
+ key.k115 = x3;
+ sbox6(w[116], w[117], w[118], w[119]);
+ key.k116 = x0;
+ key.k117 = x1;
+ key.k118 = x2;
+ key.k119 = x3;
+ sbox5(w[120], w[121], w[122], w[123]);
+ key.k120 = x0;
+ key.k121 = x1;
+ key.k122 = x2;
+ key.k123 = x3;
+ sbox4(w[124], w[125], w[126], w[127]);
+ key.k124 = x0;
+ key.k125 = x1;
+ key.k126 = x2;
+ key.k127 = x3;
+ sbox3(w[128], w[129], w[130], w[131]);
+ key.k128 = x0;
+ key.k129 = x1;
+ key.k130 = x2;
+ key.k131 = x3;
+ return key;
+ }
+
+ public synchronized void encrypt(byte[] in, int i, byte[] out, int o,
+ Object K, int bs)
+ {
+ Key key = (Key) K;
+ x0 = (in[i ] & 0xff)
+ | (in[i + 1] & 0xff) << 8
+ | (in[i + 2] & 0xff) << 16
+ | (in[i + 3] & 0xff) << 24;
+ x1 = (in[i + 4] & 0xff)
+ | (in[i + 5] & 0xff) << 8
+ | (in[i + 6] & 0xff) << 16
+ | (in[i + 7] & 0xff) << 24;
+ x2 = (in[i + 8] & 0xff)
+ | (in[i + 9] & 0xff) << 8
+ | (in[i + 10] & 0xff) << 16
+ | (in[i + 11] & 0xff) << 24;
+ x3 = (in[i + 12] & 0xff)
+ | (in[i + 13] & 0xff) << 8
+ | (in[i + 14] & 0xff) << 16
+ | (in[i + 15] & 0xff) << 24;
+ x0 ^= key.k0;
+ x1 ^= key.k1;
+ x2 ^= key.k2;
+ x3 ^= key.k3;
+ sbox0();
+ x1 ^= key.k4;
+ x4 ^= key.k5;
+ x2 ^= key.k6;
+ x0 ^= key.k7;
+ sbox1();
+ x0 ^= key.k8;
+ x4 ^= key.k9;
+ x2 ^= key.k10;
+ x1 ^= key.k11;
+ sbox2();
+ x2 ^= key.k12;
+ x1 ^= key.k13;
+ x4 ^= key.k14;
+ x3 ^= key.k15;
+ sbox3();
+ x1 ^= key.k16;
+ x4 ^= key.k17;
+ x3 ^= key.k18;
+ x0 ^= key.k19;
+ sbox4();
+ x4 ^= key.k20;
+ x2 ^= key.k21;
+ x1 ^= key.k22;
+ x0 ^= key.k23;
+ sbox5();
+ x2 ^= key.k24;
+ x0 ^= key.k25;
+ x4 ^= key.k26;
+ x1 ^= key.k27;
+ sbox6();
+ x2 ^= key.k28;
+ x0 ^= key.k29;
+ x3 ^= key.k30;
+ x4 ^= key.k31;
+ sbox7();
+ x0 = x3;
+ x3 = x2;
+ x2 = x4;
+ x0 ^= key.k32;
+ x1 ^= key.k33;
+ x2 ^= key.k34;
+ x3 ^= key.k35;
+ sbox0();
+ x1 ^= key.k36;
+ x4 ^= key.k37;
+ x2 ^= key.k38;
+ x0 ^= key.k39;
+ sbox1();
+ x0 ^= key.k40;
+ x4 ^= key.k41;
+ x2 ^= key.k42;
+ x1 ^= key.k43;
+ sbox2();
+ x2 ^= key.k44;
+ x1 ^= key.k45;
+ x4 ^= key.k46;
+ x3 ^= key.k47;
+ sbox3();
+ x1 ^= key.k48;
+ x4 ^= key.k49;
+ x3 ^= key.k50;
+ x0 ^= key.k51;
+ sbox4();
+ x4 ^= key.k52;
+ x2 ^= key.k53;
+ x1 ^= key.k54;
+ x0 ^= key.k55;
+ sbox5();
+ x2 ^= key.k56;
+ x0 ^= key.k57;
+ x4 ^= key.k58;
+ x1 ^= key.k59;
+ sbox6();
+ x2 ^= key.k60;
+ x0 ^= key.k61;
+ x3 ^= key.k62;
+ x4 ^= key.k63;
+ sbox7();
+ x0 = x3;
+ x3 = x2;
+ x2 = x4;
+ x0 ^= key.k64;
+ x1 ^= key.k65;
+ x2 ^= key.k66;
+ x3 ^= key.k67;
+ sbox0();
+ x1 ^= key.k68;
+ x4 ^= key.k69;
+ x2 ^= key.k70;
+ x0 ^= key.k71;
+ sbox1();
+ x0 ^= key.k72;
+ x4 ^= key.k73;
+ x2 ^= key.k74;
+ x1 ^= key.k75;
+ sbox2();
+ x2 ^= key.k76;
+ x1 ^= key.k77;
+ x4 ^= key.k78;
+ x3 ^= key.k79;
+ sbox3();
+ x1 ^= key.k80;
+ x4 ^= key.k81;
+ x3 ^= key.k82;
+ x0 ^= key.k83;
+ sbox4();
+ x4 ^= key.k84;
+ x2 ^= key.k85;
+ x1 ^= key.k86;
+ x0 ^= key.k87;
+ sbox5();
+ x2 ^= key.k88;
+ x0 ^= key.k89;
+ x4 ^= key.k90;
+ x1 ^= key.k91;
+ sbox6();
+ x2 ^= key.k92;
+ x0 ^= key.k93;
+ x3 ^= key.k94;
+ x4 ^= key.k95;
+ sbox7();
+ x0 = x3;
+ x3 = x2;
+ x2 = x4;
+ x0 ^= key.k96;
+ x1 ^= key.k97;
+ x2 ^= key.k98;
+ x3 ^= key.k99;
+ sbox0();
+ x1 ^= key.k100;
+ x4 ^= key.k101;
+ x2 ^= key.k102;
+ x0 ^= key.k103;
+ sbox1();
+ x0 ^= key.k104;
+ x4 ^= key.k105;
+ x2 ^= key.k106;
+ x1 ^= key.k107;
+ sbox2();
+ x2 ^= key.k108;
+ x1 ^= key.k109;
+ x4 ^= key.k110;
+ x3 ^= key.k111;
+ sbox3();
+ x1 ^= key.k112;
+ x4 ^= key.k113;
+ x3 ^= key.k114;
+ x0 ^= key.k115;
+ sbox4();
+ x4 ^= key.k116;
+ x2 ^= key.k117;
+ x1 ^= key.k118;
+ x0 ^= key.k119;
+ sbox5();
+ x2 ^= key.k120;
+ x0 ^= key.k121;
+ x4 ^= key.k122;
+ x1 ^= key.k123;
+ sbox6();
+ x2 ^= key.k124;
+ x0 ^= key.k125;
+ x3 ^= key.k126;
+ x4 ^= key.k127;
+ sbox7noLT();
+ x0 = x3;
+ x3 = x2;
+ x2 = x4;
+ x0 ^= key.k128;
+ x1 ^= key.k129;
+ x2 ^= key.k130;
+ x3 ^= key.k131;
+ out[o ] = (byte) x0;
+ out[o + 1] = (byte)(x0 >>> 8);
+ out[o + 2] = (byte)(x0 >>> 16);
+ out[o + 3] = (byte)(x0 >>> 24);
+ out[o + 4] = (byte) x1;
+ out[o + 5] = (byte)(x1 >>> 8);
+ out[o + 6] = (byte)(x1 >>> 16);
+ out[o + 7] = (byte)(x1 >>> 24);
+ out[o + 8] = (byte) x2;
+ out[o + 9] = (byte)(x2 >>> 8);
+ out[o + 10] = (byte)(x2 >>> 16);
+ out[o + 11] = (byte)(x2 >>> 24);
+ out[o + 12] = (byte) x3;
+ out[o + 13] = (byte)(x3 >>> 8);
+ out[o + 14] = (byte)(x3 >>> 16);
+ out[o + 15] = (byte)(x3 >>> 24);
+ }
+
+ public synchronized void decrypt(byte[] in, int i, byte[] out, int o,
+ Object K, int bs)
+ {
+ Key key = (Key) K;
+ x0 = (in[i ] & 0xff)
+ | (in[i + 1] & 0xff) << 8
+ | (in[i + 2] & 0xff) << 16
+ | (in[i + 3] & 0xff) << 24;
+ x1 = (in[i + 4] & 0xff)
+ | (in[i + 5] & 0xff) << 8
+ | (in[i + 6] & 0xff) << 16
+ | (in[i + 7] & 0xff) << 24;
+ x2 = (in[i + 8] & 0xff)
+ | (in[i + 9] & 0xff) << 8
+ | (in[i + 10] & 0xff) << 16
+ | (in[i + 11] & 0xff) << 24;
+ x3 = (in[i + 12] & 0xff)
+ | (in[i + 13] & 0xff) << 8
+ | (in[i + 14] & 0xff) << 16
+ | (in[i + 15] & 0xff) << 24;
+ x0 ^= key.k128;
+ x1 ^= key.k129;
+ x2 ^= key.k130;
+ x3 ^= key.k131;
+ sboxI7noLT();
+ x3 ^= key.k124;
+ x0 ^= key.k125;
+ x1 ^= key.k126;
+ x4 ^= key.k127;
+ sboxI6();
+ x0 ^= key.k120;
+ x1 ^= key.k121;
+ x2 ^= key.k122;
+ x4 ^= key.k123;
+ sboxI5();
+ x1 ^= key.k116;
+ x3 ^= key.k117;
+ x4 ^= key.k118;
+ x2 ^= key.k119;
+ sboxI4();
+ x1 ^= key.k112;
+ x2 ^= key.k113;
+ x4 ^= key.k114;
+ x0 ^= key.k115;
+ sboxI3();
+ x0 ^= key.k108;
+ x1 ^= key.k109;
+ x4 ^= key.k110;
+ x2 ^= key.k111;
+ sboxI2();
+ x1 ^= key.k104;
+ x3 ^= key.k105;
+ x4 ^= key.k106;
+ x2 ^= key.k107;
+ sboxI1();
+ x0 ^= key.k100;
+ x1 ^= key.k101;
+ x2 ^= key.k102;
+ x4 ^= key.k103;
+ sboxI0();
+ x0 ^= key.k96;
+ x3 ^= key.k97;
+ x1 ^= key.k98;
+ x4 ^= key.k99;
+ sboxI7();
+ x1 = x3;
+ x3 = x4;
+ x4 = x2;
+ x3 ^= key.k92;
+ x0 ^= key.k93;
+ x1 ^= key.k94;
+ x4 ^= key.k95;
+ sboxI6();
+ x0 ^= key.k88;
+ x1 ^= key.k89;
+ x2 ^= key.k90;
+ x4 ^= key.k91;
+ sboxI5();
+ x1 ^= key.k84;
+ x3 ^= key.k85;
+ x4 ^= key.k86;
+ x2 ^= key.k87;
+ sboxI4();
+ x1 ^= key.k80;
+ x2 ^= key.k81;
+ x4 ^= key.k82;
+ x0 ^= key.k83;
+ sboxI3();
+ x0 ^= key.k76;
+ x1 ^= key.k77;
+ x4 ^= key.k78;
+ x2 ^= key.k79;
+ sboxI2();
+ x1 ^= key.k72;
+ x3 ^= key.k73;
+ x4 ^= key.k74;
+ x2 ^= key.k75;
+ sboxI1();
+ x0 ^= key.k68;
+ x1 ^= key.k69;
+ x2 ^= key.k70;
+ x4 ^= key.k71;
+ sboxI0();
+ x0 ^= key.k64;
+ x3 ^= key.k65;
+ x1 ^= key.k66;
+ x4 ^= key.k67;
+ sboxI7();
+ x1 = x3;
+ x3 = x4;
+ x4 = x2;
+ x3 ^= key.k60;
+ x0 ^= key.k61;
+ x1 ^= key.k62;
+ x4 ^= key.k63;
+ sboxI6();
+ x0 ^= key.k56;
+ x1 ^= key.k57;
+ x2 ^= key.k58;
+ x4 ^= key.k59;
+ sboxI5();
+ x1 ^= key.k52;
+ x3 ^= key.k53;
+ x4 ^= key.k54;
+ x2 ^= key.k55;
+ sboxI4();
+ x1 ^= key.k48;
+ x2 ^= key.k49;
+ x4 ^= key.k50;
+ x0 ^= key.k51;
+ sboxI3();
+ x0 ^= key.k44;
+ x1 ^= key.k45;
+ x4 ^= key.k46;
+ x2 ^= key.k47;
+ sboxI2();
+ x1 ^= key.k40;
+ x3 ^= key.k41;
+ x4 ^= key.k42;
+ x2 ^= key.k43;
+ sboxI1();
+ x0 ^= key.k36;
+ x1 ^= key.k37;
+ x2 ^= key.k38;
+ x4 ^= key.k39;
+ sboxI0();
+ x0 ^= key.k32;
+ x3 ^= key.k33;
+ x1 ^= key.k34;
+ x4 ^= key.k35;
+ sboxI7();
+ x1 = x3;
+ x3 = x4;
+ x4 = x2;
+ x3 ^= key.k28;
+ x0 ^= key.k29;
+ x1 ^= key.k30;
+ x4 ^= key.k31;
+ sboxI6();
+ x0 ^= key.k24;
+ x1 ^= key.k25;
+ x2 ^= key.k26;
+ x4 ^= key.k27;
+ sboxI5();
+ x1 ^= key.k20;
+ x3 ^= key.k21;
+ x4 ^= key.k22;
+ x2 ^= key.k23;
+ sboxI4();
+ x1 ^= key.k16;
+ x2 ^= key.k17;
+ x4 ^= key.k18;
+ x0 ^= key.k19;
+ sboxI3();
+ x0 ^= key.k12;
+ x1 ^= key.k13;
+ x4 ^= key.k14;
+ x2 ^= key.k15;
+ sboxI2();
+ x1 ^= key.k8;
+ x3 ^= key.k9;
+ x4 ^= key.k10;
+ x2 ^= key.k11;
+ sboxI1();
+ x0 ^= key.k4;
+ x1 ^= key.k5;
+ x2 ^= key.k6;
+ x4 ^= key.k7;
+ sboxI0();
+ x2 = x1;
+ x1 = x3;
+ x3 = x4;
+ x0 ^= key.k0;
+ x1 ^= key.k1;
+ x2 ^= key.k2;
+ x3 ^= key.k3;
+ out[o ] = (byte) x0;
+ out[o + 1] = (byte)(x0 >>> 8);
+ out[o + 2] = (byte)(x0 >>> 16);
+ out[o + 3] = (byte)(x0 >>> 24);
+ out[o + 4] = (byte) x1;
+ out[o + 5] = (byte)(x1 >>> 8);
+ out[o + 6] = (byte)(x1 >>> 16);
+ out[o + 7] = (byte)(x1 >>> 24);
+ out[o + 8] = (byte) x2;
+ out[o + 9] = (byte)(x2 >>> 8);
+ out[o + 10] = (byte)(x2 >>> 16);
+ out[o + 11] = (byte)(x2 >>> 24);
+ out[o + 12] = (byte) x3;
+ out[o + 13] = (byte)(x3 >>> 8);
+ out[o + 14] = (byte)(x3 >>> 16);
+ out[o + 15] = (byte)(x3 >>> 24);
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // do symmetry tests
+ if (result)
+ result = testKat(KAT_KEY, KAT_CT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+
+ // These first few S-boxes operate directly on the "registers",
+ // x0..x4, and perform the linear transform.
