1 /* 2 * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.util.Arrays; 29 import java.util.Objects; 30 31 import static sun.security.provider.ByteArrayAccess.*; 32 import jdk.internal.HotSpotIntrinsicCandidate; 33 34 /** 35 * This class implements the Secure Hash Algorithm (SHA) developed by 36 * the National Institute of Standards and Technology along with the 37 * National Security Agency. This is the updated version of SHA 38 * fip-180 as superseded by fip-180-1. 39 * 40 * <p>It implement JavaSecurity MessageDigest, and can be used by in 41 * the Java Security framework, as a pluggable implementation, as a 42 * filter for the digest stream classes. 43 * 44 * @author Roger Riggs 45 * @author Benjamin Renaud 46 * @author Andreas Sterbenz 47 */ 48 public final class SHA extends DigestBase { 49 50 // Buffer of int's and count of characters accumulated 51 // 64 bytes are included in each hash block so the low order 52 // bits of count are used to know how to pack the bytes into ints 53 // and to know when to compute the block and start the next one. 54 private int[] W; 55 56 // state of this 57 private int[] state; 58 59 /** 60 * Creates a new SHA object. 61 */ 62 public SHA() { 63 super("SHA-1", 20, 64); 64 state = new int[5]; 65 W = new int[80]; 66 resetHashes(); 67 } 68 69 /* 70 * Clones this object. 71 */ 72 public Object clone() throws CloneNotSupportedException { 73 SHA copy = (SHA) super.clone(); 74 copy.state = copy.state.clone(); 75 copy.W = new int[80]; 76 return copy; 77 } 78 79 /** 80 * Resets the buffers and hash value to start a new hash. 81 */ 82 void implReset() { 83 // Load magic initialization constants. 84 resetHashes(); 85 // clear out old data 86 Arrays.fill(W, 0); 87 } 88 89 private void resetHashes() { 90 state[0] = 0x67452301; 91 state[1] = 0xefcdab89; 92 state[2] = 0x98badcfe; 93 state[3] = 0x10325476; 94 state[4] = 0xc3d2e1f0; 95 } 96 97 /** 98 * Computes the final hash and copies the 20 bytes to the output array. 99 */ 100 void implDigest(byte[] out, int ofs) { 101 long bitsProcessed = bytesProcessed << 3; 102 103 int index = (int)bytesProcessed & 0x3f; 104 int padLen = (index < 56) ? (56 - index) : (120 - index); 105 engineUpdate(padding, 0, padLen); 106 107 i2bBig4((int)(bitsProcessed >>> 32), buffer, 56); 108 i2bBig4((int)bitsProcessed, buffer, 60); 109 implCompress(buffer, 0); 110 111 i2bBig(state, 0, out, ofs, 20); 112 } 113 114 // Constants for each round 115 private static final int round1_kt = 0x5a827999; 116 private static final int round2_kt = 0x6ed9eba1; 117 private static final int round3_kt = 0x8f1bbcdc; 118 private static final int round4_kt = 0xca62c1d6; 119 120 /** 121 * Compute a the hash for the current block. 122 * 123 * This is in the same vein as Peter Gutmann's algorithm listed in 124 * the back of Applied Cryptography, Compact implementation of 125 * "old" NIST Secure Hash Algorithm. 126 */ 127 void implCompress(byte[] buf, int ofs) { 128 implCompressCheck(buf, ofs); 129 implCompress0(buf, ofs); 130 } 131 132 private void implCompressCheck(byte[] buf, int ofs) { 133 Objects.requireNonNull(buf); 134 135 // The checks performed by the method 'b2iBig64' 136 // are sufficient for the case when the method 137 // 'implCompress0' is replaced with a compiler 138 // intrinsic. 139 b2iBig64(buf, ofs, W); 140 } 141 142 // The method 'implCompress0 seems not to use its parameters. 143 // The method can, however, be replaced with a compiler intrinsic 144 // that operates directly on the array 'buf' (starting from 145 // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs' 146 // must be passed as parameter to the method. 147 @HotSpotIntrinsicCandidate 148 private void implCompress0(byte[] buf, int ofs) { 149 // The first 16 ints have the byte stream, compute the rest of 150 // the buffer 151 for (int t = 16; t <= 79; t++) { 152 int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; 153 W[t] = (temp << 1) | (temp >>> 31); 154 } 155 156 int a = state[0]; 157 int b = state[1]; 158 int c = state[2]; 159 int d = state[3]; 160 int e = state[4]; 161 162 // Round 1 163 for (int i = 0; i < 20; i++) { 164 int temp = ((a<<5) | (a>>>(32-5))) + 165 ((b&c)|((~b)&d))+ e + W[i] + round1_kt; 166 e = d; 167 d = c; 168 c = ((b<<30) | (b>>>(32-30))); 169 b = a; 170 a = temp; 171 } 172 173 // Round 2 174 for (int i = 20; i < 40; i++) { 175 int temp = ((a<<5) | (a>>>(32-5))) + 176 (b ^ c ^ d) + e + W[i] + round2_kt; 177 e = d; 178 d = c; 179 c = ((b<<30) | (b>>>(32-30))); 180 b = a; 181 a = temp; 182 } 183 184 // Round 3 185 for (int i = 40; i < 60; i++) { 186 int temp = ((a<<5) | (a>>>(32-5))) + 187 ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt; 188 e = d; 189 d = c; 190 c = ((b<<30) | (b>>>(32-30))); 191 b = a; 192 a = temp; 193 } 194 195 // Round 4 196 for (int i = 60; i < 80; i++) { 197 int temp = ((a<<5) | (a>>>(32-5))) + 198 (b ^ c ^ d) + e + W[i] + round4_kt; 199 e = d; 200 d = c; 201 c = ((b<<30) | (b>>>(32-30))); 202 b = a; 203 a = temp; 204 } 205 state[0] += a; 206 state[1] += b; 207 state[2] += c; 208 state[3] += d; 209 state[4] += e; 210 } 211 212 }