/*
* Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.util.Objects;
import static sun.security.provider.ByteArrayAccess.*;
import jdk.internal.HotSpotIntrinsicCandidate;
This class implements the Secure Hash Algorithm (SHA) developed by
the National Institute of Standards and Technology along with the
National Security Agency. This is the updated version of SHA
fip-180 as superseded by fip-180-1.
It implement JavaSecurity MessageDigest, and can be used by in
the Java Security framework, as a pluggable implementation, as a
filter for the digest stream classes.
Author: Roger Riggs, Benjamin Renaud, Andreas Sterbenz
/**
* This class implements the Secure Hash Algorithm (SHA) developed by
* the National Institute of Standards and Technology along with the
* National Security Agency. This is the updated version of SHA
* fip-180 as superseded by fip-180-1.
*
* <p>It implement JavaSecurity MessageDigest, and can be used by in
* the Java Security framework, as a pluggable implementation, as a
* filter for the digest stream classes.
*
* @author Roger Riggs
* @author Benjamin Renaud
* @author Andreas Sterbenz
*/
public final class SHA extends DigestBase {
// Buffer of int's and count of characters accumulated
// 64 bytes are included in each hash block so the low order
// bits of count are used to know how to pack the bytes into ints
// and to know when to compute the block and start the next one.
private int[] W;
// state of this
private int[] state;
Creates a new SHA object.
/**
* Creates a new SHA object.
*/
public SHA() {
super("SHA-1", 20, 64);
state = new int[5];
W = new int[80];
implReset();
}
/*
* Clones this object.
*/
public Object clone() throws CloneNotSupportedException {
SHA copy = (SHA) super.clone();
copy.state = copy.state.clone();
copy.W = new int[80];
return copy;
}
Resets the buffers and hash value to start a new hash.
/**
* Resets the buffers and hash value to start a new hash.
*/
void implReset() {
state[0] = 0x67452301;
state[1] = 0xefcdab89;
state[2] = 0x98badcfe;
state[3] = 0x10325476;
state[4] = 0xc3d2e1f0;
}
Computes the final hash and copies the 20 bytes to the output array.
/**
* Computes the final hash and copies the 20 bytes to the output array.
*/
void implDigest(byte[] out, int ofs) {
long bitsProcessed = bytesProcessed << 3;
int index = (int)bytesProcessed & 0x3f;
int padLen = (index < 56) ? (56 - index) : (120 - index);
engineUpdate(padding, 0, padLen);
i2bBig4((int)(bitsProcessed >>> 32), buffer, 56);
i2bBig4((int)bitsProcessed, buffer, 60);
implCompress(buffer, 0);
i2bBig(state, 0, out, ofs, 20);
}
// Constants for each round
private static final int round1_kt = 0x5a827999;
private static final int round2_kt = 0x6ed9eba1;
private static final int round3_kt = 0x8f1bbcdc;
private static final int round4_kt = 0xca62c1d6;
Compute a the hash for the current block.
This is in the same vein as Peter Gutmann's algorithm listed in
the back of Applied Cryptography, Compact implementation of
"old" NIST Secure Hash Algorithm.
/**
* Compute a the hash for the current block.
*
* This is in the same vein as Peter Gutmann's algorithm listed in
* the back of Applied Cryptography, Compact implementation of
* "old" NIST Secure Hash Algorithm.
*/
void implCompress(byte[] buf, int ofs) {
implCompressCheck(buf, ofs);
implCompress0(buf, ofs);
}
private void implCompressCheck(byte[] buf, int ofs) {
Objects.requireNonNull(buf);
// The checks performed by the method 'b2iBig64'
// are sufficient for the case when the method
// 'implCompressImpl' is replaced with a compiler
// intrinsic.
b2iBig64(buf, ofs, W);
}
// The method 'implCompressImpl seems not to use its parameters.
// The method can, however, be replaced with a compiler intrinsic
// that operates directly on the array 'buf' (starting from
// offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'
// must be passed as parameter to the method.
@HotSpotIntrinsicCandidate
private void implCompress0(byte[] buf, int ofs) {
// The first 16 ints have the byte stream, compute the rest of
// the buffer
for (int t = 16; t <= 79; t++) {
int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
W[t] = (temp << 1) | (temp >>> 31);
}
int a = state[0];
int b = state[1];
int c = state[2];
int d = state[3];
int e = state[4];
// Round 1
for (int i = 0; i < 20; i++) {
int temp = ((a<<5) | (a>>>(32-5))) +
((b&c)|((~b)&d))+ e + W[i] + round1_kt;
e = d;
d = c;
c = ((b<<30) | (b>>>(32-30)));
b = a;
a = temp;
}
// Round 2
for (int i = 20; i < 40; i++) {
int temp = ((a<<5) | (a>>>(32-5))) +
(b ^ c ^ d) + e + W[i] + round2_kt;
e = d;
d = c;
c = ((b<<30) | (b>>>(32-30)));
b = a;
a = temp;
}
// Round 3
for (int i = 40; i < 60; i++) {
int temp = ((a<<5) | (a>>>(32-5))) +
((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;
e = d;
d = c;
c = ((b<<30) | (b>>>(32-30)));
b = a;
a = temp;
}
// Round 4
for (int i = 60; i < 80; i++) {
int temp = ((a<<5) | (a>>>(32-5))) +
(b ^ c ^ d) + e + W[i] + round4_kt;
e = d;
d = c;
c = ((b<<30) | (b>>>(32-30)));
b = a;
a = temp;
}
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
state[4] += e;
}
}