+ private void sbox0()
+ {
+ x3 ^= x0;
+ x4 = x1;
+ x1 &= x3;
+ x4 ^= x2;
+ x1 ^= x0;
+ x0 |= x3;
+ x0 ^= x4;
+ x4 ^= x3;
+ x3 ^= x2;
+ x2 |= x1;
+ x2 ^= x4;
+ x4 ^= -1;
+ x4 |= x1;
+ x1 ^= x3;
+ x1 ^= x4;
+ x3 |= x0;
+ x1 ^= x3;
+ x4 ^= x3;
+
+ x1 = (x1 << 13) | (x1 >>> 19);
+ x4 ^= x1;
+ x3 = x1 << 3;
+ x2 = (x2 << 3) | (x2 >>> 29);
+ x4 ^= x2;
+ x0 ^= x2;
+ x4 = (x4 << 1) | (x4 >>> 31);
+ x0 ^= x3;
+ x0 = (x0 << 7) | (x0 >>> 25);
+ x3 = x4;
+ x1 ^= x4;
+ x3 <<= 7;
+ x1 ^= x0;
+ x2 ^= x0;
+ x2 ^= x3;
+ x1 = (x1 << 5) | (x1 >>> 27);
+ x2 = (x2 << 22) | (x2 >>> 10);
+ }
+
+ private void sbox1()
+ {
+ x4 = ~x4;
+ x3 = x1;
+ x1 ^= x4;
+ x3 |= x4;
+ x3 ^= x0;
+ x0 &= x1;
+ x2 ^= x3;
+ x0 ^= x4;
+ x0 |= x2;
+ x1 ^= x3;
+ x0 ^= x1;
+ x4 &= x2;
+ x1 |= x4;
+ x4 ^= x3;
+ x1 ^= x2;
+ x3 |= x0;
+ x1 ^= x3;
+ x3 = ~x3;
+ x4 ^= x0;
+ x3 &= x2;
+ x4 = ~x4;
+ x3 ^= x1;
+ x4 ^= x3;
+
+ x0 = (x0 << 13) | (x0 >>> 19);
+ x4 ^= x0;
+ x3 = x0 << 3;
+ x2 = (x2 << 3) | (x2 >>> 29);
+ x4 ^= x2;
+ x1 ^= x2;
+ x4 = (x4 << 1) | (x4 >>> 31);
+ x1 ^= x3;
+ x1 = (x1 << 7) | (x1 >>> 25);
+ x3 = x4;
+ x0 ^= x4;
+ x3 <<= 7;
+ x0 ^= x1;
+ x2 ^= x1;
+ x2 ^= x3;
+ x0 = (x0 << 5) | (x0 >>> 27);
+ x2 = (x2 << 22) | (x2 >>> 10);
+ }
+
+ private void sbox2()
+ {
+ x3 = x0;
+ x0 = x0 & x2;
+ x0 = x0 ^ x1;
+ x2 = x2 ^ x4;
+ x2 = x2 ^ x0;
+ x1 = x1 | x3;
+ x1 = x1 ^ x4;
+ x3 = x3 ^ x2;
+ x4 = x1;
+ x1 = x1 | x3;
+ x1 = x1 ^ x0;
+ x0 = x0 & x4;
+ x3 = x3 ^ x0;
+ x4 = x4 ^ x1;
+ x4 = x4 ^ x3;
+ x3 = ~x3;
+
+ x2 = (x2 << 13) | (x2 >>> 19);
+ x1 ^= x2;
+ x0 = x2 << 3;
+ x4 = (x4 << 3) | (x4 >>> 29);
+ x1 ^= x4;
+ x3 ^= x4;
+ x1 = (x1 << 1) | (x1 >>> 31);
+ x3 ^= x0;
+ x3 = (x3 << 7) | (x3 >>> 25);
+ x0 = x1;
+ x2 ^= x1;
+ x0 <<= 7;
+ x2 ^= x3;
+ x4 ^= x3;
+ x4 ^= x0;
+ x2 = (x2 << 5) | (x2 >>> 27);
+ x4 = (x4 << 22) | (x4 >>> 10);
+ }
+
+ private void sbox3()
+ {
+ x0 = x2;
+ x2 = x2 | x3;
+ x3 = x3 ^ x1;
+ x1 = x1 & x0;
+ x0 = x0 ^ x4;
+ x4 = x4 ^ x3;
+ x3 = x3 & x2;
+ x0 = x0 | x1;
+ x3 = x3 ^ x0;
+ x2 = x2 ^ x1;
+ x0 = x0 & x2;
+ x1 = x1 ^ x3;
+ x0 = x0 ^ x4;
+ x1 = x1 | x2;
+ x1 = x1 ^ x4;
+ x2 = x2 ^ x3;
+ x4 = x1;
+ x1 = x1 | x3;
+ x1 = x1 ^ x2;
+
+ x1 = (x1 << 13) | (x1 >>> 19);
+ x4 ^= x1;
+ x2 = x1 << 3;
+ x3 = (x3 << 3) | (x3 >>> 29);
+ x4 ^= x3;
+ x0 ^= x3;
+ x4 = (x4 << 1) | (x4 >>> 31);
+ x0 ^= x2;
+ x0 = (x0 << 7) | (x0 >>> 25);
+ x2 = x4;
+ x1 ^= x4;
+ x2 <<= 7;
+ x1 ^= x0;
+ x3 ^= x0;
+ x3 ^= x2;
+ x1 = (x1 << 5) | (x1 >>> 27);
+ x3 = (x3 << 22) | (x3 >>> 10);
+ }
+
+ private void sbox4()
+ {
+ x4 = x4 ^ x0;
+ x0 = ~x0;
+ x3 = x3 ^ x0;
+ x0 = x0 ^ x1;
+ x2 = x4;
+ x4 = x4 & x0;
+ x4 = x4 ^ x3;
+ x2 = x2 ^ x0;
+ x1 = x1 ^ x2;
+ x3 = x3 & x2;
+ x3 = x3 ^ x1;
+ x1 = x1 & x4;
+ x0 = x0 ^ x1;
+ x2 = x2 | x4;
+ x2 = x2 ^ x1;
+ x1 = x1 | x0;
+ x1 = x1 ^ x3;
+ x3 = x3 & x0;
+ x1 = ~x1;
+ x2 = x2 ^ x3;
+
+ x4 = (x4 << 13) | (x4 >>> 19);
+ x2 ^= x4;
+ x3 = x4 << 3;
+ x1 = (x1 << 3) | (x1 >>> 29);
+ x2 ^= x1;
+ x0 ^= x1;
+ x2 = (x2 << 1) | (x2 >>> 31);
+ x0 ^= x3;
+ x0 = (x0 << 7) | (x0 >>> 25);
+ x3 = x2;
+ x4 ^= x2;
+ x3 <<= 7;
+ x4 ^= x0;
+ x1 ^= x0;
+ x1 ^= x3;
+ x4 = (x4 << 5) | (x4 >>> 27);
+ x1 = (x1 << 22) | (x1 >>> 10);
+ }
+
+ private void sbox5()
+ {
+ x4 = x4 ^ x2;
+ x2 = x2 ^ x0;
+ x0 = ~x0;
+ x3 = x2;
+ x2 = x2 & x4;
+ x1 = x1 ^ x0;
+ x2 = x2 ^ x1;
+ x1 = x1 | x3;
+ x3 = x3 ^ x0;
+ x0 = x0 & x2;
+ x0 = x0 ^ x4;
+ x3 = x3 ^ x2;
+ x3 = x3 ^ x1;
+ x1 = x1 ^ x4;
+ x4 = x4 & x0;
+ x1 = ~x1;
+ x4 = x4 ^ x3;
+ x3 = x3 | x0;
+ x1 = x1 ^ x3;
+
+ x2 = (x2 << 13) | (x2 >>> 19);
+ x0 ^= x2;
+ x3 = x2 << 3;
+ x4 = (x4 << 3) | (x4 >>> 29);
+ x0 ^= x4;
+ x1 ^= x4;
+ x0 = (x0 << 1) | (x0 >>> 31);
+ x1 ^= x3;
+ x1 = (x1 << 7) | (x1 >>> 25);
+ x3 = x0;
+ x2 ^= x0;
+ x3 <<= 7;
+ x2 ^= x1;
+ x4 ^= x1;
+ x4 ^= x3;
+ x2 = (x2 << 5) | (x2 >>> 27);
+ x4 = (x4 << 22) | (x4 >>> 10);
+ }
+
+ private void sbox6()
+ {
+ x4 = ~x4;
+ x3 = x1;
+ x1 = x1 & x2;
+ x2 = x2 ^ x3;
+ x1 = x1 ^ x4;
+ x4 = x4 | x3;
+ x0 = x0 ^ x1;
+ x4 = x4 ^ x2;
+ x2 = x2 | x0;
+ x4 = x4 ^ x0;
+ x3 = x3 ^ x2;
+ x2 = x2 | x1;
+ x2 = x2 ^ x4;
+ x3 = x3 ^ x1;
+ x3 = x3 ^ x2;
+ x1 = ~x1;
+ x4 = x4 & x3;
+ x4 = x4 ^ x1;
+ x2 = (x2 << 13) | (x2 >>> 19);
+ x0 ^= x2;
+ x1 = x2 << 3;
+ x3 = (x3 << 3) | (x3 >>> 29);
+ x0 ^= x3;
+ x4 ^= x3;
+ x0 = (x0 << 1) | (x0 >>> 31);
+ x4 ^= x1;
+ x4 = (x4 << 7) | (x4 >>> 25);
+ x1 = x0;
+ x2 ^= x0;
+ x1 <<= 7;
+ x2 ^= x4;
+ x3 ^= x4;
+ x3 ^= x1;
+ x2 = (x2 << 5) | (x2 >>> 27);
+ x3 = (x3 << 22) | (x3 >>> 10);
+ }
+
+ private void sbox7()
+ {
+ x1 = x3;
+ x3 = x3 & x0;
+ x3 = x3 ^ x4;
+ x4 = x4 & x0;
+ x1 = x1 ^ x3;
+ x3 = x3 ^ x0;
+ x0 = x0 ^ x2;
+ x2 = x2 | x1;
+ x2 = x2 ^ x3;
+ x4 = x4 ^ x0;
+ x3 = x3 ^ x4;
+ x4 = x4 & x2;
+ x4 = x4 ^ x1;
+ x1 = x1 ^ x3;
+ x3 = x3 & x2;
+ x1 = ~x1;
+ x3 = x3 ^ x1;
+ x1 = x1 & x2;
+ x0 = x0 ^ x4;
+ x1 = x1 ^ x0;
+ x3 = (x3 << 13) | (x3 >>> 19);
+ x1 ^= x3;
+ x0 = x3 << 3;
+ x4 = (x4 << 3) | (x4 >>> 29);
+ x1 ^= x4;
+ x2 ^= x4;
+ x1 = (x1 << 1) | (x1 >>> 31);
+ x2 ^= x0;
+ x2 = (x2 << 7) | (x2 >>> 25);
+ x0 = x1;
+ x3 ^= x1;
+ x0 <<= 7;
+ x3 ^= x2;
+ x4 ^= x2;
+ x4 ^= x0;
+ x3 = (x3 << 5) | (x3 >>> 27);
+ x4 = (x4 << 22) | (x4 >>> 10);
+ }
+
+ /** The final S-box, with no transform. */
+ private void sbox7noLT()
+ {
+ x1 = x3;
+ x3 = x3 & x0;
+ x3 = x3 ^ x4;
+ x4 = x4 & x0;
+ x1 = x1 ^ x3;
+ x3 = x3 ^ x0;
+ x0 = x0 ^ x2;
+ x2 = x2 | x1;
+ x2 = x2 ^ x3;
+ x4 = x4 ^ x0;
+ x3 = x3 ^ x4;
+ x4 = x4 & x2;
+ x4 = x4 ^ x1;
+ x1 = x1 ^ x3;
+ x3 = x3 & x2;
+ x1 = ~x1;
+ x3 = x3 ^ x1;
+ x1 = x1 & x2;
+ x0 = x0 ^ x4;
+ x1 = x1 ^ x0;
+ }
+
+ private void sboxI7noLT()
+ {
+ x4 = x2;
+ x2 ^= x0;
+ x0 &= x3;
+ x2 = ~x2;
+ x4 |= x3;
+ x3 ^= x1;
+ x1 |= x0;
+ x0 ^= x2;
+ x2 &= x4;
+ x1 ^= x2;
+ x2 ^= x0;
+ x0 |= x2;
+ x3 &= x4;
+ x0 ^= x3;
+ x4 ^= x1;
+ x3 ^= x4;
+ x4 |= x0;
+ x3 ^= x2;
+ x4 ^= x2;
+ }
+
+ private void sboxI6()
+ {
