2 Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc.
4 This file is a part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or (at
9 your option) any later version.
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
39 package gnu
.java
.security
.hash
;
41 import gnu
.java
.security
.Registry
;
42 import gnu
.java
.security
.util
.Util
;
45 * <p>The Secure Hash Algorithm (SHA-1) is required for use with the Digital
46 * Signature Algorithm (DSA) as specified in the Digital Signature Standard
47 * (DSS) and whenever a secure hash algorithm is required for federal
48 * applications. For a message of length less than 2^64 bits, the SHA-1
49 * produces a 160-bit condensed representation of the message called a message
50 * digest. The message digest is used during generation of a signature for the
51 * message. The SHA-1 is also used to compute a message digest for the received
52 * version of the message during the process of verifying the signature. Any
53 * change to the message in transit will, with very high probability, result in
54 * a different message digest, and the signature will fail to verify.</p>
56 * <p>The SHA-1 is designed to have the following properties: it is
57 * computationally infeasible to find a message which corresponds to a given
58 * message digest, or to find two different messages which produce the same
64 * <li><a href="http://www.itl.nist.gov/fipspubs/fip180-1.htm">SECURE HASH
66 * Federal Information, Processing Standards Publication 180-1, 1995 April 17.
70 public class Sha160
extends BaseHash
73 // Constants and variables
74 // -------------------------------------------------------------------------
76 private static final int BLOCK_SIZE
= 64; // inner block size in bytes
78 private static final String DIGEST0
= "A9993E364706816ABA3E25717850C26C9CD0D89D";
80 private static final int[] w
= new int[80];
82 /** caches the result of the correctness test, once executed. */
83 private static Boolean valid
;
85 /** 160-bit interim result. */
86 private int h0
, h1
, h2
, h3
, h4
;
89 // -------------------------------------------------------------------------
91 /** Trivial 0-arguments constructor. */
94 super(Registry
.SHA160_HASH
, 20, BLOCK_SIZE
);
98 * <p>Private constructor for cloning purposes.</p>
100 * @param md the instance to clone.
102 private Sha160(Sha160 md
)
111 this.count
= md
.count
;
112 this.buffer
= (byte[]) md
.buffer
.clone();
116 // -------------------------------------------------------------------------
118 public static final int[] G(int hh0
, int hh1
, int hh2
, int hh3
, int hh4
,
119 byte[] in
, int offset
)
121 // int[] w = new int[80];
123 // for (i = 0; i < 16; i++) {
124 // w[i] = in[offset++] << 24 |
125 // (in[offset++] & 0xFF) << 16 |
126 // (in[offset++] & 0xFF) << 8 |
127 // (in[offset++] & 0xFF);
129 // for (i = 16; i < 80; i++) {
130 // T = w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16];
131 // w[i] = T << 1 | T >>> 31;
134 // return sha(hh0, hh1, hh2, hh3, hh4, in, offset, w);
135 return sha(hh0
, hh1
, hh2
, hh3
, hh4
, in
, offset
);
139 // -------------------------------------------------------------------------
141 // java.lang.Cloneable interface implementation ----------------------------
143 public Object
clone()
145 return new Sha160(this);
148 // Implementation of concrete methods in BaseHash --------------------------
150 protected void transform(byte[] in
, int offset
)
153 // for (i = 0; i < 16; i++) {
154 // W[i] = in[offset++] << 24 |
155 // (in[offset++] & 0xFF) << 16 |
156 // (in[offset++] & 0xFF) << 8 |
157 // (in[offset++] & 0xFF);
159 // for (i = 16; i < 80; i++) {
160 // T = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16];
161 // W[i] = T << 1 | T >>> 31;
164 // int[] result = sha(h0, h1, h2, h3, h4, in, offset, W);
165 int[] result
= sha(h0
, h1
, h2
, h3
, h4
, in
, offset
);
174 protected byte[] padBuffer()
176 int n
= (int) (count
% BLOCK_SIZE
);
177 int padding
= (n
< 56) ?
