0N/A/*
2362N/A * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage sun.security.provider;
0N/A
0N/Aimport java.security.*;
0N/Aimport java.math.BigInteger;
0N/A
0N/Aimport static sun.security.provider.ByteArrayAccess.*;
0N/A
0N/A/**
0N/A * This class implements the Secure Hash Algorithm SHA-384 and SHA-512
0N/A * developed by the National Institute of Standards and Technology along
0N/A * with the National Security Agency.
0N/A *
0N/A * The two algorithms are almost identical. This file contains a base
0N/A * class SHA5 and two nested static subclasses as the classes to be used
0N/A * by the JCA framework.
0N/A *
0N/A * <p>It implements java.security.MessageDigestSpi, and can be used
0N/A * through Java Cryptography Architecture (JCA), as a pluggable
0N/A * MessageDigest implementation.
0N/A *
0N/A * @since 1.4.2
0N/A * @author Valerie Peng
0N/A * @author Andreas Sterbenz
0N/A */
0N/Aabstract class SHA5 extends DigestBase {
0N/A
0N/A private static final int ITERATION = 80;
0N/A // Constants for each round/iteration
0N/A private static final long[] ROUND_CONSTS = {
0N/A 0x428A2F98D728AE22L, 0x7137449123EF65CDL, 0xB5C0FBCFEC4D3B2FL,
0N/A 0xE9B5DBA58189DBBCL, 0x3956C25BF348B538L, 0x59F111F1B605D019L,
0N/A 0x923F82A4AF194F9BL, 0xAB1C5ED5DA6D8118L, 0xD807AA98A3030242L,
0N/A 0x12835B0145706FBEL, 0x243185BE4EE4B28CL, 0x550C7DC3D5FFB4E2L,
0N/A 0x72BE5D74F27B896FL, 0x80DEB1FE3B1696B1L, 0x9BDC06A725C71235L,
0N/A 0xC19BF174CF692694L, 0xE49B69C19EF14AD2L, 0xEFBE4786384F25E3L,
0N/A 0x0FC19DC68B8CD5B5L, 0x240CA1CC77AC9C65L, 0x2DE92C6F592B0275L,
0N/A 0x4A7484AA6EA6E483L, 0x5CB0A9DCBD41FBD4L, 0x76F988DA831153B5L,
0N/A 0x983E5152EE66DFABL, 0xA831C66D2DB43210L, 0xB00327C898FB213FL,
0N/A 0xBF597FC7BEEF0EE4L, 0xC6E00BF33DA88FC2L, 0xD5A79147930AA725L,
0N/A 0x06CA6351E003826FL, 0x142929670A0E6E70L, 0x27B70A8546D22FFCL,
0N/A 0x2E1B21385C26C926L, 0x4D2C6DFC5AC42AEDL, 0x53380D139D95B3DFL,
0N/A 0x650A73548BAF63DEL, 0x766A0ABB3C77B2A8L, 0x81C2C92E47EDAEE6L,
0N/A 0x92722C851482353BL, 0xA2BFE8A14CF10364L, 0xA81A664BBC423001L,
0N/A 0xC24B8B70D0F89791L, 0xC76C51A30654BE30L, 0xD192E819D6EF5218L,
0N/A 0xD69906245565A910L, 0xF40E35855771202AL, 0x106AA07032BBD1B8L,
0N/A 0x19A4C116B8D2D0C8L, 0x1E376C085141AB53L, 0x2748774CDF8EEB99L,
0N/A 0x34B0BCB5E19B48A8L, 0x391C0CB3C5C95A63L, 0x4ED8AA4AE3418ACBL,
0N/A 0x5B9CCA4F7763E373L, 0x682E6FF3D6B2B8A3L, 0x748F82EE5DEFB2FCL,
0N/A 0x78A5636F43172F60L, 0x84C87814A1F0AB72L, 0x8CC702081A6439ECL,
0N/A 0x90BEFFFA23631E28L, 0xA4506CEBDE82BDE9L, 0xBEF9A3F7B2C67915L,
0N/A 0xC67178F2E372532BL, 0xCA273ECEEA26619CL, 0xD186B8C721C0C207L,
0N/A 0xEADA7DD6CDE0EB1EL, 0xF57D4F7FEE6ED178L, 0x06F067AA72176FBAL,
0N/A 0x0A637DC5A2C898A6L, 0x113F9804BEF90DAEL, 0x1B710B35131C471BL,
0N/A 0x28DB77F523047D84L, 0x32CAAB7B40C72493L, 0x3C9EBE0A15C9BEBCL,
0N/A 0x431D67C49C100D4CL, 0x4CC5D4BECB3E42B6L, 0x597F299CFC657E2AL,
0N/A 0x5FCB6FAB3AD6FAECL, 0x6C44198C4A475817L
0N/A };
0N/A
0N/A // buffer used by implCompress()
0N/A private final long[] W;
0N/A
0N/A // state of this object
0N/A private final long[] state;
0N/A
0N/A // initial state value. different between SHA-384 and SHA-512
0N/A private final long[] initialHashes;
0N/A
0N/A /**
0N/A * Creates a new SHA object.
