8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 


  28 import static sun.security.provider.ByteArrayAccess.*;

  29 
  30 /**
  31  * This class implements the Secure Hash Algorithm (SHA) developed by
  32  * the National Institute of Standards and Technology along with the
  33  * National Security Agency.  This is the updated version of SHA
  34  * fip-180 as superseded by fip-180-1.
  35  *
  36  * <p>It implement JavaSecurity MessageDigest, and can be used by in
  37  * the Java Security framework, as a pluggable implementation, as a
  38  * filter for the digest stream classes.
  39  *
  40  * @author      Roger Riggs
  41  * @author      Benjamin Renaud
  42  * @author      Andreas Sterbenz
  43  */
  44 public final class SHA extends DigestBase {
  45 
  46     // Buffer of int's and count of characters accumulated
  47     // 64 bytes are included in each hash block so the low order
  48     // bits of count are used to know how to pack the bytes into ints

  97         i2bBig4((int)bitsProcessed, buffer, 60);
  98         implCompress(buffer, 0);
  99 
 100         i2bBig(state, 0, out, ofs, 20);
 101     }
 102 
 103     // Constants for each round
 104     private final static int round1_kt = 0x5a827999;
 105     private final static int round2_kt = 0x6ed9eba1;
 106     private final static int round3_kt = 0x8f1bbcdc;
 107     private final static int round4_kt = 0xca62c1d6;
 108 
 109     /**
 110      * Compute a the hash for the current block.
 111      *
 112      * This is in the same vein as Peter Gutmann's algorithm listed in
 113      * the back of Applied Cryptography, Compact implementation of
 114      * "old" NIST Secure Hash Algorithm.
 115      */
 116     void implCompress(byte[] buf, int ofs) {











 117         b2iBig64(buf, ofs, W);

 118 







 119         // The first 16 ints have the byte stream, compute the rest of
 120         // the buffer
 121         for (int t = 16; t <= 79; t++) {
 122             int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
 123             W[t] = (temp << 1) | (temp >>> 31);
 124         }
 125 
 126         int a = state[0];
 127         int b = state[1];
 128         int c = state[2];
 129         int d = state[3];
 130         int e = state[4];
 131 
 132         // Round 1
 133         for (int i = 0; i < 20; i++) {
 134             int temp = ((a<<5) | (a>>>(32-5))) +
 135                 ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
 136             e = d;
 137             d = c;
 138             c = ((b<<30) | (b>>>(32-30)));

   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 
  28 import java.util.Objects;
  29 
  30 import static sun.security.provider.ByteArrayAccess.*;
  31 import jdk.internal.HotSpotIntrinsicCandidate;
  32 
  33 /**
  34  * This class implements the Secure Hash Algorithm (SHA) developed by
  35  * the National Institute of Standards and Technology along with the
  36  * National Security Agency.  This is the updated version of SHA
  37  * fip-180 as superseded by fip-180-1.
  38  *
  39  * <p>It implement JavaSecurity MessageDigest, and can be used by in
  40  * the Java Security framework, as a pluggable implementation, as a
  41  * filter for the digest stream classes.
  42  *
  43  * @author      Roger Riggs
  44  * @author      Benjamin Renaud
  45  * @author      Andreas Sterbenz
  46  */
  47 public final class SHA extends DigestBase {
  48 
  49     // Buffer of int's and count of characters accumulated
  50     // 64 bytes are included in each hash block so the low order
  51     // bits of count are used to know how to pack the bytes into ints

 100         i2bBig4((int)bitsProcessed, buffer, 60);
 101         implCompress(buffer, 0);
 102 
 103         i2bBig(state, 0, out, ofs, 20);
 104     }
 105 
 106     // Constants for each round
 107     private final static int round1_kt = 0x5a827999;
 108     private final static int round2_kt = 0x6ed9eba1;
 109     private final static int round3_kt = 0x8f1bbcdc;
 110     private final static int round4_kt = 0xca62c1d6;
 111 
 112     /**
 113      * Compute a the hash for the current block.
 114      *
 115      * This is in the same vein as Peter Gutmann's algorithm listed in
 116      * the back of Applied Cryptography, Compact implementation of
 117      * "old" NIST Secure Hash Algorithm.
 118      */
 119     void implCompress(byte[] buf, int ofs) {
 120         implCompressCheck(buf, ofs);
 121         implCompress0(buf, ofs);
 122     }
 123 
 124     private void implCompressCheck(byte[] buf, int ofs) {
 125         Objects.requireNonNull(buf);
 126 
 127         // The checks performed by the method 'b2iBig64'
 128         // are sufficient for the case when the method
 129         // 'implCompressImpl' is replaced with a compiler
 130         // intrinsic.
 131         b2iBig64(buf, ofs, W);
 132     }
 133 
 134     // The method 'implCompressImpl seems not to use its parameters.
 135     // The method can, however, be replaced with a compiler intrinsic
 136     // that operates directly on the array 'buf' (starting from
 137     // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'
 138     // must be passed as parameter to the method.
 139     @HotSpotIntrinsicCandidate
 140     private void implCompress0(byte[] buf, int ofs) {
 141         // The first 16 ints have the byte stream, compute the rest of
 142         // the buffer
 143         for (int t = 16; t <= 79; t++) {
 144             int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
 145             W[t] = (temp << 1) | (temp >>> 31);
 146         }
 147 
 148         int a = state[0];
 149         int b = state[1];
 150         int c = state[2];
 151         int d = state[3];
 152         int e = state[4];
 153 
 154         // Round 1
 155         for (int i = 0; i < 20; i++) {
 156             int temp = ((a<<5) | (a>>>(32-5))) +
 157                 ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
 158             e = d;
 159             d = c;
 160             c = ((b<<30) | (b>>>(32-30)));