des.java

DES算法的JAVA实现源代码

      /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
      0x00000000,0x10000000,0x00010000,0x10010000,
      0x00000004,0x10000004,0x00010004,0x10010004,
      0x20000000,0x30000000,0x20010000,0x30010000,
      0x20000004,0x30000004,0x20010004,0x30010004,
      0x00100000,0x10100000,0x00110000,0x10110000,
      0x00100004,0x10100004,0x00110004,0x10110004,
      0x20100000,0x30100000,0x20110000,0x30110000,
      0x20100004,0x30100004,0x20110004,0x30110004,
      0x00001000,0x10001000,0x00011000,0x10011000,
      0x00001004,0x10001004,0x00011004,0x10011004,
      0x20001000,0x30001000,0x20011000,0x30011000,
      0x20001004,0x30001004,0x20011004,0x30011004,
      0x00101000,0x10101000,0x00111000,0x10111000,
      0x00101004,0x10101004,0x00111004,0x10111004,
      0x20101000,0x30101000,0x20111000,0x30111000,
      0x20101004,0x30101004,0x20111004,0x30111004,
    },{
      /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
      0x00000000,0x08000000,0x00000008,0x08000008,
      0x00000400,0x08000400,0x00000408,0x08000408,
      0x00020000,0x08020000,0x00020008,0x08020008,
      0x00020400,0x08020400,0x00020408,0x08020408,
      0x00000001,0x08000001,0x00000009,0x08000009,
      0x00000401,0x08000401,0x00000409,0x08000409,
      0x00020001,0x08020001,0x00020009,0x08020009,
      0x00020401,0x08020401,0x00020409,0x08020409,
      0x02000000,0x0A000000,0x02000008,0x0A000008,
      0x02000400,0x0A000400,0x02000408,0x0A000408,
      0x02020000,0x0A020000,0x02020008,0x0A020008,
      0x02020400,0x0A020400,0x02020408,0x0A020408,
      0x02000001,0x0A000001,0x02000009,0x0A000009,
      0x02000401,0x0A000401,0x02000409,0x0A000409,
      0x02020001,0x0A020001,0x02020009,0x0A020009,
      0x02020401,0x0A020401,0x02020409,0x0A020409,
    },{
      /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
      0x00000000,0x00000100,0x00080000,0x00080100,
      0x01000000,0x01000100,0x01080000,0x01080100,
      0x00000010,0x00000110,0x00080010,0x00080110,
      0x01000010,0x01000110,0x01080010,0x01080110,
      0x00200000,0x00200100,0x00280000,0x00280100,
      0x01200000,0x01200100,0x01280000,0x01280100,
      0x00200010,0x00200110,0x00280010,0x00280110,
      0x01200010,0x01200110,0x01280010,0x01280110,
      0x00000200,0x00000300,0x00080200,0x00080300,
      0x01000200,0x01000300,0x01080200,0x01080300,
      0x00000210,0x00000310,0x00080210,0x00080310,
      0x01000210,0x01000310,0x01080210,0x01080310,
      0x00200200,0x00200300,0x00280200,0x00280300,
      0x01200200,0x01200300,0x01280200,0x01280300,
      0x00200210,0x00200310,0x00280210,0x00280310,
      0x01200210,0x01200310,0x01280210,0x01280310,
    },{
      /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
      0x00000000,0x04000000,0x00040000,0x04040000,
      0x00000002,0x04000002,0x00040002,0x04040002,
      0x00002000,0x04002000,0x00042000,0x04042000,
      0x00002002,0x04002002,0x00042002,0x04042002,
      0x00000020,0x04000020,0x00040020,0x04040020,
      0x00000022,0x04000022,0x00040022,0x04040022,
      0x00002020,0x04002020,0x00042020,0x04042020,
      0x00002022,0x04002022,0x00042022,0x04042022,
      0x00000800,0x04000800,0x00040800,0x04040800,
      0x00000802,0x04000802,0x00040802,0x04040802,
      0x00002800,0x04002800,0x00042800,0x04042800,
      0x00002802,0x04002802,0x00042802,0x04042802,
      0x00000820,0x04000820,0x00040820,0x04040820,
      0x00000822,0x04000822,0x00040822,0x04040822,
      0x00002820,0x04002820,0x00042820,0x04042820,
      0x00002822,0x04002822,0x00042822,0x04042822,
    }
  };

