CoCalc -- SHA3.java

GitHub Repository: PojavLauncherTeam/mobile
Path: blob/master/src/java.base/share/classes/sun/security/provider/SHA3.java
⁴¹¹⁵⁹ views
1
/*
2
 * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package sun.security.provider;
27

28
import jdk.internal.vm.annotation.IntrinsicCandidate;
29
import static sun.security.provider.ByteArrayAccess.*;
30
import java.nio.*;
31
import java.util.*;
32
import java.security.*;
33

34
/**
35
 * This class implements the Secure Hash Algorithm SHA-3 developed by
36
 * the National Institute of Standards and Technology along with the
37
 * National Security Agency as defined in FIPS PUB 202.
38
 *
39
 * <p>It implements java.security.MessageDigestSpi, and can be used
40
 * through Java Cryptography Architecture (JCA), as a pluggable
41
 * MessageDigest implementation.
42
 *
43
 * @since       9
44
 * @author      Valerie Peng
45
 */
46
abstract class SHA3 extends DigestBase {
47

48
    private static final int WIDTH = 200; // in bytes, e.g. 1600 bits
49
    private static final int DM = 5; // dimension of lanes
50

51
    private static final int NR = 24; // number of rounds
52

53
    // precomputed round constants needed by the step mapping Iota
54
    private static final long[] RC_CONSTANTS = {
55
        0x01L, 0x8082L, 0x800000000000808aL,
56
        0x8000000080008000L, 0x808bL, 0x80000001L,
57
        0x8000000080008081L, 0x8000000000008009L, 0x8aL,
58
        0x88L, 0x80008009L, 0x8000000aL,
59
        0x8000808bL, 0x800000000000008bL, 0x8000000000008089L,
60
        0x8000000000008003L, 0x8000000000008002L, 0x8000000000000080L,
61
        0x800aL, 0x800000008000000aL, 0x8000000080008081L,
62
        0x8000000000008080L, 0x80000001L, 0x8000000080008008L,
63
    };
64

65
    private final byte suffix;
66
    private byte[] state = new byte[WIDTH];
67
    private long[] lanes = new long[DM*DM];
68

69
    /**
70
     * Creates a new SHA-3 object.
71
     */
72
    SHA3(String name, int digestLength, byte suffix, int c) {
73
        super(name, digestLength, (WIDTH - c));
74
        this.suffix = suffix;
75
    }
76

77
    private void implCompressCheck(byte[] b, int ofs) {
78
        Objects.requireNonNull(b);
79
    }
80

81
    /**
82
     * Core compression function. Processes blockSize bytes at a time
83
     * and updates the state of this object.
84
     */
85
    void implCompress(byte[] b, int ofs) {
86
        implCompressCheck(b, ofs);
87
        implCompress0(b, ofs);
88
    }
89

90
    @IntrinsicCandidate
91
    private void implCompress0(byte[] b, int ofs) {
92
       for (int i = 0; i < buffer.length; i++) {
93
           state[i] ^= b[ofs++];
94
       }
95
       keccak();
96
    }
97

98
    /**
99
     * Return the digest. Subclasses do not need to reset() themselves,
100
     * DigestBase calls implReset() when necessary.
101
     */
102
    void implDigest(byte[] out, int ofs) {
103
        int numOfPadding =
104
            setPaddingBytes(suffix, buffer, (int)(bytesProcessed % buffer.length));
105
        if (numOfPadding < 1) {
106
            throw new ProviderException("Incorrect pad size: " + numOfPadding);
107
        }
108
        implCompress(buffer, 0);
109
        System.arraycopy(state, 0, out, ofs, engineGetDigestLength());
110
    }
111

112
    /**
113
     * Resets the internal state to start a new hash.
114
     */
115
    void implReset() {
116
        Arrays.fill(state, (byte)0);
117
        Arrays.fill(lanes, 0L);
118
    }
119

