v/vlib/crypto/sha256/sha256.v

// Copyright (c) 2019-2022 Alexander Medvednikov. All rights reserved.
// Use of this source code is governed by an MIT license
// that can be found in the LICENSE file.
// Package sha256 implements the SHA224 and SHA256 hash algorithms as defined
// in FIPS 180-4.
// Based off:   https://github.com/golang/go/tree/master/src/crypto/sha256
// Last commit: https://github.com/golang/go/commit/3ce865d7a0b88714cc433454ae2370a105210c01
module sha256

import encoding.binary

pub const (
	// The size of a SHA256 checksum in bytes.
	size       = 32
	// The size of a SHA224 checksum in bytes.
	size224    = 28
	// The blocksize of SHA256 and SHA224 in bytes.
	block_size = 64
)

const (
	chunk     = 64
	init0     = 0x6A09E667
	init1     = 0xBB67AE85
	init2     = 0x3C6EF372
	init3     = 0xA54FF53A
	init4     = 0x510E527F
	init5     = 0x9B05688C
	init6     = 0x1F83D9AB
	init7     = 0x5BE0CD19
	init0_224 = 0xC1059ED8
	init1_224 = 0x367CD507
	init2_224 = 0x3070DD17
	init3_224 = 0xF70E5939
	init4_224 = 0xFFC00B31
	init5_224 = 0x68581511
	init6_224 = 0x64F98FA7
	init7_224 = 0xBEFA4FA4
)

// digest represents the partial evaluation of a checksum.
struct Digest {
mut:
	h     []u32
	x     []byte
	nx    int
	len   u64
	is224 bool // mark if this digest is SHA-224
}

fn (mut d Digest) reset() {
	d.h = []u32{len: (8)}
	d.x = []byte{len: sha256.chunk}
	if !d.is224 {
		d.h[0] = u32(sha256.init0)
		d.h[1] = u32(sha256.init1)
		d.h[2] = u32(sha256.init2)
		d.h[3] = u32(sha256.init3)
		d.h[4] = u32(sha256.init4)
		d.h[5] = u32(sha256.init5)
		d.h[6] = u32(sha256.init6)
		d.h[7] = u32(sha256.init7)
	} else {
		d.h[0] = u32(sha256.init0_224)
		d.h[1] = u32(sha256.init1_224)
		d.h[2] = u32(sha256.init2_224)
		d.h[3] = u32(sha256.init3_224)
		d.h[4] = u32(sha256.init4_224)
		d.h[5] = u32(sha256.init5_224)
		d.h[6] = u32(sha256.init6_224)
		d.h[7] = u32(sha256.init7_224)
	}
	d.nx = 0
	d.len = 0
}

// new returns a new Digest (implementing hash.Hash) computing the SHA256 checksum.
pub fn new() &Digest {
	mut d := &Digest{}
	d.reset()
	return d
}

// new224 returns a new Digest (implementing hash.Hash) computing the SHA224 checksum.
pub fn new224() &Digest {
	mut d := &Digest{}
	d.is224 = true
	d.reset()
	return d
}

// write writes the contents of `p_` to the internal hash representation.
pub fn (mut d Digest) write(p_ []byte) ?int {
	unsafe {
		mut p := p_
		nn := p.len
		d.len += u64(nn)
		if d.nx > 0 {
			n := copy(mut d.x[d.nx..], p)
			d.nx += n
			if d.nx == sha256.chunk {
				block(mut d, d.x)
				d.nx = 0
			}
			if n >= p.len {
				p = []
			} else {
				p = p[n..]
			}
		}
		if p.len >= sha256.chunk {
			n := p.len & ~(sha256.chunk - 1)
			block(mut d, p[..n])
			if n >= p.len {
				p = []
			} else {
				p = p[n..]
			}
		}
		if p.len > 0 {
			d.nx = copy(mut d.x, p)
		}
		return nn
	}
}

// sum returns the SHA256 or SHA224 checksum of digest with the data.
pub fn (d &Digest) sum(b_in []byte) []byte {
	// Make a copy of d so that caller can keep writing and summing.
	mut d0 := *d
	hash := d0.checksum()
	mut b_out := b_in.clone()
	if d0.is224 {
		for b in hash[..sha256.size224] {
			b_out << b
		}
	} else {
		for b in hash {
			b_out << b
		}
	}
	return b_out
}

// checksum returns the current byte checksum of the Digest.
pub fn (mut d Digest) checksum() []byte {
	mut len := d.len
	// Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
	mut tmp := []byte{len: (64)}
	tmp[0] = 0x80
	if int(len) % 64 < 56 {
		d.write(tmp[..56 - int(len) % 64]) or { panic(err) }
	} else {
		d.write(tmp[..64 + 56 - int(len) % 64]) or { panic(err) }
	}
	// Length in bits.
	len <<= u64(3)
	binary.big_endian_put_u64(mut tmp, len)
	d.write(tmp[..8]) or { panic(err) }
	if d.nx != 0 {
		panic('d.nx != 0')
	}
	mut digest := []byte{len: sha256.size}
	binary.big_endian_put_u32(mut digest, d.h[0])
	binary.big_endian_put_u32(mut digest[4..], d.h[1])
	binary.big_endian_put_u32(mut digest[8..], d.h[2])
	binary.big_endian_put_u32(mut digest[12..], d.h[3])
	binary.big_endian_put_u32(mut digest[16..], d.h[4])
	binary.big_endian_put_u32(mut digest[20..], d.h[5])
	binary.big_endian_put_u32(mut digest[24..], d.h[6])
	if !d.is224 {
		binary.big_endian_put_u32(mut digest[28..], d.h[7])
	}
	return digest
}

// sum returns the SHA256 checksum of the bytes in `data`.
// Example: assert sha256.sum('V'.bytes()).len > 0 == true
pub fn sum(data []byte) []byte {
	return sum256(data)
}

// sum256 returns the SHA256 checksum of the data.
pub fn sum256(data []byte) []byte {
	mut d := new()
	d.write(data) or { panic(err) }
	return d.checksum()
}

// sum224 returns the SHA224 checksum of the data.
pub fn sum224(data []byte) []byte {
	mut d := new224()
	d.write(data) or { panic(err) }
	sum := d.checksum()
	mut sum224 := []byte{len: sha256.size224}
	copy(mut sum224, sum[..sha256.size224])
	return sum224
}

fn block(mut dig Digest, p []byte) {
	// For now just use block_generic until we have specific
	// architecture optimized versions
	block_generic(mut dig, p)
}

// size returns the size of the checksum in bytes.
pub fn (d &Digest) size() int {
	if !d.is224 {
		return sha256.size
	}
	return sha256.size224
}

// block_size returns the block size of the checksum in bytes.
pub fn (d &Digest) block_size() int {
	return sha256.block_size
}

// hexhash returns a hexadecimal SHA256 hash sum `string` of `s`.
// Example: assert sha256.hexhash('V') == 'de5a6f78116eca62d7fc5ce159d23ae6b889b365a1739ad2cf36f925a140d0cc'
pub fn hexhash(s string) string {
	return sum256(s.bytes()).hex()
}

// hexhash_224 returns a hexadecimal SHA224 hash sum `string` of `s`.
pub fn hexhash_224(s string) string {
	return sum224(s.bytes()).hex()
}