View Javadoc
1   /*
2    * Copyright (C) 2017, Google Inc.
3    * and other copyright owners as documented in the project's IP log.
4    *
5    * This program and the accompanying materials are made available
6    * under the terms of the Eclipse Distribution License v1.0 which
7    * accompanies this distribution, is reproduced below, and is
8    * available at http://www.eclipse.org/org/documents/edl-v10.php
9    *
10   * All rights reserved.
11   *
12   * Redistribution and use in source and binary forms, with or
13   * without modification, are permitted provided that the following
14   * conditions are met:
15   *
16   * - Redistributions of source code must retain the above copyright
17   *   notice, this list of conditions and the following disclaimer.
18   *
19   * - Redistributions in binary form must reproduce the above
20   *   copyright notice, this list of conditions and the following
21   *   disclaimer in the documentation and/or other materials provided
22   *   with the distribution.
23   *
24   * - Neither the name of the Eclipse Foundation, Inc. nor the
25   *   names of its contributors may be used to endorse or promote
26   *   products derived from this software without specific prior
27   *   written permission.
28   *
29   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
30   * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
31   * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
34   * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
35   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36   * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
37   * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
38   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
41   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42   */
43  
44  package org.eclipse.jgit.util.sha1;
45  
46  import static java.lang.Integer.lowestOneBit;
47  import static java.lang.Integer.numberOfTrailingZeros;
48  import static java.lang.Integer.rotateLeft;
49  import static java.lang.Integer.rotateRight;
50  
51  import java.util.Arrays;
52  
53  import org.eclipse.jgit.lib.MutableObjectId;
54  import org.eclipse.jgit.lib.ObjectId;
55  import org.eclipse.jgit.util.NB;
56  import org.eclipse.jgit.util.SystemReader;
57  import org.slf4j.Logger;
58  import org.slf4j.LoggerFactory;
59  
60  /**
61   * Pure Java implementation of SHA-1 from FIPS 180-1 / RFC 3174.
62   *
63   * <p>
64   * See <a href="https://tools.ietf.org/html/rfc3174">RFC 3174</a>.
65   * <p>
66   * Unlike MessageDigest, this implementation includes the algorithm used by
67   * {@code sha1dc} to detect cryptanalytic collision attacks against SHA-1, such
68   * as the one used by <a href="https://shattered.it/">SHAttered</a>. See
69   * <a href="https://github.com/cr-marcstevens/sha1collisiondetection">
70   * sha1collisiondetection</a> for more information.
71   * <p>
72   * When detectCollision is true (default), this implementation throws
73   * {@link Sha1CollisionException} from any digest method if a potential
74   * collision was detected.
75   *
76   * @since 4.7
77   */
78  public class SHA1 {
79  	private static Logger LOG = LoggerFactory.getLogger(SHA1.class);
80  	private static final boolean DETECT_COLLISIONS;
81  
82  	static {
83  		SystemReader sr = SystemReader.getInstance();
84  		String v = sr.getProperty("org.eclipse.jgit.util.sha1.detectCollision"); //$NON-NLS-1$
85  		DETECT_COLLISIONS = v != null ? Boolean.parseBoolean(v) : true;
86  	}
87  
88  	/** @return a new context to compute a SHA-1 hash of data. */
89  	public static SHA1 newInstance() {
90  		return new SHA1();
91  	}
92  
93  	private final State h = new State();
94  	private final int[] w = new int[80];
95  
96  	/** Buffer to accumulate partial blocks to 64 byte alignment. */
97  	private final byte[] buffer = new byte[64];
98  
99  	/** Total number of bytes in the message. */
100 	private long length;
101 
102 	private boolean detectCollision = DETECT_COLLISIONS;
103 	private boolean foundCollision;
104 
105 	private final int[] w2 = new int[80];
106 	private final State state58 = new State();
107 	private final State state65 = new State();
108 	private final State hIn = new State();
109 	private final State hTmp = new State();
110 
111 	private SHA1() {
112 		h.init();
113 	}
114 
115 	/**
116 	 * Enable likely collision detection.
