Home | History | Annotate | Download | only in digests 
      1 package org.bouncycastle.crypto.digests;
      2 
      3 
      4 import org.bouncycastle.crypto.digests.GeneralDigest;
      5 import org.bouncycastle.crypto.util.Pack;
      6 
      7 
      8 /**
      9  * FIPS 180-2 implementation of SHA-256.
     10  *
     11  * <pre>
     12  *         block  word  digest
     13  * SHA-1   512    32    160
     14  * SHA-256 512    32    256
     15  * SHA-384 1024   64    384
     16  * SHA-512 1024   64    512
     17  * </pre>
     18  */
     19 public class SHA256Digest
     20     extends GeneralDigest
     21 {
     22     private static final int    DIGEST_LENGTH = 32;
     23 
     24     private int     H1, H2, H3, H4, H5, H6, H7, H8;
     25 
     26     private int[]   X = new int[64];
     27     private int     xOff;
     28 
     29     /**
     30      * Standard constructor
     31      */
     32     public SHA256Digest()
     33     {
     34         reset();
     35     }
     36 
     37     /**
     38      * Copy constructor.  This will copy the state of the provided
     39      * message digest.
     40      */
     41     public SHA256Digest(SHA256Digest t)
     42     {
     43         super(t);
     44 
     45         H1 = t.H1;
     46         H2 = t.H2;
     47         H3 = t.H3;
     48         H4 = t.H4;
     49         H5 = t.H5;
     50         H6 = t.H6;
     51         H7 = t.H7;
     52         H8 = t.H8;
     53 
     54         System.arraycopy(t.X, 0, X, 0, t.X.length);
     55         xOff = t.xOff;
     56     }
     57 
     58     public String getAlgorithmName()
     59     {
     60         return "SHA-256";
     61     }
     62 
     63     public int getDigestSize()
     64     {
     65         return DIGEST_LENGTH;
     66     }
     67 
     68     protected void processWord(
     69         byte[]  in,
     70         int     inOff)
     71     {
     72         // Note: Inlined for performance
     73 //        X[xOff] = Pack.bigEndianToInt(in, inOff);
     74         int n = in[inOff] << 24;
     75         n |= (in[++inOff] & 0xff) << 16;
     76         n |= (in[++inOff] & 0xff) << 8;
     77         n |= (in[++inOff] & 0xff);
     78         X[xOff] = n;
     79 
     80         if (++xOff == 16)
     81         {
     82             processBlock();
     83         }
     84     }
     85 
     86     protected void processLength(
     87         long    bitLength)
     88     {
     89         if (xOff > 14)
     90         {
     91             processBlock();
     92         }
     93 
     94         X[14] = (int)(bitLength >>> 32);
     95         X[15] = (int)(bitLength & 0xffffffff);
     96     }
     97 
     98     public int doFinal(
     99         byte[]  out,
    100         int     outOff)
    101     {
    102         finish();
    103 
    104         Pack.intToBigEndian(H1, out, outOff);
    105         Pack.intToBigEndian(H2, out, outOff + 4);
    106         Pack.intToBigEndian(H3, out, outOff + 8);
    107         Pack.intToBigEndian(H4, out, outOff + 12);
    108         Pack.intToBigEndian(H5, out, outOff + 16);
    109         Pack.intToBigEndian(H6, out, outOff + 20);
    110         Pack.intToBigEndian(H7, out, outOff + 24);
    111         Pack.intToBigEndian(H8, out, outOff + 28);
    112 
    113         reset();
    114 
    115         return DIGEST_LENGTH;
    116     }
    117 
    118     /**
    119      * reset the chaining variables
    120      */
    121     public void reset()
    122     {
    123         super.reset();
    124 
    125         /* SHA-256 initial hash value
    126          * The first 32 bits of the fractional parts of the square roots
    127          * of the first eight prime numbers
    128          */
    129 
    130         H1 = 0x6a09e667;
    131         H2 = 0xbb67ae85;
    132         H3 = 0x3c6ef372;
    133         H4 = 0xa54ff53a;
    134         H5 = 0x510e527f;
    135         H6 = 0x9b05688c;
    136         H7 = 0x1f83d9ab;
    137         H8 = 0x5be0cd19;
    138 
    139         xOff = 0;
    140         for (int i = 0; i != X.length; i++)
    141         {
    142             X[i] = 0;
    143         }
    144     }
    145 
    146     protected void processBlock()
    147     {
    148         //
    149         // expand 16 word block into 64 word blocks.
