pierrelf.com
we (web engine): Experimental web browser project to understand the limits of Claude
1//! SHA-2 hash functions: SHA-256, SHA-384, SHA-512 (FIPS 180-4).
2
3// ---------------------------------------------------------------------------
4// SHA-256
5// ---------------------------------------------------------------------------
6
7/// SHA-256 round constants (first 32 bits of the fractional parts of the
8/// cube roots of the first 64 primes).
9const K256: [u32; 64] = [
10 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
11 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
12 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
13 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
14 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
15 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
16 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
17 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
18];
19
20/// Initial hash values for SHA-256 (first 32 bits of the fractional parts
21/// of the square roots of the first 8 primes).
22const H256_INIT: [u32; 8] = [
23 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,
24];
25
26/// SHA-256 hasher with streaming API.
27#[derive(Clone)]
28pub struct Sha256 {
29 state: [u32; 8],
30 buf: [u8; 64],
31 buf_len: usize,
32 total_len: u64,
33}
34
35impl Sha256 {
36 pub fn new() -> Self {
37 Self {
38 state: H256_INIT,
39 buf: [0u8; 64],
40 buf_len: 0,
41 total_len: 0,
42 }
43 }
44
45 pub fn update(&mut self, data: &[u8]) {
46 self.total_len += data.len() as u64;
47 let mut offset = 0;
48
49 // Fill the buffer if partially filled.
50 if self.buf_len > 0 {
51 let space = 64 - self.buf_len;
52 let copy_len = space.min(data.len());
53 self.buf[self.buf_len..self.buf_len + copy_len].copy_from_slice(&data[..copy_len]);
54 self.buf_len += copy_len;
55 offset += copy_len;
56
57 if self.buf_len == 64 {
58 let block = self.buf;
59 sha256_compress(&mut self.state, &block);
60 self.buf_len = 0;
61 }
62 }
63
64 // Process full blocks directly.
65 while offset + 64 <= data.len() {
66 let block: [u8; 64] = data[offset..offset + 64].try_into().unwrap();
67 sha256_compress(&mut self.state, &block);
68 offset += 64;
69 }
70
71 // Buffer remaining bytes.
72 let remaining = data.len() - offset;
73 if remaining > 0 {
74 self.buf[..remaining].copy_from_slice(&data[offset..]);
75 self.buf_len = remaining;
76 }
77 }
78
79 pub fn finalize(mut self) -> [u8; 32] {
80 // Pad per FIPS 180-4 §5.1.1.
81 let bit_len = self.total_len * 8;
82
83 // Append 0x80 byte.
84 self.buf[self.buf_len] = 0x80;
85 self.buf_len += 1;
86
87 // If not enough room for the 8-byte length, pad and compress.
88 if self.buf_len > 56 {
89 for i in self.buf_len..64 {
90 self.buf[i] = 0;
91 }
92 let block = self.buf;
93 sha256_compress(&mut self.state, &block);
94 self.buf_len = 0;
95 }
96
97 // Zero-pad up to byte 56, then append 64-bit big-endian length.
98 for i in self.buf_len..56 {
99 self.buf[i] = 0;
100 }
101 self.buf[56..64].copy_from_slice(&bit_len.to_be_bytes());
102 let block = self.buf;
103 sha256_compress(&mut self.state, &block);
104
105 // Produce the digest.
106 let mut out = [0u8; 32];
107 for (i, word) in self.state.iter().enumerate() {
108 out[i * 4..(i + 1) * 4].copy_from_slice(&word.to_be_bytes());
109 }
110 out
111 }
112}
113
114impl Default for Sha256 {
115 fn default() -> Self {
116 Self::new()
117 }
118}
119
120/// One-shot SHA-256.
121pub fn sha256(data: &[u8]) -> [u8; 32] {
122 let mut h = Sha256::new();
123 h.update(data);
124 h.finalize()
125}
126
127/// SHA-256 compression function: process one 64-byte block.