117 	 * <p>
118 	 * Default is {@code true}.
119 	 * <p>
120 	 * May also be set by system property:
121 	 * {@code -Dorg.eclipse.jgit.util.sha1.detectCollision=true}.
122 	 *
123 	 * @param detect
124 	 * @return {@code this}
125 	 */
126 	public SHA1 setDetectCollision(boolean detect) {
127 		detectCollision = detect;
128 		return this;
129 	}
130 
131 	/**
132 	 * Update the digest computation by adding a byte.
133 	 *
134 	 * @param b
135 	 */
136 	public void update(byte b) {
137 		int bufferLen = (int) (length & 63);
138 		length++;
139 		buffer[bufferLen] = b;
140 		if (bufferLen == 63) {
141 			compress(buffer, 0);
142 		}
143 	}
144 
145 	/**
146 	 * Update the digest computation by adding bytes to the message.
147 	 *
148 	 * @param in
149 	 *            input array of bytes.
150 	 */
151 	public void update(byte[] in) {
152 		update(in, 0, in.length);
153 	}
154 
155 	/**
156 	 * Update the digest computation by adding bytes to the message.
157 	 *
158 	 * @param in
159 	 *            input array of bytes.
160 	 * @param p
161 	 *            offset to start at from {@code in}.
162 	 * @param len
163 	 *            number of bytes to hash.
164 	 */
165 	public void update(byte[] in, int p, int len) {
166 		// SHA-1 compress can only process whole 64 byte blocks.
167 		// Hold partial updates in buffer, whose length is the low bits.
168 		int bufferLen = (int) (length & 63);
169 		length += len;
170 
171 		if (bufferLen > 0) {
172 			int n = Math.min(64 - bufferLen, len);
173 			System.arraycopy(in, p, buffer, bufferLen, n);
174 			p += n;
175 			len -= n;
176 			if (bufferLen + n < 64) {
177 				return;
178 			}
179 			compress(buffer, 0);
180 		}
181 		while (len >= 64) {
182 			compress(in, p);
183 			p += 64;
184 			len -= 64;
185 		}
186 		if (len > 0) {
187 			System.arraycopy(in, p, buffer, 0, len);
188 		}
189 	}
190 
191 	private void compress(byte[] block, int p) {
192 		initBlock(block, p);
193 		int ubcDvMask = detectCollision ? UbcCheck.check(w) : 0;
194 		compress();
195 
196 		while (ubcDvMask != 0) {
197 			int b = numberOfTrailingZeros(lowestOneBit(ubcDvMask));
198 			UbcCheck.DvInfo dv = UbcCheck.DV[b];
199 			for (int i = 0; i < 80; i++) {
200 				w2[i] = w[i] ^ dv.dm[i];
201 			}
202 			recompress(dv.testt);
203 			if (eq(hTmp, h)) {
204 				foundCollision = true;
205 				break;
206 			}
207 			ubcDvMask &= ~(1 << b);
208 		}
209 	}
210 
211 	private void initBlock(byte[] block, int p) {
212 		for (int t = 0; t < 16; t++) {
213 			w[t] = NB.decodeInt32(block, p + (t << 2));
214 		}
215 
216 		// RFC 3174 6.1.b, extend state vector to 80 words.
217 		for (int t = 16; t < 80; t++) {
218 			int x = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
219 			w[t] = rotateLeft(x, 1); // S^1(...)
220 		}
221 	}
222 
223 	private void compress() {
224 		// Method 1 from RFC 3174 section 6.1.
225 		// Method 2 (circular queue of 16 words) is slower.
