JCE: add MessageDigest implementation for SHA3-224, SHA3-256, SHA3-38…

…4, SHA3-512
wolfSSL · Mar 5, 2025 · 89403b8 · 89403b8
1 parent 00f2b1c
commit 89403b8
Show file tree

Hide file tree

Showing 5 changed files with 868 additions and 0 deletions.
diff --git a/README_JCE.md b/README_JCE.md
@@ -92,6 +92,10 @@ The JCE provider currently supports the following algorithms:
         SHA-256
         SHA-384
         SHA-512
+        SHA3-224
+        SHA3-256
+        SHA3-384
+        SHA3-512
 
     SecureRandom Class
         DEFAULT (maps to HashDRBG)

diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptMessageDigestSha3.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptMessageDigestSha3.java
@@ -0,0 +1,199 @@
+/* WolfCryptMessageDigestSha3.java
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+package com.wolfssl.provider.jce;
+
+import java.security.MessageDigestSpi;
+import java.security.NoSuchAlgorithmException;
+import javax.crypto.ShortBufferException;
+
+import com.wolfssl.wolfcrypt.Sha3;
+import com.wolfssl.wolfcrypt.WolfCryptException;
+
+/**
+ * wolfCrypt JCE SHA-3 MessageDigest wrapper
+ */
+public class WolfCryptMessageDigestSha3
+    extends MessageDigestSpi implements Cloneable {
+
+    /* internal reference to wolfCrypt JNI Sha object */
+    private Sha3 sha;
+
+    /**
+     * Create new WolfCryptMessageDigestSha3 object
+     *
+     * @param hashType hash type to be used with this MessageDigest
+     * @throws NoSuchAlgorithmException if digest type is not
+     *         available in native wolfCrypt library
+     */
+    public WolfCryptMessageDigestSha3(int hashType)
+        throws NoSuchAlgorithmException {
+
+        try {
+            sha = new Sha3(hashType);
+            sha.init();
+
+        } catch (WolfCryptException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        }
+    }
+
+    /**
+     * Create new WolfCryptMessageDigestSha3 based on existing Sha3 object.
+     * Existing object should already be initialized.
+     *
+     * @param sha initialized Sha3 object to be used with this MessageDigest
+     */
+    private WolfCryptMessageDigestSha3(Sha3 sha) {
+        this.sha = sha;
+    }
+
+    @Override
+    protected byte[] engineDigest() {
+
+        byte[] digest = new byte[sha.digestSize()];
+
+        try {
+            this.sha.digest(digest);
+
+        } catch (ShortBufferException e) {
+            throw new RuntimeException(e.getMessage());
+        }
+
+        log("generated final digest, len: " + digest.length);
+
+        return digest;
+    }
+
+    @Override
+    protected void engineReset() {
+
+        this.sha.init();
+
+        log("engine reset");
+    }
+
+    @Override
+    protected void engineUpdate(byte input) {
+
+        byte[] tmp = new byte[1];
+        tmp[0] = input;
+
+        this.sha.update(tmp, 1);
+
+        log("update with single byte");
+    }
+
+    @Override
+    protected void engineUpdate(byte[] input, int offset, int len) {
+
+        this.sha.update(input, offset, len);
+
+        log("update, offset: " + offset + ", len: " + len);
+    }
+
+    @Override
+    protected int engineGetDigestLength() {
+        return this.sha.digestSize();
+    }
+
+    private void log(String msg) {
+        WolfCryptDebug.print("[MessageDigest, SHA-3] " + msg);
+    }
+
+    @Override
+    public Object clone() {
+        Sha3 shaCopy = (Sha3)this.sha.clone();
+        return new WolfCryptMessageDigestSha3(shaCopy);
+    }
+
+    @SuppressWarnings("deprecation")
+    @Override
+    protected void finalize() throws Throwable {
+        try {
+            if (this.sha != null)
+                this.sha.releaseNativeStruct();
+        } finally {
+            super.finalize();
+        }
+    }
+
+    /**
+     * wolfJCE SHA1wECDSA message digest class
+     */
+    public static final class wcSHA3_224 extends WolfCryptMessageDigestSha3 {
+        /**
+         * Create new wcSHA3_224 object
+         *
+         * @throws NoSuchAlgorithmException if digest type is not
+         *         available in native wolfCrypt library
+         */
+        public wcSHA3_224() throws NoSuchAlgorithmException {
+            super(Sha3.TYPE_SHA3_224);
+        }
+    }
+
+    /**
+     * wolfJCE SHA3-256 message digest class
+     */
+    public static final class wcSHA3_256 extends WolfCryptMessageDigestSha3 {
+        /**
+         * Create new wcSHA3_256 object
+         * 
+         * @throws NoSuchAlgorithmException if digest type is not
+         *         available in native wolfCrypt library
+         */
+        public wcSHA3_256() throws NoSuchAlgorithmException {
+            super(Sha3.TYPE_SHA3_256);
+        }
+    }
+
+    /**
+     * wolfJCE SHA3-384 message digest class
+     */
+    public static final class wcSHA3_384 extends WolfCryptMessageDigestSha3 {
+        /**
+         * Create new wcSHA3_384 object
+         *
+         * @throws NoSuchAlgorithmException if digest type is not
+         *         available in native wolfCrypt library
+         */
+        public wcSHA3_384() throws NoSuchAlgorithmException {
+            super(Sha3.TYPE_SHA3_384);
+        }
+    }
+
+    /**
+     * wolfJCE SHA3-512 message digest class
+     */
+    public static final class wcSHA3_512 extends WolfCryptMessageDigestSha3 {   
+        /**
+         * Create new wcSHA3_512 object
+         *
+         * @throws NoSuchAlgorithmException if digest type is not
+         *         available in native wolfCrypt library
+         */
+        public wcSHA3_512() throws NoSuchAlgorithmException {
+            super(Sha3.TYPE_SHA3_512);
+        }
+    }
+}
+
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
@@ -94,6 +94,16 @@ private void registerServices() {
             put("MessageDigest.SHA-512",
                     "com.wolfssl.provider.jce.WolfCryptMessageDigestSha512");
         }
+        if (FeatureDetect.Sha3Enabled()) {
+            put("MessageDigest.SHA3-224",
+                    "com.wolfssl.provider.jce.WolfCryptMessageDigestSha3$wcSHA3_224");
+            put("MessageDigest.SHA3-256",
+                    "com.wolfssl.provider.jce.WolfCryptMessageDigestSha3$wcSHA3_256");
+            put("MessageDigest.SHA3-384",
+                    "com.wolfssl.provider.jce.WolfCryptMessageDigestSha3$wcSHA3_384");
+            put("MessageDigest.SHA3-512",
+                    "com.wolfssl.provider.jce.WolfCryptMessageDigestSha3$wcSHA3_512");
+        }
 
         /* SecureRandom */
         /* TODO: May need to add "SHA1PRNG" alias, other JCA consumemrs may