1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5// SHA256 in javascript. 6// 7// SHA256 { 8// SHA256(); 9// void reset(); 10// void update(byte[] data, opt_length); 11// byte[32] digest(); 12// } 13 14/** @constructor */ 15function SHA256() { 16 this._buf = new Array(64); 17 this._W = new Array(64); 18 this._pad = new Array(64); 19 this._k = [ 20 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 21 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 22 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 23 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 24 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 25 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 26 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 27 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 28 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 29 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 30 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 31 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 32 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 33 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 34 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 35 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2]; 36 37 this._pad[0] = 0x80; 38 for (var i = 1; i < 64; ++i) this._pad[i] = 0; 39 40 this.reset(); 41} 42 43/** Reset the hasher */ 44SHA256.prototype.reset = function() { 45 this._chain = [ 46 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 47 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19]; 48 49 this._inbuf = 0; 50 this._total = 0; 51}; 52 53/** Hash the next block of 64 bytes 54 * @param {Array.<number>} buf A 64 byte buffer 55 */ 56SHA256.prototype._compress = function(buf) { 57 var W = this._W; 58 var k = this._k; 59 60 function _rotr(w, r) { return ((w << (32 - r)) | (w >>> r)); }; 61 62 // get 16 big endian words 63 for (var i = 0; i < 64; i += 4) { 64 var w = (buf[i] << 24) | 65 (buf[i + 1] << 16) | 66 (buf[i + 2] << 8) | 67 (buf[i + 3]); 68 W[i / 4] = w; 69 } 70 71 // expand to 64 words 72 for (var i = 16; i < 64; ++i) { 73 var s0 = _rotr(W[i - 15], 7) ^ _rotr(W[i - 15], 18) ^ (W[i - 15] >>> 3); 74 var s1 = _rotr(W[i - 2], 17) ^ _rotr(W[i - 2], 19) ^ (W[i - 2] >>> 10); 75 W[i] = (W[i - 16] + s0 + W[i - 7] + s1) & 0xffffffff; 76 } 77 78 var A = this._chain[0]; 79 var B = this._chain[1]; 80 var C = this._chain[2]; 81 var D = this._chain[3]; 82 var E = this._chain[4]; 83 var F = this._chain[5]; 84 var G = this._chain[6]; 85 var H = this._chain[7]; 86 87 for (var i = 0; i < 64; ++i) { 88 var S0 = _rotr(A, 2) ^ _rotr(A, 13) ^ _rotr(A, 22); 89 var maj = (A & B) ^ (A & C) ^ (B & C); 90 var t2 = (S0 + maj) & 0xffffffff; 91 var S1 = _rotr(E, 6) ^ _rotr(E, 11) ^ _rotr(E, 25); 92 var ch = (E & F) ^ ((~E) & G); 93 var t1 = (H + S1 + ch + k[i] + W[i]) & 0xffffffff; 94 95 H = G; 96 G = F; 97 F = E; 98 E = (D + t1) & 0xffffffff; 99 D = C; 100 C = B; 101 B = A; 102 A = (t1 + t2) & 0xffffffff; 103 } 104 105 this._chain[0] += A; 106 this._chain[1] += B; 107 this._chain[2] += C; 108 this._chain[3] += D; 109 this._chain[4] += E; 110 this._chain[5] += F; 111 this._chain[6] += G; 112 this._chain[7] += H; 113}; 114 115/** Update the hash with additional data 116 * @param {Array.<number>|Uint8Array} bytes The data 117 * @param {number=} opt_length How many bytes to hash, if not all */ 118SHA256.prototype.update = function(bytes, opt_length) { 119 if (!opt_length) opt_length = bytes.length; 120 121 this._total += opt_length; 122 for (var n = 0; n < opt_length; ++n) { 123 this._buf[this._inbuf++] = bytes[n]; 124 if (this._inbuf == 64) { 125 this._compress(this._buf); 126 this._inbuf = 0; 127 } 128 } 129}; 130 131/** Update the hash with a specified range from a data buffer 132 * @param {Array.<number>} bytes The data buffer 133 * @param {number} start Starting index of the range in bytes 134 * @param {number} end End index, will not be included in range 135 */ 136SHA256.prototype.updateRange = function(bytes, start, end) { 137 this._total += (end - start); 138 for (var n = start; n < end; ++n) { 139 this._buf[this._inbuf++] = bytes[n]; 140 if (this._inbuf == 64) { 141 this._compress(this._buf); 142 this._inbuf = 0; 143 } 144 } 145}; 146 147/** 148 * Optionally update the hash with additional arguments, and return the 149 * resulting hash value. 150 * @param {...*} var_args Data buffers to hash 151 * @return {Array.<number>} the SHA256 hash value. 152 */ 153SHA256.prototype.digest = function(var_args) { 154 for (var i = 0; i < arguments.length; ++i) 155 this.update(arguments[i]); 156 157 var digest = new Array(32); 158 var totalBits = this._total * 8; 159 160 // add pad 0x80 0x00* 161 if (this._inbuf < 56) 162 this.update(this._pad, 56 - this._inbuf); 163 else 164 this.update(this._pad, 64 - (this._inbuf - 56)); 165 166 // add # bits, big endian 167 for (var i = 63; i >= 56; --i) { 168 this._buf[i] = totalBits & 255; 169 totalBits >>>= 8; 170 } 171 172 this._compress(this._buf); 173 174 var n = 0; 175 for (var i = 0; i < 8; ++i) 176 for (var j = 24; j >= 0; j -= 8) 177 digest[n++] = (this._chain[i] >> j) & 255; 178 179 return digest; 180}; 181