226 		int a = h.a, b = h.b, c = h.c, d = h.d, e = h.e;
227 
228 		// @formatter:off
229 		 e += s1(a, b, c, d,w[ 0]);  b = rotateLeft( b, 30);
230 		 d += s1(e, a, b, c,w[ 1]);  a = rotateLeft( a, 30);
231 		 c += s1(d, e, a, b,w[ 2]);  e = rotateLeft( e, 30);
232 		 b += s1(c, d, e, a,w[ 3]);  d = rotateLeft( d, 30);
233 		 a += s1(b, c, d, e,w[ 4]);  c = rotateLeft( c, 30);
234 		 e += s1(a, b, c, d,w[ 5]);  b = rotateLeft( b, 30);
235 		 d += s1(e, a, b, c,w[ 6]);  a = rotateLeft( a, 30);
236 		 c += s1(d, e, a, b,w[ 7]);  e = rotateLeft( e, 30);
237 		 b += s1(c, d, e, a,w[ 8]);  d = rotateLeft( d, 30);
238 		 a += s1(b, c, d, e,w[ 9]);  c = rotateLeft( c, 30);
239 		 e += s1(a, b, c, d,w[ 10]);  b = rotateLeft( b, 30);
240 		 d += s1(e, a, b, c,w[ 11]);  a = rotateLeft( a, 30);
241 		 c += s1(d, e, a, b,w[ 12]);  e = rotateLeft( e, 30);
242 		 b += s1(c, d, e, a,w[ 13]);  d = rotateLeft( d, 30);
243 		 a += s1(b, c, d, e,w[ 14]);  c = rotateLeft( c, 30);
244 		 e += s1(a, b, c, d,w[ 15]);  b = rotateLeft( b, 30);
245 		 d += s1(e, a, b, c,w[ 16]);  a = rotateLeft( a, 30);
246 		 c += s1(d, e, a, b,w[ 17]);  e = rotateLeft( e, 30);
247 		 b += s1(c, d, e, a,w[ 18]);  d = rotateLeft( d, 30);
248 		 a += s1(b, c, d, e,w[ 19]);  c = rotateLeft( c, 30);
249 
250 		 e += s2(a, b, c, d,w[ 20]);  b = rotateLeft( b, 30);
251 		 d += s2(e, a, b, c,w[ 21]);  a = rotateLeft( a, 30);
252 		 c += s2(d, e, a, b,w[ 22]);  e = rotateLeft( e, 30);
253 		 b += s2(c, d, e, a,w[ 23]);  d = rotateLeft( d, 30);
254 		 a += s2(b, c, d, e,w[ 24]);  c = rotateLeft( c, 30);
255 		 e += s2(a, b, c, d,w[ 25]);  b = rotateLeft( b, 30);
256 		 d += s2(e, a, b, c,w[ 26]);  a = rotateLeft( a, 30);
257 		 c += s2(d, e, a, b,w[ 27]);  e = rotateLeft( e, 30);
258 		 b += s2(c, d, e, a,w[ 28]);  d = rotateLeft( d, 30);
259 		 a += s2(b, c, d, e,w[ 29]);  c = rotateLeft( c, 30);
260 		 e += s2(a, b, c, d,w[ 30]);  b = rotateLeft( b, 30);
261 		 d += s2(e, a, b, c,w[ 31]);  a = rotateLeft( a, 30);
262 		 c += s2(d, e, a, b,w[ 32]);  e = rotateLeft( e, 30);
263 		 b += s2(c, d, e, a,w[ 33]);  d = rotateLeft( d, 30);
264 		 a += s2(b, c, d, e,w[ 34]);  c = rotateLeft( c, 30);
265 		 e += s2(a, b, c, d,w[ 35]);  b = rotateLeft( b, 30);
266 		 d += s2(e, a, b, c,w[ 36]);  a = rotateLeft( a, 30);
267 		 c += s2(d, e, a, b,w[ 37]);  e = rotateLeft( e, 30);
268 		 b += s2(c, d, e, a,w[ 38]);  d = rotateLeft( d, 30);
269 		 a += s2(b, c, d, e,w[ 39]);  c = rotateLeft( c, 30);
270 