128fn sha256_compress(state: &mut [u32; 8], block: &[u8; 64]) {
129 // Prepare the message schedule.
130 let mut w = [0u32; 64];
131 for i in 0..16 {
132 w[i] = u32::from_be_bytes([
133 block[i * 4],
134 block[i * 4 + 1],
135 block[i * 4 + 2],
136 block[i * 4 + 3],
137 ]);
138 }
139 for i in 16..64 {
140 let s0 = w[i - 15].rotate_right(7) ^ w[i - 15].rotate_right(18) ^ (w[i - 15] >> 3);
141 let s1 = w[i - 2].rotate_right(17) ^ w[i - 2].rotate_right(19) ^ (w[i - 2] >> 10);
142 w[i] = w[i - 16]
143 .wrapping_add(s0)
144 .wrapping_add(w[i - 7])
145 .wrapping_add(s1);
146 }
147
148 let [mut a, mut b, mut c, mut d, mut e, mut f, mut g, mut h] = *state;
149
150 for i in 0..64 {
151 let s1 = e.rotate_right(6) ^ e.rotate_right(11) ^ e.rotate_right(25);
152 let ch = (e & f) ^ ((!e) & g);
153 let temp1 = h
154 .wrapping_add(s1)
155 .wrapping_add(ch)
156 .wrapping_add(K256[i])
157 .wrapping_add(w[i]);
158 let s0 = a.rotate_right(2) ^ a.rotate_right(13) ^ a.rotate_right(22);
159 let maj = (a & b) ^ (a & c) ^ (b & c);
160 let temp2 = s0.wrapping_add(maj);
161
162 h = g;
163 g = f;
164 f = e;
165 e = d.wrapping_add(temp1);
166 d = c;
167 c = b;
168 b = a;
169 a = temp1.wrapping_add(temp2);
170 }
171
172 state[0] = state[0].wrapping_add(a);
173 state[1] = state[1].wrapping_add(b);
174 state[2] = state[2].wrapping_add(c);
175 state[3] = state[3].wrapping_add(d);
176 state[4] = state[4].wrapping_add(e);
177 state[5] = state[5].wrapping_add(f);
178 state[6] = state[6].wrapping_add(g);
179 state[7] = state[7].wrapping_add(h);
180}
181
182// ---------------------------------------------------------------------------
183// SHA-512
184// ---------------------------------------------------------------------------
185
186/// SHA-512 round constants (first 64 bits of the fractional parts of the
187/// cube roots of the first 80 primes).
188const K512: [u64; 80] = [
189 0x428a2f98d728ae22,
190 0x7137449123ef65cd,
191 0xb5c0fbcfec4d3b2f,
192 0xe9b5dba58189dbbc,
193 0x3956c25bf348b538,
194 0x59f111f1b605d019,
195 0x923f82a4af194f9b,
196 0xab1c5ed5da6d8118,
197 0xd807aa98a3030242,
198 0x12835b0145706fbe,
199 0x243185be4ee4b28c,
200 0x550c7dc3d5ffb4e2,
201 0x72be5d74f27b896f,
202 0x80deb1fe3b1696b1,
203 0x9bdc06a725c71235,
204 0xc19bf174cf692694,
205 0xe49b69c19ef14ad2,
206 0xefbe4786384f25e3,
207 0x0fc19dc68b8cd5b5,
208 0x240ca1cc77ac9c65,
209 0x2de92c6f592b0275,
210 0x4a7484aa6ea6e483,
211 0x5cb0a9dcbd41fbd4,
212 0x76f988da831153b5,
213 0x983e5152ee66dfab,
214 0xa831c66d2db43210,
215 0xb00327c898fb213f,
216 0xbf597fc7beef0ee4,
217 0xc6e00bf33da88fc2,
218 0xd5a79147930aa725,