(56 - n
) : (120 - n
);
178 byte[] result
= new byte[padding
+ 8];
180 // padding is always binary 1 followed by binary 0s
181 result
[0] = (byte) 0x80;
183 // save number of bits, casting the long to an array of 8 bytes
184 long bits
= count
<< 3;
185 result
[padding
++] = (byte) (bits
>>> 56);
186 result
[padding
++] = (byte) (bits
>>> 48);
187 result
[padding
++] = (byte) (bits
>>> 40);
188 result
[padding
++] = (byte) (bits
>>> 32);
189 result
[padding
++] = (byte) (bits
>>> 24);
190 result
[padding
++] = (byte) (bits
>>> 16);
191 result
[padding
++] = (byte) (bits
>>> 8);
192 result
[padding
] = (byte) bits
;
197 protected byte[] getResult()
199 byte[] result
= new byte[] { (byte) (h0
>>> 24), (byte) (h0
>>> 16),
200 (byte) (h0
>>> 8), (byte) h0
,
201 (byte) (h1
>>> 24), (byte) (h1
>>> 16),
202 (byte) (h1
>>> 8), (byte) h1
,
203 (byte) (h2
>>> 24), (byte) (h2
>>> 16),
204 (byte) (h2
>>> 8), (byte) h2
,
205 (byte) (h3
>>> 24), (byte) (h3
>>> 16),
206 (byte) (h3
>>> 8), (byte) h3
,
207 (byte) (h4
>>> 24), (byte) (h4
>>> 16),
208 (byte) (h4
>>> 8), (byte) h4
};
213 protected void resetContext()
215 // magic SHA-1/RIPEMD160 initialisation constants
223 public boolean selfTest()
227 Sha160 md
= new Sha160();
228 md
.update((byte) 0x61); // a
229 md
.update((byte) 0x62); // b
230 md
.update((byte) 0x63); // c
231 String result
= Util
.toString(md
.digest());
232 valid
= Boolean
.valueOf(DIGEST0
.equals(result
));
234 return valid
.booleanValue();
237 // SHA specific methods ----------------------------------------------------
239 private static final synchronized int[]
240 // sha(int hh0, int hh1, int hh2, int hh3, int hh4, byte[] in, int offset, int[] w) {
241 sha(int hh0
, int hh1
, int hh2
, int hh3
, int hh4
, byte[] in
, int offset
)
250 for (r
= 0; r
< 16; r
++)
252 w
[r
] = in
[offset
++] << 24 | (in
[offset
++] & 0xFF) << 16
253 | (in
[offset
++] & 0xFF) << 8 | (in
[offset
++] & 0xFF);
255 for (r
= 16; r
< 80; r
++)
257 T
= w
[r
- 3] ^ w
[r
- 8] ^ w
[r
- 14] ^ w
[r
- 16];
258 w
[r
] = T
<< 1 | T
>>> 31;
262 for (r
= 0; r
< 20; r
++)
264 T
= (A
<< 5 | A
>>> 27) + ((B
& C
) | (~B
& D
)) + E
+ w
[r
] + 0x5A827999;
267 C
= B
<< 30 | B
>>> 2;
273 for (r
= 20; r
< 40; r
++)
275 T
= (A
<< 5 | A
>>> 27) + (B ^ C ^ D
) + E
+ w
[r
] + 0x6ED9EBA1;
278 C
= B
<< 30 | B
>>> 2;
284 for (r
= 40; r
< 60; r
++)
286 T
= (A
<< 5 | A
>>> 27) + (B
& C
| B
& D
| C
& D
) + E
+ w
[r
]
290 C
= B
<< 30 | B
>>> 2;
296 for (r
= 60; r
< 80; r
++)
298 T
= (A
<< 5 | A
>>> 27) + (B ^ C ^ D
) + E
+ w
[r
] + 0xCA62C1D6;
301 C
= B
<< 30 | B
>>> 2;
306 return new int[] { hh0
+ A
, hh1
+ B
, hh2
+ C
, hh3
+ D
, hh4
+ E
};