8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import static sun.security.provider.ByteArrayAccess.*; 29 30 /** 31 * This class implements the Secure Hash Algorithm SHA-256 developed by 32 * the National Institute of Standards and Technology along with the 33 * National Security Agency. 34 * 35 * <p>It implements java.security.MessageDigestSpi, and can be used 36 * through Java Cryptography Architecture (JCA), as a pluggable 37 * MessageDigest implementation. 38 * 39 * @since 1.4.2 40 * @author Valerie Peng 41 * @author Andreas Sterbenz 42 */ 43 abstract class SHA2 extends DigestBase { 44 45 private static final int ITERATION = 64; 46 // Constants for each round 47 private static final int[] ROUND_CONSTS = { 169 * @return int 170 * @param x int 171 */ 172 private static int lf_delta0(int x) { 173 return lf_S(x, 7) ^ lf_S(x, 18) ^ lf_R(x, 3); 174 } 175 176 /** 177 * logical function delta1(x) - xor of results of right shifts/rotations 178 * @return int 179 * @param x int 180 */ 181 private static int lf_delta1(int x) { 182 return lf_S(x, 17) ^ lf_S(x, 19) ^ lf_R(x, 10); 183 } 184 185 /** 186 * Process the current block to update the state variable state. 187 */ 188 void implCompress(byte[] buf, int ofs) { 189 b2iBig64(buf, ofs, W); 190 191 // The first 16 ints are from the byte stream, compute the rest of 192 // the W[]'s 193 for (int t = 16; t < ITERATION; t++) { 194 W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15]) 195 + W[t-16]; 196 } 197 198 int a = state[0]; 199 int b = state[1]; 200 int c = state[2]; 201 int d = state[3]; 202 int e = state[4]; 203 int f = state[5]; 204 int g = state[6]; 205 int h = state[7]; 206 207 for (int i = 0; i < ITERATION; i++) { 208 int T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i]; 209 int T2 = lf_sigma0(a) + lf_maj(a,b,c); 210 h = g; | 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.util.Objects; 29 30 import jdk.internal.HotSpotIntrinsicCandidate; 31 import static sun.security.provider.ByteArrayAccess.*; 32 33 /** 34 * This class implements the Secure Hash Algorithm SHA-256 developed by 35 * the National Institute of Standards and Technology along with the 36 * National Security Agency. 37 * 38 * <p>It implements java.security.MessageDigestSpi, and can be used 39 * through Java Cryptography Architecture (JCA), as a pluggable 40 * MessageDigest implementation. 41 * 42 * @since 1.4.2 43 * @author Valerie Peng 44 * @author Andreas Sterbenz 45 */ 46 abstract class SHA2 extends DigestBase { 47 48 private static final int ITERATION = 64; 49 // Constants for each round 50 private static final int[] ROUND_CONSTS = { 172 * @return int 173 * @param x int 174 */ 175 private static int lf_delta0(int x) { 176 return lf_S(x, 7) ^ lf_S(x, 18) ^ lf_R(x, 3); 177 } 178 179 /** 180 * logical function delta1(x) - xor of results of right shifts/rotations 181 * @return int 182 * @param x int 183 */ 184 private static int lf_delta1(int x) { 185 return lf_S(x, 17) ^ lf_S(x, 19) ^ lf_R(x, 10); 186 } 187 188 /** 189 * Process the current block to update the state variable state. 190 */ 191 void implCompress(byte[] buf, int ofs) { 192 implCompressCheck(buf, ofs); 193 implCompress0(buf, ofs); 194 } 195 196 private void implCompressCheck(byte[] buf, int ofs) { 197 Objects.requireNonNull(buf); 198 199 // The checks performed by the method 'b2iBig64' 200 // are sufficient for the case when the method 201 // 'implCompressImpl' is replaced with a compiler 202 // intrinsic. 203 b2iBig64(buf, ofs, W); 204 } 205 206 // The method 'implCompressImpl' seems not to use its parameters. 207 // The method can, however, be replaced with a compiler intrinsic 208 // that operates directly on the array 'buf' (starting from 209 // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs' 210 // must be passed as parameter to the method. 211 @HotSpotIntrinsicCandidate 212 private void implCompress0(byte[] buf, int ofs) { 213 // The first 16 ints are from the byte stream, compute the rest of 214 // the W[]'s 215 for (int t = 16; t < ITERATION; t++) { 216 W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15]) 217 + W[t-16]; 218 } 219 220 int a = state[0]; 221 int b = state[1]; 222 int c = state[2]; 223 int d = state[3]; 224 int e = state[4]; 225 int f = state[5]; 226 int g = state[6]; 227 int h = state[7]; 228 229 for (int i = 0; i < ITERATION; i++) { 230 int T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i]; 231 int T2 = lf_sigma0(a) + lf_maj(a,b,c); 232 h = g; |