9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.security.*; 29 import java.math.BigInteger; 30 31 import static sun.security.provider.ByteArrayAccess.*; 32 33 /** 34 * This class implements the Secure Hash Algorithm SHA-384 and SHA-512 35 * developed by the National Institute of Standards and Technology along 36 * with the National Security Agency. 37 * 38 * The two algorithms are almost identical. This file contains a base 39 * class SHA5 and two nested static subclasses as the classes to be used 40 * by the JCA framework. 41 * 42 * <p>It implements java.security.MessageDigestSpi, and can be used 43 * through Java Cryptography Architecture (JCA), as a pluggable 44 * MessageDigest implementation. 45 * 46 * @since 1.4.2 47 * @author Valerie Peng 48 * @author Andreas Sterbenz 49 */ 50 abstract class SHA5 extends DigestBase { 188 return lf_S(x, 1) ^ lf_S(x, 8) ^ lf_R(x, 7); 189 } 190 191 /** 192 * logical function delta1(x) - xor of results of right shifts/rotations 193 * @return long 194 * @param x long 195 */ 196 private static long lf_delta1(long x) { 197 return lf_S(x, 19) ^ lf_S(x, 61) ^ lf_R(x, 6); 198 } 199 200 /** 201 * Compute the hash for the current block. 202 * 203 * This is in the same vein as Peter Gutmann's algorithm listed in 204 * the back of Applied Cryptography, Compact implementation of 205 * "old" NIST Secure Hash Algorithm. 206 */ 207 final void implCompress(byte[] buf, int ofs) { 208 b2lBig128(buf, ofs, W); 209 210 // The first 16 longs are from the byte stream, compute the rest of 211 // the W[]'s 212 for (int t = 16; t < ITERATION; t++) { 213 W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15]) 214 + W[t-16]; 215 } 216 217 long a = state[0]; 218 long b = state[1]; 219 long c = state[2]; 220 long d = state[3]; 221 long e = state[4]; 222 long f = state[5]; 223 long g = state[6]; 224 long h = state[7]; 225 226 for (int i = 0; i < ITERATION; i++) { 227 long T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i]; 228 long T2 = lf_sigma0(a) + lf_maj(a,b,c); 229 h = g; | 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.security.*; 29 import java.util.Objects; 30 import java.math.BigInteger; 31 32 import jdk.internal.HotSpotIntrinsicCandidate; 33 import static sun.security.provider.ByteArrayAccess.*; 34 35 /** 36 * This class implements the Secure Hash Algorithm SHA-384 and SHA-512 37 * developed by the National Institute of Standards and Technology along 38 * with the National Security Agency. 39 * 40 * The two algorithms are almost identical. This file contains a base 41 * class SHA5 and two nested static subclasses as the classes to be used 42 * by the JCA framework. 43 * 44 * <p>It implements java.security.MessageDigestSpi, and can be used 45 * through Java Cryptography Architecture (JCA), as a pluggable 46 * MessageDigest implementation. 47 * 48 * @since 1.4.2 49 * @author Valerie Peng 50 * @author Andreas Sterbenz 51 */ 52 abstract class SHA5 extends DigestBase { 190 return lf_S(x, 1) ^ lf_S(x, 8) ^ lf_R(x, 7); 191 } 192 193 /** 194 * logical function delta1(x) - xor of results of right shifts/rotations 195 * @return long 196 * @param x long 197 */ 198 private static long lf_delta1(long x) { 199 return lf_S(x, 19) ^ lf_S(x, 61) ^ lf_R(x, 6); 200 } 201 202 /** 203 * Compute the hash for the current block. 204 * 205 * This is in the same vein as Peter Gutmann's algorithm listed in 206 * the back of Applied Cryptography, Compact implementation of 207 * "old" NIST Secure Hash Algorithm. 208 */ 209 final void implCompress(byte[] buf, int ofs) { 210 implCompressCheck(buf, ofs); 211 implCompressImpl(buf, ofs); 212 } 213 214 private void implCompressCheck(byte[] buf, int ofs) { 215 Objects.requireNonNull(buf); 216 217 // The checks performed by the method 'b2iBig128' 218 // are sufficient for the case when the method 219 // 'implCompressImpl' is replaced with a compiler 220 // intrinsic. 221 b2lBig128(buf, ofs, W); 222 } 223 224 // The method 'implCompressImpl' seems not to use its parameters. 225 // The method can, however, be replaced with a compiler intrinsic 226 // that operates directly on the array 'buf' (starting from 227 // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs' 228 // must be passed as parameter the method. 229 @HotSpotIntrinsicCandidate 230 private final void implCompressImpl(byte[] buf, int ofs) { 231 // The first 16 longs are from the byte stream, compute the rest of 232 // the W[]'s 233 for (int t = 16; t < ITERATION; t++) { 234 W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15]) 235 + W[t-16]; 236 } 237 238 long a = state[0]; 239 long b = state[1]; 240 long c = state[2]; 241 long d = state[3]; 242 long e = state[4]; 243 long f = state[5]; 244 long g = state[6]; 245 long h = state[7]; 246 247 for (int i = 0; i < ITERATION; i++) { 248 long T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i]; 249 long T2 = lf_sigma0(a) + lf_maj(a,b,c); 250 h = g; |