0N/A */
0N/A SHA5(String name, int digestLength, long[] initialHashes) {
0N/A super(name, digestLength, 128);
0N/A this.initialHashes = initialHashes;
0N/A state = new long[8];
0N/A W = new long[80];
0N/A implReset();
0N/A }
0N/A
0N/A /**
0N/A * Creates a SHA object with state (for cloning)
0N/A */
0N/A SHA5(SHA5 base) {
0N/A super(base);
0N/A this.initialHashes = base.initialHashes;
0N/A this.state = base.state.clone();
0N/A this.W = new long[80];
0N/A }
0N/A
0N/A final void implReset() {
0N/A System.arraycopy(initialHashes, 0, state, 0, state.length);
0N/A }
0N/A
0N/A final void implDigest(byte[] out, int ofs) {
0N/A long bitsProcessed = bytesProcessed << 3;
0N/A
0N/A int index = (int)bytesProcessed & 0x7f;
0N/A int padLen = (index < 112) ? (112 - index) : (240 - index);
0N/A engineUpdate(padding, 0, padLen + 8);
0N/A
0N/A i2bBig4((int)(bitsProcessed >>> 32), buffer, 120);
0N/A i2bBig4((int)bitsProcessed, buffer, 124);
0N/A implCompress(buffer, 0);
0N/A
0N/A l2bBig(state, 0, out, ofs, engineGetDigestLength());
0N/A }
0N/A
0N/A /**
0N/A * logical function ch(x,y,z) as defined in spec:
0N/A * @return (x and y) xor ((complement x) and z)
0N/A * @param x long
0N/A * @param y long
0N/A * @param z long
0N/A */
0N/A private static long lf_ch(long x, long y, long z) {
0N/A return (x & y) ^ ((~x) & z);
0N/A }
0N/A
0N/A /**
0N/A * logical function maj(x,y,z) as defined in spec:
0N/A * @return (x and y) xor (x and z) xor (y and z)
0N/A * @param x long
0N/A * @param y long
0N/A * @param z long
0N/A */
0N/A private static long lf_maj(long x, long y, long z) {
0N/A return (x & y) ^ (x & z) ^ (y & z);
0N/A }
0N/A
0N/A /**
0N/A * logical function R(x,s) - right shift
0N/A * @return x right shift for s times
0N/A * @param x long
0N/A * @param s int
0N/A */
0N/A private static long lf_R(long x, int s) {
0N/A return (x >>> s);
0N/A }
0N/A
0N/A /**
0N/A * logical function S(x,s) - right rotation
0N/A * @return x circular right shift for s times
0N/A * @param x long
0N/A * @param s int
0N/A */
0N/A private static long lf_S(long x, int s) {
0N/A return (x >>> s) | (x << (64 - s));
0N/A }
0N/A
0N/A /**
0N/A * logical function sigma0(x) - xor of results of right rotations
0N/A * @return S(x,28) xor S(x,34) xor S(x,39)
0N/A * @param x long
0N/A */
0N/A private static long lf_sigma0(long x) {
0N/A return lf_S(x, 28) ^ lf_S(x, 34) ^ lf_S(x, 39);
0N/A }
0N/A
0N/A /**
0N/A * logical function sigma1(x) - xor of results of right rotations
0N/A * @return S(x,14) xor S(x,18) xor S(x,41)
0N/A * @param x long
0N/A */
0N/A private static long lf_sigma1(long x) {
0N/A return lf_S(x, 14) ^ lf_S(x, 18) ^ lf_S(x, 41);
0N/A }
0N/A
0N/A /**
0N/A * logical function delta0(x) - xor of results of right shifts/rotations
0N/A * @return long
0N/A * @param x long
0N/A */
0N/A private static long lf_delta0(long x) {
0N/A return lf_S(x, 1) ^ lf_S(x, 8) ^ lf_R(x, 7);
0N/A }
0N/A
0N/A /**
0N/A * logical function delta1(x) - xor of results of right shifts/rotations
0N/A * @return long
0N/A * @param x long
0N/A */
0N/A private static long lf_delta1(long x) {
0N/A return lf_S(x, 19) ^ lf_S(x, 61) ^ lf_R(x, 6);
0N/A }
0N/A
0N/A /**
0N/A * Compute the hash for the current block.