120
    /**
121
     * Utility function for padding the specified data based on the
122
     * pad10*1 algorithm (section 5.1) and the 2-bit suffix "01" required
123
     * for SHA-3 hash (section 6.1).
124
     */
125
    private static int setPaddingBytes(byte suffix, byte[] in, int len) {
126
        if (len != in.length) {
127
            // erase leftover values
128
            Arrays.fill(in, len, in.length, (byte)0);
129
            // directly store the padding bytes into the input
130
            // as the specified buffer is allocated w/ size = rateR
131
            in[len] |= suffix;
132
            in[in.length - 1] |= (byte) 0x80;
133
        }
134
        return (in.length - len);
135
    }
136

137
    /**
138
     * Utility function for transforming the specified byte array 's'
139
     * into array of lanes 'm' as defined in section 3.1.2.
140
     */
141
    private static void bytes2Lanes(byte[] s, long[] m) {
142
        int sOfs = 0;
143
        // Conversion traverses along x-axis before y-axis
144
        for (int y = 0; y < DM; y++, sOfs += 40) {
145
            b2lLittle(s, sOfs, m, DM*y, 40);
146
        }
147
    }
148

149
    /**
150
     * Utility function for transforming the specified array of
151
     * lanes 'm' into a byte array 's' as defined in section 3.1.3.
152
     */
153
    private static void lanes2Bytes(long[] m, byte[] s) {
154
        int sOfs = 0;
155
        // Conversion traverses along x-axis before y-axis
156
        for (int y = 0; y < DM; y++, sOfs += 40) {
157
            l2bLittle(m, DM*y, s, sOfs, 40);
158
        }
159
    }
160

161
    /**
162
     * Step mapping Theta as defined in section 3.2.1 .
163
     */
164
    private static long[] smTheta(long[] a) {
165
        long c0 = a[0]^a[5]^a[10]^a[15]^a[20];
166
        long c1 = a[1]^a[6]^a[11]^a[16]^a[21];
167
        long c2 = a[2]^a[7]^a[12]^a[17]^a[22];
168
        long c3 = a[3]^a[8]^a[13]^a[18]^a[23];
169
        long c4 = a[4]^a[9]^a[14]^a[19]^a[24];
170
        long d0 = c4 ^ Long.rotateLeft(c1, 1);
171
        long d1 = c0 ^ Long.rotateLeft(c2, 1);
172
        long d2 = c1 ^ Long.rotateLeft(c3, 1);
173
        long d3 = c2 ^ Long.rotateLeft(c4, 1);
174
        long d4 = c3 ^ Long.rotateLeft(c0, 1);
175
        for (int y = 0; y < a.length; y += DM) {
176
            a[y] ^= d0;
177
            a[y+1] ^= d1;
178
            a[y+2] ^= d2;
179
            a[y+3] ^= d3;
180
            a[y+4] ^= d4;
181
        }
182
        return a;
183
    }
184

185
    /**
186
     * Merged Step mapping Rho (section 3.2.2) and Pi (section 3.2.3).
187
     * for performance. Optimization is achieved by precalculating
188
     * shift constants for the following loop
189
     *   int xNext, yNext;
190
     *   for (int t = 0, x = 1, y = 0; t <= 23; t++, x = xNext, y = yNext) {
191
     *        int numberOfShift = ((t + 1)*(t + 2)/2) % 64;
192
     *        a[y][x] = Long.rotateLeft(a[y][x], numberOfShift);
193
     *        xNext = y;
194
     *        yNext = (2 * x + 3 * y) % DM;
195
     *   }
196
     * and with inplace permutation.
197
     */
198
    private static long[] smPiRho(long[] a) {
199
        long tmp = Long.rotateLeft(a[10], 3);
200
        a[10] = Long.rotateLeft(a[1], 1);
201
        a[1] = Long.rotateLeft(a[6], 44);
202
        a[6] = Long.rotateLeft(a[9], 20);
203
        a[9] = Long.rotateLeft(a[22], 61);
204
        a[22] = Long.rotateLeft(a[14], 39);
205
        a[14] = Long.rotateLeft(a[20], 18);
206
        a[20] = Long.rotateLeft(a[2], 62);
207
        a[2] = Long.rotateLeft(a[12], 43);
208
        a[12] = Long.rotateLeft(a[13], 25);
209
        a[13] = Long.rotateLeft(a[19], 8);
210
        a[19] = Long.rotateLeft(a[23], 56);
211
        a[23] = Long.rotateLeft(a[15], 41);
212
        a[15] = Long.rotateLeft(a[4], 27);
213
        a[4] = Long.rotateLeft(a[24], 14);
214
        a[24] = Long.rotateLeft(a[21], 2);
215
        a[21] = Long.rotateLeft(a[8], 55);
216
        a[8] = Long.rotateLeft(a[16], 45);
217
        a[16] = Long.rotateLeft(a[5], 36);
218
        a[5] = Long.rotateLeft(a[3], 28);
219
        a[3] = Long.rotateLeft(a[18], 21);
220
        a[18] = Long.rotateLeft(a[17], 15);
221
        a[17] = Long.rotateLeft(a[11], 10);
222
        a[11] = Long.rotateLeft(a[7], 6);
223
        a[7] = tmp;
224
        return a;
225
    }
226