  private static final byte weak_keys[][] = {
    /* weak keys */
    {(byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01,
     (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01},
    {(byte)0xFE,(byte)0xFE,(byte)0xFE,(byte)0xFE,
     (byte)0xFE,(byte)0xFE,(byte)0xFE,(byte)0xFE},
    {(byte)0x1F,(byte)0x1F,(byte)0x1F,(byte)0x1F,
     (byte)0x1F,(byte)0x1F,(byte)0x1F,(byte)0x1F},
    {(byte)0xE0,(byte)0xE0,(byte)0xE0,(byte)0xE0,
     (byte)0xE0,(byte)0xE0,(byte)0xE0,(byte)0xE0},
    /* semi-weak keys */
    {(byte)0x01,(byte)0xFE,(byte)0x01,(byte)0xFE,
     (byte)0x01,(byte)0xFE,(byte)0x01,(byte)0xFE},
    {(byte)0xFE,(byte)0x01,(byte)0xFE,(byte)0x01,
     (byte)0xFE,(byte)0x01,(byte)0xFE,(byte)0x01},
    {(byte)0x1F,(byte)0xE0,(byte)0x1F,(byte)0xE0,
     (byte)0x0E,(byte)0xF1,(byte)0x0E,(byte)0xF1},
    {(byte)0xE0,(byte)0x1F,(byte)0xE0,(byte)0x1F,
     (byte)0xF1,(byte)0x0E,(byte)0xF1,(byte)0x0E},
    {(byte)0x01,(byte)0xE0,(byte)0x01,(byte)0xE0,
     (byte)0x01,(byte)0xF1,(byte)0x01,(byte)0xF1},
    {(byte)0xE0,(byte)0x01,(byte)0xE0,(byte)0x01,
     (byte)0xF1,(byte)0x01,(byte)0xF1,(byte)0x01},
    {(byte)0x1F,(byte)0xFE,(byte)0x1F,(byte)0xFE,
     (byte)0x0E,(byte)0xFE,(byte)0x0E,(byte)0xFE},
    {(byte)0xFE,(byte)0x1F,(byte)0xFE,(byte)0x1F,
     (byte)0xFE,(byte)0x0E,(byte)0xFE,(byte)0x0E},
    {(byte)0x01,(byte)0x1F,(byte)0x01,(byte)0x1F,
     (byte)0x01,(byte)0x0E,(byte)0x01,(byte)0x0E},
    {(byte)0x1F,(byte)0x01,(byte)0x1F,(byte)0x01,
     (byte)0x0E,(byte)0x01,(byte)0x0E,(byte)0x01},
    {(byte)0xE0,(byte)0xFE,(byte)0xE0,(byte)0xFE,
     (byte)0xF1,(byte)0xFE,(byte)0xF1,(byte)0xFE},
    {(byte)0xFE,(byte)0xE0,(byte)0xFE,(byte)0xE0,
     (byte)0xFE,(byte)0xF1,(byte)0xFE,(byte)0xF1}
  };

  private boolean check_weak_key(byte [] key) {
    for (int i= 0; i < weak_keys.length; i++) {
      int j;
      for(j = 0; j < 8; j++) {
	if(key[j] != weak_keys[i][j])
	  break;
      }
      if(j == 8) {
	/*
	 * We got a match.
	 */
	is_weak_key_ = true;
	return true;
      }
    }
    is_weak_key_ = false;
    return false;
  }

  private boolean check_parity(byte [] key) {
    int i;
    for (i=0; i<8; i++) {
      if(key[i] != odd_parity_array[(int)(key[i]&0xff)]) {
	is_parity_ok_ = false;
	return false;
      }
    }
    is_parity_ok_ = true;
    return true;
  }

