blowfish.java

另一个使用java编写的加密通用算法包

// $Id: Blowfish.java,v 1.7 1997/12/30 11:09:49 raif Exp $
//
// $Log: Blowfish.java,v $
// Revision 1.7  1997/12/30 11:09:49  raif
// *** empty log message ***
//
// Revision 1.6.1  1997/12/30  raif
// + further performance optimisation based on Peter Hjelt (MXV)
//   (mxv@iterate.com) tip of unfolding the session key array
//   into individual native java type objects. The previous code
//   is still used when the number of rounds is different than
//   the default value (16).
// + added a DEFAULT_NOF_ROUNDS constant.
//
// Revision 1.6  1997/12/27 10:52:40  raif
// *** empty log message ***
//
// Revision 1.5.1  1997/12/27  raif
// + minor optimisations. TestBlowfish and Maker blowfish.mtest
//   run OK.
//
// Revision 1.5  1997/12/09 04:43:45  hopwood
// + Various.
//
// Revision 1.4  1997/11/29 04:42:55  hopwood
// + Changes to engineUpdate method.
//
// Revision 1.3  1997/11/20 19:31:40  hopwood
// + cryptix.util.* name changes.
//
// Revision 1.2  1997/11/07 05:53:24  raif
// *** empty log message ***
//
// Revision 1.1.1.1  1997/11/03 22:36:56  hopwood
// + Imported to CVS (tagged as 'start').
//
// Revision 0.3.2.1  1997/09/18  David Hopwood
// + Renamed "Rounds" parameter to "rounds".
//
// Revision 0.3.2.0  1997/08/15  David Hopwood
// + Removed all deprecated methods and fields. Cryptix 2.2 compatibility
//   is now handled by the separate cryptix.security.Blowfish class.
// + Tightened some of the access specifiers (e.g. SPI methods were public,
//   and are now protected).
// + Ensured that this class is final, and added a comment that this is for
//   security reasons.
//   If it were not final, some VMs have a bug that would allow a subclass
//   that implements Cloneable to call Object's or Cipher's clone() method
//   using invokenonvirtual, which would duplicate the pointer to the native
//   state. Then calling finalize() on the original and using the clone (for
//   example) would result in freed memory being written to :-(.
//
// Revision 0.3.1.3  1997/08/06  David Hopwood
// + Changed BLOCK_LENGTH back to BLOCK_SIZE in most places, leaving
//   BLOCK_LENGTH deprecated.
//
// Revision 0.3.1.2  1997/08/02  David Hopwood
// + Renamed BLOCK_SIZE to BLOCK_LENGTH, for consistency with DES.
// + Restored constant fields from Cryptix 2.2, but made them deprecated.
// + Changed minimum key length from 64 to 40 bits.
// + Make sure the value of rounds is stored in a local variable in the
//   encryption/decryption methods, for efficiency.
//
// Revision 0.3.1.1  1997/07/31  David Hopwood
// + Changed to make it easier to allow a variable number of rounds
//   in the native implementation (between 16 and 20 inclusive).
//   This is still disabled, by defining MAX_NOF_ROUNDS as 16,
//   until we have enough P0 data. BF_ROUNDS in blowfish.h and
//   the constants in bf_pi.h will also need to be changed for it
//   to work.
// + Fixed the size of the P array to depend on the maximum number
//   of rounds.
// + Removed all uses of state variable (it is no longer needed).
// + Made keyLength() public, since it is public in BlockCipher.
// + Required native code version is 2.3.
//
// Revision 0.3.1.0  1997/07/14  David Hopwood
// + Blowfish, DES, IDEA, and Square 3.1.0 are now at the same API
//   level and in the same style.
// + Fixed security bug (out-of-bounds read) introduced in 3.0.5 when
//   native buffer overflow check was moved.
// + Renamed outs variable in engineUpdate to temp, to avoid similarity
//   with out.
//
// Revision 0.3.0.5  1997/07/09  R. Naffah
// + This is now fully compliant w/ IJCE!
// + Tested OK w/ and w/o Blowfish.DLL.
// + Modified the self_test method to use IJCE constructs.
// + Removed local var. state since Blowfish's superclass, BlockCipher, now
//   extends java.security.Cipher.
// + Use renamed cryptix.Cryptix.
// + Moved native buffer overflow check in engineUpdate outside the
//   per-block loop for efficiency.
//
// Revision 0.3.0.4  1997/07/05  David Hopwood
// + Changed native_finalize to return a String, so that any errors can be
//   reported.
// + Made engineUpdate protected, not public.
// + Added check for buffer overflow when calling native code in engineUpdate.
// + Made setRounds throw an IllegalArgumentException if that number of rounds
//   is not supported.
//
// Revision 0.3.0.3  1997/07/04  David Hopwood
// + Removed redundant override of blockLength(), since it is defined in
//   CryptixCipher.
// + Added native_lock object to synchronize on. This fixes a
//   potential race condition where finalize() could be called by a
//   subclass during the execution of a native method, causing the memory
//   for the native key schedule to be freed while it is being used.
//
//   Note that a more straightforward attempted solution of making all
//   the native methods synchronized would not work -- there would
//   be a small window between getting the non-null cookie value in order
//   to pass it to a native method, and actually calling that method.
//   In this window, the native key schedule might be freed.
//
// Revision 0.3.0.2  1997/07/04  R. Naffah
// + Tested OK with and without blowfish.dll.
// + Modified the signatures of the native_crypt() and native_ks methods
//   to (a) improve performance, (b) parallel the native c-code (Eric Young's
//   Reference implementation) and (c) work around a probable JNI bug
//   that causes Unhandled Exception (in JAVAI.DLL) at run-time when making
//   a NewGlobalRef to the cookie on some platforms.
// + Modified debug() definition to always prepend the class name;
// + Moved the initial P and S values checking to static{} so it can
//   be still performed but only once. Saves time when generating
//   new/multiple keys;
// + Merged all current versions of the implementations into this paving
//   the way for Blowfish to be fully operable within the IJCE framework.
//
// Revision 0.3.0.1  1997/06/26  David Hopwood
// + Many changes (JCE, native linking, debugging, ...)
//
// Revision 0.3.0.0  1997/04/15  Systemics
// + Added Java code.  Links not considered/tested.
//
// Revision 0.2.5.1  1997/03/15  Jill Baker
// + Moved this file here from old namespace.
//
// Revision 0.2.5.0  1997/02/24  Original Author not stated
// + Original version.
//
// $Endlog$
/*
 * Ported to Java(tm) from the C-code reference implementation --part of
 * the SSL implementation 0.6.6-- written by Eric Young (eay@mincom.oz.au).
 *
 * Copyright (c) 1997 Systemics Ltd
 * on behalf of the Cryptix Development Team.  All rights reserved.
 */

