8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 



  28 import static sun.security.provider.ByteArrayAccess.*;
  29 
  30 /**
  31  * This class implements the Secure Hash Algorithm SHA-256 developed by
  32  * the National Institute of Standards and Technology along with the
  33  * National Security Agency.
  34  *
  35  * <p>It implements java.security.MessageDigestSpi, and can be used
  36  * through Java Cryptography Architecture (JCA), as a pluggable
  37  * MessageDigest implementation.
  38  *
  39  * @since       1.4.2
  40  * @author      Valerie Peng
  41  * @author      Andreas Sterbenz
  42  */
  43 abstract class SHA2 extends DigestBase {
  44 
  45     private static final int ITERATION = 64;
  46     // Constants for each round
  47     private static final int[] ROUND_CONSTS = {

 169      * @return int
 170      * @param x int
 171      */
 172     private static int lf_delta0(int x) {
 173         return lf_S(x, 7) ^ lf_S(x, 18) ^ lf_R(x, 3);
 174     }
 175 
 176     /**
 177      * logical function delta1(x) - xor of results of right shifts/rotations
 178      * @return int
 179      * @param x int
 180      */
 181     private static int lf_delta1(int x) {
 182         return lf_S(x, 17) ^ lf_S(x, 19) ^ lf_R(x, 10);
 183     }
 184 
 185     /**
 186      * Process the current block to update the state variable state.
 187      */
 188     void implCompress(byte[] buf, int ofs) {











 189         b2iBig64(buf, ofs, W);

 190 







 191         // The first 16 ints are from the byte stream, compute the rest of
 192         // the W[]'s
 193         for (int t = 16; t < ITERATION; t++) {
 194             W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15])
 195                    + W[t-16];
 196         }
 197 
 198         int a = state[0];
 199         int b = state[1];
 200         int c = state[2];
 201         int d = state[3];
 202         int e = state[4];
 203         int f = state[5];
 204         int g = state[6];
 205         int h = state[7];
 206 
 207         for (int i = 0; i < ITERATION; i++) {
 208             int T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i];
 209             int T2 = lf_sigma0(a) + lf_maj(a,b,c);
 210             h = g;

   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 
  28 import java.util.Objects;
  29 
  30 import jdk.internal.HotSpotIntrinsicCandidate;
  31 import static sun.security.provider.ByteArrayAccess.*;
  32 
  33 /**
  34  * This class implements the Secure Hash Algorithm SHA-256 developed by
  35  * the National Institute of Standards and Technology along with the
  36  * National Security Agency.
  37  *
  38  * <p>It implements java.security.MessageDigestSpi, and can be used
  39  * through Java Cryptography Architecture (JCA), as a pluggable
  40  * MessageDigest implementation.
  41  *
  42  * @since       1.4.2
  43  * @author      Valerie Peng
  44  * @author      Andreas Sterbenz
  45  */
  46 abstract class SHA2 extends DigestBase {
  47 
  48     private static final int ITERATION = 64;
  49     // Constants for each round
  50     private static final int[] ROUND_CONSTS = {

 172      * @return int
 173      * @param x int
 174      */
 175     private static int lf_delta0(int x) {
 176         return lf_S(x, 7) ^ lf_S(x, 18) ^ lf_R(x, 3);
 177     }
 178 
 179     /**
 180      * logical function delta1(x) - xor of results of right shifts/rotations
 181      * @return int
 182      * @param x int
 183      */
 184     private static int lf_delta1(int x) {
 185         return lf_S(x, 17) ^ lf_S(x, 19) ^ lf_R(x, 10);
 186     }
 187 
 188     /**
 189      * Process the current block to update the state variable state.
 190      */
 191     void implCompress(byte[] buf, int ofs) {
 192         implCompressCheck(buf, ofs);
 193         implCompress0(buf, ofs);
 194     }
 195 
 196     private void implCompressCheck(byte[] buf, int ofs) {
 197         Objects.requireNonNull(buf);
 198 
 199         // The checks performed by the method 'b2iBig64'
 200         // are sufficient for the case when the method
 201         // 'implCompressImpl' is replaced with a compiler
 202         // intrinsic.
 203         b2iBig64(buf, ofs, W);
 204     }
 205 
 206     // The method 'implCompressImpl' seems not to use its parameters.
 207     // The method can, however, be replaced with a compiler intrinsic
 208     // that operates directly on the array 'buf' (starting from
 209     // offset 'ofs') and not on array 'W', therefore 'buf' and 'ofs'
 210     // must be passed as parameter the method.
 211     @HotSpotIntrinsicCandidate
 212     private void implCompress0(byte[] buf, int ofs) {
 213         // The first 16 ints are from the byte stream, compute the rest of
 214         // the W[]'s
 215         for (int t = 16; t < ITERATION; t++) {
 216             W[t] = lf_delta1(W[t-2]) + W[t-7] + lf_delta0(W[t-15])
 217                    + W[t-16];
 218         }
 219 
 220         int a = state[0];
 221         int b = state[1];
 222         int c = state[2];
 223         int d = state[3];
 224         int e = state[4];
 225         int f = state[5];
 226         int g = state[6];
 227         int h = state[7];
 228 
 229         for (int i = 0; i < ITERATION; i++) {
 230             int T1 = h + lf_sigma1(e) + lf_ch(e,f,g) + ROUND_CONSTS[i] + W[i];
 231             int T2 = lf_sigma0(a) + lf_maj(a,b,c);
 232             h = g;