author | coffeys |
Thu, 23 Aug 2018 11:37:14 +0100 | |
changeset 51504 | c9a3e3cac9c7 |
parent 47216 | 71c04702a3d5 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
16871 | 2 |
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.provider; |
|
27 |
||
51504
c9a3e3cac9c7
8209129: Further improvements to cipher buffer management
coffeys
parents:
47216
diff
changeset
|
28 |
import java.util.Arrays; |
31671
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
29 |
import java.util.Objects; |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
30 |
|
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
31 |
import jdk.internal.HotSpotIntrinsicCandidate; |
2 | 32 |
import static sun.security.provider.ByteArrayAccess.*; |
33 |
||
34 |
/** |
|
35 |
* This class implements the Secure Hash Algorithm SHA-256 developed by |
|
36 |
* the National Institute of Standards and Technology along with the |
|
37 |
* National Security Agency. |
|
38 |
* |
|
39 |
* <p>It implements java.security.MessageDigestSpi, and can be used |
|
40 |
* through Java Cryptography Architecture (JCA), as a pluggable |
|
41 |
* MessageDigest implementation. |
|
42 |
* |
|
43 |
* @since 1.4.2 |
|
44 |
* @author Valerie Peng |
|
45 |
* @author Andreas Sterbenz |
|
46 |
*/ |
|
12685 | 47 |
abstract class SHA2 extends DigestBase { |
2 | 48 |
|
49 |
private static final int ITERATION = 64; |
|
50 |
// Constants for each round |
|
51 |
private static final int[] ROUND_CONSTS = { |
|
52 |
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, |
|
53 |
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, |
|
54 |
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, |
|
55 |
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, |
|
56 |
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, |
|
57 |
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, |
|
58 |
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, |
|
59 |
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, |
|
60 |
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, |
|
61 |
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, |
|
62 |
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, |
|
63 |
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, |
|
64 |
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, |
|
65 |
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, |
|
66 |
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, |
|
67 |
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 |
|
68 |
}; |
|
69 |
||
70 |
// buffer used by implCompress() |
|
12685 | 71 |
private int[] W; |
2 | 72 |
|
73 |
// state of this object |
|
12685 | 74 |
private int[] state; |
75 |
||
76 |
// initial state value. different between SHA-224 and SHA-256 |
|
77 |
private final int[] initialHashes; |
|
2 | 78 |
|
79 |
/** |
|
80 |
* Creates a new SHA object. |
|
81 |
*/ |
|
12685 | 82 |
SHA2(String name, int digestLength, int[] initialHashes) { |
83 |
super(name, digestLength, 64); |
|
84 |
this.initialHashes = initialHashes; |
|
2 | 85 |
state = new int[8]; |
86 |
W = new int[64]; |
|
51504
c9a3e3cac9c7
8209129: Further improvements to cipher buffer management
coffeys
parents:
47216
diff
changeset
|
87 |
resetHashes(); |
2 | 88 |
} |
89 |
||
90 |
/** |
|
91 |
* Resets the buffers and hash value to start a new hash. |
|
92 |
*/ |
|
93 |
void implReset() { |
|
51504
c9a3e3cac9c7
8209129: Further improvements to cipher buffer management
coffeys
parents:
47216
diff
changeset
|
94 |
resetHashes(); |
c9a3e3cac9c7
8209129: Further improvements to cipher buffer management
coffeys
parents:
47216
diff
changeset
|
95 |
Arrays.fill(W, 0); |
c9a3e3cac9c7
8209129: Further improvements to cipher buffer management
coffeys
parents:
47216
diff
changeset
|
96 |
} |
c9a3e3cac9c7
8209129: Further improvements to cipher buffer management
