0N/A/*
2362N/A * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage sun.security.provider;
0N/A
0N/Aimport static sun.security.provider.ByteArrayAccess.*;
0N/A
0N/A/**
0N/A * This class implements the Secure Hash Algorithm SHA-256 developed by
0N/A * the National Institute of Standards and Technology along with the
0N/A * National Security Agency.
0N/A *
0N/A * <p>It implements java.security.MessageDigestSpi, and can be used
0N/A * through Java Cryptography Architecture (JCA), as a pluggable
0N/A * MessageDigest implementation.
0N/A *
0N/A * @since 1.4.2
0N/A * @author Valerie Peng
0N/A * @author Andreas Sterbenz
0N/A */
0N/Apublic final class SHA2 extends DigestBase {
0N/A
0N/A private static final int ITERATION = 64;
0N/A // Constants for each round
0N/A private static final int[] ROUND_CONSTS = {
0N/A 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0N/A 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0N/A 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0N/A 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0N/A 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0N/A 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0N/A 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0N/A 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0N/A 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0N/A 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0N/A 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0N/A 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0N/A 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0N/A 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0N/A 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0N/A 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
0N/A };
0N/A
0N/A // buffer used by implCompress()
0N/A private final int[] W;
0N/A
0N/A // state of this object
0N/A private final int[] state;
0N/A
0N/A /**
0N/A * Creates a new SHA object.
0N/A */
0N/A public SHA2() {
0N/A super("SHA-256", 32, 64);
0N/A state = new int[8];
0N/A W = new int[64];
0N/A implReset();
0N/A }
0N/A
0N/A /**
0N/A * Creates a SHA2 object.with state (for cloning)
0N/A */
0N/A private SHA2(SHA2 base) {
0N/A super(base);
0N/A this.state = base.state.clone();
0N/A this.W = new int[64];
0N/A }
0N/A
0N/A public Object clone() {
0N/A return new SHA2(this);
0N/A }
0N/A
0N/A /**
0N/A * Resets the buffers and hash value to start a new hash.
0N/A */
0N/A void implReset() {
0N/A state[0] = 0x6a09e667;
0N/A state[1] = 0xbb67ae85;
0N/A state[2] = 0x3c6ef372;
0N/A state[3] = 0xa54ff53a;
0N/A state[4] = 0x510e527f;
0N/A state[5] = 0x9b05688c;
0N/A state[6] = 0x1f83d9ab;
0N/A state[7] = 0x5be0cd19;
0N/A }
0N/A
0N/A void implDigest(byte[] out, int ofs) {
0N/A long bitsProcessed = bytesProcessed << 3;
0N/A
0N/A int index = (int)bytesProcessed & 0x3f;
0N/A int padLen = (index < 56) ? (56 - index) : (120 - index);
0N/A engineUpdate(padding, 0, padLen);
0N/A
0N/A i2bBig4((int)(bitsProcessed >>> 32), buffer, 56);
0N/A i2bBig4((int)bitsProcessed, buffer, 60);
0N/A implCompress(buffer, 0);
0N/A
0N/A i2bBig(state, 0, out, ofs, 32);
0N/A }
0N/A
0N/A /**
0N/A * logical function ch(x,y,z) as defined in spec:
0N/A * @return (x and y) xor ((complement x) and z)
0N/A * @param x int
0N/A * @param y int
0N/A * @param z int
0N/A */
0N/A private static int lf_ch(int x, int y, int z) {
0N/A return (x & y) ^ ((~x) & z);
0N/A }
0N/A
0N/A /**
0N/A * logical function maj(x,y,z) as defined in spec:
0N/A * @return (x and y) xor (x and z) xor (y and z)
0N/A * @param x int
0N/A * @param y int
0N/A * @param z int
0N/A */
0N/A private static int lf_maj(int x, int y, int z) {
0N/A return (x & y) ^ (x & z) ^ (y & z);
0N/A }
0N/A
0N/A /**
0N/A * logical function R(x,s) - right shift
0N/A * @return x right shift for s times
0N/A * @param x int
0N/A * @param s int
0N/A */
0N/A private static int lf_R( int x, int s ) {
0N/A return (x >>> s);
0N/A }
0N/A
0N/A /**
0N/A * logical function S(x,s) - right rotation
0N/A * @return x circular right shift for s times
0N/A * @param x int
0N/A * @param s int
0N/A */
0N/A private static int lf_S(int x, int s) {
0N/A return (x >>> s) | (x << (32 - s));
0N/A }
0N/A
0N/A /**
0N/A * logical function sigma0(x) - xor of results of right rotations
0N/A * @return S(x,2) xor S(x,13) xor S(x,22)
0N/A * @param x int
0N/A */
0N/A private static int lf_sigma0(int x) {
0N/A return lf_S(x, 2) ^ lf_S(x, 13) ^ lf_S(x, 22);
0N/A }
0N/A
0N/A /**
0N/A * logical function sigma1(x) - xor of results of right rotations
0N/A * @return S(x,6) xor S(x,11) xor S(x,25)
0N/A * @param x int
0N/A */
0N/A private static int lf_sigma1(int x) {
0N/A return lf_S( x, 6 ) ^ lf_S( x, 11 ) ^ lf_S( x, 25 );
0N/A }
0N/A
0N/A /**
0N/A * logical function delta0(x) - xor of results of right shifts/rotations
0N/A * @return int
0N/A * @param x int
0N/A */
0N/A private static int lf_delta0(int x) {
0N/A return lf_S(x, 7) ^ lf_S(x, 18) ^ lf_R(x, 3);
0N/A }
0N/A
0N/A /**
0N/A * logical function delta1(x) - xor of results of right shifts/rotations
0N/A * @return int
0N/A * @param x int
0N/A */
0N/A private static int lf_delta1(int x) {
0N/A return lf_S(x, 17) ^ lf_S(x, 19) ^ lf_R(x, 10);
0N/A }
0N/A
0N/A /**
0N/A * Process the current block to update the state variable state.
0N/A */
0N/A void implCompress(byte[] buf, int ofs) {
0N/A b2iBig64(buf, ofs, W);
0N/A
0N/A // The first 16 ints are from the byte stream, compute the rest of
0N/A // the W[]'s
0N/A for (int t = 16; t < ITERATION; t++) {
0N/A W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15])
0N/A + W[t-16];
0N/A }
0N/A
0N/A int a = state[0];
0N/A int b = state[1];
0N/A int c = state[2];
0N/A int d = state[3];
0N/A int e = state[4];
0N/A int f = state[5];
0N/A int g = state[6];
0N/A int h = state[7];
0N/A
0N/A for (int i = 0; i < ITERATION; i++) {
0N/A int T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i];
0N/A int T2 = lf_sigma0(a) + lf_maj(a,b,c);
0N/A h = g;
0N/A g = f;
0N/A f = e;
0N/A e = d + T1;
0N/A d = c;
0N/A c = b;
0N/A b = a;
0N/A a = T1 + T2;
0N/A }
0N/A state[0] += a;
0N/A state[1] += b;
0N/A state[2] += c;
0N/A state[3] += d;
0N/A state[4] += e;
0N/A state[5] += f;
0N/A state[6] += g;
0N/A state[7] += h;
0N/A }
0N/A
0N/A}