1 /*
2 * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import static sun.security.provider.ByteArrayAccess.*;
29
30 /**
31 * This class implements the Secure Hash Algorithm (SHA) developed by
32 * the National Institute of Standards and Technology along with the
33 * National Security Agency. This is the updated version of SHA
34 * fip-180 as superseded by fip-180-1.
35 *
36 * <p>It implement JavaSecurity MessageDigest, and can be used by in
37 * the Java Security framework, as a pluggable implementation, as a
38 * filter for the digest stream classes.
39 *
40 * @author Roger Riggs
41 * @author Benjamin Renaud
42 * @author Andreas Sterbenz
43 */
44 public final class SHA extends DigestBase {
45
46 // Buffer of int's and count of characters accumulated
47 // 64 bytes are included in each hash block so the low order
48 // bits of count are used to know how to pack the bytes into ints
49 // and to know when to compute the block and start the next one.
50 private int[] W;
51
52 // state of this
53 private int[] state;
54
55 /**
56 * Creates a new SHA object.
57 */
58 public SHA() {
59 super("SHA-1", 20, 64);
60 state = new int[5];
61 W = new int[80];
62 implReset();
63 }
64
65 /*
66 * Clones this object.
67 */
68 public Object clone() throws CloneNotSupportedException {
69 SHA copy = (SHA) super.clone();
70 copy.state = copy.state.clone();
71 copy.W = new int[80];
72 return copy;
73 }
74
75 /**
76 * Resets the buffers and hash value to start a new hash.
77 */
78 void implReset() {
79 state[0] = 0x67452301;
80 state[1] = 0xefcdab89;
81 state[2] = 0x98badcfe;
82 state[3] = 0x10325476;
83 state[4] = 0xc3d2e1f0;
84 }
85
86 /**
87 * Computes the final hash and copies the 20 bytes to the output array.
88 */
89 void implDigest(byte[] out, int ofs) {
90 long bitsProcessed = bytesProcessed << 3;
91
92 int index = (int)bytesProcessed & 0x3f;
93 int padLen = (index < 56) ? (56 - index) : (120 - index);
94 engineUpdate(padding, 0, padLen);
95
96 i2bBig4((int)(bitsProcessed >>> 32), buffer, 56);
97 i2bBig4((int)bitsProcessed, buffer, 60);
98 implCompress(buffer, 0);
99
100 i2bBig(state, 0, out, ofs, 20);
101 }
102
103 // Constants for each round
104 private final static int round1_kt = 0x5a827999;
105 private final static int round2_kt = 0x6ed9eba1;
106 private final static int round3_kt = 0x8f1bbcdc;
107 private final static int round4_kt = 0xca62c1d6;
108
109 /**
110 * Compute a the hash for the current block.
111 *
112 * This is in the same vein as Peter Gutmann's algorithm listed in
113 * the back of Applied Cryptography, Compact implementation of
114 * "old" NIST Secure Hash Algorithm.
115 */
116 void implCompress(byte[] buf, int ofs) {
117 b2iBig64(buf, ofs, W);
118
119 // The first 16 ints have the byte stream, compute the rest of
120 // the buffer
121 for (int t = 16; t <= 79; t++) {
122 int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
123 W[t] = (temp << 1) | (temp >>> 31);
124 }
125
126 int a = state[0];
127 int b = state[1];
128 int c = state[2];
129 int d = state[3];
130 int e = state[4];
131
132 // Round 1
133 for (int i = 0; i < 20; i++) {
134 int temp = ((a<<5) | (a>>>(32-5))) +
135 ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
136 e = d;
137 d = c;
138 c = ((b<<30) | (b>>>(32-30)));
139 b = a;
140 a = temp;
141 }
142
143 // Round 2
144 for (int i = 20; i < 40; i++) {
145 int temp = ((a<<5) | (a>>>(32-5))) +
146 (b ^ c ^ d) + e + W[i] + round2_kt;
147 e = d;
148 d = c;
149 c = ((b<<30) | (b>>>(32-30)));
150 b = a;
151 a = temp;
152 }
153
154 // Round 3
155 for (int i = 40; i < 60; i++) {
156 int temp = ((a<<5) | (a>>>(32-5))) +
157 ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;
158 e = d;
159 d = c;
160 c = ((b<<30) | (b>>>(32-30)));
161 b = a;
162 a = temp;
163 }
164
165 // Round 4
166 for (int i = 60; i < 80; i++) {
167 int temp = ((a<<5) | (a>>>(32-5))) +
168 (b ^ c ^ d) + e + W[i] + round4_kt;
169 e = d;
170 d = c;
171 c = ((b<<30) | (b>>>(32-30)));
172 b = a;
173 a = temp;
174 }
175 state[0] += a;
176 state[1] += b;
177 state[2] += c;
178 state[3] += d;
179 state[4] += e;
180 }
181
182 }