coffeys
parents:
47216
diff
changeset
|
97 |
|
c9a3e3cac9c7
8209129: Further improvements to cipher buffer management
coffeys
parents:
47216
diff
changeset
|
98 |
private void resetHashes() { |
12685 | 99 |
System.arraycopy(initialHashes, 0, state, 0, state.length); |
2 | 100 |
} |
101 |
||
102 |
void implDigest(byte[] out, int ofs) { |
|
103 |
long bitsProcessed = bytesProcessed << 3; |
|
104 |
||
105 |
int index = (int)bytesProcessed & 0x3f; |
|
106 |
int padLen = (index < 56) ? (56 - index) : (120 - index); |
|
107 |
engineUpdate(padding, 0, padLen); |
|
108 |
||
109 |
i2bBig4((int)(bitsProcessed >>> 32), buffer, 56); |
|
110 |
i2bBig4((int)bitsProcessed, buffer, 60); |
|
111 |
implCompress(buffer, 0); |
|
112 |
||
16871 | 113 |
i2bBig(state, 0, out, ofs, engineGetDigestLength()); |
2 | 114 |
} |
115 |
||
116 |
/** |
|
117 |
* logical function ch(x,y,z) as defined in spec: |
|
118 |
* @return (x and y) xor ((complement x) and z) |
|
119 |
* @param x int |
|
120 |
* @param y int |
|
121 |
* @param z int |
|
122 |
*/ |
|
123 |
private static int lf_ch(int x, int y, int z) { |
|
124 |
return (x & y) ^ ((~x) & z); |
|
125 |
} |
|
126 |
||
127 |
/** |
|
128 |
* logical function maj(x,y,z) as defined in spec: |
|
129 |
* @return (x and y) xor (x and z) xor (y and z) |
|
130 |
* @param x int |
|
131 |
* @param y int |
|
132 |
* @param z int |
|
133 |
*/ |
|
134 |
private static int lf_maj(int x, int y, int z) { |
|
135 |
return (x & y) ^ (x & z) ^ (y & z); |
|
136 |
} |
|
137 |
||
138 |
/** |
|
139 |
* logical function R(x,s) - right shift |
|
140 |
* @return x right shift for s times |
|
141 |
* @param x int |
|
142 |
* @param s int |
|
143 |
*/ |
|
144 |
private static int lf_R( int x, int s ) { |
|
145 |
return (x >>> s); |
|
146 |
} |
|
147 |
||
148 |
/** |
|
149 |
* logical function S(x,s) - right rotation |
|
150 |
* @return x circular right shift for s times |
|
151 |
* @param x int |
|
152 |
* @param s int |
|
153 |
*/ |
|
154 |
private static int lf_S(int x, int s) { |
|
155 |
return (x >>> s) | (x << (32 - s)); |
|
156 |
} |
|
157 |
||
158 |
/** |
|
159 |
* logical function sigma0(x) - xor of results of right rotations |
|
160 |
* @return S(x,2) xor S(x,13) xor S(x,22) |
|
161 |
* @param x int |
|
162 |
*/ |
|
163 |
private static int lf_sigma0(int x) { |
|
164 |
return lf_S(x, 2) ^ lf_S(x, 13) ^ lf_S(x, 22); |
|
165 |
} |
|
166 |
||
167 |
/** |
|
168 |
* logical function sigma1(x) - xor of results of right rotations |
|
169 |
* @return S(x,6) xor S(x,11) xor S(x,25) |
|
170 |
* @param x int |
|
171 |
*/ |
|
172 |
private static int lf_sigma1(int x) { |
|
173 |
return lf_S( x, 6 ) ^ lf_S( x, 11 ) ^ lf_S( x, 25 ); |
|
174 |
} |
|
175 |
||
176 |
/** |
|
177 |
* logical function delta0(x) - xor of results of right shifts/rotations |
|
178 |
* @return int |
|
179 |
* @param x int |
|
180 |
*/ |
|
181 |
private static int lf_delta0(int x) { |
|
182 |
return lf_S(x, 7) ^ lf_S(x, 18) ^ lf_R(x, 3); |
|
183 |
} |
|
184 |
||
185 |
/** |
|
186 |
* logical function delta1(x) - xor of results of right shifts/rotations |
|
187 |
* @return int |
|
188 |
* @param x int |
|
189 |
*/ |
|
190 |
private static int lf_delta1(int x) { |
|
191 |
return lf_S(x, 17) ^ lf_S(x, 19) ^ lf_R(x, 10); |
|
192 |
} |
|
193 |
||
194 |
/** |
|
195 |
* Process the current block to update the state variable state. |
|
196 |
*/ |
|
197 |
void implCompress(byte[] buf, int ofs) { |
|
31671
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
198 |
implCompressCheck(buf, ofs); |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
199 |
implCompress0(buf, ofs); |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
200 |
} |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
201 |
|
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
202 |
