1b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallampackage org.bouncycastle.crypto.digests;
2b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
3b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
4b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallamimport org.bouncycastle.crypto.digests.GeneralDigest;
5c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.crypto.util.Pack;
6b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
7b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
8b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam/**
9b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * FIPS 180-2 implementation of SHA-256.
10b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam *
11b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * <pre>
12b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam *         block  word  digest
13b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * SHA-1   512    32    160
14b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * SHA-256 512    32    256
15b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * SHA-384 1024   64    384
16b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * SHA-512 1024   64    512
17b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam * </pre>
18b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam */
19b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallampublic class SHA256Digest
20b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    extends GeneralDigest
21b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam{
22b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private static final int    DIGEST_LENGTH = 32;
23b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
24b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int     H1, H2, H3, H4, H5, H6, H7, H8;
25b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
26b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int[]   X = new int[64];
27b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int     xOff;
28b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
29b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    /**
30b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     * Standard constructor
31b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     */
32b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    public SHA256Digest()
33b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
34b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        reset();
35b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
36b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
37b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    /**
38b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     * Copy constructor.  This will copy the state of the provided
39b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     * message digest.
40b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     */
41b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    public SHA256Digest(SHA256Digest t)
42b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
43b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        super(t);
44b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
45b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H1 = t.H1;
46b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H2 = t.H2;
47b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H3 = t.H3;
48b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H4 = t.H4;
49b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H5 = t.H5;
50b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H6 = t.H6;
51b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H7 = t.H7;
52b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H8 = t.H8;
53b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
54b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        System.arraycopy(t.X, 0, X, 0, t.X.length);
55b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        xOff = t.xOff;
56b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
57b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
58b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    public String getAlgorithmName()
59b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
60b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return "SHA-256";
61b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
62b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
63b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    public int getDigestSize()
64b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
65b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return DIGEST_LENGTH;
66b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
67b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
68b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    protected void processWord(
69b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        byte[]  in,
70b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     inOff)
71b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
72c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        // Note: Inlined for performance
73c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom//        X[xOff] = Pack.bigEndianToInt(in, inOff);
74c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        int n = in[inOff] << 24;
75c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        n |= (in[++inOff] & 0xff) << 16;
76c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        n |= (in[++inOff] & 0xff) << 8;
77c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        n |= (in[++inOff] & 0xff);
78c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        X[xOff] = n;
79c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom
80c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        if (++xOff == 16)
81b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        {
82b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            processBlock();
83b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        }
84b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
85b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
86b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    protected void processLength(
87b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        long    bitLength)
88b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
89b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        if (xOff > 14)
90b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        {
91b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            processBlock();
92b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        }
93b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
94b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        X[14] = (int)(bitLength >>> 32);
95b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        X[15] = (int)(bitLength & 0xffffffff);
96b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
97b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
98b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    public int doFinal(
99b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        byte[]  out,
100b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     outOff)
101b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
102b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        finish();
103b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
104c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H1, out, outOff);
105c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H2, out, outOff + 4);
106c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H3, out, outOff + 8);
107c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H4, out, outOff + 12);
108c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H5, out, outOff + 16);
109c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H6, out, outOff + 20);
110c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H7, out, outOff + 24);
111c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        Pack.intToBigEndian(H8, out, outOff + 28);
112b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
113b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        reset();
114b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
115b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return DIGEST_LENGTH;
116b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
117b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
118b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    /**
119b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     * reset the chaining variables
120b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     */
121b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    public void reset()
122b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
123b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        super.reset();
124b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
125b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        /* SHA-256 initial hash value
126b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam         * The first 32 bits of the fractional parts of the square roots
127b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam         * of the first eight prime numbers
128b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam         */
129b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
130b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H1 = 0x6a09e667;
131b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H2 = 0xbb67ae85;
132b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H3 = 0x3c6ef372;
133b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H4 = 0xa54ff53a;
134b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H5 = 0x510e527f;
135b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H6 = 0x9b05688c;
136b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H7 = 0x1f83d9ab;
137b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H8 = 0x5be0cd19;
138b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
139b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        xOff = 0;
140b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        for (int i = 0; i != X.length; i++)
141b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        {
142b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            X[i] = 0;
143b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        }
144b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
145b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
146b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    protected void processBlock()
147b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
148b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        //
149b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        // expand 16 word block into 64 word blocks.
