14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * version 2 for more details (a copy is included in the LICENSE file that
16 * accompanied this code).
17 *
18 * You should have received a copy of the GNU General Public License version
19 * 2 along with this work; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
21 *
22 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
23 * or visit www.oracle.com if you need additional information or have any
24 * questions.
25 */
26 /*
27 * (C) Copyright IBM Corp. 2013
28 */
29
30 package com.sun.crypto.provider;
31
32 import java.security.ProviderException;
33
34 /**
35 * This class represents the GHASH function defined in NIST 800-38D
36 * under section 6.4. It needs to be constructed w/ a hash subkey, i.e.
37 * block H. Given input of 128-bit blocks, it will process and output
38 * a 128-bit block.
39 *
40 * <p>This function is used in the implementation of GCM mode.
41 *
42 * @since 1.8
43 */
44 final class GHASH {
45
46 private static long getLong(byte[] buffer, int offset) {
47 long result = 0;
48 int end = offset + 8;
49 for (int i = offset; i < end; ++i) {
50 result = (result << 8) + (buffer[i] & 0xFF);
51 }
52 return result;
53 }
210 if (inLen % AES_BLOCK_SIZE != 0) {
211 throw new RuntimeException("input length/block size mismatch: " +
212 inLen);
213 }
214
215 // These two checks are for C2 checking
216 if (st.length != 2) {
217 throw new RuntimeException("internal state has invalid length: " +
218 st.length);
219 }
220 if (subH.length != 2) {
221 throw new RuntimeException("internal subkeyH has invalid length: " +
222 subH.length);
223 }
224 }
225 /*
226 * This is an intrinsified method. The method's argument list must match
227 * the hotspot signature. This method and methods called by it, cannot
228 * throw exceptions or allocate arrays as it will breaking intrinsics
229 */
230 private static void processBlocks(byte[] data, int inOfs, int blocks, long[] st, long[] subH) {
231 int offset = inOfs;
232 while (blocks > 0) {
233 processBlock(data, offset, st, subH);
234 blocks--;
235 offset += AES_BLOCK_SIZE;
236 }
237 }
238
239 byte[] digest() {
240 byte[] result = new byte[AES_BLOCK_SIZE];
241 putLong(result, 0, state[0]);
242 putLong(result, 8, state[1]);
243 reset();
244 return result;
245 }
246 }
|
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * version 2 for more details (a copy is included in the LICENSE file that
16 * accompanied this code).
17 *
18 * You should have received a copy of the GNU General Public License version
19 * 2 along with this work; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
21 *
22 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
23 * or visit www.oracle.com if you need additional information or have any
24 * questions.
25 */
26 /*
27 * (C) Copyright IBM Corp. 2013
28 */
29
30 package com.sun.crypto.provider;
31
32 import java.security.ProviderException;
33
34 import jdk.internal.HotSpotIntrinsicCandidate;
35
36 /**
37 * This class represents the GHASH function defined in NIST 800-38D
38 * under section 6.4. It needs to be constructed w/ a hash subkey, i.e.
39 * block H. Given input of 128-bit blocks, it will process and output
40 * a 128-bit block.
41 *
42 * <p>This function is used in the implementation of GCM mode.
43 *
44 * @since 1.8
45 */
46 final class GHASH {
47
48 private static long getLong(byte[] buffer, int offset) {
49 long result = 0;
50 int end = offset + 8;
51 for (int i = offset; i < end; ++i) {
52 result = (result << 8) + (buffer[i] & 0xFF);
53 }
54 return result;
55 }
212 if (inLen % AES_BLOCK_SIZE != 0) {
213 throw new RuntimeException("input length/block size mismatch: " +
214 inLen);
215 }
216
217 // These two checks are for C2 checking
218 if (st.length != 2) {
219 throw new RuntimeException("internal state has invalid length: " +
220 st.length);
221 }
222 if (subH.length != 2) {
223 throw new RuntimeException("internal subkeyH has invalid length: " +
224 subH.length);
225 }
226 }
227 /*
228 * This is an intrinsified method. The method's argument list must match
229 * the hotspot signature. This method and methods called by it, cannot
230 * throw exceptions or allocate arrays as it will breaking intrinsics
231 */
232 @HotSpotIntrinsicCandidate
233 private static void processBlocks(byte[] data, int inOfs, int blocks, long[] st, long[] subH) {
234 int offset = inOfs;
235 while (blocks > 0) {
236 processBlock(data, offset, st, subH);
237 blocks--;
238 offset += AES_BLOCK_SIZE;
239 }
240 }
241
242 byte[] digest() {
243 byte[] result = new byte[AES_BLOCK_SIZE];
244 putLong(result, 0, state[0]);
245 putLong(result, 8, state[1]);
246 reset();
247 return result;
248 }
249 }
|