227
    /**
228
     * Step mapping Chi as defined in section 3.2.4.
229
     */
230
    private static long[] smChi(long[] a) {
231
        for (int y = 0; y < a.length; y+=DM) {
232
            long ay0 = a[y];
233
            long ay1 = a[y+1];
234
            long ay2 = a[y+2];
235
            long ay3 = a[y+3];
236
            long ay4 = a[y+4];
237
            a[y] = ay0 ^ ((~ay1) & ay2);
238
            a[y+1] = ay1 ^ ((~ay2) & ay3);
239
            a[y+2] = ay2 ^ ((~ay3) & ay4);
240
            a[y+3] = ay3 ^ ((~ay4) & ay0);
241
            a[y+4] = ay4 ^ ((~ay0) & ay1);
242
        }
243
        return a;
244
    }
245

246
    /**
247
     * Step mapping Iota as defined in section 3.2.5.
248
     */
249
    private static long[] smIota(long[] a, int rndIndex) {
250
        a[0] ^= RC_CONSTANTS[rndIndex];
251
        return a;
252
    }
253

254
    /**
255
     * The function Keccak as defined in section 5.2 with
256
     * rate r = 1600 and capacity c = (digest length x 2).
257
     */
258
    private void keccak() {
259
        // convert the 200-byte state into 25 lanes
260
        bytes2Lanes(state, lanes);
261
        // process the lanes through step mappings
262
        for (int ir = 0; ir < NR; ir++) {
263
            smIota(smChi(smPiRho(smTheta(lanes))), ir);
264
        }
265
        // convert the resulting 25 lanes back into 200-byte state
266
        lanes2Bytes(lanes, state);
267
    }
268

269
    public Object clone() throws CloneNotSupportedException {
270
        SHA3 copy = (SHA3) super.clone();
271
        copy.state = copy.state.clone();
272
        copy.lanes = new long[DM*DM];
273
        return copy;
274
    }
275

276
    /**
277
     * SHA3-224 implementation class.
278
     */
279
    public static final class SHA224 extends SHA3 {
280
        public SHA224() {
281
            super("SHA3-224", 28, (byte)0x06, 56);
282
        }
283
    }
284

285
    /**
286
     * SHA3-256 implementation class.
287
     */
288
    public static final class SHA256 extends SHA3 {
289
        public SHA256() {
290
            super("SHA3-256", 32, (byte)0x06, 64);
291
        }
292
    }
293

294
    /**
295
     * SHAs-384 implementation class.
296
     */
297
    public static final class SHA384 extends SHA3 {
298
        public SHA384() {
299
            super("SHA3-384", 48, (byte)0x06, 96);
300
        }
301
    }
302

303
    /**
304
     * SHA3-512 implementation class.
305
     */
306
    public static final class SHA512 extends SHA3 {
307
        public SHA512() {
308
            super("SHA3-512", 64, (byte)0x06, 128);
309
        }
310
    }
311
}
312

313
Product

Resources

Company
