1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package sha256 implements the SHA224 and SHA256 hash algorithms as defined
11 "crypto/internal/boring"
17 crypto.RegisterHash(crypto.SHA224, New224)
18 crypto.RegisterHash(crypto.SHA256, New)
21 // The size of a SHA256 checksum in bytes.
24 // The size of a SHA224 checksum in bytes.
27 // The blocksize of SHA256 and SHA224 in bytes.
40 init0_224 = 0xC1059ED8
41 init1_224 = 0x367CD507
42 init2_224 = 0x3070DD17
43 init3_224 = 0xF70E5939
44 init4_224 = 0xFFC00B31
45 init5_224 = 0x68581511
46 init6_224 = 0x64F98FA7
47 init7_224 = 0xBEFA4FA4
50 // digest represents the partial evaluation of a checksum.
56 is224 bool // mark if this digest is SHA-224
62 marshaledSize = len(magic256) + 8*4 + chunk + 8
65 func (d *digest) MarshalBinary() ([]byte, error) {
66 b := make([]byte, 0, marshaledSize)
68 b = append(b, magic224...)
70 b = append(b, magic256...)
72 b = appendUint32(b, d.h[0])
73 b = appendUint32(b, d.h[1])
74 b = appendUint32(b, d.h[2])
75 b = appendUint32(b, d.h[3])
76 b = appendUint32(b, d.h[4])
77 b = appendUint32(b, d.h[5])
78 b = appendUint32(b, d.h[6])
79 b = appendUint32(b, d.h[7])
80 b = append(b, d.x[:d.nx]...)
81 b = b[:len(b)+len(d.x)-int(d.nx)] // already zero
82 b = appendUint64(b, d.len)
86 func (d *digest) UnmarshalBinary(b []byte) error {
87 if len(b) < len(magic224) || (d.is224 && string(b[:len(magic224)]) != magic224) || (!d.is224 && string(b[:len(magic256)]) != magic256) {
88 return errors.New("crypto/sha256: invalid hash state identifier")
90 if len(b) != marshaledSize {
91 return errors.New("crypto/sha256: invalid hash state size")
94 b, d.h[0] = consumeUint32(b)
95 b, d.h[1] = consumeUint32(b)
96 b, d.h[2] = consumeUint32(b)
97 b, d.h[3] = consumeUint32(b)
98 b, d.h[4] = consumeUint32(b)
99 b, d.h[5] = consumeUint32(b)
100 b, d.h[6] = consumeUint32(b)
101 b, d.h[7] = consumeUint32(b)
102 b = b[copy(d.x[:], b):]
103 b, d.len = consumeUint64(b)
104 d.nx = int(d.len % chunk)
108 func putUint32(x []byte, s uint32) {
116 func putUint64(x []byte, s uint64) {
128 func appendUint64(b []byte, x uint64) []byte {
131 return append(b, a[:]...)
134 func appendUint32(b []byte, x uint32) []byte {
137 return append(b, a[:]...)
140 func consumeUint64(b []byte) ([]byte, uint64) {
142 x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
143 uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
147 func consumeUint32(b []byte) ([]byte, uint32) {
149 x := uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
153 func (d *digest) Reset() {
177 // New returns a new hash.Hash computing the SHA256 checksum. The Hash
178 // also implements encoding.BinaryMarshaler and
179 // encoding.BinaryUnmarshaler to marshal and unmarshal the internal
180 // state of the hash.
181 func New() hash.Hash {
183 return boring.NewSHA256()
190 // New224 returns a new hash.Hash computing the SHA224 checksum.
191 func New224() hash.Hash {
193 return boring.NewSHA224()
201 func (d *digest) Size() int {
208 func (d *digest) BlockSize() int { return BlockSize }
210 func (d *digest) Write(p []byte) (nn int, err error) {
215 n := copy(d.x[d.nx:], p)
224 n := len(p) &^ (chunk - 1)
229 d.nx = copy(d.x[:], p)
234 func (d *digest) Sum(in []byte) []byte {
236 // Make a copy of d so that caller can keep writing and summing.
238 hash := d0.checkSum()
240 return append(in, hash[:Size224]...)
242 return append(in, hash[:]...)
245 func (d *digest) checkSum() [Size]byte {
247 // Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
251 d.Write(tmp[0 : 56-len%64])
253 d.Write(tmp[0 : 64+56-len%64])
258 putUint64(tmp[:], len)
265 var digest [Size]byte
267 putUint32(digest[0:], d.h[0])
268 putUint32(digest[4:], d.h[1])
269 putUint32(digest[8:], d.h[2])
270 putUint32(digest[12:], d.h[3])
271 putUint32(digest[16:], d.h[4])
272 putUint32(digest[20:], d.h[5])
273 putUint32(digest[24:], d.h[6])
275 putUint32(digest[28:], d.h[7])
281 // Sum256 returns the SHA256 checksum of the data.
282 func Sum256(data []byte) [Size]byte {
296 // Sum224 returns the SHA224 checksum of the data.
297 func Sum224(data []byte) (sum224 [Size224]byte) {
301 var ret [Size224]byte
310 copy(sum224[:], sum[:Size224])