sha256.js revision 010d83a9304c5a91596085d917d248abff47903a
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5/** @fileoverview SHA256 in javascript */ 6// SHA256 { 7// SHA256(); 8// void reset(); 9// void update(byte[] data, opt_length); 10// byte[32] digest(); 11// } 12 13/** @constructor */ 14function SHA256() { 15 this._buf = new Array(64); 16 this._W = new Array(64); 17 this._pad = new Array(64); 18 this._k = [ 19 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 20 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 21 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 22 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 23 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 24 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 25 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 26 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 27 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 28 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 29 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 30 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 31 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 32 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 33 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 34 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2]; 35 36 this._pad[0] = 0x80; 37 for (var i = 1; i < 64; ++i) this._pad[i] = 0; 38 39 this.reset(); 40} 41 42/** Reset the hasher */ 43SHA256.prototype.reset = function() { 44 this._chain = [ 45 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 46 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19]; 47 48 this._inbuf = 0; 49 this._total = 0; 50}; 51 52/** Hash the next block of 64 bytes 53 * @param {Array.<number>} buf A 64 byte buffer 54 */ 55SHA256.prototype._compress = function(buf) { 56 var W = this._W; 57 var k = this._k; 58 59 function _rotr(w, r) { return ((w << (32 - r)) | (w >>> r)); }; 60 61 // get 16 big endian words 62 for (var i = 0; i < 64; i += 4) { 63 var w = (buf[i] << 24) | 64 (buf[i + 1] << 16) | 65 (buf[i + 2] << 8) | 66 (buf[i + 3]); 67 W[i / 4] = w; 68 } 69 70 // expand to 64 words 71 for (var i = 16; i < 64; ++i) { 72 var s0 = _rotr(W[i - 15], 7) ^ _rotr(W[i - 15], 18) ^ (W[i - 15] >>> 3); 73 var s1 = _rotr(W[i - 2], 17) ^ _rotr(W[i - 2], 19) ^ (W[i - 2] >>> 10); 74 W[i] = (W[i - 16] + s0 + W[i - 7] + s1) & 0xffffffff; 75 } 76 77 var A = this._chain[0]; 78 var B = this._chain[1]; 79 var C = this._chain[2]; 80 var D = this._chain[3]; 81 var E = this._chain[4]; 82 var F = this._chain[5]; 83 var G = this._chain[6]; 84 var H = this._chain[7]; 85 86 for (var i = 0; i < 64; ++i) { 87 var S0 = _rotr(A, 2) ^ _rotr(A, 13) ^ _rotr(A, 22); 88 var maj = (A & B) ^ (A & C) ^ (B & C); 89 var t2 = (S0 + maj) & 0xffffffff; 90 var S1 = _rotr(E, 6) ^ _rotr(E, 11) ^ _rotr(E, 25); 91 var ch = (E & F) ^ ((~E) & G); 92 var t1 = (H + S1 + ch + k[i] + W[i]) & 0xffffffff; 93 94 H = G; 95 G = F; 96 F = E; 97 E = (D + t1) & 0xffffffff; 98 D = C; 99 C = B; 100 B = A; 101 A = (t1 + t2) & 0xffffffff; 102 } 103 104 this._chain[0] += A; 105 this._chain[1] += B; 106 this._chain[2] += C; 107 this._chain[3] += D; 108 this._chain[4] += E; 109 this._chain[5] += F; 110 this._chain[6] += G; 111 this._chain[7] += H; 112}; 113 114/** Update the hash with additional data 115 * @param {Array.<number>|Uint8Array} bytes The data 116 * @param {number=} opt_length How many bytes to hash, if not all */ 117SHA256.prototype.update = function(bytes, opt_length) { 118 if (!opt_length) opt_length = bytes.length; 119 120 this._total += opt_length; 121 for (var n = 0; n < opt_length; ++n) { 122 this._buf[this._inbuf++] = bytes[n]; 123 if (this._inbuf == 64) { 124 this._compress(this._buf); 125 this._inbuf = 0; 126 } 127 } 128}; 129 130/** Update the hash with a specified range from a data buffer 131 * @param {Array.<number>} bytes The data buffer 132 * @param {number} start Starting index of the range in bytes 133 * @param {number} end End index, will not be included in range 134 */ 135SHA256.prototype.updateRange = function(bytes, start, end) { 136 this._total += (end - start); 137 for (var n = start; n < end; ++n) { 138 this._buf[this._inbuf++] = bytes[n]; 139 if (this._inbuf == 64) { 140 this._compress(this._buf); 141 this._inbuf = 0; 142 } 143 } 144}; 145 146/** 147 * Optionally update the hash with additional arguments, and return the 148 * resulting hash value. 149 * @param {...*} var_args Data buffers to hash 150 * @return {Array.<number>} the SHA256 hash value. 151 */ 152SHA256.prototype.digest = function(var_args) { 153 for (var i = 0; i < arguments.length; ++i) 154 this.update(arguments[i]); 155 156 var digest = new Array(32); 157 var totalBits = this._total * 8; 158 159 // add pad 0x80 0x00* 160 if (this._inbuf < 56) 161 this.update(this._pad, 56 - this._inbuf); 162 else 163 this.update(this._pad, 64 - (this._inbuf - 56)); 164 165 // add # bits, big endian 166 for (var i = 63; i >= 56; --i) { 167 this._buf[i] = totalBits & 255; 168 totalBits >>>= 8; 169 } 170 171 this._compress(this._buf); 172 173 var n = 0; 174 for (var i = 0; i < 8; ++i) 175 for (var j = 24; j >= 0; j -= 8) 176 digest[n++] = (this._chain[i] >> j) & 255; 177 178 return digest; 179}; 180