SHA-1的实现产生与java.security实现不同的哈希值

时间:2019-05-18 00:01:03

标签: java algorithm hash sha

我正在尝试在Java 11中实现SHA-1算法,并且在测试哈希算法时,与使用java.security SHA-1实现进行哈希处理时得到的哈希值有所不同。

我尝试遵循的伪代码可以找到on Wikipedia

public static byte[] hash(byte[] message) {
    int h0 = 0x67452301;
    int h1 = 0xEFCDAB89;
    int h2 = 0x98BADCFE;
    int h3 = 0x10325476;
    int h4 = 0xC3D2E1F0;

    ByteArrayOutputStream out = new ByteArrayOutputStream();
    out.writeBytes(message);
    out.write(0x00000080);
    while (out.size() % 64 != 56) out.write(0x00000000);
    out.writeBytes(ByteBuffer.allocate(8).putLong(message.length).array());
    byte[] data = out.toByteArray();

    for (int j = 0; j < data.length / 64; ++j) {
        int[] w = new int[80];
        for (int i = 0; i < 16; ++i) {
            w[i] = ByteBuffer.wrap(data, j * 64 + i * 4, 4).getInt();
        }

        for (int i = 16; i < 80; ++i) {
            w[i] = leftrotate((w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]), 1);
        }

        int a = h0;
        int b = h1;
        int c = h2;
        int d = h3;
        int e = h4;

        for (int i = 0; i < 80; ++i) {
            final int f, k;
            if (i < 20) {
                f = (b & c) | ((~b) & d);
                k = 0x5A827999;
            } else if (i < 40) {
                f = b ^ c ^ d;
                k = 0x6ED9EBA1;
            } else if (i < 60) {
                f = (b & c) | (b & d) | (c & d);
                k = 0x8F1BBCDC;
            } else {
                f = b ^ c ^ d;
                k = 0xCA62C1D6;
            }

            int t = leftrotate(a, 5) + f + e + k + w[i];
            e = d;
            d = c;
            c = leftrotate(b, 30);
            b = a;
            a = t;
        }

        h0 += a;
        h1 += b;
        h2 += c;
        h3 += d;
        h4 += e;
    }

    ByteBuffer buffer = ByteBuffer.allocate(20);
    buffer.putInt(h0);
    buffer.putInt(h1);
    buffer.putInt(h2);
    buffer.putInt(h3);
    buffer.putInt(h4);

    return buffer.array();
}

public static int leftrotate(int x, int c) {
    return (x << c) | (x >> (32 - c));
}

为了测试这一点,我尝试对n个字节的随机数组进行哈希处理,然后将哈希值与通过以下方法获得的哈希值进行比较

MessageDigest.getInstance("SHA-1").digest(message)

我得到了不同的哈希值。 我上面的实现中有任何错误吗?错误可能来自其他地方吗?

1 个答案:

答案 0 :(得分:0)

该实现存在两个问题。首先,我用字节而不是位来写初始消息的大小。其次,leftrotate方法应该使用算术右移,而应该使用逻辑右移。