Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/provider/SHA.java
38830 views
/*1* Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.provider;2627import java.util.Arrays;2829import java.util.Objects;3031import static sun.security.provider.ByteArrayAccess.*;3233/**34* This class implements the Secure Hash Algorithm (SHA) developed by35* the National Institute of Standards and Technology along with the36* National Security Agency. This is the updated version of SHA37* fip-180 as superseded by fip-180-1.38*39* <p>It implement JavaSecurity MessageDigest, and can be used by in40* the Java Security framework, as a pluggable implementation, as a41* filter for the digest stream classes.42*43* @author Roger Riggs44* @author Benjamin Renaud45* @author Andreas Sterbenz46*/47public final class SHA extends DigestBase {4849// Buffer of int's and count of characters accumulated50// 64 bytes are included in each hash block so the low order51// bits of count are used to know how to pack the bytes into ints52// and to know when to compute the block and start the next one.53private int[] W;5455// state of this56private int[] state;5758/**59* Creates a new SHA object.60*/61public SHA() {62super("SHA-1", 20, 64);63state = new int[5];64W = new int[80];65resetHashes();66}6768/*69* Clones this object.70*/71public Object clone() throws CloneNotSupportedException {72SHA copy = (SHA) super.clone();73copy.state = copy.state.clone();74copy.W = new int[80];75return copy;76}7778/**79* Resets the buffers and hash value to start a new hash.80*/81void implReset() {82// Load magic initialization constants.83resetHashes();84// clear out old data85Arrays.fill(W, 0);86}8788private void resetHashes() {89state[0] = 0x67452301;90state[1] = 0xefcdab89;91state[2] = 0x98badcfe;92state[3] = 0x10325476;93state[4] = 0xc3d2e1f0;94}9596/**97* Computes the final hash and copies the 20 bytes to the output array.98*/99void implDigest(byte[] out, int ofs) {100long bitsProcessed = bytesProcessed << 3;101102int index = (int)bytesProcessed & 0x3f;103int padLen = (index < 56) ? (56 - index) : (120 - index);104engineUpdate(padding, 0, padLen);105106i2bBig4((int)(bitsProcessed >>> 32), buffer, 56);107i2bBig4((int)bitsProcessed, buffer, 60);108implCompress(buffer, 0);109110i2bBig(state, 0, out, ofs, 20);111}112113// Constants for each round114private final static int round1_kt = 0x5a827999;115private final static int round2_kt = 0x6ed9eba1;116private final static int round3_kt = 0x8f1bbcdc;117private final static int round4_kt = 0xca62c1d6;118119/**120* Compute a the hash for the current block.121*122* This is in the same vein as Peter Gutmann's algorithm listed in123* the back of Applied Cryptography, Compact implementation of124* "old" NIST Secure Hash Algorithm.125*/126void implCompress(byte[] buf, int ofs) {127implCompressCheck(buf, ofs);128implCompress0(buf, ofs);129}130131private void implCompressCheck(byte[] buf, int ofs) {132Objects.requireNonNull(buf);133134// The checks performed by the method 'b2iBig64'135// are sufficient for the case when the method136// 'implCompressImpl' is replaced with a compiler137// intrinsic.138b2iBig64(buf, ofs, W);139}140141// The method 'implCompressImpl seems not to use its parameters.142// The method can, however, be replaced with a compiler intrinsic143// that operates directly on the array 'buf' (starting from144// offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'145// must be passed as parameter to the method.146private void implCompress0(byte[] buf, int ofs) {147// The first 16 ints have the byte stream, compute the rest of148// the buffer149for (int t = 16; t <= 79; t++) {150int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];151W[t] = (temp << 1) | (temp >>> 31);152}153154int a = state[0];155int b = state[1];156int c = state[2];157int d = state[3];158int e = state[4];159160// Round 1161for (int i = 0; i < 20; i++) {162int temp = ((a<<5) | (a>>>(32-5))) +163((b&c)|((~b)&d))+ e + W[i] + round1_kt;164e = d;165d = c;166c = ((b<<30) | (b>>>(32-30)));167b = a;168a = temp;169}170171// Round 2172for (int i = 20; i < 40; i++) {173int temp = ((a<<5) | (a>>>(32-5))) +174(b ^ c ^ d) + e + W[i] + round2_kt;175e = d;176d = c;177c = ((b<<30) | (b>>>(32-30)));178b = a;179a = temp;180}181182// Round 3183for (int i = 40; i < 60; i++) {184int temp = ((a<<5) | (a>>>(32-5))) +185((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;186e = d;187d = c;188c = ((b<<30) | (b>>>(32-30)));189b = a;190a = temp;191}192193// Round 4194for (int i = 60; i < 80; i++) {195int temp = ((a<<5) | (a>>>(32-5))) +196(b ^ c ^ d) + e + W[i] + round4_kt;197e = d;198d = c;199c = ((b<<30) | (b>>>(32-30)));200b = a;201a = temp;202}203state[0] += a;204state[1] += b;205state[2] += c;206state[3] += d;207state[4] += e;208}209210}211212213