+ x1 = (x1 >>> 22) | (x1 << 10);
+ x3 = (x3 >>> 5) | (x3 << 27);
+ x2 = x0;
+ x1 ^= x4;
+ x2 <<= 7;
+ x3 ^= x4;
+ x1 ^= x2;
+ x3 ^= x0;
+ x4 = (x4 >>> 7) | (x4 << 25);
+ x0 = (x0 >>> 1) | (x0 << 31);
+ x0 ^= x3;
+ x2 = x3 << 3;
+ x4 ^= x2;
+ x3 = (x3 >>> 13) | (x3 << 19);
+ x0 ^= x1;
+ x4 ^= x1;
+ x1 = (x1 >>> 3) | (x1 << 29);
+ x3 ^= x1;
+ x2 = x1;
+ x1 &= x3;
+ x2 ^= x4;
+ x1 = ~x1;
+ x4 ^= x0;
+ x1 ^= x4;
+ x2 |= x3;
+ x3 ^= x1;
+ x4 ^= x2;
+ x2 ^= x0;
+ x0 &= x4;
+ x0 ^= x3;
+ x3 ^= x4;
+ x3 |= x1;
+ x4 ^= x0;
+ x2 ^= x3;
+ }
+
+ private void sboxI5()
+ {
+ x2 = (x2 >>> 22) | (x2 << 10);
+ x0 = (x0 >>> 5) | (x0 << 27);
+ x3 = x1;
+ x2 ^= x4;
+ x3 <<= 7;
+ x0 ^= x4;
+ x2 ^= x3;
+ x0 ^= x1;
+ x4 = (x4 >>> 7) | (x4 << 25);
+ x1 = (x1 >>> 1) | (x1 << 31);
+ x1 ^= x0;
+ x3 = x0 << 3;
+ x4 ^= x3;
+ x0 = (x0 >>> 13) | (x0 << 19);
+ x1 ^= x2;
+ x4 ^= x2;
+ x2 = (x2 >>> 3) | (x2 << 29);
+ x1 = ~x1;
+ x3 = x4;
+ x2 ^= x1;
+ x4 |= x0;
+ x4 ^= x2;
+ x2 |= x1;
+ x2 &= x0;
+ x3 ^= x4;
+ x2 ^= x3;
+ x3 |= x0;
+ x3 ^= x1;
+ x1 &= x2;
+ x1 ^= x4;
+ x3 ^= x2;
+ x4 &= x3;
+ x3 ^= x1;
+ x4 ^= x0;
+ x4 ^= x3;
+ x3 = ~x3;
+ }
+
+ private void sboxI4()
+ {
+ x4 = (x4 >>> 22) | (x4 << 10);
+ x1 = (x1 >>> 5) | (x1 << 27);
+ x0 = x3;
+ x4 ^= x2;
+ x0 <<= 7;
+ x1 ^= x2;
+ x4 ^= x0;
+ x1 ^= x3;
+ x2 = (x2 >>> 7) | (x2 << 25);
+ x3 = (x3 >>> 1) | (x3 << 31);
+ x3 ^= x1;
+ x0 = x1 << 3;
+ x2 ^= x0;
+ x1 = (x1 >>> 13) | (x1 << 19);
+ x3 ^= x4;
+ x2 ^= x4;
+ x4 = (x4 >>> 3) | (x4 << 29);
+ x0 = x4;
+ x4 &= x2;
+ x4 ^= x3;
+ x3 |= x2;
+ x3 &= x1;
+ x0 ^= x4;
+ x0 ^= x3;
+ x3 &= x4;
+ x1 = ~x1;
+ x2 ^= x0;
+ x3 ^= x2;
+ x2 &= x1;
+ x2 ^= x4;
+ x1 ^= x3;
+ x4 &= x1;
+ x2 ^= x1;
+ x4 ^= x0;
+ x4 |= x2;
+ x2 ^= x1;
+ x4 ^= x3;
+ }
+
+ private void sboxI3()
+ {
+ x4 = (x4 >>> 22) | (x4 << 10);
+ x1 = (x1 >>> 5) | (x1 << 27);
+ x3 = x2;
+ x4 ^= x0;
+ x3 <<= 7;
+ x1 ^= x0;
+ x4 ^= x3;
+ x1 ^= x2;
+ x0 = (x0 >>> 7) | (x0 << 25);
+ x2 = (x2 >>> 1) | (x2 << 31);
+ x2 ^= x1;
+ x3 = x1 << 3;
+ x0 ^= x3;
+ x1 = (x1 >>> 13) | (x1 << 19);
+ x2 ^= x4;
+ x0 ^= x4;
+ x4 = (x4 >>> 3) | (x4 << 29);
+ x3 = x4;
+ x4 ^= x2;
+ x2 &= x4;
+ x2 ^= x1;
+ x1 &= x3;
+ x3 ^= x0;
+ x0 |= x2;
+ x0 ^= x4;
+ x1 ^= x3;
+ x4 ^= x1;
+ x1 |= x0;
+ x1 ^= x2;
+ x3 ^= x4;
+ x4 &= x0;
+ x2 |= x0;
+ x2 ^= x4;
+ x3 ^= x1;
+ x4 ^= x3;
+ }
+
+ private void sboxI2()
+ {
+ x4 = (x4 >>> 22) | (x4 << 10);
+ x0 = (x0 >>> 5) | (x0 << 27);
+ x3 = x1;
+ x4 ^= x2;
+ x3 <<= 7;
+ x0 ^= x2;
+ x4 ^= x3;
+ x0 ^= x1;
+ x2 = (x2 >>> 7) | (x2 << 25);
+ x1 = (x1 >>> 1) | (x1 << 31);
+ x1 ^= x0;
+ x3 = x0 << 3;
+ x2 ^= x3;
+ x0 = (x0 >>> 13) | (x0 << 19);
+ x1 ^= x4;
+ x2 ^= x4;
+ x4 = (x4 >>> 3) | (x4 << 29);
+ x4 ^= x2;
+ x2 ^= x0;
+ x3 = x2;
+ x2 &= x4;
+ x2 ^= x1;
+ x1 |= x4;
+ x1 ^= x3;
+ x3 &= x2;
+ x4 ^= x2;
+ x3 &= x0;
+ x3 ^= x4;
+ x4 &= x1;
+ x4 |= x0;
+ x2 = ~x2;
+ x4 ^= x2;
+ x0 ^= x2;
+ x0 &= x1;
+ x2 ^= x3;
+ x2 ^= x0;
+ }
+
+ private void sboxI1()
+ {
+ x4 = (x4 >>> 22) | (x4 << 10);
+ x1 = (x1 >>> 5) | (x1 << 27);
+ x0 = x3;
+ x4 ^= x2;
+ x0 <<= 7;
+ x1 ^= x2;
+ x4 ^= x0;
+ x1 ^= x3;
+ x2 = (x2 >>> 7) | (x2 << 25);
+ x3 = (x3 >>> 1) | (x3 << 31);
+ x3 ^= x1;
+ x0 = x1 << 3;
+ x2 ^= x0;
+ x1 = (x1 >>> 13) | (x1 << 19);
+ x3 ^= x4;
+ x2 ^= x4;
+ x4 = (x4 >>> 3) | (x4 << 29);
+ x0 = x3;
+ x3 ^= x2;
+ x2 &= x3;
+ x0 ^= x4;
+ x2 ^= x1;
+ x1 |= x3;
+ x4 ^= x2;
+ x1 ^= x0;
+ x1 |= x4;
+ x3 ^= x2;
+ x1 ^= x3;
+ x3 |= x2;
+ x3 ^= x1;
+ x0 = ~x0;
+ x0 ^= x3;
+ x3 |= x1;
+ x3 ^= x1;
+ x3 |= x0;
+ x2 ^= x3;
+ }
+
+ private void sboxI0()
+ {
+ x2 = (x2 >>> 22) | (x2 << 10);
+ x0 = (x0 >>> 5) | (x0 << 27);
+ x3 = x1;
+ x2 ^= x4;
+ x3 <<= 7;
+ x0 ^= x4;
+ x2 ^= x3;
+ x0 ^= x1;
+ x4 = (x4 >>> 7) | (x4 << 25);
+ x1 = (x1 >>> 1) | (x1 << 31);
+ x1 ^= x0;
+ x3 = x0 << 3;
+ x4 ^= x3;
+ x0 = (x0 >>> 13) | (x0 << 19);
+ x1 ^= x2;
+ x4 ^= x2;
+ x2 = (x2 >>> 3) | (x2 << 29);
+ x2 = ~x2;
+ x3 = x1;
+ x1 |= x0;
+ x3 = ~x3;
+ x1 ^= x2;
+ x2 |= x3;
+ x1 ^= x4;
+ x0 ^= x3;
+ x2 ^= x0;
+ x0 &= x4;
+ x3 ^= x0;
+ x0 |= x1;
+ x0 ^= x2;
+ x4 ^= x3;
+ x2 ^= x1;
+ x4 ^= x0;
+ x4 ^= x1;
+ x2 &= x4;
+ x3 ^= x2;
+ }
+
+ private void sboxI7()
+ {
+ x1 = (x1 >>> 22) | (x1 << 10);
+ x0 = (x0 >>> 5) | (x0 << 27);
+ x2 = x3;
+ x1 ^= x4;
+ x2 <<= 7;
+ x0 ^= x4;
+ x1 ^= x2;
+ x0 ^= x3;
+ x4 = (x4 >>> 7) | (x4 << 25);
+ x3 = (x3 >>> 1) | (x3 << 31);
+ x3 ^= x0;
+ x2 = x0 << 3;
+ x4 ^= x2;
+ x0 = (x0 >>> 13) | (x0 << 19);
+ x3 ^= x1;
+ x4 ^= x1;
+ x1 = (x1 >>> 3) | (x1 << 29);
+ x2 = x1;
+ x1 ^= x0;
+ x0 &= x4;
+ x1 = ~x1;
+ x2 |= x4;
+ x4 ^= x3;
+ x3 |= x0;
+ x0 ^= x1;
+ x1 &= x2;
+ x3 ^= x1;
+ x1 ^= x0;
+ x0 |= x1;
+ x4 &= x2;
+ x0 ^= x4;
+ x2 ^= x3;
+ x4 ^= x2;
+ x2 |= x0;
+ x4 ^= x1;
+ x2 ^= x1;
+ }
+
+ /** S-Box 0. */
+ private void sbox0(int r0, int r1, int r2, int r3)
+ {
+ int r4 = r1 ^ r2;
+ r3 ^= r0;
+ r1 = r1 & r3 ^ r0;
+ r0 = (r0 | r3) ^ r4;
+ r4 ^= r3;
+ r3 ^= r2;
+ r2 = (r2 | r1) ^ r4;
+ r4 = ~r4 | r1;
+ r1 ^= r3 ^ r4;
+ r3 |= r0;
+ x0 = r1 ^ r3;
+ x1 = r4 ^ r3;
+ x2 = r2;
+ x3 = r0;
+ }
+
+ /** S-Box 1. */
+ private void sbox1(int r0, int r1, int r2, int r3)
+ {
+ r0 = ~r0;
+ int r4 = r0;
+ r2 = ~r2;
+ r0 &= r1;
+ r2 ^= r0;
+ r0 |= r3;
+ r3 ^= r2;
+ r1 ^= r0;
+ r0 ^= r4;
+ r4 |= r1;
+ r1 ^= r3;
+ r2 = (r2 | r0) & r4;
+ r0 ^= r1;
+ x0 = r2;
+ x1 = r0 & r2 ^ r4;
+ x2 = r3;
+ x3 = r1 & r2 ^ r0;
+ }
+
+ /** S-Box 2. */
+ private void sbox2(int r0, int r1, int r2, int r3)
+ {
+ int r4 = r0;
+ r0 = r0 & r2 ^ r3;
+ r2 = r2 ^ r1 ^ r0;
+ r3 = (r3 | r4) ^ r1;
+ r4 ^= r2;
+ r1 = r3;
+ r3 = (r3 | r4) ^ r0;
+ r0 &= r1;
+ r4 ^= r0;
+ x0 = r2;
+ x1 = r3;
+ x2 = r1 ^ r3 ^ r4;
+ x3 = ~r4;
+ }
+
+ /** S-Box 3. */
+ private void sbox3(int r0, int r1, int r2, int r3)
+ {
+ int r4 = r0;
+ r0 |= r3;
+ r3 ^= r1;
+ r1 &= r4;
+ r4 = r4 ^ r2 | r1;
+ r2 ^= r3;
+ r3 = r3 & r0 ^ r4;
+ r0 ^= r1;
+ r4 = r4 & r0 ^ r2;
+ r1 = (r1 ^ r3 | r0) ^ r2;
+ r0 ^= r3;