0N/A *
0N/A * This is in the same vein as Peter Gutmann's algorithm listed in
0N/A * the back of Applied Cryptography, Compact implementation of
0N/A * "old" NIST Secure Hash Algorithm.
0N/A */
0N/A final void implCompress(byte[] buf, int ofs) {
0N/A b2lBig128(buf, ofs, W);
0N/A
0N/A // The first 16 longs are from the byte stream, compute the rest of
0N/A // the W[]'s
0N/A for (int t = 16; t < ITERATION; t++) {
0N/A W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15])
0N/A + W[t-16];
0N/A }
0N/A
0N/A long a = state[0];
0N/A long b = state[1];
0N/A long c = state[2];
0N/A long d = state[3];
0N/A long e = state[4];
0N/A long f = state[5];
0N/A long g = state[6];
0N/A long h = state[7];
0N/A
0N/A for (int i = 0; i < ITERATION; i++) {
0N/A long T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i];
0N/A long T2 = lf_sigma0(a) + lf_maj(a,b,c);
0N/A h = g;
0N/A g = f;
0N/A f = e;
0N/A e = d + T1;
0N/A d = c;
0N/A c = b;
0N/A b = a;
0N/A a = T1 + T2;
0N/A }
0N/A state[0] += a;
0N/A state[1] += b;
0N/A state[2] += c;
0N/A state[3] += d;
0N/A state[4] += e;
0N/A state[5] += f;
0N/A state[6] += g;
0N/A state[7] += h;
0N/A }
0N/A
0N/A /**
0N/A * SHA-512 implementation class.
0N/A */
0N/A public static final class SHA512 extends SHA5 {
0N/A
0N/A private static final long[] INITIAL_HASHES = {
0N/A 0x6a09e667f3bcc908L, 0xbb67ae8584caa73bL,
0N/A 0x3c6ef372fe94f82bL, 0xa54ff53a5f1d36f1L,
0N/A 0x510e527fade682d1L, 0x9b05688c2b3e6c1fL,
0N/A 0x1f83d9abfb41bd6bL, 0x5be0cd19137e2179L
0N/A };
0N/A
0N/A public SHA512() {
0N/A super("SHA-512", 64, INITIAL_HASHES);
0N/A }
0N/A
0N/A private SHA512(SHA512 base) {
0N/A super(base);
0N/A }
0N/A
0N/A public Object clone() {
0N/A return new SHA512(this);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * SHA-384 implementation class.
0N/A */
0N/A public static final class SHA384 extends SHA5 {
0N/A
0N/A private static final long[] INITIAL_HASHES = {
0N/A 0xcbbb9d5dc1059ed8L, 0x629a292a367cd507L,
0N/A 0x9159015a3070dd17L, 0x152fecd8f70e5939L,
0N/A 0x67332667ffc00b31L, 0x8eb44a8768581511L,
0N/A 0xdb0c2e0d64f98fa7L, 0x47b5481dbefa4fa4L
0N/A };
0N/A
0N/A public SHA384() {
0N/A super("SHA-384", 48, INITIAL_HASHES);
0N/A }
0N/A
0N/A private SHA384(SHA384 base) {
0N/A super(base);
0N/A }
0N/A
0N/A public Object clone() {
0N/A return new SHA384(this);
0N/A }
0N/A }
0N/A
0N/A}