osom_lib_hashes 0.1.21

ABI-stable hashing algorithms for osom_lib.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256

//! Holds the portable implementation of the `SHA2-256` algorithm.

#![allow(clippy::many_single_char_names)]

use osom_lib_arrays::const_helpers::{from_be_const_u32, subslice_mut_const};
use osom_lib_arrays::fixed_array::ConstBuffer;
use osom_lib_reprc::macros::reprc;

use super::sha2_256_shared::{INITIAL_STATE, K, calculate_final_blocks};
use crate::traits::HashFunction;

const CHUNK_SIZE_U32: usize = 16;

/// A portable implementation of the `SHA2-256` algorithm.
///
/// This implementation is portable, will work on any platform
/// and is const friendly.
///
/// # Notes
///
/// The concrete algorithm follows closely the `SHA2-256` specification
/// taken from [RFC 4634](https://www.rfc-editor.org/rfc/rfc4634).
#[reprc]
#[must_use]
pub struct SHA2_256_Portable {
    // This field is used in the final block calculation.
    // It is first due to its size (we are using #[repr(C)]).
    pub(super) total_length: u64,

    // The internal state of SHA2-256 hasher.
    pub(super) state: [u32; 8],

    // The buffered message block. We need to keep it because final block needs to be processed differently.
    pub(super) bufferer: ConstBuffer<64, u8>,
}

#[inline(always)]
const fn ch(x: u32, y: u32, z: u32) -> u32 {
    (x & y) ^ (!x & z)
}

#[inline(always)]
const fn maj(x: u32, y: u32, z: u32) -> u32 {
    (x & y) ^ (x & z) ^ (y & z)
}

#[inline(always)]
const fn bsig0(x: u32) -> u32 {
    x.rotate_right(2) ^ x.rotate_right(13) ^ x.rotate_right(22)
}

#[inline(always)]
const fn bsig1(x: u32) -> u32 {
    x.rotate_right(6) ^ x.rotate_right(11) ^ x.rotate_right(25)
}

#[inline(always)]
const fn ssig0(x: u32) -> u32 {
    x.rotate_right(7) ^ x.rotate_right(18) ^ (x >> 3)
}

#[inline(always)]
const fn ssig1(x: u32) -> u32 {
    x.rotate_right(17) ^ x.rotate_right(19) ^ (x >> 10)
}

const fn prepare_w_schedule(data: &[u32; 16]) -> [u32; 4 * CHUNK_SIZE_U32] {
    let mut w = [0u32; 4 * CHUNK_SIZE_U32];
    let mut index = 0;
    while index < CHUNK_SIZE_U32 {
        w[index] = data[index];
        index += 1;
    }

    let mut index = CHUNK_SIZE_U32;
    while index < 4 * CHUNK_SIZE_U32 {
        w[index] = ssig1(w[index - 2])
            .wrapping_add(w[index - 7])
            .wrapping_add(ssig0(w[index - 15]))
            .wrapping_add(w[index - 16]);
        index += 1;
    }

    w
}

const fn update_state(state: &mut [u32; 8], data: &[u8; 64]) {
    let data = {
        let mut initial_data = [0u32; CHUNK_SIZE_U32];
        let mut index = 0;
        while index < CHUNK_SIZE_U32 {
            initial_data[index] = unsafe { from_be_const_u32(data, index * 4) };
            index += 1;
        }
        initial_data
    };

    let w = prepare_w_schedule(&data);

    let mut a = state[0];
    let mut b = state[1];
    let mut c = state[2];
    let mut d = state[3];
    let mut e = state[4];
    let mut f = state[5];
    let mut g = state[6];
    let mut h = state[7];

    let mut index = 0;
    while index < 64 {
        let temp1 = h
            .wrapping_add(bsig1(e))
            .wrapping_add(ch(e, f, g))
            .wrapping_add(K[index])
            .wrapping_add(w[index]);
        let temp2 = bsig0(a).wrapping_add(maj(a, b, c));
        h = g;
        g = f;
        f = e;
        e = d.wrapping_add(temp1);
        d = c;
        c = b;
        b = a;
        a = temp1.wrapping_add(temp2);
        index += 1;
    }