package cryptix.provider.cipher;

import cryptix.util.core.Debug;
import cryptix.CryptixException;
import cryptix.util.core.ArrayUtil;
import cryptix.util.core.Hex;
import cryptix.provider.key.RawSecretKey;

import java.io.PrintWriter;
import java.security.Cipher;
import java.security.Key;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.InvalidParameterTypeException;
import java.security.Security;
import java.security.SymmetricCipher;

/**
 * This class implements the Blowfish block cipher.
 * <p>
 * Blowfish was designed by <a href="mailto:schneier@counterpane.com">Bruce
 * Schneier</a>. The algorithm is in the public domain.
 * <p>
 * <b>References:</b>
 * <ol>
 *   <li> Bruce Schneier,
 *        "Section 14.3 Blowfish,"
 *        <cite>Applied Cryptography, 2nd edition</cite>,
 *        John Wiley &amp; Sons, 1996
 *        <p>
 *   <li> Bruce Schneier,
 *        "Description of a New Variable-Length Key, 64-Bit Cipher (Blowfish),"
 *        <cite>Fast Software Encryption Cambridge Security Workshop Proceedings</cite>,
 *        Springer-Verlag, 1004, pp 191-204.
 * </ol>
 * <p>
 * <b>Copyright</b> &copy; 1997
 * <a href="http://www.systemics.com/">Systemics Ltd</a> on behalf of the
 * <a href="http://www.systemics.com/docs/cryptix/">Cryptix Development Team</a>.
 * <br>All rights reserved.
 * <p>
 * <b>$Revision: 1.7 $</b>
 * @author  Systemics Ltd
 * @author  David Hopwood
 * @author  Raif S. Naffah
 * @since   Cryptix 2.2
 */
public final class Blowfish // must be final for security reasons
extends Cipher
implements SymmetricCipher
{
// Debugging methods and vars.
//...........................................................................

    private static final boolean DEBUG = Debug.GLOBAL_DEBUG;
    private static final boolean DEBUG_SLOW = Debug.GLOBAL_DEBUG_SLOW;
    private static final int debuglevel = DEBUG ? Debug.getLevel("Blowfish") : 0;
    private static final PrintWriter err = DEBUG ? Debug.getOutput() : null;
    private static void debug(String s) { err.println("Blowfish: " + s); }


// Native library linking methods and vars.
//...........................................................................

    private static NativeLink linkStatus = new NativeLink("Blowfish", 2, 3);

    /**
     * Gets an object representing the native linking status of this class.
     */
    public static cryptix.util.core.LinkStatus getLinkStatus() { return linkStatus; }

    /**
     * The native reference to the current native key schedule
     * structure. Defaults to 0 but is set by native code after a
     * successful call to native_init().
     * <p>
     * IMPORTANT: Do not change the name of this variable without
     * duplicating the same in the native code.
     */
    private long native_cookie;

    /**
     * This object must be synchronized on while calling any native instance
     * method. It is null if the native code is not being used (e.g. the
     * library did not load successfully, or the user disabled its use in
     * the properties file).
     */
    private Object native_lock; // defaults to null

    private void link() {
        synchronized(linkStatus) {
            try {
                if (linkStatus.attemptLoad()) {
                    linkStatus.checkVersion(getLibMajorVersion(), getLibMinorVersion());
                    linkStatus.check(native_clinit());
                }
                if (linkStatus.useNative()) {
                    linkStatus.check(native_init());
                    native_lock = new Object();
                }
            } catch (UnsatisfiedLinkError e) {
                linkStatus.fail(e);
if (DEBUG && debuglevel > 2) debug(e.getMessage());
            }
if (DEBUG && debuglevel > 2) debug("Using native library? " + (native_lock != null));
        }
    }


// Native support API
//...........................................................................

    // The methods that get the library version.
    private native static int getLibMajorVersion();
    private native static int getLibMinorVersion();

    /**
     * Static initialization and self-test method for the native code.
     *
     * @return a string if an error occurred or null otherwise.
     */