271 		 e += s3(a, b, c, d,w[ 40]);  b = rotateLeft( b, 30);
272 		 d += s3(e, a, b, c,w[ 41]);  a = rotateLeft( a, 30);
273 		 c += s3(d, e, a, b,w[ 42]);  e = rotateLeft( e, 30);
274 		 b += s3(c, d, e, a,w[ 43]);  d = rotateLeft( d, 30);
275 		 a += s3(b, c, d, e,w[ 44]);  c = rotateLeft( c, 30);
276 		 e += s3(a, b, c, d,w[ 45]);  b = rotateLeft( b, 30);
277 		 d += s3(e, a, b, c,w[ 46]);  a = rotateLeft( a, 30);
278 		 c += s3(d, e, a, b,w[ 47]);  e = rotateLeft( e, 30);
279 		 b += s3(c, d, e, a,w[ 48]);  d = rotateLeft( d, 30);
280 		 a += s3(b, c, d, e,w[ 49]);  c = rotateLeft( c, 30);
281 		 e += s3(a, b, c, d,w[ 50]);  b = rotateLeft( b, 30);
282 		 d += s3(e, a, b, c,w[ 51]);  a = rotateLeft( a, 30);
283 		 c += s3(d, e, a, b,w[ 52]);  e = rotateLeft( e, 30);
284 		 b += s3(c, d, e, a,w[ 53]);  d = rotateLeft( d, 30);
285 		 a += s3(b, c, d, e,w[ 54]);  c = rotateLeft( c, 30);
286 		 e += s3(a, b, c, d,w[ 55]);  b = rotateLeft( b, 30);
287 		 d += s3(e, a, b, c,w[ 56]);  a = rotateLeft( a, 30);
288 		 c += s3(d, e, a, b,w[ 57]);  e = rotateLeft( e, 30);
289 		state58.save(a, b, c, d, e);
290 		 b += s3(c, d, e, a,w[ 58]);  d = rotateLeft( d, 30);
291 		 a += s3(b, c, d, e,w[ 59]);  c = rotateLeft( c, 30);
292 
293 		 e += s4(a, b, c, d,w[ 60]);  b = rotateLeft( b, 30);
294 		 d += s4(e, a, b, c,w[ 61]);  a = rotateLeft( a, 30);
295 		 c += s4(d, e, a, b,w[ 62]);  e = rotateLeft( e, 30);
296 		 b += s4(c, d, e, a,w[ 63]);  d = rotateLeft( d, 30);
297 		 a += s4(b, c, d, e,w[ 64]);  c = rotateLeft( c, 30);
298 		state65.save(a, b, c, d, e);
299 		 e += s4(a, b, c, d,w[ 65]);  b = rotateLeft( b, 30);
300 		 d += s4(e, a, b, c,w[ 66]);  a = rotateLeft( a, 30);
301 		 c += s4(d, e, a, b,w[ 67]);  e = rotateLeft( e, 30);
302 		 b += s4(c, d, e, a,w[ 68]);  d = rotateLeft( d, 30);
303 		 a += s4(b, c, d, e,w[ 69]);  c = rotateLeft( c, 30);
304 		 e += s4(a, b, c, d,w[ 70]);  b = rotateLeft( b, 30);
305 		 d += s4(e, a, b, c,w[ 71]);  a = rotateLeft( a, 30);
306 		 c += s4(d, e, a, b,w[ 72]);  e = rotateLeft( e, 30);
307 		 b += s4(c, d, e, a,w[ 73]);  d = rotateLeft( d, 30);
308 		 a += s4(b, c, d, e,w[ 74]);  c = rotateLeft( c, 30);
309 		 e += s4(a, b, c, d,w[ 75]);  b = rotateLeft( b, 30);
310 		 d += s4(e, a, b, c,w[ 76]);  a = rotateLeft( a, 30);
311 		 c += s4(d, e, a, b,w[ 77]);  e = rotateLeft( e, 30);
312 		 b += s4(c, d, e, a,w[ 78]);  d = rotateLeft( d, 30);
313 		 a += s4(b, c, d, e,w[ 79]);  c = rotateLeft( c, 30);
314 
315 		// @formatter:on