+ x0 = (r1 | r3) ^ r0;
+ x1 = r1;
+ x2 = r3;
+ x3 = r4;
+ }
+
+ /** S-Box 4. */
+ private void sbox4(int r0, int r1, int r2, int r3)
+ {
+ r1 ^= r3;
+ int r4 = r1;
+ r3 = ~r3;
+ r2 ^= r3;
+ r3 ^= r0;
+ r1 = r1 & r3 ^ r2;
+ r4 ^= r3;
+ r0 ^= r4;
+ r2 = r2 & r4 ^ r0;
+ r0 &= r1;
+ r3 ^= r0;
+ r4 = (r4 | r1) ^ r0;
+ x0 = r1;
+ x1 = r4 ^ (r2 & r3);
+ x2 = ~((r0 | r3) ^ r2);
+ x3 = r3;
+ }
+
+ /** S-Box 5. */
+ private void sbox5(int r0, int r1, int r2, int r3)
+ {
+ r0 ^= r1;
+ r1 ^= r3;
+ int r4 = r1;
+ r3 = ~r3;
+ r1 &= r0;
+ r2 ^= r3;
+ r1 ^= r2;
+ r2 |= r4;
+ r4 ^= r3;
+ r3 = r3 & r1 ^ r0;
+ r4 = r4 ^ r1 ^ r2;
+ x0 = r1;
+ x1 = r3;
+ x2 = r0 & r3 ^ r4;
+ x3 = ~(r2 ^ r0) ^ (r4 | r3);
+ }
+
+ /** S-Box 6. */
+ private void sbox6(int r0, int r1, int r2, int r3)
+ {
+ int r4 = r3;
+ r2 = ~r2;
+ r3 = r3 & r0 ^ r2;
+ r0 ^= r4;
+ r2 = (r2 | r4) ^ r0;
+ r1 ^= r3;
+ r0 |= r1;
+ r2 ^= r1;
+ r4 ^= r0;
+ r0 = (r0 | r3) ^ r2;
+ r4 = r4 ^ r3 ^ r0;
+ x0 = r0;
+ x1 = r1;
+ x2 = r4;
+ x3 = r2 & r4 ^ ~r3;
+ }
+
+ /** S-Box 7. */
+ private void sbox7(int r0, int r1, int r2, int r3)
+ {
+ int r4 = r1;
+ r1 = (r1 | r2) ^ r3;
+ r4 ^= r2;
+ r2 ^= r1;
+ r3 = (r3 | r4) & r0;
+ r4 ^= r2;
+ r3 ^= r1;
+ r1 = (r1 | r4) ^ r0;
+ r0 = (r0 | r4) ^ r2;
+ r1 ^= r4;
+ r2 ^= r1;
+ x0 = r4 ^ (~r2 | r0);
+ x1 = r3;
+ x2 = r1 & r0 ^ r4;
+ x3 = r0;
+ }
+
+ private class Key
+ implements Cloneable
+ {
+ int k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, k10, k11, k12, k13, k14, k15,
+ k16, k17, k18, k19, k20, k21, k22, k23, k24, k25, k26, k27, k28, k29,
+ k30, k31, k32, k33, k34, k35, k36, k37, k38, k39, k40, k41, k42, k43,
+ k44, k45, k46, k47, k48, k49, k50, k51, k52, k53, k54, k55, k56, k57,
+ k58, k59, k60, k61, k62, k63, k64, k65, k66, k67, k68, k69, k70, k71,
+ k72, k73, k74, k75, k76, k77, k78, k79, k80, k81, k82, k83, k84, k85,
+ k86, k87, k88, k89, k90, k91, k92, k93, k94, k95, k96, k97, k98, k99,
+ k100, k101, k102, k103, k104, k105, k106, k107, k108, k109, k110, k111,
+ k112, k113, k114, k115, k116, k117, k118, k119, k120, k121, k122, k123,
+ k124, k125, k126, k127, k128, k129, k130, k131;
+
+ /** Trivial 0-arguments constructor. */
+ Key()
+ {
+ }
+
+ /** Cloning constructor. */
+ private Key(Key that)
+ {
+ this.k0 = that.k0;
+ this.k1 = that.k1;
+ this.k2 = that.k2;
+ this.k3 = that.k3;
+ this.k4 = that.k4;
+ this.k5 = that.k5;
+ this.k6 = that.k6;
+ this.k7 = that.k7;
+ this.k8 = that.k8;
+ this.k9 = that.k9;
+ this.k10 = that.k10;
+ this.k11 = that.k11;
+ this.k12 = that.k12;
+ this.k13 = that.k13;
+ this.k14 = that.k14;
+ this.k15 = that.k15;
+ this.k16 = that.k16;
+ this.k17 = that.k17;
+ this.k18 = that.k18;
+ this.k19 = that.k19;
+ this.k20 = that.k20;
+ this.k21 = that.k21;
+ this.k22 = that.k22;
+ this.k23 = that.k23;
+ this.k24 = that.k24;
+ this.k25 = that.k25;
+ this.k26 = that.k26;
+ this.k27 = that.k27;
+ this.k28 = that.k28;
+ this.k29 = that.k29;
+ this.k30 = that.k30;
+ this.k31 = that.k31;
+ this.k32 = that.k32;
+ this.k33 = that.k33;
+ this.k34 = that.k34;
+ this.k35 = that.k35;
+ this.k36 = that.k36;
+ this.k37 = that.k37;
+ this.k38 = that.k38;
+ this.k39 = that.k39;
+ this.k40 = that.k40;
+ this.k41 = that.k41;
+ this.k42 = that.k42;
+ this.k43 = that.k43;
+ this.k44 = that.k44;
+ this.k45 = that.k45;
+ this.k46 = that.k46;
+ this.k47 = that.k47;
+ this.k48 = that.k48;
+ this.k49 = that.k49;
+ this.k50 = that.k50;
+ this.k51 = that.k51;
+ this.k52 = that.k52;
+ this.k53 = that.k53;
+ this.k54 = that.k54;
+ this.k55 = that.k55;
+ this.k56 = that.k56;
+ this.k57 = that.k57;
+ this.k58 = that.k58;
+ this.k59 = that.k59;
+ this.k60 = that.k60;
+ this.k61 = that.k61;
+ this.k62 = that.k62;
+ this.k63 = that.k63;
+ this.k64 = that.k64;
+ this.k65 = that.k65;
+ this.k66 = that.k66;
+ this.k67 = that.k67;
+ this.k68 = that.k68;
+ this.k69 = that.k69;
+ this.k70 = that.k70;
+ this.k71 = that.k71;
+ this.k72 = that.k72;
+ this.k73 = that.k73;
+ this.k74 = that.k74;
+ this.k75 = that.k75;
+ this.k76 = that.k76;
+ this.k77 = that.k77;
+ this.k78 = that.k78;
+ this.k79 = that.k79;
+ this.k80 = that.k80;
+ this.k81 = that.k81;
+ this.k82 = that.k82;
+ this.k83 = that.k83;
+ this.k84 = that.k84;
+ this.k85 = that.k85;
+ this.k86 = that.k86;
+ this.k87 = that.k87;
+ this.k88 = that.k88;
+ this.k89 = that.k89;
+ this.k90 = that.k90;
+ this.k91 = that.k91;
+ this.k92 = that.k92;
+ this.k93 = that.k93;
+ this.k94 = that.k94;
+ this.k95 = that.k95;
+ this.k96 = that.k96;
+ this.k97 = that.k97;
+ this.k98 = that.k98;
+ this.k99 = that.k99;
+ this.k100 = that.k100;
+ this.k101 = that.k101;
+ this.k102 = that.k102;
+ this.k103 = that.k103;
+ this.k104 = that.k104;
+ this.k105 = that.k105;
+ this.k106 = that.k106;
+ this.k107 = that.k107;
+ this.k108 = that.k108;
+ this.k109 = that.k109;
+ this.k110 = that.k110;
+ this.k111 = that.k111;
+ this.k112 = that.k112;
+ this.k113 = that.k113;
+ this.k114 = that.k114;
+ this.k115 = that.k115;
+ this.k116 = that.k116;
+ this.k117 = that.k117;
+ this.k118 = that.k118;
+ this.k119 = that.k119;
+ this.k120 = that.k120;
+ this.k121 = that.k121;
+ this.k122 = that.k122;
+ this.k123 = that.k123;
+ this.k124 = that.k124;
+ this.k125 = that.k125;
+ this.k126 = that.k126;
+ this.k127 = that.k127;
+ this.k128 = that.k128;
+ this.k129 = that.k129;
+ this.k130 = that.k130;
+ this.k131 = that.k131;
+ }
+
+ public Object clone()
+ {
+ return new Key(this);
+ }
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Square.java b/libjava/classpath/gnu/javax/crypto/cipher/Square.java
new file mode 100644
index 000000000..231df0a47
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Square.java
@@ -0,0 +1,425 @@
+/* Square.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+
+/**
+ * Square is a 128-bit key, 128-bit block cipher algorithm developed by Joan
+ * Daemen, Lars Knudsen and Vincent Rijmen.