  /**
   * DesKey constructor from a String object.
   * Take a string and convert it into a 128
   * byte key schedule. Do so by doing a des cypher-block
   * chaining checksum operation on the string and using
   * the output as the key.
   * 
   * @param str           String object.
   * @param check_key     boolean. If true checks for weak keys.
   *
   */
  public void DesKey(String str, boolean check_key) {
    int i;
    byte j;

    byte [] key = new byte[8];
    byte [] keystr = new byte[str.length()];
    for(i = 0; i < 8; i++) {
      key[i] = 0;
    }
    for (i=0; i<str.length(); i++) {
      keystr[i] = j = (byte)str.charAt(i);
      if ((i%16) < 8) {
	key[i%8]^=(j<<1);
      } else {
	/* Reverse the bit order */
	j=(byte)(((j<<4)&0xf0)|((j>>>4)&0x0f));
	j=(byte)(((j<<2)&0xcc)|((j>>>2)&0x33));
	j=(byte)(((j<<1)&0xaa)|((j>>>1)&0x55));
	key[7-(i%8)]^=j;
      }
    }
    set_odd_parity(key);
    set_key_sced(key, false);
    Des des = new Des(this);

    /*
     * Now do the des cbc-checksum to get the 8 byte remainder.
     * This will be the real key.
     */
    des.cbc_cksum(keystr, 0, keystr.length, key, 0, key);
    set_odd_parity(key);
    set_key_sced(key, check_key);
  }

  /**
   * DesKey constructor from an 8 byte array.
   * 
   * @param key           byte [] array, length 8.
   * @param check_key     boolean. If true checks for weak keys.
   *
   */
  public DesKey(byte [] key, boolean check_key) {
    set_odd_parity(key);
    set_key_sced(key, check_key);
  }

  /**
   * Add parity bits to an 8 byte array. Use this
   * before calling the DesKey constructor with this
   * array.
   *
   * @param key           byte [] array, length 8.
   */
  public static void set_odd_parity(byte [] key) {
    int i;
    for (i=0; i<8; i++) {
      key[i]= DesKey.odd_parity_array[(int)(key[i]&0xff)];
    }
  }


  /*
   * Take an 8 byte key and transform it into a des
   * key schedule.
   */
  private void set_key_sced(byte [] key, boolean check_key) {
    if (check_key == true) {
      /*
       * Just exit if we fail tests - caller will check.
       */
      if(check_parity(key) == false) {
	return;
      }
      if(check_weak_key(key) == true) {
	return;
      }
    }

    /*
     * Convert key to two 32 bit ints.
     */

    int key_c0 = Int32Manipulator.bytes_to_int(key, 0);
    int key_d0 = Int32Manipulator.bytes_to_int(key, 4);

    int tmp = 0;
    int [] ref_to_c0 = new int[1];
    int [] ref_to_d0 = new int[1];

    ref_to_c0[0] = key_c0;
    ref_to_d0[0] = key_d0;

    Int32Manipulator.PERM_OP (ref_to_d0, ref_to_c0, tmp, 4, 0x0f0f0f0f);
    Int32Manipulator.HPERM_OP(ref_to_c0, tmp, -2, 0xcccc0000);
    Int32Manipulator.HPERM_OP(ref_to_d0, tmp, -2, 0xcccc0000);
    Int32Manipulator.PERM_OP (ref_to_d0, ref_to_c0, tmp, 1, 0x55555555);
    Int32Manipulator.PERM_OP (ref_to_c0, ref_to_d0, tmp, 8, 0x00ff00ff);
    Int32Manipulator.PERM_OP (ref_to_d0, ref_to_c0, tmp, 1, 0x55555555);

    /* Convert back to ordinary ints */
    key_c0 = ref_to_c0[0];
    key_d0 = ref_to_d0[0];

    key_d0 = (((key_d0 & 0x000000ff)<<16)|(key_d0 & 0x0000ff00)|
	      ((key_d0 & 0x00ff0000)>>>16)|
	      ((key_c0 & 0xf0000000)>>>4));
    key_c0 &= 0x0fffffff;

    int i, tmp1;
    for (i=0; i < 16; i++) {
      if (shifts2[i] == true) {
	key_c0 = ((key_c0>>>2)|(key_c0<<26));
	key_d0 = ((key_d0>>>2)|(key_d0<<26));
      } else {
	key_c0 = ((key_c0>>>1)|(key_c0<<27));
	key_d0 = ((key_d0>>>1)|(key_d0<<27));
      }
      key_c0 &= 0x0fffffff;
      key_d0 &= 0x0fffffff;

