sha256.js revision 010d83a9304c5a91596085d917d248abff47903a 
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5/** @fileoverview SHA256 in javascript */
6// SHA256 {
7//  SHA256();
8//  void reset();
9//  void update(byte[] data, opt_length);
10//  byte[32] digest();
11// }
12
13/** @constructor */
14function SHA256() {
15  this._buf = new Array(64);
16  this._W = new Array(64);
17  this._pad = new Array(64);
18  this._k = [
19   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
20   0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
21   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
22   0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
23   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
24   0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
25   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
26   0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
27   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
28   0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
29   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
30   0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
31   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
32   0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
33   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
34   0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
35
36  this._pad[0] = 0x80;
37  for (var i = 1; i < 64; ++i) this._pad[i] = 0;
38
39  this.reset();
40}
41
42/** Reset the hasher */
43SHA256.prototype.reset = function() {
44  this._chain = [
45    0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
46    0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19];
47
48  this._inbuf = 0;
49  this._total = 0;
50};
51
52/** Hash the next block of 64 bytes
53 * @param {Array.<number>} buf A 64 byte buffer
54 */
55SHA256.prototype._compress = function(buf) {
56  var W = this._W;
57  var k = this._k;
58
59  function _rotr(w, r) { return ((w << (32 - r)) | (w >>> r)); };
60
61  // get 16 big endian words
62  for (var i = 0; i < 64; i += 4) {
63    var w = (buf[i] << 24) |
64            (buf[i + 1] << 16) |
65            (buf[i + 2] << 8) |
66            (buf[i + 3]);
67    W[i / 4] = w;
68  }
69
70  // expand to 64 words
71  for (var i = 16; i < 64; ++i) {
72    var s0 = _rotr(W[i - 15], 7) ^ _rotr(W[i - 15], 18) ^ (W[i - 15] >>> 3);
73    var s1 = _rotr(W[i - 2], 17) ^ _rotr(W[i - 2], 19) ^ (W[i - 2] >>> 10);
74    W[i] = (W[i - 16] + s0 + W[i - 7] + s1) & 0xffffffff;
75  }
76
77  var A = this._chain[0];
78  var B = this._chain[1];
79  var C = this._chain[2];
80  var D = this._chain[3];
81  var E = this._chain[4];
82  var F = this._chain[5];
83  var G = this._chain[6];
84  var H = this._chain[7];
85
86  for (var i = 0; i < 64; ++i) {
87    var S0 = _rotr(A, 2) ^ _rotr(A, 13) ^ _rotr(A, 22);
88    var maj = (A & B) ^ (A & C) ^ (B & C);
89    var t2 = (S0 + maj) & 0xffffffff;
90    var S1 = _rotr(E, 6) ^ _rotr(E, 11) ^ _rotr(E, 25);
91    var ch = (E & F) ^ ((~E) & G);
92    var t1 = (H + S1 + ch + k[i] + W[i]) & 0xffffffff;
93
94    H = G;
95    G = F;
96    F = E;
97    E = (D + t1) & 0xffffffff;
98    D = C;
99    C = B;
100    B = A;
101    A = (t1 + t2) & 0xffffffff;
102  }
103
104  this._chain[0] += A;
105  this._chain[1] += B;
106  this._chain[2] += C;
107  this._chain[3] += D;
108  this._chain[4] += E;
109  this._chain[5] += F;
110  this._chain[6] += G;
111  this._chain[7] += H;
112};
113
114/** Update the hash with additional data
115 * @param {Array.<number>|Uint8Array} bytes The data
116 * @param {number=} opt_length How many bytes to hash, if not all */
117SHA256.prototype.update = function(bytes, opt_length) {
118  if (!opt_length) opt_length = bytes.length;
119
120  this._total += opt_length;
121  for (var n = 0; n < opt_length; ++n) {
122    this._buf[this._inbuf++] = bytes[n];
123    if (this._inbuf == 64) {
124      this._compress(this._buf);
125      this._inbuf = 0;
126    }
127  }
128};
129
130/** Update the hash with a specified range from a data buffer
131 * @param {Array.<number>} bytes The data buffer
132 * @param {number} start Starting index of the range in bytes
133 * @param {number} end End index, will not be included in range
134 */
135SHA256.prototype.updateRange = function(bytes, start, end) {
136  this._total += (end - start);
137  for (var n = start; n < end; ++n) {
138    this._buf[this._inbuf++] = bytes[n];
139    if (this._inbuf == 64) {
140      this._compress(this._buf);
141      this._inbuf = 0;
142    }
143  }
144};
145
146/**
147 * Optionally update the hash with additional arguments, and return the
148 * resulting hash value.
149 * @param {...*} var_args Data buffers to hash
150 * @return {Array.<number>} the SHA256 hash value.
151 */
152SHA256.prototype.digest = function(var_args) {
153  for (var i = 0; i < arguments.length; ++i)
154    this.update(arguments[i]);
155
156  var digest = new Array(32);
157  var totalBits = this._total * 8;
158
159  // add pad 0x80 0x00*
160  if (this._inbuf < 56)
161    this.update(this._pad, 56 - this._inbuf);
162  else
163    this.update(this._pad, 64 - (this._inbuf - 56));
164
165  // add # bits, big endian
166  for (var i = 63; i >= 56; --i) {
167    this._buf[i] = totalBits & 255;
168    totalBits >>>= 8;
169  }
170
171  this._compress(this._buf);
172
173  var n = 0;
174  for (var i = 0; i < 8; ++i)
175    for (var j = 24; j >= 0; j -= 8)
176      digest[n++] = (this._chain[i] >> j) & 255;
177
178  return digest;
179};
180