+ * <p>
+ * References:
+ * <ol>
+ * <li><a href="http://www.esat.kuleuven.ac.be/~rijmen/square/">The block
+ * cipher Square</a>.<br>
+ * <a href="mailto:daemen.j@protonworld.com">Joan Daemen</a>, <a
+ * href="mailto:lars.knudsen@esat.kuleuven.ac.be">Lars Knudsen</a> and <a
+ * href="mailto:vincent.rijmen@esat.kuleuven.ac.be">Vincent Rijmen</a>.</li>
+ * </ol>
+ */
+public final class Square
+ extends BaseCipher
+{
+ private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes
+ private static final int DEFAULT_KEY_SIZE = 16; // in bytes
+ private static final int ROUNDS = 8;
+ private static final int ROOT = 0x1F5; // for generating GF(2**8)
+ private static final int[] OFFSET = new int[ROUNDS];
+ private static final String Sdata =
+ "\uB1CE\uC395\u5AAD\uE702\u4D44\uFB91\u0C87\uA150"
+ + "\uCB67\u54DD\u468F\uE14E\uF0FD\uFCEB\uF9C4\u1A6E"
+ + "\u5EF5\uCC8D\u1C56\u43FE\u0761\uF875\u59FF\u0322"
+ + "\u8AD1\u13EE\u8800\u0E34\u1580\u94E3\uEDB5\u5323"
+ + "\u4B47\u17A7\u9035\uABD8\uB8DF\u4F57\u9A92\uDB1B"
+ + "\u3CC8\u9904\u8EE0\uD77D\u85BB\u402C\u3A45\uF142"
+ + "\u6520\u4118\u7225\u9370\u3605\uF20B\uA379\uEC08"
+ + "\u2731\u32B6\u7CB0\u0A73\u5B7B\uB781\uD20D\u6A26"
+ + "\u9E58\u9C83\u74B3\uAC30\u7A69\u770F\uAE21\uDED0"
+ + "\u2E97\u10A4\u98A8\uD468\u2D62\u296D\u1649\u76C7"
+ + "\uE8C1\u9637\uE5CA\uF4E9\u6312\uC2A6\u14BC\uD328"
+ + "\uAF2F\uE624\u52C6\uA009\uBD8C\uCF5D\u115F\u01C5"
+ + "\u9F3D\uA29B\uC93B\uBE51\u191F\u3F5C\uB2EF\u4ACD"
+ + "\uBFBA\u6F64\uD9F3\u3EB4\uAADC\uD506\uC07E\uF666"
+ + "\u6C84\u7138\uB91D\u7F9D\u488B\u2ADA\uA533\u8239"
+ + "\uD678\u86FA\uE42B\uA91E\u8960\u6BEA\u554C\uF7E2";
+ /** Substitution boxes for encryption and decryption. */
+ private static final byte[] Se = new byte[256];
+ private static final byte[] Sd = new byte[256];
+ /** Transposition boxes for encryption and decryption. */
+ private static final int[] Te = new int[256];
+ private static final int[] Td = new int[256];
+ /**
+ * KAT vector (from ecb_vk): I=87 KEY=00000000000000000000020000000000
+ * CT=A9DF031B4E25E89F527EFFF89CB0BEBA
+ */
+ private static final byte[] KAT_KEY =
+ Util.toBytesFromString("00000000000000000000020000000000");
+ private static final byte[] KAT_CT =
+ Util.toBytesFromString("A9DF031B4E25E89F527EFFF89CB0BEBA");
+ /** caches the result of the correctness test, once executed. */
+ private static Boolean valid;
+ static
+ {
+ int i, j;
+ // re-construct Se box values
+ int limit = Sdata.length();
+ char c1;
+ for (i = 0, j = 0; i < limit; i++)
+ {
+ c1 = Sdata.charAt(i);
+ Se[j++] = (byte)(c1 >>> 8);
+ Se[j++] = (byte) c1;
+ }
+ // compute Sd box values
+ for (i = 0; i < 256; i++)
+ Sd[Se[i] & 0xFF] = (byte) i;
+ // generate OFFSET values
+ OFFSET[0] = 1;
+ for (i = 1; i < ROUNDS; i++)
+ {
+ OFFSET[i] = mul(OFFSET[i - 1], 2);
+ OFFSET[i - 1] <<= 24;
+ }
+ OFFSET[ROUNDS - 1] <<= 24;
+ // generate Te and Td boxes if we're not reading their values
+ // Notes:
+ // (1) The function mul() computes the product of two elements of GF(2**8)
+ // with ROOT as reduction polynomial.
+ // (2) the values used in computing the Te and Td are the GF(2**8)
+ // coefficients of the diffusion polynomial c(x) and its inverse
+ // (modulo x**4 + 1) d(x), defined in sections 2.1 and 4 of the Square
+ // paper.
+ for (i = 0; i < 256; i++)
+ {
+ j = Se[i] & 0xFF;
+ Te[i] = (Se[i & 3] == 0) ? 0
+ : mul(j, 2) << 24
+ | j << 16
+ | j << 8
+ | mul(j, 3);
+ j = Sd[i] & 0xFF;
+ Td[i] = (Sd[i & 3] == 0) ? 0
+ : mul(j, 14) << 24
+ | mul(j, 9) << 16
+ | mul(j, 13) << 8
+ | mul(j, 11);
+ }
+ }
+
+ /** Trivial 0-arguments constructor. */
+ public Square()
+ {
+ super(Registry.SQUARE_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ private static void square(byte[] in, int i, byte[] out, int j, int[][] K,
+ int[] T, byte[] S)
+ {
+ int a = ((in[i++]) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ K[0][0];
+ int b = ((in[i++]) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ K[0][1];
+ int c = ((in[i++]) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i++] & 0xFF) ) ^ K[0][2];
+ int d = ((in[i++]) << 24
+ | (in[i++] & 0xFF) << 16
+ | (in[i++] & 0xFF) << 8
+ | (in[i ] & 0xFF) ) ^ K[0][3];
+ int r, aa, bb, cc, dd;
+ for (r = 1; r < ROUNDS; r++)
+ { // R - 1 full rounds
+ aa = T[(a >>> 24) ]
+ ^ rot32R(T[(b >>> 24) ], 8)
+ ^ rot32R(T[(c >>> 24) ], 16)
+ ^ rot32R(T[(d >>> 24) ], 24) ^ K[r][0];
+ bb = T[(a >>> 16) & 0xFF]
+ ^ rot32R(T[(b >>> 16) & 0xFF], 8)
+ ^ rot32R(T[(c >>> 16) & 0xFF], 16)
+ ^ rot32R(T[(d >>> 16) & 0xFF], 24) ^ K[r][1];
+ cc = T[(a >>> 8) & 0xFF]
+ ^ rot32R(T[(b >>> 8) & 0xFF], 8)
+ ^ rot32R(T[(c >>> 8) & 0xFF], 16)
+ ^ rot32R(T[(d >>> 8) & 0xFF], 24) ^ K[r][2];
+ dd = T[ a & 0xFF]
+ ^ rot32R(T[ b & 0xFF], 8)
+ ^ rot32R(T[ c & 0xFF], 16)
+ ^ rot32R(T[ d & 0xFF], 24) ^ K[r][3];
+ a = aa;
+ b = bb;
+ c = cc;
+ d = dd;
+ }
+ // last round (diffusion becomes only transposition)
+ aa = ((S[(a >>> 24) ] ) << 24
+ | (S[(b >>> 24) ] & 0xFF) << 16
+ | (S[(c >>> 24) ] & 0xFF) << 8
+ | (S[(d >>> 24) ] & 0xFF) ) ^ K[r][0];
+ bb = ((S[(a >>> 16) & 0xFF] ) << 24
+ | (S[(b >>> 16) & 0xFF] & 0xFF) << 16
+ | (S[(c >>> 16) & 0xFF] & 0xFF) << 8
+ | (S[(d >>> 16) & 0xFF] & 0xFF) ) ^ K[r][1];
+ cc = ((S[(a >>> 8) & 0xFF] ) << 24
+ | (S[(b >>> 8) & 0xFF] & 0xFF) << 16
+ | (S[(c >>> 8) & 0xFF] & 0xFF) << 8
+ | (S[(d >>> 8) & 0xFF] & 0xFF) ) ^ K[r][2];
+ dd = ((S[ a & 0xFF] ) << 24
+ | (S[ b & 0xFF] & 0xFF) << 16
+ | (S[ c & 0xFF] & 0xFF) << 8
+ | (S[ d & 0xFF] & 0xFF) ) ^ K[r][3];
+ out[j++] = (byte)(aa >>> 24);
+ out[j++] = (byte)(aa >>> 16);
+ out[j++] = (byte)(aa >>> 8);
+ out[j++] = (byte) aa;
+ out[j++] = (byte)(bb >>> 24);
+ out[j++] = (byte)(bb >>> 16);
+ out[j++] = (byte)(bb >>> 8);
+ out[j++] = (byte) bb;
+ out[j++] = (byte)(cc >>> 24);
+ out[j++] = (byte)(cc >>> 16);
+ out[j++] = (byte)(cc >>> 8);
+ out[j++] = (byte) cc;
+ out[j++] = (byte)(dd >>> 24);
+ out[j++] = (byte)(dd >>> 16);
+ out[j++] = (byte)(dd >>> 8);
+ out[j ] = (byte) dd;
+ }
+
+ /**
+ * Applies the Theta function to an input <i>in</i> in order to produce in
+ * <i>out</i> an internal session sub-key.
+ * <p>
+ * Both <i>in</i> and <i>out</i> are arrays of four ints.
+ * <p>
+ * Pseudo-code is:
+ * <pre>
+ * for (i = 0; i &lt; 4; i++)
+ * {
+ * out[i] = 0;
+ * for (j = 0, n = 24; j &lt; 4; j++, n -= 8)
+ * {
+ * k = mul(in[i] &gt;&gt;&gt; 24, G[0][j]) &circ; mul(in[i] &gt;&gt;&gt; 16, G[1][j])
+ * &circ; mul(in[i] &gt;&gt;&gt; 8, G[2][j]) &circ; mul(in[i], G[3][j]);
+ * out[i] &circ;= k &lt;&lt; n;
+ * }
+ * }
+ * </pre>
+ */
+ private static void transform(int[] in, int[] out)
+ {
+ int l3, l2, l1, l0, m;
+ for (int i = 0; i < 4; i++)
+ {
+ l3 = in[i];
+ l2 = l3 >>> 8;
+ l1 = l3 >>> 16;
+ l0 = l3 >>> 24;
+ m = ((mul(l0, 2) ^ mul(l1, 3) ^ l2 ^ l3) & 0xFF) << 24;
+ m ^= ((l0 ^ mul(l1, 2) ^ mul(l2, 3) ^ l3) & 0xFF) << 16;
+ m ^= ((l0 ^ l1 ^ mul(l2, 2) ^ mul(l3, 3)) & 0xFF) << 8;
+ m ^= ((mul(l0, 3) ^ l1 ^ l2 ^ mul(l3, 2)) & 0xFF);
+ out[i] = m;
+ }
+ }
+
+ /**
+ * Left rotate a 32-bit chunk.
+ *
+ * @param x the 32-bit data to rotate
+ * @param s number of places to left-rotate by
+ * @return the newly permutated value.
+ */
+ private static int rot32L(int x, int s)
+ {
+ return x << s | x >>> (32 - s);
+ }
+
+ /**
+ * Right rotate a 32-bit chunk.
+ *
+ * @param x the 32-bit data to rotate
+ * @param s number of places to right-rotate by
+ * @return the newly permutated value.
+ */
+ private static int rot32R(int x, int s)
+ {
+ return x >>> s | x << (32 - s);
+ }
+
+ /**
+ * Returns the product of two binary numbers a and b, using the generator ROOT
+ * as the modulus: p = (a * b) mod ROOT. ROOT Generates a suitable Galois
+ * Field in GF(2**8).
+ * <p>
+ * For best performance call it with abs(b) &lt; abs(a).
+ *
+ * @param a operand for multiply.
+ * @param b operand for multiply.
+ * @return the result of (a * b) % ROOT.
+ */
+ private static final int mul(int a, int b)
+ {
+ if (a == 0)
+ return 0;
+ a &= 0xFF;
+ b &= 0xFF;
+ int result = 0;
+ while (b != 0)
+ {
+ if ((b & 0x01) != 0)
+ result ^= a;
+ b >>>= 1;
+ a <<= 1;
+ if (a > 0xFF)
+ a ^= ROOT;
+ }
+ return result & 0xFF;
+ }
+
+ public Object clone()
+ {
+ Square result = new Square();
+ result.currentBlockSize = this.currentBlockSize;
+
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE));
+
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(DEFAULT_KEY_SIZE));
+
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Object makeKey(byte[] uk, int bs) throws InvalidKeyException
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ if (uk == null)
+ throw new InvalidKeyException("Empty key");
+ if (uk.length != DEFAULT_KEY_SIZE)
+ throw new InvalidKeyException("Key is not 128-bit.");
+ int[][] Ke = new int[ROUNDS + 1][4];
+ int[][] Kd = new int[ROUNDS + 1][4];
+ int[][] tK = new int[ROUNDS + 1][4];
+ int i = 0;
+ Ke[0][0] = (uk[i++] & 0xFF) << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ tK[0][0] = Ke[0][0];
+ Ke[0][1] = (uk[i++] & 0xFF) << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ tK[0][1] = Ke[0][1];
+ Ke[0][2] = (uk[i++] & 0xFF) << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i++] & 0xFF);
+ tK[0][2] = Ke[0][2];
+ Ke[0][3] = (uk[i++] & 0xFF) << 24
+ | (uk[i++] & 0xFF) << 16
+ | (uk[i++] & 0xFF) << 8
+ | (uk[i ] & 0xFF);
+ tK[0][3] = Ke[0][3];
+ int j;
+ for (i = 1, j = 0; i < ROUNDS + 1; i++, j++)
+ {
+ tK[i][0] = tK[j][0] ^ rot32L(tK[j][3], 8) ^ OFFSET[j];
+ tK[i][1] = tK[j][1] ^ tK[i][0];
+ tK[i][2] = tK[j][2] ^ tK[i][1];
+ tK[i][3] = tK[j][3] ^ tK[i][2];
+ System.arraycopy(tK[i], 0, Ke[i], 0, 4);
+ transform(Ke[j], Ke[j]);
+ }
+ for (i = 0; i < ROUNDS; i++)
+ System.arraycopy(tK[ROUNDS - i], 0, Kd[i], 0, 4);
+ transform(tK[0], Kd[ROUNDS]);
+ return new Object[] { Ke, Kd };
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ int[][] K = (int[][])((Object[]) k)[0];
+ square(in, i, out, j, K, Te, Se);
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ int[][] K = (int[][])((Object[]) k)[1];
+ square(in, i, out, j, K, Td, Sd);
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // do symmetry tests
+ if (result)
+ result = testKat(KAT_KEY, KAT_CT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java b/libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java
new file mode 100644
index 000000000..1d684c20a
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/TripleDES.java
@@ -0,0 +1,257 @@
+/* TripleDES.java --
+ Copyright (C) 2002, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Registry;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.security.InvalidKeyException;
+
+/**
+ * Triple-DES, 3DES, or DESede is a <i>combined cipher</i> that uses three
+ * iterations of the Data Encryption Standard cipher to theoretically improve
+ * the security of plain DES, at the cost of speed.