      tmp1 =	des_skb[0][ (key_c0    )&0x3f                ]|
	des_skb[1][((key_c0>>> 6)&0x03)|((key_c0>>> 7)&0x3c)]|
	des_skb[2][((key_c0>>>13)&0x0f)|((key_c0>>>14)&0x30)]|
	des_skb[3][((key_c0>>>20)&0x01)|((key_c0>>>21)&0x06) |
				       ((key_c0>>>22)&0x38)];

      tmp = des_skb[4][ (key_d0    )&0x3f                ]|
	des_skb[5][((key_d0>>> 7)&0x03)|((key_d0>> 8)&0x3c)]|
	des_skb[6][ (key_d0>>>15)&0x3f                ]|
	des_skb[7][((key_d0>>>21)&0x0f)|((key_d0>>>22)&0x30)];

      /* table contained 0213 4657 */
      Int32Manipulator.set_int(keysced_, i*8, (tmp<<16)|(tmp1&0x0000ffff));
      tmp1 = ((tmp1>>>16)|(tmp&0xffff0000));
      tmp1 = (tmp1 <<4)|(tmp1>>>28);
      Int32Manipulator.set_int(keysced_, i*8 + 4, tmp1);
    }
  }
}

/**
 *
 * Interface that both Des and TripleDes implement.
 * Created so code can be written independently of whether
 * Des or TripleDes is being used.
 *
 * Written by Jeremy Allison (jra@cygnus.com).
 */

interface DesCrypt {

  /**
   * Do the ecb (Encrypt/Decrypt 8 bytes electronic code book)
   * mode. Encrypts 8 bytes starting at offset input_start in
   * byte array input and writes them out at offset output_start in
   * byte array output.
   *
   * @param input          Input byte [] array.
   * @param input_start    Offset into input to start encryption.
   * @param output         Output byte [] array.
   * @param output_start   Offset into output to place result.
   * @param encrypt        Pass Des.ENCRYPT to encrypt, Des.DECRYPT to
   * decrypt.
   *
   */

  void ecb_encrypt(byte [] input, int input_start, 
		   byte [] output, int output_start, 
		   boolean encrypt);

  /**
   * Do the cbc (Cypher block chaining mode)
   * encrypt/decrypt. This updates the ivec array, and is equivalent
   * to the des_ncbc_encrypt in the C library.
   *
   * @param input          Input byte [] array.
   * @param input_start    Offset into input to start encryption.
   * @param length         Number of bytes to encrypt.
   * @param output         Output byte [] array.
   * @param output_start   Offset into output to place result.
   * @param ivec           Initialization vector. A byte [] array of length 8. Updated on exit.
   * @param encrypt        Pass Des.ENCRYPT to encrypt, Des.DECRYPT to
   * decrypt.
   */

  void cbc_encrypt(byte [] input, int input_start, int length,
		   byte [] output, int output_start,
		   byte [] ivec,
		   boolean encrypt);

  /**
   * Do the CFB mode with 64 bit feedback. Used to encrypt/decrypt
   * arbitrary numbers of bytes. To use this initialize num[0] to zero
   * and set input_start to the correct offset into input, and length to
   * the number of bytes following that offset that you wish to encrypt
   * before calling.
   *
   * @param input          Input byte [] array.
   * @param input_start    Offset into input to start encryption.
   * @param length         Number of bytes to encrypt.
   * @param output         Output byte [] array.
   * @param output_start   Offset into output to place result.
   * @param ivec           Initialization vector. A byte [] array of length 8. Updated on exit.
   * @param num            Reference to an int used to keep track of 'how far' we are though ivec. Updated on exit.
   * @param encrypt        Pass Des.ENCRYPT to encrypt, Des.DECRYPT to
   * decrypt.
   */

  void cfb64_encrypt(byte [] input, int input_start, int length, 
		     byte [] output, int output_start,
		     byte [] ivec,
		     int [] num, 
		     boolean encrypt);

  /**
   * Do the OFB mode with 64 bit feedback. Used to encrypt/decrypt
   * arbitrary numbers of bytes. To use this initialize num[0] to zero
   * and set input_start to the correct offset into input, and length to
   * the number of bytes following that offset that you wish to encrypt
   * before calling.
   *
   * @param input          Input byte [] array.