150b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        //
151b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        for (int t = 16; t <= 63; t++)
152b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        {
153b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16];
154b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        }
155b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
156b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        //
157b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        // set up working variables.
158b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        //
159b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     a = H1;
160b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     b = H2;
161b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     c = H3;
162b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     d = H4;
163b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     e = H5;
164b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     f = H6;
165b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     g = H7;
166b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int     h = H8;
167b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
168b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int t = 0;
169b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        for(int i = 0; i < 8; i ++)
170b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        {
171b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i
172c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            h += Sum1(e) + Ch(e, f, g) + K[t] + X[t];
173b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            d += h;
174b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            h += Sum0(a) + Maj(a, b, c);
175c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
176b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
177b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i + 1
178c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            g += Sum1(d) + Ch(d, e, f) + K[t] + X[t];
179b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            c += g;
180b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            g += Sum0(h) + Maj(h, a, b);
181c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
182b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
183b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i + 2
184c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            f += Sum1(c) + Ch(c, d, e) + K[t] + X[t];
185b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            b += f;
186b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            f += Sum0(g) + Maj(g, h, a);
187c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
188b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
189b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i + 3
190c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            e += Sum1(b) + Ch(b, c, d) + K[t] + X[t];
191b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            a += e;
192b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            e += Sum0(f) + Maj(f, g, h);
193c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
194b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
195b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i + 4
196c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            d += Sum1(a) + Ch(a, b, c) + K[t] + X[t];
197b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            h += d;
198b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            d += Sum0(e) + Maj(e, f, g);
199c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
200b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
201b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i + 5
202c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            c += Sum1(h) + Ch(h, a, b) + K[t] + X[t];
203b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            g += c;
204b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            c += Sum0(d) + Maj(d, e, f);
205c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
206b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
207b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i + 6
208c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            b += Sum1(g) + Ch(g, h, a) + K[t] + X[t];
209b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            f += b;
210b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            b += Sum0(c) + Maj(c, d, e);
211c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
212b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
213b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            // t = 8 * i + 7
214c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            a += Sum1(f) + Ch(f, g, h) + K[t] + X[t];
215b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            e += a;
216b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            a += Sum0(b) + Maj(b, c, d);
217c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom            ++t;
218b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        }
219b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
220b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H1 += a;
221b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H2 += b;
222b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H3 += c;
223b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H4 += d;
224b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H5 += e;
225b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H6 += f;
226b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H7 += g;
227b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        H8 += h;
228b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
229b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        //
230b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        // reset the offset and clean out the word buffer.
231b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        //
232b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        xOff = 0;
233b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        for (int i = 0; i < 16; i++)
234b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        {
235b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam            X[i] = 0;
236b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        }
237b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
238b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
239b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    /* SHA-256 functions */
240b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int Ch(
241b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    x,
242b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    y,
243b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    z)
244b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
245b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return (x & y) ^ ((~x) & z);
246b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
247b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
248b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int Maj(
249b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    x,
250b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    y,
251b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    z)
252b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
253b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return (x & y) ^ (x & z) ^ (y & z);
254b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
255b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
256b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int Sum0(
257b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    x)
258b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
259b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10));
260b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
261b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
262b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int Sum1(
263b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    x)
264b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
265b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7));
266b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
267b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
268b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int Theta0(
269b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    x)
270b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
271b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3);
272b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
273b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
274b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    private int Theta1(
275b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        int    x)
276b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    {
277b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10);
278b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    }
279b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
280b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    /* SHA-256 Constants
281b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     * (represent the first 32 bits of the fractional parts of the
282b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     * cube roots of the first sixty-four prime numbers)
283b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam     */
284b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    static final int K[] = {
285b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
286b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
287b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
288b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
289b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
290c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
291c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom        0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
292b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam        0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
293b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam    };
294b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam}
295b61a96e7ef1a78acf013bbf08fe537e5b5f129caPeter Hallam
296