316 		h.save(h.a + a, h.b + b, h.c + c, h.d + d, h.e + e);
317 	}
318 
319 	private void recompress(int t) {
320 		State s;
321 		if (t == 58) {
322 			s = state58;
323 		} else if (t == 65) {
324 			s = state65;
325 		} else {
326 			throw new IllegalStateException();
327 		}
328 		int a = s.a, b = s.b, c = s.c, d = s.d, e = s.e;
329 
330 		// @formatter:off
331 	  if (t == 65) {
332 		{ c = rotateRight( c, 30);  a -= s4(b, c, d, e,w2[ 64]);}
333 		{ d = rotateRight( d, 30);  b -= s4(c, d, e, a,w2[ 63]);}
334 		{ e = rotateRight( e, 30);  c -= s4(d, e, a, b,w2[ 62]);}
335 		{ a = rotateRight( a, 30);  d -= s4(e, a, b, c,w2[ 61]);}
336 		{ b = rotateRight( b, 30);  e -= s4(a, b, c, d,w2[ 60]);}
337 
338 		{ c = rotateRight( c, 30);  a -= s3(b, c, d, e,w2[ 59]);}
339 		{ d = rotateRight( d, 30);  b -= s3(c, d, e, a,w2[ 58]);}
340 	  }
341 		{ e = rotateRight( e, 30);  c -= s3(d, e, a, b,w2[ 57]);}
342 		{ a = rotateRight( a, 30);  d -= s3(e, a, b, c,w2[ 56]);}
343 		{ b = rotateRight( b, 30);  e -= s3(a, b, c, d,w2[ 55]);}
344 		{ c = rotateRight( c, 30);  a -= s3(b, c, d, e,w2[ 54]);}
345 		{ d = rotateRight( d, 30);  b -= s3(c, d, e, a,w2[ 53]);}
346 		{ e = rotateRight( e, 30);  c -= s3(d, e, a, b,w2[ 52]);}
347 		{ a = rotateRight( a, 30);  d -= s3(e, a, b, c,w2[ 51]);}
348 		{ b = rotateRight( b, 30);  e -= s3(a, b, c, d,w2[ 50]);}
349 		{ c = rotateRight( c, 30);  a -= s3(b, c, d, e,w2[ 49]);}
350 		{ d = rotateRight( d, 30);  b -= s3(c, d, e, a,w2[ 48]);}
351 		{ e = rotateRight( e, 30);  c -= s3(d, e, a, b,w2[ 47]);}
352 		{ a = rotateRight( a, 30);  d -= s3(e, a, b, c,w2[ 46]);}
353 		{ b = rotateRight( b, 30);  e -= s3(a, b, c, d,w2[ 45]);}
354 		{ c = rotateRight( c, 30);  a -= s3(b, c, d, e,w2[ 44]);}
355 		{ d = rotateRight( d, 30);  b -= s3(c, d, e, a,w2[ 43]);}
356 		{ e = rotateRight( e, 30);  c -= s3(d, e, a, b,w2[ 42]);}
357 		{ a = rotateRight( a, 30);  d -= s3(e, a, b, c,w2[ 41]);}
358 		{ b = rotateRight( b, 30);  e -= s3(a, b, c, d,w2[ 40]);}
359 
360 		{ c = rotateRight( c, 30);  a -= s2(b, c, d, e,w2[ 39]);}
361 		{ d = rotateRight( d, 30);  b -= s2(c, d, e, a,w2[ 38]);}
362 		{ e = rotateRight( e, 30);  c -= s2(d, e, a, b,w2[ 37]);}
363 		{ a = rotateRight( a, 30);  d -= s2(e, a, b, c,w2[ 36]);}
364 		{ b = rotateRight( b, 30);  e -= s2(a, b, c, d,w2[ 35]);}
365 		{ c = rotateRight( c, 30);  a -= s2(b, c, d, e,w2[ 34]);}
366 		{ d = rotateRight( d, 30);  b -= s2(c, d, e, a,w2[ 33]);}
367 		{ e = rotateRight( e, 30);  c -= s2(d, e, a, b,w2[ 32]);}
