iaik.security.md
Class SHA

java.lang.Object
  |
  +--java.security.MessageDigestSpi
        |
        +--java.security.MessageDigest
              |
              +--iaik.security.md.AbstractMessageDigest
                    |
                    +--iaik.security.md.SHA

All Implemented Interfaces:

Cloneable

public class SHA

extends iaik.security.md.AbstractMessageDigest

This class implements the SHA message digest algorithm according to FIPS PUB 180-1.

A message digest algorithm represents the functionality of an one-way hash function for computing a fixed sized data value (message digest, hash) from input data of arbitrary size. The length of the resulting hash value usually is shorter than the length of the input data. Using a one-way hash function will make it easy to compute the hash from the given data, but hard to go the reverse way for calculating the input data when only the hash is known. Furthermore, a proper hash function should avoid any collision, meaning that it has to be hard to find two different messages producing the same hash value.

Through its basic structure, the Secure Hash Algorithm (SHA) resembles the MD5 message digest algorithm, but provides a higher degree of security since producing a longer (160-Bit) hash value than the MD5 algorithm, which gives a 128-Bit hash.

Like MD5, the SHA algorithm processes the data in blocks of 512-Bit length. First the input data is properly padded and subsequently extended by a 64-Bit representation of the data´s original length to become a multiple of 512 Bit. The resulting text is devided into 512-Bit blocks, each of it again devided into sixteen 32-Bit sub-blocks. Each of the 512-Bit blocks is processed in a main loop. Input of the main loop are five 32-Bit variables, which are properly initialized with constant values for the first main loop run processing the first 512-Bit block. Each main loop run is featured with a new 512-Bit block as long as there blocks available. Each main loop run produces an output of five 32-Bit variables which are added to the initial five 32-bit variables to be fed into the next main loop run for pocessing the next 512-Bit block. When no further 512-Bit block is available, the algorithm leaves the main loop and calculates the final 160-Bit hash output by concatenating the five 32-Bit variables resulting from the last main loop run. The main loop consists of four rounds based on a certain nonlinear function (see "Applied Cryptography", Bruce Schneier, ISBN 0-471-59756-2).

For digital signature peocessing, the SHA algorithm is recommended by FIPS to be used together with the Digital Signature Algorithm (DSA) for computing a 160-Bit hash value of data input of any length shorter than 2⁶⁴ Bits, which subsequently is processed using the DSA algorithm to produce the signature.

This class extends the java.security.MessageDigest class and applications should use one of the getInstance methods presented there to create a MessageDigest-SHA object. Generally, an application wishing to compute the message digest of some data has to perform three steps:

• First an instance of the desired message digest algorithm has to be created using a proper getInstance method, e.g.:

       MessageDigest sha = MessageDigest.getInstance("SHA");
       

• Second, the data to be hashed is supplied to the MessageDigest object just created by one or more calls to one of the update methods, e.g:
  

       sha.update(m1);
       sha.update(m2);
       ...
       

• Finally, the hash value can be computed using one of the digest methods:
  

       byte[] hash_value = sha.digest();
       

  
  

There are several ways for combining update and digest methods for computing a message digest. Since this class implements the Cloneable interface, SHA MessageDigest objects may be used for compute intermediate hashes through cloning (see http://java.sun.com/products/JDK/1.1/docs/guide/security/CryptoSpec.html).

When the hash value successfully has been computed, the SHA MessageDigest object automatically resets for being able to be supplied with new data to be hashed.

The SHA algorithm may be combined with the RSA public-key algorithm to be used as digital signature algorithm ShaRSASignature).

Version:

File Revision 25

See Also:

ShaRSASignature, DSA, MessageDigest, Md5

Constructor Summary

SHA()
Creates a new SHA message digest object.

Method Summary

Object	clone() Returns a clone of this SHA Object.
protected byte[]	engineDigest() b>SPI: Completes the hash computation by performing final operations such as padding.
int	engineGetDigestLength() SPI: Returns the length of the digest in bytes.
void	engineReset() SPI: Resets this SHA message digest object for being supplied with new data.
protected void	engineUpdate(byte input) SPI: Updates the data to be hashed with the specified byte.
protected void	engineUpdate(byte[] input, int offset, int len) SPI: Updates the data to be hashed with the specified number of bytes, beginning at the specified offset within the given byte array.

Methods inherited from class java.security.MessageDigest

digest, digest, digest, getAlgorithm, getDigestLength, getInstance, getInstance, getProvider, isEqual, reset, toString, update, update, update

Methods inherited from class java.security.MessageDigestSpi

engineDigest

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SHA

public SHA()

Creates a new SHA message digest object. Applications do not use this constructor. They shall use

 MessageDigest.getInstance("SHA");
 

for creating a MesssageDigest object.

See Also:

MessageDigest.getInstance(java.lang.String)

Method Detail

clone

public Object clone()

Returns a clone of this SHA Object.

Overrides:

clone in class iaik.security.md.AbstractMessageDigest

Returns:

a clone of this SHA Object

engineReset

public void engineReset()

SPI: Resets this SHA message digest object for being supplied with new data.

This method is called by engineDigest after the actual hash computation has been finished to automatically reset the message digest object for being supplied with new data for starting a new hash computation.

Overrides:

engineReset in class iaik.security.md.AbstractMessageDigest

See Also:

AbstractMessageDigest.engineDigest()

engineUpdate

protected final void engineUpdate(byte input)

SPI: Updates the data to be hashed with the specified byte.

Overrides:

engineUpdate in class MessageDigestSpi

Parameters:

input - the byte to be used for updating.

engineUpdate

protected final void engineUpdate(byte[] input,
                                  int offset,
                                  int len)

SPI: Updates the data to be hashed with the specified number of bytes, beginning at the specified offset within the given byte array.

Overrides:

engineUpdate in class MessageDigestSpi

Parameters:

input - the byte array holding the data to be used for this update operation.

offset - the offset, indicating the start position within the given byte array.

len - the number of bytes to be obtained from the given byte array, starting at the given position.

engineDigest

protected byte[] engineDigest()

b>SPI: Completes the hash computation by performing final operations such as padding. Once engineDigest has been called, the engine should be reset. Resetting is the responsibility of the engine implementor.

Overrides:

engineDigest in class MessageDigestSpi

Returns:

The computed hash value.

See Also:

AbstractMessageDigest.engineReset()

engineGetDigestLength

public int engineGetDigestLength()

SPI: Returns the length of the digest in bytes.

May not be available for applications before JDK versions >= 1.2.x.

Overrides:

engineGetDigestLength in class MessageDigestSpi

Returns:

the length of the digest in bytes.