+ * <p>
+ * Triple-DES runs the DES algorithm three times with one, two or three
+ * independent 56-bit (DES) keys. When used with one DES key, the cipher behaves
+ * exactly like a (slower) DES.
+ * <p>
+ * To encrypt:
+ * <blockquote><i>C<sub>i</sub> = E<sub>k3</sub> ( E<sub>k2</sub><sup>-1</sup> (
+ * E<sub>k1</sub> ( P<sub>i</sub> )))</i>
+ * </blockquote>
+ * <p>
+ * And to decrypt:
+ * <blockquote><i>P<sub>i</sub> = E<sub>k1</sub><sup>-1</sup> (
+ * E<sub>k2</sub> ( E<sub>k3</sub><sup>-1</sup> ( C<sub>i</sub> )))</i>
+ * </blockquote>
+ * <p>
+ * (The "ede" comes from the encryption operation, which runs
+ * Encrypt-Decrypt-Encrypt)
+ * <p>
+ * References:
+ * <ol>
+ * <li>Bruce Schneier, <i>Applied Cryptography: Protocols, Algorithms, and
+ * Source Code in C, Second Edition</i>. (1996 John Wiley and Sons) ISBN
+ * 0-471-11709-9. Page 294--295.</li>
+ * </ol>
+ */
+public class TripleDES
+ extends BaseCipher
+{
+ /** Triple-DES only operates on 64 bit blocks. */
+ public static final int BLOCK_SIZE = 8;
+ /** By default, Triple-DES uses 168 bits of a parity-adjusted 192 bit key. */
+ public static final int KEY_SIZE = 24;
+ /** The underlying DES instance. */
+ private DES des;
+
+ /**
+ * Default 0-arguments constructor.
+ */
+ public TripleDES()
+ {
+ super(Registry.TRIPLEDES_CIPHER, BLOCK_SIZE, KEY_SIZE);
+ des = new DES();
+ }
+
+ /**
+ * Convenience method which calls the method with same name and three
+ * arguments, passing <code>3</code> as the value of the first parameter.
+ *
+ * @param kb The key bytes to adjust.
+ * @param offset The starting offset into the key bytes.
+ */
+ public static void adjustParity(byte[] kb, int offset)
+ {
+ adjustParity(3, kb, offset);
+ }
+
+ /**
+ * Adjusts, in-situ, the parity of the designated bytes, so they can be used
+ * as DES keys for a 3-DES 1-, 2- or 3-key cipher.
+ *
+ * @param keyCount the number of independent DES keys. Can be either
+ * <code>1</code>, <code>2</code> or <code>3</code>. Any other value
+ * will cause an {@link IllegalArgumentException} to be raised.
+ * @param kb the array containing the key bytes to adjust. MUST have at least
+ * <code>8 * keyCount</code> bytes starting at offset position
+ * <code>offset</code>, otherwise an
+ * {@link ArrayIndexOutOfBoundsException} will be raised.
+ * @param offset the starting offset into the array.
+ * @see DES#adjustParity(byte[],int)
+ */
+ public static void adjustParity(int keyCount, byte[] kb, int offset)
+ {
+ if (keyCount < 1 || keyCount > 3)
+ throw new IllegalArgumentException("Invalid keyCount value: " + keyCount);
+ DES.adjustParity(kb, offset);
+ if (keyCount > 1)
+ DES.adjustParity(kb, offset + 8);
+ if (keyCount > 2)
+ DES.adjustParity(kb, offset + 16);
+ }
+
+ /**
+ * Convenience method which calls the method with same name and three
+ * arguments, passing <code>3</code> as the value of the first parameter.
+ *
+ * @param kb The key bytes to test.
+ * @param offset The starting offset into the key bytes.
+ * @return <code>true</code> if the bytes in <i>kb</i> starting at
+ * <i>offset</i> are parity adjusted.
+ * @see DES#isParityAdjusted(byte[],int)
+ * @see #adjustParity(byte[],int)
+ */
+ public static boolean isParityAdjusted(byte[] kb, int offset)
+ {
+ return isParityAdjusted(3, kb, offset);
+ }
+
+ /**
+ * Tests if enough bytes, expected to be used as DES keys for a 3-DES 1-, 2-
+ * or 3-key cipher, located in a designated byte array, has already been
+ * parity adjusted.
+ *
+ * @param keyCount the number of independent DES keys. Can be either
+ * <code>1</code>, <code>2</code> or <code>3</code>. Any other value
+ * will cause an {@link IllegalArgumentException} to be raised.
+ * @param kb the array containing the key bytes to test. MUST have at least
+ * <code>8 * keyCount</code> bytes starting at offset position
+ * <code>offset</code>, otherwise an
+ * {@link ArrayIndexOutOfBoundsException} will be raised.
+ * @param offset the starting offset into the array.
+ * @return <code>true</code> if the bytes in <i>kb</i> starting at
+ * <i>offset</i> are parity adjusted.
+ * @see DES#isParityAdjusted(byte[],int)
+ * @see #adjustParity(int,byte[],int)
+ */
+ public static boolean isParityAdjusted(int keyCount, byte[] kb, int offset)
+ {
+ if (keyCount < 1 || keyCount > 3)
+ throw new IllegalArgumentException("Invalid keyCount value: " + keyCount);
+ boolean result = DES.isParityAdjusted(kb, offset);
+ if (keyCount > 1)
+ result = result && DES.isParityAdjusted(kb, offset + 8);
+ if (keyCount > 2)
+ result = result && DES.isParityAdjusted(kb, offset + 16);
+ return result;
+ }
+
+ public Object clone()
+ {
+ return new TripleDES();
+ }
+
+ public Iterator blockSizes()
+ {
+ return Collections.singleton(Integer.valueOf(BLOCK_SIZE)).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(8));
+ al.add(Integer.valueOf(16));
+ al.add(Integer.valueOf(24));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Object makeKey(byte[] kb, int bs) throws InvalidKeyException
+ {
+ if (kb.length != 8 && kb.length != 16 && kb.length != 24)
+ throw new InvalidKeyException("TripleDES key must be 8, 16 or 24 bytes: "
+ + kb.length);
+ Context ctx = new Context();
+ byte[] k1 = new byte[DES.KEY_SIZE];
+ System.arraycopy(kb, 0, k1, 0, DES.KEY_SIZE);
+ if (! DES.isParityAdjusted(k1, 0))
+ DES.adjustParity(k1, 0);
+ ctx.k1 = (DES.Context) des.makeKey(k1, bs);
+
+ if (kb.length == 8)
+ {
+ ctx.k2 = (DES.Context) des.makeKey(k1, bs);
+ ctx.k3 = (DES.Context) des.makeKey(k1, bs);
+ }
+ else
+ {
+ byte[] k2 = new byte[DES.KEY_SIZE];
+ System.arraycopy(kb, DES.KEY_SIZE, k2, 0, DES.KEY_SIZE);
+ if (! DES.isParityAdjusted(k2, 0))
+ DES.adjustParity(k2, 0);
+ ctx.k2 = (DES.Context) des.makeKey(k2, bs);
+
+ byte[] k3 = new byte[DES.KEY_SIZE];
+ if (kb.length == 16)
+ ctx.k3 = (DES.Context) des.makeKey(k1, bs);
+ else
+ {
+ System.arraycopy(kb, 2 * DES.KEY_SIZE, k3, 0, DES.KEY_SIZE);
+ if (! DES.isParityAdjusted(k3, 0))
+ DES.adjustParity(k3, 0);
+ ctx.k3 = (DES.Context) des.makeKey(k3, bs);
+ }
+ }
+ return ctx;
+ }
+
+ public void encrypt(byte[] in, int i, byte[] out, int o, Object K, int bs)
+ {
+ byte[] temp = new byte[BLOCK_SIZE];
+ des.encrypt(in, i, temp, 0, ((Context) K).k1, bs);
+ des.decrypt(temp, 0, temp, 0, ((Context) K).k2, bs);
+ des.encrypt(temp, 0, out, o, ((Context) K).k3, bs);
+ }
+
+ public void decrypt(byte[] in, int i, byte[] out, int o, Object K, int bs)
+ {
+ byte[] temp = new byte[BLOCK_SIZE];
+ des.decrypt(in, i, temp, 0, ((Context) K).k3, bs);
+ des.encrypt(temp, 0, temp, 0, ((Context) K).k2, bs);
+ des.decrypt(temp, 0, out, o, ((Context) K).k1, bs);
+ }
+
+ private final class Context
+ {
+ DES.Context k1, k2, k3;
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/Twofish.java b/libjava/classpath/gnu/javax/crypto/cipher/Twofish.java
new file mode 100644
index 000000000..c9789a699
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/Twofish.java
@@ -0,0 +1,737 @@
+/* Twofish.java --
+ Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import gnu.java.security.Configuration;
+import gnu.java.security.Registry;
+import gnu.java.security.util.Util;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.logging.Logger;
+
+/**
+ * Twofish is a balanced 128-bit Feistel cipher, consisting of 16 rounds. In
+ * each round, a 64-bit S-box value is computed from 64 bits of the block, and
+ * this value is xored into the other half of the block. The two half-blocks are
+ * then exchanged, and the next round begins. Before the first round, all input
+ * bits are xored with key-dependent "whitening" subkeys, and after the final
+ * round the output bits are xored with other key-dependent whitening subkeys;
+ * these subkeys are not used anywhere else in the algorithm.
+ * <p>
+ * Twofish is designed by Bruce Schneier, Doug Whiting, John Kelsey, Chris
+ * Hall, David Wagner and Niels Ferguson.
+ * <p>
+ * References:
+ * <ol>
+ * <li><a href="http://www.counterpane.com/twofish-paper.html">Twofish: A
+ * 128-bit Block Cipher</a>.</li>
+ * </ol>
+ */
+public final class Twofish
+ extends BaseCipher
+{
+ private static final Logger log = Logger.getLogger(Twofish.class.getName());
+ private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes
+ private static final int DEFAULT_KEY_SIZE = 16; // in bytes
+ private static final int MAX_ROUNDS = 16; // max # rounds (for allocating subkeys)
+ private static final int ROUNDS = MAX_ROUNDS;
+ // subkey array indices
+ private static final int INPUT_WHITEN = 0;
+ private static final int OUTPUT_WHITEN = INPUT_WHITEN + DEFAULT_BLOCK_SIZE / 4;
+ private static final int ROUND_SUBKEYS = OUTPUT_WHITEN + DEFAULT_BLOCK_SIZE / 4;
+ private static final int SK_STEP = 0x02020202;
+ private static final int SK_BUMP = 0x01010101;
+ private static final int SK_ROTL = 9;
+ private static final String[] Pm = new String[] {
+ // p0
+ "\uA967\uB3E8\u04FD\uA376\u9A92\u8078\uE4DD\uD138"
+ + "\u0DC6\u3598\u18F7\uEC6C\u4375\u3726\uFA13\u9448"
+ + "\uF2D0\u8B30\u8454\uDF23\u195B\u3D59\uF3AE\uA282"
+ + "\u6301\u832E\uD951\u9B7C\uA6EB\uA5BE\u160C\uE361"
+ + "\uC08C\u3AF5\u732C\u250B\uBB4E\u896B\u536A\uB4F1"
+ + "\uE1E6\uBD45\uE2F4\uB666\uCC95\u0356\uD41C\u1ED7"
+ + "\uFBC3\u8EB5\uE9CF\uBFBA\uEA77\u39AF\u33C9\u6271"
+ + "\u8179\u09AD\u24CD\uF9D8\uE5C5\uB94D\u4408\u86E7"
+ + "\uA11D\uAAED\u0670\uB2D2\u417B\uA011\u31C2\u2790"
+ + "\u20F6\u60FF\u965C\uB1AB\u9E9C\u521B\u5F93\u0AEF"
+ + "\u9185\u49EE\u2D4F\u8F3B\u4787\u6D46\uD63E\u6964"
+ + "\u2ACE\uCB2F\uFC97\u057A\uAC7F\uD51A\u4B0E\uA75A"
+ + "\u2814\u3F29\u883C\u4C02\uB8DA\uB017\u551F\u8A7D"
+ + "\u57C7\u8D74\uB7C4\u9F72\u7E15\u2212\u5807\u9934"
+ + "\u6E50\uDE68\u65BC\uDBF8\uC8A8\u2B40\uDCFE\u32A4"
+ + "\uCA10\u21F0\uD35D\u0F00\u6F9D\u3642\u4A5E\uC1E0",
+ // p1
+ "\u75F3\uC6F4\uDB7B\uFBC8\u4AD3\uE66B\u457D\uE84B"
+ + "\uD632\uD8FD\u3771\uF1E1\u300F\uF81B\u87FA\u063F"
+ + "\u5EBA\uAE5B\u8A00\uBC9D\u6DC1\uB10E\u805D\uD2D5"
+ + "\uA084\u0714\uB590\u2CA3\uB273\u4C54\u9274\u3651"
+ + "\u38B0\uBD5A\uFC60\u6296\u6C42\uF710\u7C28\u278C"
+ + "\u1395\u9CC7\u2446\u3B70\uCAE3\u85CB\u11D0\u93B8"
+ + "\uA683\u20FF\u9F77\uC3CC\u036F\u08BF\u40E7\u2BE2"
+ + "\u790C\uAA82\u413A\uEAB9\uE49A\uA497\u7EDA\u7A17"
+ + "\u6694\uA11D\u3DF0\uDEB3\u0B72\uA71C\uEFD1\u533E"
+ + "\u8F33\u265F\uEC76\u2A49\u8188\uEE21\uC41A\uEBD9"
+ + "\uC539\u99CD\uAD31\u8B01\u1823\uDD1F\u4E2D\uF948"
+ + "\u4FF2\u658E\u785C\u5819\u8DE5\u9857\u677F\u0564"
+ + "\uAF63\uB6FE\uF5B7\u3CA5\uCEE9\u6844\uE04D\u4369"
+ + "\u292E\uAC15\u59A8\u0A9E\u6E47\uDF34\u356A\uCFDC"
+ + "\u22C9\uC09B\u89D4\uEDAB\u12A2\u0D52\uBB02\u2FA9"
+ + "\uD761\u1EB4\u5004\uF6C2\u1625\u8656\u5509\uBE91" };
+ /** Fixed 8x8 permutation S-boxes */
+ private static final byte[][] P = new byte[2][256]; // blank final
+ /**
+ * Define the fixed p0/p1 permutations used in keyed S-box lookup. By
+ * changing the following constant definitions, the S-boxes will
+ * automatically get changed in the Twofish engine.