368 		{ a = rotateRight( a, 30);  d -= s2(e, a, b, c,w2[ 31]);}
369 		{ b = rotateRight( b, 30);  e -= s2(a, b, c, d,w2[ 30]);}
370 		{ c = rotateRight( c, 30);  a -= s2(b, c, d, e,w2[ 29]);}
371 		{ d = rotateRight( d, 30);  b -= s2(c, d, e, a,w2[ 28]);}
372 		{ e = rotateRight( e, 30);  c -= s2(d, e, a, b,w2[ 27]);}
373 		{ a = rotateRight( a, 30);  d -= s2(e, a, b, c,w2[ 26]);}
374 		{ b = rotateRight( b, 30);  e -= s2(a, b, c, d,w2[ 25]);}
375 		{ c = rotateRight( c, 30);  a -= s2(b, c, d, e,w2[ 24]);}
376 		{ d = rotateRight( d, 30);  b -= s2(c, d, e, a,w2[ 23]);}
377 		{ e = rotateRight( e, 30);  c -= s2(d, e, a, b,w2[ 22]);}
378 		{ a = rotateRight( a, 30);  d -= s2(e, a, b, c,w2[ 21]);}
379 		{ b = rotateRight( b, 30);  e -= s2(a, b, c, d,w2[ 20]);}
380 
381 		{ c = rotateRight( c, 30);  a -= s1(b, c, d, e,w2[ 19]);}
382 		{ d = rotateRight( d, 30);  b -= s1(c, d, e, a,w2[ 18]);}
383 		{ e = rotateRight( e, 30);  c -= s1(d, e, a, b,w2[ 17]);}
384 		{ a = rotateRight( a, 30);  d -= s1(e, a, b, c,w2[ 16]);}
385 		{ b = rotateRight( b, 30);  e -= s1(a, b, c, d,w2[ 15]);}
386 		{ c = rotateRight( c, 30);  a -= s1(b, c, d, e,w2[ 14]);}
387 		{ d = rotateRight( d, 30);  b -= s1(c, d, e, a,w2[ 13]);}
388 		{ e = rotateRight( e, 30);  c -= s1(d, e, a, b,w2[ 12]);}
389 		{ a = rotateRight( a, 30);  d -= s1(e, a, b, c,w2[ 11]);}
390 		{ b = rotateRight( b, 30);  e -= s1(a, b, c, d,w2[ 10]);}
391 		{ c = rotateRight( c, 30);  a -= s1(b, c, d, e,w2[ 9]);}
392 		{ d = rotateRight( d, 30);  b -= s1(c, d, e, a,w2[ 8]);}
393 		{ e = rotateRight( e, 30);  c -= s1(d, e, a, b,w2[ 7]);}
394 		{ a = rotateRight( a, 30);  d -= s1(e, a, b, c,w2[ 6]);}
395 		{ b = rotateRight( b, 30);  e -= s1(a, b, c, d,w2[ 5]);}
396 		{ c = rotateRight( c, 30);  a -= s1(b, c, d, e,w2[ 4]);}
397 		{ d = rotateRight( d, 30);  b -= s1(c, d, e, a,w2[ 3]);}
398 		{ e = rotateRight( e, 30);  c -= s1(d, e, a, b,w2[ 2]);}
399 		{ a = rotateRight( a, 30);  d -= s1(e, a, b, c,w2[ 1]);}
400 		{ b = rotateRight( b, 30);  e -= s1(a, b, c, d,w2[ 0]);}
401 
402 		hIn.save(a, b, c, d, e);
403 		a = s.a; b = s.b; c = s.c; d = s.d; e = s.e;
404 
405 	  if (t == 58) {
406 		{ b += s3(c, d, e, a,w2[ 58]);  d = rotateLeft( d, 30);}
407 		{ a += s3(b, c, d, e,w2[ 59]);  c = rotateLeft( c, 30);}
408 
409 		{ e += s4(a, b, c, d,w2[ 60]);  b = rotateLeft( b, 30);}
410 		{ d += s4(e, a, b, c,w2[ 61]);  a = rotateLeft( a, 30);}
411 		{ c += s4(d, e, a, b,w2[ 62]);  e = rotateLeft( e, 30);}
412 		{ b += s4(c, d, e, a,w2[ 63]);  d = rotateLeft( d, 30);}
