8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import static sun.security.provider.ByteArrayAccess.*;
29
30 /**
31 * This class implements the Secure Hash Algorithm (SHA) developed by
32 * the National Institute of Standards and Technology along with the
33 * National Security Agency. This is the updated version of SHA
34 * fip-180 as superseded by fip-180-1.
35 *
36 * <p>It implement JavaSecurity MessageDigest, and can be used by in
37 * the Java Security framework, as a pluggable implementation, as a
38 * filter for the digest stream classes.
39 *
40 * @author Roger Riggs
41 * @author Benjamin Renaud
42 * @author Andreas Sterbenz
43 */
44 public final class SHA extends DigestBase {
45
46 // Buffer of int's and count of characters accumulated
47 // 64 bytes are included in each hash block so the low order
48 // bits of count are used to know how to pack the bytes into ints
97 i2bBig4((int)bitsProcessed, buffer, 60);
98 implCompress(buffer, 0);
99
100 i2bBig(state, 0, out, ofs, 20);
101 }
102
103 // Constants for each round
104 private final static int round1_kt = 0x5a827999;
105 private final static int round2_kt = 0x6ed9eba1;
106 private final static int round3_kt = 0x8f1bbcdc;
107 private final static int round4_kt = 0xca62c1d6;
108
109 /**
110 * Compute a the hash for the current block.
111 *
112 * This is in the same vein as Peter Gutmann's algorithm listed in
113 * the back of Applied Cryptography, Compact implementation of
114 * "old" NIST Secure Hash Algorithm.
115 */
116 void implCompress(byte[] buf, int ofs) {
117 b2iBig64(buf, ofs, W);
118
119 // The first 16 ints have the byte stream, compute the rest of
120 // the buffer
121 for (int t = 16; t <= 79; t++) {
122 int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
123 W[t] = (temp << 1) | (temp >>> 31);
124 }
125
126 int a = state[0];
127 int b = state[1];
128 int c = state[2];
129 int d = state[3];
130 int e = state[4];
131
132 // Round 1
133 for (int i = 0; i < 20; i++) {
134 int temp = ((a<<5) | (a>>>(32-5))) +
135 ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
136 e = d;
137 d = c;
138 c = ((b<<30) | (b>>>(32-30)));
|
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.util.Objects;
29
30 import static sun.security.provider.ByteArrayAccess.*;
31 import jdk.internal.HotSpotIntrinsicCandidate;
32
33 /**
34 * This class implements the Secure Hash Algorithm (SHA) developed by
35 * the National Institute of Standards and Technology along with the
36 * National Security Agency. This is the updated version of SHA
37 * fip-180 as superseded by fip-180-1.
38 *
39 * <p>It implement JavaSecurity MessageDigest, and can be used by in
40 * the Java Security framework, as a pluggable implementation, as a
41 * filter for the digest stream classes.
42 *
43 * @author Roger Riggs
44 * @author Benjamin Renaud
45 * @author Andreas Sterbenz
46 */
47 public final class SHA extends DigestBase {
48
49 // Buffer of int's and count of characters accumulated
50 // 64 bytes are included in each hash block so the low order
51 // bits of count are used to know how to pack the bytes into ints
100 i2bBig4((int)bitsProcessed, buffer, 60);
101 implCompress(buffer, 0);
102
103 i2bBig(state, 0, out, ofs, 20);
104 }
105
106 // Constants for each round
107 private final static int round1_kt = 0x5a827999;
108 private final static int round2_kt = 0x6ed9eba1;
109 private final static int round3_kt = 0x8f1bbcdc;
110 private final static int round4_kt = 0xca62c1d6;
111
112 /**
113 * Compute a the hash for the current block.
114 *
115 * This is in the same vein as Peter Gutmann's algorithm listed in
116 * the back of Applied Cryptography, Compact implementation of
117 * "old" NIST Secure Hash Algorithm.
118 */
119 void implCompress(byte[] buf, int ofs) {
120 implCompressCheck(buf, ofs);
121 implCompress0(buf, ofs);
122 }
123
124 private void implCompressCheck(byte[] buf, int ofs) {
125 Objects.requireNonNull(buf);
126
127 // The checks performed by the method 'b2iBig64'
128 // are sufficient for the case when the method
129 // 'implCompressImpl' is replaced with a compiler
130 // intrinsic.
131 b2iBig64(buf, ofs, W);
132 }
133
134 // The method 'implCompressImpl seems not to use its parameters.
135 // The method can, however, be replaced with a compiler intrinsic
136 // that operates directly on the array 'buf' (starting from
137 // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'
138 // must be passed as parameter to the method.
139 @HotSpotIntrinsicCandidate
140 private void implCompress0(byte[] buf, int ofs) {
141 // The first 16 ints have the byte stream, compute the rest of
142 // the buffer
143 for (int t = 16; t <= 79; t++) {
144 int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
145 W[t] = (temp << 1) | (temp >>> 31);
146 }
147
148 int a = state[0];
149 int b = state[1];
150 int c = state[2];
151 int d = state[3];
152 int e = state[4];
153
154 // Round 1
155 for (int i = 0; i < 20; i++) {
156 int temp = ((a<<5) | (a>>>(32-5))) +
157 ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
158 e = d;
159 d = c;
160 c = ((b<<30) | (b>>>(32-30)));
|