private void implCompressCheck(byte[] buf, int ofs) { |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
203 |
Objects.requireNonNull(buf); |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
204 |
|
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
205 |
// The checks performed by the method 'b2iBig64' |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
206 |
// are sufficient for the case when the method |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
207 |
// 'implCompressImpl' is replaced with a compiler |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
208 |
// intrinsic. |
2 | 209 |
b2iBig64(buf, ofs, W); |
31671
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
210 |
} |
2 | 211 |
|
31671
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
212 |
// The method 'implCompressImpl' seems not to use its parameters. |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
213 |
// The method can, however, be replaced with a compiler intrinsic |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
214 |
// that operates directly on the array 'buf' (starting from |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
215 |
// offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs' |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
216 |
// must be passed as parameter to the method. |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
217 |
@HotSpotIntrinsicCandidate |
362e0c0acece
8076112: Add @HotSpotIntrinsicCandidate annotation to indicate methods for which Java Runtime has intrinsics
zmajo
parents:
25859
diff
changeset
|
218 |
private void implCompress0(byte[] buf, int ofs) { |
2 | 219 |
// The first 16 ints are from the byte stream, compute the rest of |
220 |
// the W[]'s |
|
221 |
for (int t = 16; t < ITERATION; t++) { |
|
222 |
W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15]) |
|
223 |
+ W[t-16]; |
|
224 |
} |
|
225 |
||
226 |
int a = state[0]; |
|
227 |
int b = state[1]; |
|
228 |
int c = state[2]; |
|
229 |
int d = state[3]; |
|
230 |
int e = state[4]; |
|
231 |
int f = state[5]; |
|
232 |
int g = state[6]; |
|
233 |
int h = state[7]; |
|
234 |
||
235 |
for (int i = 0; i < ITERATION; i++) { |
|
236 |
int T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i]; |
|
237 |
int T2 = lf_sigma0(a) + lf_maj(a,b,c); |
|
238 |
h = g; |
|
239 |
g = f; |
|
240 |
f = e; |
|
241 |
e = d + T1; |
|
242 |
d = c; |
|
243 |
c = b; |
|
244 |
b = a; |
|
245 |
a = T1 + T2; |
|
246 |
} |
|
247 |
state[0] += a; |
|
248 |
state[1] += b; |
|
249 |
state[2] += c; |
|
250 |
state[3] += d; |
|
251 |
state[4] += e; |
|
252 |
state[5] += f; |
|
253 |
state[6] += g; |
|
254 |
state[7] += h; |
|
255 |
} |
|
256 |
||
12685 | 257 |
public Object clone() throws CloneNotSupportedException { |
258 |
SHA2 copy = (SHA2) super.clone(); |
|
259 |
copy.state = copy.state.clone(); |
|
260 |
copy.W = new int[64]; |
|
261 |
return copy; |
|
262 |
} |
|
263 |
||
264 |
/** |
|
265 |
* SHA-224 implementation class. |
|
266 |
*/ |
|
267 |
public static final class SHA224 extends SHA2 { |
|
268 |
private static final int[] INITIAL_HASHES = { |
|
269 |
0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, |
|
270 |
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 |
|
271 |
}; |
|
272 |
||
273 |
public SHA224() { |
|
274 |
super("SHA-224", 28, INITIAL_HASHES); |
|
275 |
} |
|
276 |
} |
|
277 |
||
278 |
/** |
|
279 |
* SHA-256 implementation class. |
|
280 |
*/ |
|
281 |
public static final class SHA256 extends SHA2 { |
|
282 |
private static final int[] INITIAL_HASHES = { |
|
283 |
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, |
|
284 |
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 |
|
285 |
}; |
|
286 |
||
287 |
public SHA256() { |
|
288 |
super("SHA-256", 32, INITIAL_HASHES); |
|
289 |
} |
|
290 |
} |
|
2 | 291 |
} |