/*

 * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package sun.security.provider;

import java.util.Objects;

import static sun.security.provider.ByteArrayAccess.*;

import jdk.internal.HotSpotIntrinsicCandidate;

/**

 * This class implements the Secure Hash Algorithm (SHA) developed by

 * the National Institute of Standards and Technology along with the

 * National Security Agency.  This is the updated version of SHA

 * fip-180 as superseded by fip-180-1.

 *

 * <p>It implement JavaSecurity MessageDigest, and can be used by in

 * the Java Security framework, as a pluggable implementation, as a

 * filter for the digest stream classes.

 *

 * @author      Roger Riggs

 * @author      Benjamin Renaud

 * @author      Andreas Sterbenz

 */

public final class SHA extends DigestBase {

    // Buffer of int's and count of characters accumulated

    // 64 bytes are included in each hash block so the low order

    // bits of count are used to know how to pack the bytes into ints

    // and to know when to compute the block and start the next one.

    private int[] W;

    // state of this

    private int[] state;

    /**

     * Creates a new SHA object.

     */

    public SHA() {

        super("SHA-1", 20, 64);

        state = new int[5];

        W = new int[80];

        implReset();

    }

    /*

     * Clones this object.

     */

    public Object clone() throws CloneNotSupportedException {

        SHA copy = (SHA) super.clone();

        copy.state = copy.state.clone();

        copy.W = new int[80];

        return copy;

    }

    /**

     * Resets the buffers and hash value to start a new hash.

     */

    void implReset() {

        state[0] = 0x67452301;

        state[1] = 0xefcdab89;

        state[2] = 0x98badcfe;

        state[3] = 0x10325476;

        state[4] = 0xc3d2e1f0;

    }

    /**

     * Computes the final hash and copies the 20 bytes to the output array.

     */

    void implDigest(byte[] out, int ofs) {

        long bitsProcessed = bytesProcessed << 3;

        int index = (int)bytesProcessed & 0x3f;

        int padLen = (index < 56) ? (56 - index) : (120 - index);

        engineUpdate(padding, 0, padLen);

        i2bBig4((int)(bitsProcessed >>> 32), buffer, 56);

        i2bBig4((int)bitsProcessed, buffer, 60);

        implCompress(buffer, 0);

        i2bBig(state, 0, out, ofs, 20);

    }

    // Constants for each round

    private static final int round1_kt = 0x5a827999;

    private static final int round2_kt = 0x6ed9eba1;

    private static final int round3_kt = 0x8f1bbcdc;

    private static final int round4_kt = 0xca62c1d6;

    /**

     * Compute a the hash for the current block.

     *

     * This is in the same vein as Peter Gutmann's algorithm listed in

     * the back of Applied Cryptography, Compact implementation of

     * "old" NIST Secure Hash Algorithm.

     */

    void implCompress(byte[] buf, int ofs) {

        implCompressCheck(buf, ofs);

        implCompress0(buf, ofs);

    }

    private void implCompressCheck(byte[] buf, int ofs) {

        Objects.requireNonNull(buf);

        // The checks performed by the method 'b2iBig64'

        // are sufficient for the case when the method

        // 'implCompressImpl' is replaced with a compiler

        // intrinsic.

        b2iBig64(buf, ofs, W);

    }

    // The method 'implCompressImpl seems not to use its parameters.

    // The method can, however, be replaced with a compiler intrinsic

    // that operates directly on the array 'buf' (starting from

    // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'

    // must be passed as parameter to the method.

    @HotSpotIntrinsicCandidate

    private void implCompress0(byte[] buf, int ofs) {

        // The first 16 ints have the byte stream, compute the rest of

        // the buffer

        for (int t = 16; t <= 79; t++) {

            int temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];

            W[t] = (temp << 1) | (temp >>> 31);

        }

        int a = state[0];

        int b = state[1];

        int c = state[2];

        int d = state[3];

        int e = state[4];

        // Round 1

        for (int i = 0; i < 20; i++) {

            int temp = ((a<<5) | (a>>>(32-5))) +

                ((b&c)|((~b)&d))+ e + W[i] + round1_kt;

            e = d;

            d = c;

            c = ((b<<30) | (b>>>(32-30)));

            b = a;

            a = temp;

        }

        // Round 2

        for (int i = 20; i < 40; i++) {

            int temp = ((a<<5) | (a>>>(32-5))) +

                (b ^ c ^ d) + e + W[i] + round2_kt;

            e = d;

            d = c;

            c = ((b<<30) | (b>>>(32-30)));

            b = a;

            a = temp;

        }

        // Round 3

        for (int i = 40; i < 60; i++) {

            int temp = ((a<<5) | (a>>>(32-5))) +

                ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;

            e = d;

            d = c;

            c = ((b<<30) | (b>>>(32-30)));

            b = a;

            a = temp;

        }

        // Round 4

        for (int i = 60; i < 80; i++) {

            int temp = ((a<<5) | (a>>>(32-5))) +

                (b ^ c ^ d) + e + W[i] + round4_kt;

            e = d;

            d = c;

            c = ((b<<30) | (b>>>(32-30)));

            b = a;

            a = temp;

        }

        state[0] += a;

        state[1] += b;

        state[2] += c;

        state[3] += d;

        state[4] += e;

    }

}