413 		{ a += s4(b, c, d, e,w2[ 64]);  c = rotateLeft( c, 30);}
414 	  }
415 		{ e += s4(a, b, c, d,w2[ 65]);  b = rotateLeft( b, 30);}
416 		{ d += s4(e, a, b, c,w2[ 66]);  a = rotateLeft( a, 30);}
417 		{ c += s4(d, e, a, b,w2[ 67]);  e = rotateLeft( e, 30);}
418 		{ b += s4(c, d, e, a,w2[ 68]);  d = rotateLeft( d, 30);}
419 		{ a += s4(b, c, d, e,w2[ 69]);  c = rotateLeft( c, 30);}
420 		{ e += s4(a, b, c, d,w2[ 70]);  b = rotateLeft( b, 30);}
421 		{ d += s4(e, a, b, c,w2[ 71]);  a = rotateLeft( a, 30);}
422 		{ c += s4(d, e, a, b,w2[ 72]);  e = rotateLeft( e, 30);}
423 		{ b += s4(c, d, e, a,w2[ 73]);  d = rotateLeft( d, 30);}
424 		{ a += s4(b, c, d, e,w2[ 74]);  c = rotateLeft( c, 30);}
425 		{ e += s4(a, b, c, d,w2[ 75]);  b = rotateLeft( b, 30);}
426 		{ d += s4(e, a, b, c,w2[ 76]);  a = rotateLeft( a, 30);}
427 		{ c += s4(d, e, a, b,w2[ 77]);  e = rotateLeft( e, 30);}
428 		{ b += s4(c, d, e, a,w2[ 78]);  d = rotateLeft( d, 30);}
429 		{ a += s4(b, c, d, e,w2[ 79]);  c = rotateLeft( c, 30);}
430 
431 		// @formatter:on
432 		hTmp.save(hIn.a + a, hIn.b + b, hIn.c + c, hIn.d + d, hIn.e + e);
433 	}
434 
435 	private static int s1(int a, int b, int c, int d, int w_t) {
436 		return rotateLeft(a, 5)
437 				// f: 0 <= t <= 19
438 				+ ((b & c) | ((~b) & d))
439 				+ 0x5A827999 + w_t;
440 	}
441 
442 	private static int s2(int a, int b, int c, int d, int w_t) {
443 		return rotateLeft(a, 5)
444 				// f: 20 <= t <= 39
445 				+ (b ^ c ^ d)
446 				+ 0x6ED9EBA1 + w_t;
447 	}
448 
449 	private static int s3(int a, int b, int c, int d, int w_t) {
450 		return rotateLeft(a, 5)
451 				// f: 40 <= t <= 59
452 				+ ((b & c) | (b & d) | (c & d))
453 				+ 0x8F1BBCDC + w_t;
454 	}
455 
456 	private static int s4(int a, int b, int c, int d, int w_t) {
457 		return rotateLeft(a, 5)
458 				// f: 60 <= t <= 79
459 				+ (b ^ c ^ d)
460 				+ 0xCA62C1D6 + w_t;
461 	}
462 
463 	private static boolean eq(State q, State r) {
464 		return q.a == r.a
465 				&& q.b == r.b
466 				&& q.c == r.c
467 				&& q.d == r.d
468 				&& q.e == r.e;
469 	}
470 
471 	private void finish() {
472 		int bufferLen = (int) (length & 63);
473 		if (bufferLen > 55) {
474 			// Last block is too small; pad, compress, pad another block.
475 			buffer[bufferLen++] = (byte) 0x80;
476 			Arrays.fill(buffer, bufferLen, 64, (byte) 0);
477 			compress(buffer, 0);
478 			Arrays.fill(buffer, 0, 56, (byte) 0);
479 		} else {
480 			// Last block can hold padding and length.
