[dev.boringcrypto] misc/boring: add go1.9.2b4 release

[gostls13.git] / src / crypto / sha256 / sha256.go

// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Package sha256 implements the SHA224 and SHA256 hash algorithms as defined
// in FIPS 180-4.
package sha256

import (
        "crypto"
        "crypto/internal/boring"
        "hash"
)

func init() {
        crypto.RegisterHash(crypto.SHA224, New224)
        crypto.RegisterHash(crypto.SHA256, New)
}

// The size of a SHA256 checksum in bytes.
const Size = 32

// The size of a SHA224 checksum in bytes.
const Size224 = 28

// The blocksize of SHA256 and SHA224 in bytes.
const BlockSize = 64

const (
        chunk     = 64
        init0     = 0x6A09E667
        init1     = 0xBB67AE85
        init2     = 0x3C6EF372
        init3     = 0xA54FF53A
        init4     = 0x510E527F
        init5     = 0x9B05688C
        init6     = 0x1F83D9AB
        init7     = 0x5BE0CD19
        init0_224 = 0xC1059ED8
        init1_224 = 0x367CD507
        init2_224 = 0x3070DD17
        init3_224 = 0xF70E5939
        init4_224 = 0xFFC00B31
        init5_224 = 0x68581511
        init6_224 = 0x64F98FA7
        init7_224 = 0xBEFA4FA4
)

// digest represents the partial evaluation of a checksum.
type digest struct {
        h     [8]uint32
        x     [chunk]byte
        nx    int
        len   uint64
        is224 bool // mark if this digest is SHA-224
}

func (d *digest) Reset() {
        if !d.is224 {
                d.h[0] = init0
                d.h[1] = init1
                d.h[2] = init2
                d.h[3] = init3
                d.h[4] = init4
                d.h[5] = init5
                d.h[6] = init6
                d.h[7] = init7
        } else {
                d.h[0] = init0_224
                d.h[1] = init1_224
                d.h[2] = init2_224
                d.h[3] = init3_224
                d.h[4] = init4_224
                d.h[5] = init5_224
                d.h[6] = init6_224
                d.h[7] = init7_224
        }
        d.nx = 0
        d.len = 0
}

// New returns a new hash.Hash computing the SHA256 checksum.
func New() hash.Hash {
        if boring.Enabled {
                return boring.NewSHA256()
        }
        d := new(digest)
        d.Reset()
        return d
}

// New224 returns a new hash.Hash computing the SHA224 checksum.
func New224() hash.Hash {
        if boring.Enabled {
                return boring.NewSHA224()
        }
        d := new(digest)
        d.is224 = true
        d.Reset()
        return d
}

func (d *digest) Size() int {
        if !d.is224 {
                return Size
        }
        return Size224
}

func (d *digest) BlockSize() int { return BlockSize }

func (d *digest) Write(p []byte) (nn int, err error) {
        boring.Unreachable()
        nn = len(p)
        d.len += uint64(nn)
        if d.nx > 0 {
                n := copy(d.x[d.nx:], p)
                d.nx += n
                if d.nx == chunk {
                        block(d, d.x[:])
                        d.nx = 0
                }
                p = p[n:]
        }
        if len(p) >= chunk {
                n := len(p) &^ (chunk - 1)
                block(d, p[:n])
                p = p[n:]
        }
        if len(p) > 0 {
                d.nx = copy(d.x[:], p)
        }
        return
}

func (d0 *digest) Sum(in []byte) []byte {
        boring.Unreachable()
        // Make a copy of d0 so that caller can keep writing and summing.
        d := *d0
        hash := d.checkSum()
        if d.is224 {
                return append(in, hash[:Size224]...)
        }
        return append(in, hash[:]...)
}

func (d *digest) checkSum() [Size]byte {
        len := d.len
        // Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
        var tmp [64]byte
        tmp[0] = 0x80
        if len%64 < 56 {
                d.Write(tmp[0 : 56-len%64])
        } else {
                d.Write(tmp[0 : 64+56-len%64])
        }

        // Length in bits.
        len <<= 3
        for i := uint(0); i < 8; i++ {
                tmp[i] = byte(len >> (56 - 8*i))
        }
        d.Write(tmp[0:8])

        if d.nx != 0 {
                panic("d.nx != 0")
        }

        h := d.h[:]
        if d.is224 {
                h = d.h[:7]
        }

        var digest [Size]byte
        for i, s := range h {
                digest[i*4] = byte(s >> 24)
                digest[i*4+1] = byte(s >> 16)
                digest[i*4+2] = byte(s >> 8)
                digest[i*4+3] = byte(s)
        }

        return digest
}

// Sum256 returns the SHA256 checksum of the data.
func Sum256(data []byte) [Size]byte {
        if boring.Enabled {
                h := New()
                h.Write(data)
                var ret [Size]byte
                h.Sum(ret[:0])
                return ret
        }
        var d digest
        d.Reset()
        d.Write(data)
        return d.checkSum()
}

// Sum224 returns the SHA224 checksum of the data.
func Sum224(data []byte) (sum224 [Size224]byte) {
        if boring.Enabled {
                h := New224()
                h.Write(data)
                var ret [Size224]byte
                h.Sum(ret[:0])
                return ret
        }
        var d digest
        d.is224 = true
        d.Reset()
        d.Write(data)
        sum := d.checkSum()
        copy(sum224[:], sum[:Size224])
        return
}