lib/src/hash_base.dart

// Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.

library crypto.hash_base;

import 'dart:math' as math;
import 'dart:typed_data';

import 'hash.dart';
import 'utils.dart';

/// A base class for [Hash] implementations.
///
/// Subclasses should override [updateHash], and define it to update [h] with
/// the results of the hash function.
abstract class HashBase implements Hash {
  /// The size (in 32-bit words) of the chunks of input data that the hash
  /// function consumes at once.
  final int _chunkSizeInWords;

  /// The size (in 32-bit words) of the digest that the hash function emits.
  final int _digestSizeInWords;

  /// Whether the hash function operates on big-endian words.
  final bool _bigEndianWords;

  /// The words in the current chunk.
  final Uint32List _currentChunk;

  /// The words in the current digest.
  ///
  /// The size of this buffer is given by the `digestSizeInWords` constructor
  /// parameter.
  final Uint32List h;

  /// The length of the input data so far, in bytes.
  int _lengthInBytes = 0;

  /// Data that has yet to be processed by the hash function.
  List<int> _pendingData;

  /// Whether [close] has been called.
  bool _digestCalled = false;

  /// Creates a new hash.
  ///
  /// [chunkSizeInWords] represents the size of the input chunks processed by
  /// the algorithm. [digestSizeInWords] represents the size of the algorithm's
  /// output digest. Both are in terms of 32-bit words.
  HashBase(
      int chunkSizeInWords, int digestSizeInWords, bool this._bigEndianWords)
      : _pendingData = [],
        _currentChunk = new Uint32List(chunkSizeInWords),
        h = new Uint32List(digestSizeInWords),
        _chunkSizeInWords = chunkSizeInWords,
        _digestSizeInWords = digestSizeInWords;

  void add(List<int> data) {
    if (_digestCalled) {
      throw new StateError(
          'Hash update method called after digest was retrieved');
    }
    _lengthInBytes += data.length;
    _pendingData.addAll(data);
    _iterate();
  }

  List<int> close() {
    if (_digestCalled) {
      return _resultAsBytes();
    }
    _digestCalled = true;
    _finalizeData();
    _iterate();
    assert(_pendingData.length == 0);
    return _resultAsBytes();
  }

  int get blockSize {
    return _chunkSizeInWords * BYTES_PER_WORD;
  }

  /// Runs a single iteration of the hash computation, updating [h] with the
  /// result.
  ///
  /// [m] is the current chunk, whose size is given by the `chunkSizeInWords`
  /// parameter passed to the constructor.
  void updateHash(Uint32List m);

  /// Computes the final result of the hash as a list of bytes from the hash
  /// words.
  List<int> _resultAsBytes() {
    var result = [];
    for (var i = 0; i < h.length; i++) {
      result.addAll(_wordToBytes(h[i]));
    }
    return result;
  }

  /// Converts a list of bytes to a chunk of 32-bit words.
  ///
  /// Stores the result in [_currentChunk].
  void _bytesToChunk(List<int> data, int dataIndex) {
    assert((data.length - dataIndex) >= (_chunkSizeInWords * BYTES_PER_WORD));

    for (var wordIndex = 0; wordIndex < _chunkSizeInWords; wordIndex++) {
      var w3 = _bigEndianWords ? data[dataIndex] : data[dataIndex + 3];
      var w2 = _bigEndianWords ? data[dataIndex + 1] : data[dataIndex + 2];
      var w1 = _bigEndianWords ? data[dataIndex + 2] : data[dataIndex + 1];
      var w0 = _bigEndianWords ? data[dataIndex + 3] : data[dataIndex];
      dataIndex += 4;
      var word = (w3 & 0xff) << 24;
      word |= (w2 & MASK_8) << 16;
      word |= (w1 & MASK_8) << 8;
      word |= (w0 & MASK_8);
      _currentChunk[wordIndex] = word;
    }
  }

  /// Converts a 32-bit word to four bytes.
  List<int> _wordToBytes(int word) {
    List bytes = new List<int>(BYTES_PER_WORD);
    bytes[0] = (word >> (_bigEndianWords ? 24 : 0)) & MASK_8;
    bytes[1] = (word >> (_bigEndianWords ? 16 : 8)) & MASK_8;
    bytes[2] = (word >> (_bigEndianWords ? 8 : 16)) & MASK_8;
    bytes[3] = (word >> (_bigEndianWords ? 0 : 24)) & MASK_8;
    return bytes;
  }

  /// Iterates through [_pendingData], updating the hash computation for each
  /// chunk.
  void _iterate() {
    var len = _pendingData.length;
    var chunkSizeInBytes = _chunkSizeInWords * BYTES_PER_WORD;
    if (len >= chunkSizeInBytes) {
      var index = 0;
      for (; (len - index) >= chunkSizeInBytes; index += chunkSizeInBytes) {
        _bytesToChunk(_pendingData, index);
        updateHash(_currentChunk);
      }
      _pendingData = _pendingData.sublist(index, len);
    }
  }

  /// Finalizes [_pendingData].
  ///
  /// This adds a 1 bit to the end of the message, and expands it with 0 bits to
  /// pad it out.
  void _finalizeData() {
    _pendingData.add(0x80);
    var contentsLength = _lengthInBytes + 9;
    var chunkSizeInBytes = _chunkSizeInWords * BYTES_PER_WORD;
    var finalizedLength = _roundUp(contentsLength, chunkSizeInBytes);
    var zeroPadding = finalizedLength - contentsLength;
    for (var i = 0; i < zeroPadding; i++) {
      _pendingData.add(0);
    }
    var lengthInBits = _lengthInBytes * BITS_PER_BYTE;
    const MAX_UINT64 = 0xFFFFFFFFFFFFFFFF;
    if (lengthInBits > MAX_UINT64) {
      throw new UnsupportedError(
          "Hash undefined for message bit lengths larger than 64 bits");
    }
    if (_bigEndianWords) {
      _pendingData.addAll(_wordToBytes((lengthInBits >> 32) & MASK_32));
      _pendingData.addAll(_wordToBytes(lengthInBits & MASK_32));
    } else {
      _pendingData.addAll(_wordToBytes(lengthInBits & MASK_32));
      _pendingData.addAll(_wordToBytes((lengthInBits >> 32) & MASK_32));
    }
  }

  /// Rounds [val] to the nearest multiple of [n].
  int _roundUp(val, n) => (val + n - 1) & -n;
}