8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import static sun.security.provider.ByteArrayAccess.*;
29 import java.nio.*;
30 import java.util.*;
31 import java.security.*;
32
33 /**
34 * This class implements the Secure Hash Algorithm SHA-3 developed by
35 * the National Institute of Standards and Technology along with the
36 * National Security Agency as defined in FIPS PUB 202.
37 *
38 * <p>It implements java.security.MessageDigestSpi, and can be used
39 * through Java Cryptography Architecture (JCA), as a pluggable
40 * MessageDigest implementation.
41 *
42 * @since 9
43 * @author Valerie Peng
44 */
45 abstract class SHA3 extends DigestBase {
46
47 private static final int WIDTH = 200; // in bytes, e.g. 1600 bits
56 0x8000000080008081L, 0x8000000000008009L, 0x8aL,
57 0x88L, 0x80008009L, 0x8000000aL,
58 0x8000808bL, 0x800000000000008bL, 0x8000000000008089L,
59 0x8000000000008003L, 0x8000000000008002L, 0x8000000000000080L,
60 0x800aL, 0x800000008000000aL, 0x8000000080008081L,
61 0x8000000000008080L, 0x80000001L, 0x8000000080008008L,
62 };
63
64 private final byte suffix;
65 private byte[] state = new byte[WIDTH];
66 private long[] lanes = new long[DM*DM];
67
68 /**
69 * Creates a new SHA-3 object.
70 */
71 SHA3(String name, int digestLength, byte suffix, int c) {
72 super(name, digestLength, (WIDTH - c));
73 this.suffix = suffix;
74 }
75
76 /**
77 * Core compression function. Processes blockSize bytes at a time
78 * and updates the state of this object.
79 */
80 void implCompress(byte[] b, int ofs) {
81 for (int i = 0; i < buffer.length; i++) {
82 state[i] ^= b[ofs++];
83 }
84 keccak();
85 }
86
87 /**
88 * Return the digest. Subclasses do not need to reset() themselves,
89 * DigestBase calls implReset() when necessary.
90 */
91 void implDigest(byte[] out, int ofs) {
92 int numOfPadding =
93 setPaddingBytes(suffix, buffer, (int)(bytesProcessed % buffer.length));
94 if (numOfPadding < 1) {
95 throw new ProviderException("Incorrect pad size: " + numOfPadding);
96 }
97 for (int i = 0; i < buffer.length; i++) {
98 state[i] ^= buffer[i];
99 }
100 keccak();
101 System.arraycopy(state, 0, out, ofs, engineGetDigestLength());
102 }
103
104 /**
105 * Resets the internal state to start a new hash.
106 */
107 void implReset() {
108 Arrays.fill(state, (byte)0);
109 Arrays.fill(lanes, 0L);
110 }
111
112 /**
113 * Utility function for padding the specified data based on the
114 * pad10*1 algorithm (section 5.1) and the 2-bit suffix "01" required
115 * for SHA-3 hash (section 6.1).
116 */
117 private static int setPaddingBytes(byte suffix, byte[] in, int len) {
118 if (len != in.length) {
119 // erase leftover values
120 Arrays.fill(in, len, in.length, (byte)0);
|
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import jdk.internal.HotSpotIntrinsicCandidate;
29 import static sun.security.provider.ByteArrayAccess.*;
30 import java.nio.*;
31 import java.util.*;
32 import java.security.*;
33
34 /**
35 * This class implements the Secure Hash Algorithm SHA-3 developed by
36 * the National Institute of Standards and Technology along with the
37 * National Security Agency as defined in FIPS PUB 202.
38 *
39 * <p>It implements java.security.MessageDigestSpi, and can be used
40 * through Java Cryptography Architecture (JCA), as a pluggable
41 * MessageDigest implementation.
42 *
43 * @since 9
44 * @author Valerie Peng
45 */
46 abstract class SHA3 extends DigestBase {
47
48 private static final int WIDTH = 200; // in bytes, e.g. 1600 bits
57 0x8000000080008081L, 0x8000000000008009L, 0x8aL,
58 0x88L, 0x80008009L, 0x8000000aL,
59 0x8000808bL, 0x800000000000008bL, 0x8000000000008089L,
60 0x8000000000008003L, 0x8000000000008002L, 0x8000000000000080L,
61 0x800aL, 0x800000008000000aL, 0x8000000080008081L,
62 0x8000000000008080L, 0x80000001L, 0x8000000080008008L,
63 };
64
65 private final byte suffix;
66 private byte[] state = new byte[WIDTH];
67 private long[] lanes = new long[DM*DM];
68
69 /**
70 * Creates a new SHA-3 object.
71 */
72 SHA3(String name, int digestLength, byte suffix, int c) {
73 super(name, digestLength, (WIDTH - c));
74 this.suffix = suffix;
75 }
76
77 private void implCompressCheck(byte[] b, int ofs) {
78 Objects.requireNonNull(b);
79 }
80
81 /**
82 * Core compression function. Processes blockSize bytes at a time
83 * and updates the state of this object.
84 */
85 void implCompress(byte[] b, int ofs) {
86 implCompressCheck(b, ofs);
87 implCompress0(b, ofs);
88 }
89
90 @HotSpotIntrinsicCandidate
91 private void implCompress0(byte[] b, int ofs) {
92 for (int i = 0; i < buffer.length; i++) {
93 state[i] ^= b[ofs++];
94 }
95 keccak();
96 }
97
98 /**
99 * Return the digest. Subclasses do not need to reset() themselves,
100 * DigestBase calls implReset() when necessary.
101 */
102 void implDigest(byte[] out, int ofs) {
103 int numOfPadding =
104 setPaddingBytes(suffix, buffer, (int)(bytesProcessed % buffer.length));
105 if (numOfPadding < 1) {
106 throw new ProviderException("Incorrect pad size: " + numOfPadding);
107 }
108 implCompress(buffer, 0);
109 System.arraycopy(state, 0, out, ofs, engineGetDigestLength());
110 }
111
112 /**
113 * Resets the internal state to start a new hash.
114 */
115 void implReset() {
116 Arrays.fill(state, (byte)0);
117 Arrays.fill(lanes, 0L);
118 }
119
120 /**
121 * Utility function for padding the specified data based on the
122 * pad10*1 algorithm (section 5.1) and the 2-bit suffix "01" required
123 * for SHA-3 hash (section 6.1).
124 */
125 private static int setPaddingBytes(byte suffix, byte[] in, int len) {
126 if (len != in.length) {
127 // erase leftover values
128 Arrays.fill(in, len, in.length, (byte)0);
|