481 			buffer[bufferLen++] = (byte) 0x80;
482 			Arrays.fill(buffer, bufferLen, 56, (byte) 0);
483 		}
484 
485 		// SHA-1 appends the length of the message in bits after the
486 		// padding block (above). Here length is in bytes. Multiply by
487 		// 8 by shifting by 3 as part of storing the 64 bit byte length
488 		// into the two words expected in the trailer.
489 		NB.encodeInt32(buffer, 56, (int) (length >>> (32 - 3)));
490 		NB.encodeInt32(buffer, 60, (int) (length << 3));
491 		compress(buffer, 0);
492 
493 		if (foundCollision) {
494 			ObjectId id = h.toObjectId();
495 			LOG.warn("possible SHA-1 collision " + id.name()); //$NON-NLS-1$
496 			throw new Sha1CollisionException(id);
497 		}
498 	}
499 
500 	/**
501 	 * Finish the digest and return the resulting hash.
502 	 * <p>
503 	 * Once {@code digest()} is called, this instance should be discarded.
504 	 *
505 	 * @return the bytes for the resulting hash.
506 	 * @throws Sha1CollisionException
507 	 *             if a collision was detected and safeHash is false.
508 	 */
509 	public byte[] digest() throws Sha1CollisionException {
510 		finish();
511 
512 		byte[] b = new byte[20];
513 		NB.encodeInt32(b, 0, h.a);
514 		NB.encodeInt32(b, 4, h.b);
515 		NB.encodeInt32(b, 8, h.c);
516 		NB.encodeInt32(b, 12, h.d);
517 		NB.encodeInt32(b, 16, h.e);
518 		return b;
519 	}
520 
521 	/**
522 	 * Finish the digest and return the resulting hash.
523 	 * <p>
524 	 * Once {@code digest()} is called, this instance should be discarded.
525 	 *
526 	 * @return the ObjectId for the resulting hash.
527 	 * @throws Sha1CollisionException
528 	 *             if a collision was detected and safeHash is false.
529 	 */
530 	public ObjectId toObjectId() throws Sha1CollisionException {
531 		finish();
532 		return h.toObjectId();
533 	}
534 
535 	/**
536 	 * Finish the digest and return the resulting hash.
537 	 * <p>
538 	 * Once {@code digest()} is called, this instance should be discarded.
539 	 *
540 	 * @param id
541 	 *            destination to copy the digest to.
542 	 * @throws Sha1CollisionException
543 	 *             if a collision was detected and safeHash is false.
544 	 */
545 	public void digest(MutableObjectId id) throws Sha1CollisionException {
546 		finish();
547 		id.set(h.a, h.b, h.c, h.d, h.e);
548 	}
549 
550 	/**
551 	 * Check if a collision was detected.
552 	 *
553 	 * <p>
554 	 * This method only returns an accurate result after the digest was obtained
555 	 * through {@link #digest()}, {@link #digest(MutableObjectId)} or
556 	 * {@link #toObjectId()}, as the hashing function must finish processing to
557 	 * know the final state.
558 	 *
559 	 * @return {@code true} if a likely collision was detected.
560 	 */
561 	public boolean hasCollision() {
562 		return foundCollision;
563 	}
564 
565 	/**
566 	 * Reset this instance to compute another hash.
567 	 *
568 	 * @return {@code this}.
569 	 */
570 	public SHA1 reset() {
571 		h.init();
572 		length = 0;
573 		foundCollision = false;
574 		return this;
575 	}
576 
577 	private static final class State {
578 		int a;
579 		int b;
580 		int c;
581 		int d;
582 		int e;
583 
584 		final void init() {
585 			// Magic initialization constants defined by FIPS180.
586 			save(0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0);
587 		}
588 
589 		final void save(int a1, int b1, int c1, int d1, int e1) {
590 			a = a1;
591 			b = b1;
592 			c = c1;
593 			d = d1;
594 			e = e1;
595 		}
596 
597 		ObjectId toObjectId() {
598 			return new ObjectId(a, b, c, d, e);
599 		}
600 	}
601 }