+ */
+ private static final int P_00 = 1;
+ private static final int P_01 = 0;
+ private static final int P_02 = 0;
+ private static final int P_03 = P_01 ^ 1;
+ private static final int P_04 = 1;
+ private static final int P_10 = 0;
+ private static final int P_11 = 0;
+ private static final int P_12 = 1;
+ private static final int P_13 = P_11 ^ 1;
+ private static final int P_14 = 0;
+ private static final int P_20 = 1;
+ private static final int P_21 = 1;
+ private static final int P_22 = 0;
+ private static final int P_23 = P_21 ^ 1;
+ private static final int P_24 = 0;
+ private static final int P_30 = 0;
+ private static final int P_31 = 1;
+ private static final int P_32 = 1;
+ private static final int P_33 = P_31 ^ 1;
+ private static final int P_34 = 1;
+ /** Primitive polynomial for GF(256) */
+ private static final int GF256_FDBK_2 = 0x169 / 2;
+ private static final int GF256_FDBK_4 = 0x169 / 4;
+ /** MDS matrix */
+ private static final int[][] MDS = new int[4][256]; // blank final
+ private static final int RS_GF_FDBK = 0x14D; // field generator
+ /**
+ * KAT vector (from ecb_vk):
+ * I=183
+ * KEY=0000000000000000000000000000000000000000000002000000000000000000
+ * CT=F51410475B33FBD3DB2117B5C17C82D4
+ */
+ private static final byte[] KAT_KEY = Util.toBytesFromString(
+ "0000000000000000000000000000000000000000000002000000000000000000");
+ private static final byte[] KAT_CT =
+ Util.toBytesFromString("F51410475B33FBD3DB2117B5C17C82D4");
+ /** caches the result of the correctness test, once executed. */
+ private static Boolean valid;
+ static
+ {
+ long time = System.currentTimeMillis();
+ // expand the P arrays
+ int i;
+ char c;
+ for (i = 0; i < 256; i++)
+ {
+ c = Pm[0].charAt(i >>> 1);
+ P[0][i] = (byte)((i & 1) == 0 ? c >>> 8 : c);
+ c = Pm[1].charAt(i >>> 1);
+ P[1][i] = (byte)((i & 1) == 0 ? c >>> 8 : c);
+ }
+ // precompute the MDS matrix
+ int[] m1 = new int[2];
+ int[] mX = new int[2];
+ int[] mY = new int[2];
+ int j;
+ for (i = 0; i < 256; i++)
+ {
+ j = P[0][i] & 0xFF; // compute all the matrix elements
+ m1[0] = j;
+ mX[0] = Mx_X(j) & 0xFF;
+ mY[0] = Mx_Y(j) & 0xFF;
+ j = P[1][i] & 0xFF;
+ m1[1] = j;
+ mX[1] = Mx_X(j) & 0xFF;
+ mY[1] = Mx_Y(j) & 0xFF;
+ MDS[0][i] = m1[P_00] << 0
+ | mX[P_00] << 8
+ | mY[P_00] << 16
+ | mY[P_00] << 24;
+ MDS[1][i] = mY[P_10] << 0
+ | mY[P_10] << 8
+ | mX[P_10] << 16
+ | m1[P_10] << 24;
+ MDS[2][i] = mX[P_20] << 0
+ | mY[P_20] << 8
+ | m1[P_20] << 16
+ | mY[P_20] << 24;
+ MDS[3][i] = mX[P_30] << 0
+ | m1[P_30] << 8
+ | mY[P_30] << 16
+ | mX[P_30] << 24;
+ }
+ time = System.currentTimeMillis() - time;
+ if (Configuration.DEBUG)
+ {
+ log.fine("Static Data");
+ log.fine("MDS[0][]:");
+ StringBuilder sb;
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(MDS[0][i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("MDS[1][]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(MDS[1][i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("MDS[2][]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(MDS[2][i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("MDS[3][]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(MDS[3][i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("Total initialization time: " + time + " ms.");
+ }
+ }
+
+ private static final int LFSR1(int x)
+ {
+ return (x >> 1) ^ ((x & 0x01) != 0 ? GF256_FDBK_2 : 0);
+ }
+
+ private static final int LFSR2(int x)
+ {
+ return (x >> 2)
+ ^ ((x & 0x02) != 0 ? GF256_FDBK_2 : 0)
+ ^ ((x & 0x01) != 0 ? GF256_FDBK_4 : 0);
+ }
+
+ private static final int Mx_X(int x)
+ { // 5B
+ return x ^ LFSR2(x);
+ }
+
+ private static final int Mx_Y(int x)
+ { // EF
+ return x ^ LFSR1(x) ^ LFSR2(x);
+ }
+
+ /** Trivial 0-arguments constructor. */
+ public Twofish()
+ {
+ super(Registry.TWOFISH_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
+ }
+
+ private static final int b0(int x)
+ {
+ return x & 0xFF;
+ }
+
+ private static final int b1(int x)
+ {
+ return (x >>> 8) & 0xFF;
+ }
+
+ private static final int b2(int x)
+ {
+ return (x >>> 16) & 0xFF;
+ }
+
+ private static final int b3(int x)
+ {
+ return (x >>> 24) & 0xFF;
+ }
+
+ /**
+ * Use (12, 8) Reed-Solomon code over GF(256) to produce a key S-box 32-bit
+ * entity from two key material 32-bit entities.
+ *
+ * @param k0 1st 32-bit entity.
+ * @param k1 2nd 32-bit entity.
+ * @return remainder polynomial generated using RS code
+ */
+ private static final int RS_MDS_Encode(int k0, int k1)
+ {
+ int r = k1;
+ int i;
+ for (i = 0; i < 4; i++) // shift 1 byte at a time
+ r = RS_rem(r);
+ r ^= k0;
+ for (i = 0; i < 4; i++)
+ r = RS_rem(r);
+ return r;
+ }
+
+ /**
+ * Reed-Solomon code parameters: (12, 8) reversible code:<p>
+ * <pre>
+ * g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1
+ * </pre>
+ * where a = primitive root of field generator 0x14D
+ */
+ private static final int RS_rem(int x)
+ {
+ int b = (x >>> 24) & 0xFF;
+ int g2 = ((b << 1) ^ ((b & 0x80) != 0 ? RS_GF_FDBK : 0)) & 0xFF;
+ int g3 = (b >>> 1) ^ ((b & 0x01) != 0 ? (RS_GF_FDBK >>> 1) : 0) ^ g2;
+ int result = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b;
+ return result;
+ }
+
+ private static final int F32(int k64Cnt, int x, int[] k32)
+ {
+ int b0 = b0(x);
+ int b1 = b1(x);
+ int b2 = b2(x);
+ int b3 = b3(x);
+ int k0 = k32[0];
+ int k1 = k32[1];
+ int k2 = k32[2];
+ int k3 = k32[3];
+ int result = 0;
+ switch (k64Cnt & 3)
+ {
+ case 1:
+ result = MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)]
+ ^ MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)]
+ ^ MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)]
+ ^ MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)];
+ break;
+ case 0: // same as 4
+ b0 = (P[P_04][b0] & 0xFF) ^ b0(k3);
+ b1 = (P[P_14][b1] & 0xFF) ^ b1(k3);
+ b2 = (P[P_24][b2] & 0xFF) ^ b2(k3);
+ b3 = (P[P_34][b3] & 0xFF) ^ b3(k3);
+ case 3:
+ b0 = (P[P_03][b0] & 0xFF) ^ b0(k2);
+ b1 = (P[P_13][b1] & 0xFF) ^ b1(k2);
+ b2 = (P[P_23][b2] & 0xFF) ^ b2(k2);
+ b3 = (P[P_33][b3] & 0xFF) ^ b3(k2);
+ case 2: // 128-bit keys (optimize for this case)
+ result = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF) ^ b0(k1)] & 0xFF) ^ b0(k0)]
+ ^ MDS[1][(P[P_11][(P[P_12][b1] & 0xFF) ^ b1(k1)] & 0xFF) ^ b1(k0)]
+ ^ MDS[2][(P[P_21][(P[P_22][b2] & 0xFF) ^ b2(k1)] & 0xFF) ^ b2(k0)]
+ ^ MDS[3][(P[P_31][(P[P_32][b3] & 0xFF) ^ b3(k1)] & 0xFF) ^ b3(k0)];
+ break;
+ }
+ return result;
+ }
+
+ private static final int Fe32(int[] sBox, int x, int R)
+ {
+ return sBox[ 2 * _b(x, R ) ]
+ ^ sBox[ 2 * _b(x, R + 1) + 1]
+ ^ sBox[0x200 + 2 * _b(x, R + 2) ]
+ ^ sBox[0x200 + 2 * _b(x, R + 3) + 1];
+ }
+
+ private static final int _b(int x, int N)
+ {
+ switch (N % 4)
+ {
+ case 0:
+ return x & 0xFF;
+ case 1:
+ return (x >>> 8) & 0xFF;
+ case 2:
+ return (x >>> 16) & 0xFF;
+ default:
+ return x >>> 24;
+ }
+ }
+
+ public Object clone()
+ {
+ Twofish result = new Twofish();
+ result.currentBlockSize = this.currentBlockSize;
+ return result;
+ }
+
+ public Iterator blockSizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(DEFAULT_BLOCK_SIZE));
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ public Iterator keySizes()
+ {
+ ArrayList al = new ArrayList();
+ al.add(Integer.valueOf(8)); // 64-bit
+ al.add(Integer.valueOf(16)); // 128-bit
+ al.add(Integer.valueOf(24)); // 192-bit
+ al.add(Integer.valueOf(32)); // 256-bit
+ return Collections.unmodifiableList(al).iterator();
+ }
+
+ /**
+ * Expands a user-supplied key material into a session key for a designated
+ * <i>block size</i>.
+ *
+ * @param k the 64/128/192/256-bit user-key to use.
+ * @param bs the desired block size in bytes.
+ * @return an Object encapsulating the session key.
+ * @exception IllegalArgumentException if the block size is not 16 (128-bit).
+ * @exception InvalidKeyException if the key data is invalid.
+ */
+ public Object makeKey(byte[] k, int bs) throws InvalidKeyException
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ if (k == null)
+ throw new InvalidKeyException("Empty key");
+ int length = k.length;
+ if (! (length == 8 || length == 16 || length == 24 || length == 32))
+ throw new InvalidKeyException("Incorrect key length");
+ int k64Cnt = length / 8;
+ int subkeyCnt = ROUND_SUBKEYS + 2 * ROUNDS;
+ int[] k32e = new int[4]; // even 32-bit entities
+ int[] k32o = new int[4]; // odd 32-bit entities
+ int[] sBoxKey = new int[4];
+ // split user key material into even and odd 32-bit entities and
+ // compute S-box keys using (12, 8) Reed-Solomon code over GF(256)
+ int i, j, offset = 0;
+ for (i = 0, j = k64Cnt - 1; i < 4 && offset < length; i++, j--)
+ {
+ k32e[i] = (k[offset++] & 0xFF)
+ | (k[offset++] & 0xFF) << 8
+ | (k[offset++] & 0xFF) << 16
+ | (k[offset++] & 0xFF) << 24;
+ k32o[i] = (k[offset++] & 0xFF)
+ | (k[offset++] & 0xFF) << 8
+ | (k[offset++] & 0xFF) << 16
+ | (k[offset++] & 0xFF) << 24;
+ sBoxKey[j] = RS_MDS_Encode(k32e[i], k32o[i]); // reverse order
+ }
+ // compute the round decryption subkeys for PHT. these same subkeys
+ // will be used in encryption but will be applied in reverse order.