    state[0] = state[0].wrapping_add(a);
    state[1] = state[1].wrapping_add(b);
    state[2] = state[2].wrapping_add(c);
    state[3] = state[3].wrapping_add(d);
    state[4] = state[4].wrapping_add(e);
    state[5] = state[5].wrapping_add(f);
    state[6] = state[6].wrapping_add(g);
    state[7] = state[7].wrapping_add(h);
}

impl SHA2_256_Portable {
    /// Creates a new [`SHA2_256_Portable`] instance.
    #[inline(always)]
    pub const fn new() -> Self {
        Self {
            total_length: 0,
            state: INITIAL_STATE,
            bufferer: ConstBuffer::new(),
        }
    }

    #[inline(always)]
    pub(super) const fn from_pieces(total_length: u64, state: [u32; 8], bufferer: ConstBuffer<64, u8>) -> Self {
        Self {
            total_length,
            state,
            bufferer,
        }
    }

    /// Writes a block of data to the underlying state.
    ///
    /// # Panics
    ///
    /// This function will panic if the length of the data is greater than `u32::MAX`,
    /// and when the total processed length exceeds `u64::MAX`.
    pub const fn update_const(&mut self, data: &[u8]) {
        let len = data.len();
        if len == 0 {
            return;
        }

        assert!(
            len <= u32::MAX as usize,
            "The max size of a chunk for SHA2_256_Portable is u32::MAX."
        );

        let len: u64 = len as u64;

        assert!(
            self.total_length <= (u64::MAX / 8) - len,
            "The total length of the data that SHA2-256 can process is u64::MAX / 8. This limit is reached."
        );

        // This is safe due to previous assertions.
        self.total_length = unsafe { self.total_length.unchecked_add(len) };

        let mut iterator = self.bufferer.buffer_const(data);
        while let Some(block) = iterator.next() {
            update_state(&mut self.state, block);
        }
    }

    /// Writes the final hash value to the passed output.
    ///
    /// # Notes
    ///
    /// This function does not update the internal state, and thus
    /// the [`SHA2_256_Portable`] can still be used afterwards.
    pub const fn write_result_const(&self, output: &mut [u8; 32]) {
        // Build the final SHA2-256 block.
        let mut state = self.state;

        let final_blocks = calculate_final_blocks(self.total_length, self.bufferer.current_state_const());
        let mut tmp_buffer = ConstBuffer::<64, u8>::new();
        let mut iterator = tmp_buffer.buffer_const(final_blocks.as_slice());
        while let Some(block) = iterator.next() {
            update_state(&mut state, block);
        }

        // Finally write the output via big-endian encoding.
        let mut index = 0;
        while index < 8 {
            let dst = unsafe {
                let range = (4 * index)..(4 * (index + 1));
                subslice_mut_const(output, range)
            };
            let src = &state[index].to_be_bytes();
            dst.copy_from_slice(src);
            index += 1;
        }
    }

    /// Returns the final hash value.
    ///
    /// # Notes
    ///
    /// This function does not update the internal state, and thus
    /// the [`SHA2_256_Portable`] can still be used afterwards.
    #[inline(always)]
    #[must_use]
    pub const fn result_const(&self) -> [u8; 32] {
        let mut array = core::mem::MaybeUninit::<[u8; 32]>::uninit();
        let raw_ref = unsafe { &mut *array.as_mut_ptr() };
        self.write_result_const(raw_ref);
        unsafe { array.assume_init() }
    }
}

impl Default for SHA2_256_Portable {
    #[inline(always)]
    fn default() -> Self {
        Self::new()
    }
}

impl HashFunction for SHA2_256_Portable {
    type Output = [u8; 32];

    #[inline(always)]
    fn update(&mut self, data: impl AsRef<[u8]>) {
        self.update_const(data.as_ref());
    }

    #[inline(always)]
    fn write_result(&self, output: &mut Self::Output) {
        self.write_result_const(output);
    }
}