    150         //
    151         for (int t = 16; t <= 63; t++)
    152         {
    153             X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16];
    154         }
    155 
    156         //
    157         // set up working variables.
    158         //
    159         int     a = H1;
    160         int     b = H2;
    161         int     c = H3;
    162         int     d = H4;
    163         int     e = H5;
    164         int     f = H6;
    165         int     g = H7;
    166         int     h = H8;
    167 
    168         int t = 0;
    169         for(int i = 0; i < 8; i ++)
    170         {
    171             // t = 8 * i
    172             h += Sum1(e) + Ch(e, f, g) + K[t] + X[t];
    173             d += h;
    174             h += Sum0(a) + Maj(a, b, c);
    175             ++t;
    176 
    177             // t = 8 * i + 1
    178             g += Sum1(d) + Ch(d, e, f) + K[t] + X[t];
    179             c += g;
    180             g += Sum0(h) + Maj(h, a, b);
    181             ++t;
    182 
    183             // t = 8 * i + 2
    184             f += Sum1(c) + Ch(c, d, e) + K[t] + X[t];
    185             b += f;
    186             f += Sum0(g) + Maj(g, h, a);
    187             ++t;
    188 
    189             // t = 8 * i + 3
    190             e += Sum1(b) + Ch(b, c, d) + K[t] + X[t];
    191             a += e;
    192             e += Sum0(f) + Maj(f, g, h);
    193             ++t;
    194 
    195             // t = 8 * i + 4
    196             d += Sum1(a) + Ch(a, b, c) + K[t] + X[t];
    197             h += d;
    198             d += Sum0(e) + Maj(e, f, g);
    199             ++t;
    200 
    201             // t = 8 * i + 5
    202             c += Sum1(h) + Ch(h, a, b) + K[t] + X[t];
    203             g += c;
    204             c += Sum0(d) + Maj(d, e, f);
    205             ++t;
    206 
    207             // t = 8 * i + 6
    208             b += Sum1(g) + Ch(g, h, a) + K[t] + X[t];
    209             f += b;
    210             b += Sum0(c) + Maj(c, d, e);
    211             ++t;
    212 
    213             // t = 8 * i + 7
    214             a += Sum1(f) + Ch(f, g, h) + K[t] + X[t];
    215             e += a;
    216             a += Sum0(b) + Maj(b, c, d);
    217             ++t;
    218         }
    219 
    220         H1 += a;
    221         H2 += b;
    222         H3 += c;
    223         H4 += d;
    224         H5 += e;
    225         H6 += f;
    226         H7 += g;
    227         H8 += h;
    228 
    229         //
    230         // reset the offset and clean out the word buffer.
    231         //
    232         xOff = 0;
    233         for (int i = 0; i < 16; i++)
    234         {
    235             X[i] = 0;
    236         }
    237     }
    238 
    239     /* SHA-256 functions */
    240     private int Ch(
    241         int    x,
    242         int    y,
    243         int    z)
    244     {
    245         return (x & y) ^ ((~x) & z);
    246     }
    247 
    248     private int Maj(
    249         int    x,
    250         int    y,
    251         int    z)
    252     {
    253         return (x & y) ^ (x & z) ^ (y & z);
    254     }
    255 
    256     private int Sum0(
    257         int    x)
    258     {
    259         return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10));
    260     }
    261 
    262     private int Sum1(
    263         int    x)
    264     {
    265         return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7));
    266     }
    267 
    268     private int Theta0(
    269         int    x)
    270     {
    271         return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3);
    272     }
    273 
    274     private int Theta1(
    275         int    x)
    276     {
    277         return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10);
    278     }
    279 
    280     /* SHA-256 Constants
    281      * (represent the first 32 bits of the fractional parts of the
    282      * cube roots of the first sixty-four prime numbers)
    283      */
    284     static final int K[] = {
    285         0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
    286         0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
    287         0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
    288         0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
    289         0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
    290         0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
    291         0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
    292         0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
    293     };
    294 }
    295 
    296