+ int q, A, B;
+ int[] subKeys = new int[subkeyCnt];
+ for (i = q = 0; i < subkeyCnt / 2; i++, q += SK_STEP)
+ {
+ A = F32(k64Cnt, q, k32e); // A uses even key entities
+ B = F32(k64Cnt, q + SK_BUMP, k32o); // B uses odd key entities
+ B = B << 8 | B >>> 24;
+ A += B;
+ subKeys[2 * i] = A; // combine with a PHT
+ A += B;
+ subKeys[2 * i + 1] = A << SK_ROTL | A >>> (32 - SK_ROTL);
+ }
+ // fully expand the table for speed
+ int k0 = sBoxKey[0];
+ int k1 = sBoxKey[1];
+ int k2 = sBoxKey[2];
+ int k3 = sBoxKey[3];
+ int b0, b1, b2, b3;
+ int[] sBox = new int[4 * 256];
+ for (i = 0; i < 256; i++)
+ {
+ b0 = b1 = b2 = b3 = i;
+ switch (k64Cnt & 3)
+ {
+ case 1:
+ sBox[ 2 * i ] = MDS[0][(P[P_01][b0] & 0xFF) ^ b0(k0)];
+ sBox[ 2 * i + 1] = MDS[1][(P[P_11][b1] & 0xFF) ^ b1(k0)];
+ sBox[0x200 + 2 * i ] = MDS[2][(P[P_21][b2] & 0xFF) ^ b2(k0)];
+ sBox[0x200 + 2 * i + 1] = MDS[3][(P[P_31][b3] & 0xFF) ^ b3(k0)];
+ break;
+ case 0: // same as 4
+ b0 = (P[P_04][b0] & 0xFF) ^ b0(k3);
+ b1 = (P[P_14][b1] & 0xFF) ^ b1(k3);
+ b2 = (P[P_24][b2] & 0xFF) ^ b2(k3);
+ b3 = (P[P_34][b3] & 0xFF) ^ b3(k3);
+ case 3:
+ b0 = (P[P_03][b0] & 0xFF) ^ b0(k2);
+ b1 = (P[P_13][b1] & 0xFF) ^ b1(k2);
+ b2 = (P[P_23][b2] & 0xFF) ^ b2(k2);
+ b3 = (P[P_33][b3] & 0xFF) ^ b3(k2);
+ case 2: // 128-bit keys
+ sBox[ 2 * i ] = MDS[0][(P[P_01][(P[P_02][b0] & 0xFF)
+ ^ b0(k1)] & 0xFF) ^ b0(k0)];
+ sBox[ 2 * i + 1] = MDS[1][(P[P_11][(P[P_12][b1] & 0xFF)
+ ^ b1(k1)] & 0xFF) ^ b1(k0)];
+ sBox[0x200 + 2 * i ] = MDS[2][(P[P_21][(P[P_22][b2] & 0xFF)
+ ^ b2(k1)] & 0xFF) ^ b2(k0)];
+ sBox[0x200 + 2 * i + 1] = MDS[3][(P[P_31][(P[P_32][b3] & 0xFF)
+ ^ b3(k1)] & 0xFF) ^ b3(k0)];
+ }
+ }
+ if (Configuration.DEBUG)
+ {
+ StringBuilder sb;
+ log.fine("S-box[]:");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(sBox[i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(sBox[256 + i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(sBox[512 + i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("");
+ for (i = 0; i < 64; i++)
+ {
+ sb = new StringBuilder();
+ for (j = 0; j < 4; j++)
+ sb.append("0x").append(Util.toString(sBox[768 + i * 4 + j])).append(", ");
+ log.fine(sb.toString());
+ }
+ log.fine("User (odd, even) keys --> S-Box keys:");
+ for (i = 0; i < k64Cnt; i++)
+ log.fine("0x" + Util.toString(k32o[i])
+ + " 0x" + Util.toString(k32e[i])
+ + " --> 0x" + Util.toString(sBoxKey[k64Cnt - 1 - i]));
+ log.fine("Round keys:");
+ for (i = 0; i < ROUND_SUBKEYS + 2 * ROUNDS; i += 2)
+ log.fine("0x" + Util.toString(subKeys[i])
+ + " 0x" + Util.toString(subKeys[i + 1]));
+ }
+ return new Object[] { sBox, subKeys };
+ }
+
+ public void encrypt(byte[] in, int inOffset, byte[] out, int outOffset,
+ Object sessionKey, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ Object[] sk = (Object[]) sessionKey; // extract S-box and session key
+ int[] sBox = (int[]) sk[0];
+ int[] sKey = (int[]) sk[1];
+ if (Configuration.DEBUG)
+ log.fine("PT=" + Util.toString(in, inOffset, bs));
+ int x0 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ int x1 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ int x2 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ int x3 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ x0 ^= sKey[INPUT_WHITEN];
+ x1 ^= sKey[INPUT_WHITEN + 1];
+ x2 ^= sKey[INPUT_WHITEN + 2];
+ x3 ^= sKey[INPUT_WHITEN + 3];
+ if (Configuration.DEBUG)
+ log.fine("PTw=" + Util.toString(x0) + Util.toString(x1)
+ + Util.toString(x2) + Util.toString(x3));
+ int t0, t1;
+ int k = ROUND_SUBKEYS;
+ for (int R = 0; R < ROUNDS; R += 2)
+ {
+ t0 = Fe32(sBox, x0, 0);
+ t1 = Fe32(sBox, x1, 3);
+ x2 ^= t0 + t1 + sKey[k++];
+ x2 = x2 >>> 1 | x2 << 31;
+ x3 = x3 << 1 | x3 >>> 31;
+ x3 ^= t0 + 2 * t1 + sKey[k++];
+ if (Configuration.DEBUG)
+ log.fine("CT" + (R) + "=" + Util.toString(x0) + Util.toString(x1)
+ + Util.toString(x2) + Util.toString(x3));
+ t0 = Fe32(sBox, x2, 0);
+ t1 = Fe32(sBox, x3, 3);
+ x0 ^= t0 + t1 + sKey[k++];
+ x0 = x0 >>> 1 | x0 << 31;
+ x1 = x1 << 1 | x1 >>> 31;
+ x1 ^= t0 + 2 * t1 + sKey[k++];
+ if (Configuration.DEBUG)
+ log.fine("CT" + (R + 1) + "=" + Util.toString(x0) + Util.toString(x1)
+ + Util.toString(x2) + Util.toString(x3));
+ }
+ x2 ^= sKey[OUTPUT_WHITEN];
+ x3 ^= sKey[OUTPUT_WHITEN + 1];
+ x0 ^= sKey[OUTPUT_WHITEN + 2];
+ x1 ^= sKey[OUTPUT_WHITEN + 3];
+ if (Configuration.DEBUG)
+ log.fine("CTw=" + Util.toString(x0) + Util.toString(x1)
+ + Util.toString(x2) + Util.toString(x3));
+ out[outOffset++] = (byte) x2;
+ out[outOffset++] = (byte)(x2 >>> 8);
+ out[outOffset++] = (byte)(x2 >>> 16);
+ out[outOffset++] = (byte)(x2 >>> 24);
+ out[outOffset++] = (byte) x3;
+ out[outOffset++] = (byte)(x3 >>> 8);
+ out[outOffset++] = (byte)(x3 >>> 16);
+ out[outOffset++] = (byte)(x3 >>> 24);
+ out[outOffset++] = (byte) x0;
+ out[outOffset++] = (byte)(x0 >>> 8);
+ out[outOffset++] = (byte)(x0 >>> 16);
+ out[outOffset++] = (byte)(x0 >>> 24);
+ out[outOffset++] = (byte) x1;
+ out[outOffset++] = (byte)(x1 >>> 8);
+ out[outOffset++] = (byte)(x1 >>> 16);
+ out[outOffset ] = (byte)(x1 >>> 24);
+ if (Configuration.DEBUG)
+ log.fine("CT=" + Util.toString(out, outOffset - 15, 16) + "\n");
+ }
+
+ public void decrypt(byte[] in, int inOffset, byte[] out, int outOffset,
+ Object sessionKey, int bs)
+ {
+ if (bs != DEFAULT_BLOCK_SIZE)
+ throw new IllegalArgumentException();
+ Object[] sk = (Object[]) sessionKey; // extract S-box and session key
+ int[] sBox = (int[]) sk[0];
+ int[] sKey = (int[]) sk[1];
+ if (Configuration.DEBUG)
+ log.fine("CT=" + Util.toString(in, inOffset, bs));
+ int x2 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ int x3 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ int x0 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ int x1 = (in[inOffset++] & 0xFF)
+ | (in[inOffset++] & 0xFF) << 8
+ | (in[inOffset++] & 0xFF) << 16
+ | (in[inOffset++] & 0xFF) << 24;
+ x2 ^= sKey[OUTPUT_WHITEN];
+ x3 ^= sKey[OUTPUT_WHITEN + 1];
+ x0 ^= sKey[OUTPUT_WHITEN + 2];
+ x1 ^= sKey[OUTPUT_WHITEN + 3];
+ if (Configuration.DEBUG)
+ log.fine("CTw=" + Util.toString(x2) + Util.toString(x3)
+ + Util.toString(x0) + Util.toString(x1));
+ int k = ROUND_SUBKEYS + 2 * ROUNDS - 1;
+ int t0, t1;
+ for (int R = 0; R < ROUNDS; R += 2)
+ {
+ t0 = Fe32(sBox, x2, 0);
+ t1 = Fe32(sBox, x3, 3);
+ x1 ^= t0 + 2 * t1 + sKey[k--];
+ x1 = x1 >>> 1 | x1 << 31;
+ x0 = x0 << 1 | x0 >>> 31;
+ x0 ^= t0 + t1 + sKey[k--];
+ if (Configuration.DEBUG)
+ log.fine("PT" + (ROUNDS - R) + "=" + Util.toString(x2)
+ + Util.toString(x3) + Util.toString(x0) + Util.toString(x1));
+ t0 = Fe32(sBox, x0, 0);
+ t1 = Fe32(sBox, x1, 3);
+ x3 ^= t0 + 2 * t1 + sKey[k--];
+ x3 = x3 >>> 1 | x3 << 31;
+ x2 = x2 << 1 | x2 >>> 31;
+ x2 ^= t0 + t1 + sKey[k--];
+ if (Configuration.DEBUG)
+ log.fine("PT" + (ROUNDS - R - 1) + "=" + Util.toString(x2)
+ + Util.toString(x3) + Util.toString(x0) + Util.toString(x1));
+ }
+ x0 ^= sKey[INPUT_WHITEN];
+ x1 ^= sKey[INPUT_WHITEN + 1];
+ x2 ^= sKey[INPUT_WHITEN + 2];
+ x3 ^= sKey[INPUT_WHITEN + 3];
+ if (Configuration.DEBUG)
+ log.fine("PTw=" + Util.toString(x2) + Util.toString(x3)
+ + Util.toString(x0) + Util.toString(x1));
+ out[outOffset++] = (byte) x0;
+ out[outOffset++] = (byte)(x0 >>> 8);
+ out[outOffset++] = (byte)(x0 >>> 16);
+ out[outOffset++] = (byte)(x0 >>> 24);
+ out[outOffset++] = (byte) x1;
+ out[outOffset++] = (byte)(x1 >>> 8);
+ out[outOffset++] = (byte)(x1 >>> 16);
+ out[outOffset++] = (byte)(x1 >>> 24);
+ out[outOffset++] = (byte) x2;
+ out[outOffset++] = (byte)(x2 >>> 8);
+ out[outOffset++] = (byte)(x2 >>> 16);
+ out[outOffset++] = (byte)(x2 >>> 24);
+ out[outOffset++] = (byte) x3;
+ out[outOffset++] = (byte)(x3 >>> 8);
+ out[outOffset++] = (byte)(x3 >>> 16);
+ out[outOffset ] = (byte)(x3 >>> 24);
+ if (Configuration.DEBUG)
+ log.fine("PT=" + Util.toString(out, outOffset - 15, 16) + "\n");
+ }
+
+ public boolean selfTest()
+ {
+ if (valid == null)
+ {
+ boolean result = super.selfTest(); // do symmetry tests
+ if (result)
+ result = testKat(KAT_KEY, KAT_CT);
+ valid = Boolean.valueOf(result);
+ }
+ return valid.booleanValue();
+ }
+}
diff --git a/libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java b/libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java
new file mode 100644
index 000000000..e12f899e4
--- /dev/null
+++ b/libjava/classpath/gnu/javax/crypto/cipher/WeakKeyException.java
@@ -0,0 +1,59 @@
+/* WeakKeyException.java --
+ Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.crypto.cipher;
+
+import java.security.InvalidKeyException;
+
+/**
+ * Checked exception thrown to indicate that a weak key has been generated and
+ * or specified instead of a valid non-weak value.
+ */
+public class WeakKeyException
+ extends InvalidKeyException
+{
+ public WeakKeyException()
+ {
+ super();
+ }
+
+ public WeakKeyException(String msg)
+ {
+ super(msg);
+ }
+}