New src/java.base/share/classes/sun/security/provider/SHA.java

  1 /*
  2  * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.  Oracle designates this
  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any
 23  * questions.
 24  */
 25 
 26 package sun.security.provider;
 27 
 28 import java.util.Arrays;
 29 import java.util.Objects;
 30 
 31 import static sun.security.provider.ByteArrayAccess.*;
 32 import jdk.internal.HotSpotIntrinsicCandidate;
 33 
 34 /**
 35  * This class implements the Secure Hash Algorithm (SHA) developed by
 36  * the National Institute of Standards and Technology along with the
 37  * National Security Agency.  This is the updated version of SHA
 38  * fip-180 as superseded by fip-180-1.
 39  *
 40  * <p>It implement JavaSecurity MessageDigest, and can be used by in
 41  * the Java Security framework, as a pluggable implementation, as a
 42  * filter for the digest stream classes.
 43  *
 44  * @author      Roger Riggs
 45  * @author      Benjamin Renaud
 46  * @author      Andreas Sterbenz
 47  */
 48 public final class SHA extends DigestBase {
 49 
 50     // Buffer of int's and count of characters accumulated
 51     // 64 bytes are included in each hash block so the low order
 52     // bits of count are used to know how to pack the bytes into ints
 53     // and to know when to compute the block and start the next one.
 54     private int[] W;
 55 
 56     // state of this
 57     private int[] state;
 58 
 59     /**
 60      * Creates a new SHA object.
 61      */
 62     public SHA() {
 63         super("SHA-1", 20, 64);
 64         state = new int[5];
 65         W = new int[80];
 66         resetHashes();
 67     }
 68 
 69     /*
 70      * Clones this object.
 71      */
 72     public Object clone() throws CloneNotSupportedException {
 73         SHA copy = (SHA) super.clone();
 74         copy.state = copy.state.clone();
 75         copy.W = new int[80];
 76         return copy;
 77     }
 78 
 79     /**
 80      * Resets the buffers and hash value to start a new hash.
 81      */
 82     void implReset() {
 83         // Load magic initialization constants.
 84         resetHashes();
 85         // clear out old data
 86         Arrays.fill(W, 0);
 87     }
 88 
 89     private void resetHashes() {
 90         state[0] = 0x67452301;
 91         state[1] = 0xefcdab89;
 92         state[2] = 0x98badcfe;
 93         state[3] = 0x10325476;
 94         state[4] = 0xc3d2e1f0;
 95     }
 96 
 97     /**
 98      * Computes the final hash and copies the 20 bytes to the output array.
 99      */
100     void implDigest(byte[] out, int ofs) {
101         long bitsProcessed = bytesProcessed << 3;
102 
103         int index = (int)bytesProcessed & 0x3f;
104         int padLen = (index < 56) ? (56 - index) : (120 - index);
105         engineUpdate(padding, 0, padLen);
106 
107         i2bBig4((int)(bitsProcessed >>> 32), buffer, 56);
108         i2bBig4((int)bitsProcessed, buffer, 60);
109         implCompress(buffer, 0);
110 
111         i2bBig(state, 0, out, ofs, 20);
112     }
113 
114     // Constants for each round
115     private static final int round1_kt = 0x5a827999;
116     private static final int round2_kt = 0x6ed9eba1;
117     private static final int round3_kt = 0x8f1bbcdc;
118     private static final int round4_kt = 0xca62c1d6;
119 
120     /**
121      * Compute a the hash for the current block.
122      *
123      * This is in the same vein as Peter Gutmann's algorithm listed in
124      * the back of Applied Cryptography, Compact implementation of
125      * "old" NIST Secure Hash Algorithm.
126      */
127     void implCompress(byte[] buf, int ofs) {
128         implCompressCheck(buf, ofs);
129         implCompress0(buf, ofs);
130     }
131 
132     private void implCompressCheck(byte[] buf, int ofs) {
133         Objects.requireNonNull(buf);
134 
135         // The checks performed by the method 'b2iBig64'
136         // are sufficient for the case when the method
137         // 'implCompress0' is replaced with a compiler
138         // intrinsic.
139         b2iBig64(buf, ofs, W);
140     }
141 
142     // The method 'implCompress0 seems not to use its parameters.
143     // The method can, however, be replaced with a compiler intrinsic
144     // that operates directly on the array 'buf' (starting from
145     // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'
146     // must be passed as parameter to the method.
147     @HotSpotIntrinsicCandidate
148     private void implCompress0(byte[] buf, int ofs) {
149         // The first 16 ints have the byte stream, compute the rest of
150         // the buffer
151         for (int t = 16; t <= 79; t++) {
152             int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
153             W[t] = (temp << 1) | (temp >>> 31);
154         }
155 
156         int a = state[0];
157         int b = state[1];
158         int c = state[2];
159         int d = state[3];
160         int e = state[4];
161 
162         // Round 1
163         for (int i = 0; i < 20; i++) {
164             int temp = ((a<<5) | (a>>>(32-5))) +
165                 ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
166             e = d;
167             d = c;
168             c = ((b<<30) | (b>>>(32-30)));
169             b = a;
170             a = temp;
171         }
172 
173         // Round 2
174         for (int i = 20; i < 40; i++) {
175             int temp = ((a<<5) | (a>>>(32-5))) +
176                 (b ^ c ^ d) + e + W[i] + round2_kt;
177             e = d;
178             d = c;
179             c = ((b<<30) | (b>>>(32-30)));
180             b = a;
181             a = temp;
182         }
183 
184         // Round 3
185         for (int i = 40; i < 60; i++) {
186             int temp = ((a<<5) | (a>>>(32-5))) +
187                 ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;
188             e = d;
189             d = c;
190             c = ((b<<30) | (b>>>(32-30)));
191             b = a;
192             a = temp;
193         }
194 
195         // Round 4
196         for (int i = 60; i < 80; i++) {
197             int temp = ((a<<5) | (a>>>(32-5))) +
198                 (b ^ c ^ d) + e + W[i] + round4_kt;
199             e = d;
200             d = c;
201             c = ((b<<30) | (b>>>(32-30)));
202             b = a;
203             a = temp;
204         }
205         state[0] += a;
206         state[1] += b;
207         state[2] += c;
208         state[3] += d;
209         state[4] += e;
210     }
211 
212 }