219 0x06ca6351e003826f,
220 0x142929670a0e6e70,
221 0x27b70a8546d22ffc,
222 0x2e1b21385c26c926,
223 0x4d2c6dfc5ac42aed,
224 0x53380d139d95b3df,
225 0x650a73548baf63de,
226 0x766a0abb3c77b2a8,
227 0x81c2c92e47edaee6,
228 0x92722c851482353b,
229 0xa2bfe8a14cf10364,
230 0xa81a664bbc423001,
231 0xc24b8b70d0f89791,
232 0xc76c51a30654be30,
233 0xd192e819d6ef5218,
234 0xd69906245565a910,
235 0xf40e35855771202a,
236 0x106aa07032bbd1b8,
237 0x19a4c116b8d2d0c8,
238 0x1e376c085141ab53,
239 0x2748774cdf8eeb99,
240 0x34b0bcb5e19b48a8,
241 0x391c0cb3c5c95a63,
242 0x4ed8aa4ae3418acb,
243 0x5b9cca4f7763e373,
244 0x682e6ff3d6b2b8a3,
245 0x748f82ee5defb2fc,
246 0x78a5636f43172f60,
247 0x84c87814a1f0ab72,
248 0x8cc702081a6439ec,
249 0x90befffa23631e28,
250 0xa4506cebde82bde9,
251 0xbef9a3f7b2c67915,
252 0xc67178f2e372532b,
253 0xca273eceea26619c,
254 0xd186b8c721c0c207,
255 0xeada7dd6cde0eb1e,
256 0xf57d4f7fee6ed178,
257 0x06f067aa72176fba,
258 0x0a637dc5a2c898a6,
259 0x113f9804bef90dae,
260 0x1b710b35131c471b,
261 0x28db77f523047d84,
262 0x32caab7b40c72493,
263 0x3c9ebe0a15c9bebc,
264 0x431d67c49c100d4c,
265 0x4cc5d4becb3e42b6,
266 0x597f299cfc657e2a,
267 0x5fcb6fab3ad6faec,
268 0x6c44198c4a475817,
269];
270
271/// Initial hash values for SHA-512.
272const H512_INIT: [u64; 8] = [
273 0x6a09e667f3bcc908,
274 0xbb67ae8584caa73b,
275 0x3c6ef372fe94f82b,
276 0xa54ff53a5f1d36f1,
277 0x510e527fade682d1,
278 0x9b05688c2b3e6c1f,
279 0x1f83d9abfb41bd6b,
280 0x5be0cd19137e2179,
281];
282
283/// Initial hash values for SHA-384 (different from SHA-512).
284const H384_INIT: [u64; 8] = [
285 0xcbbb9d5dc1059ed8,
286 0x629a292a367cd507,
287 0x9159015a3070dd17,
288 0x152fecd8f70e5939,
289 0x67332667ffc00b31,
290 0x8eb44a8768581511,
291 0xdb0c2e0d64f98fa7,
292 0x47b5481dbefa4fa4,
293];
294
295/// SHA-512 hasher with streaming API.
296#[derive(Clone)]
297pub struct Sha512 {
298 state: [u64; 8],
299 buf: [u8; 128],
300 buf_len: usize,
301 total_len: u128,
302}
303
304impl Sha512 {
305 pub fn new() -> Self {
306 Self {
307 state: H512_INIT,
308 buf: [0u8; 128],
309 buf_len: 0,
310 total_len: 0,
311 }
312 }
313
314 fn with_init(init: [u64; 8]) -> Self {
315 Self {
316 state: init,
317 buf: [0u8; 128],
318 buf_len: 0,
319 total_len: 0,
320 }
321 }
322
323 pub fn update(&mut self, data: &[u8]) {
324 self.total_len += data.len() as u128;
325 let mut offset = 0;
326
327 if self.buf_len > 0 {
328 let space = 128 - self.buf_len;
329 let copy_len = space.min(data.len());
330 self.buf[self.buf_len..self.buf_len + copy_len].copy_from_slice(&data[..copy_len]);
331 self.buf_len += copy_len;
332 offset += copy_len;
333
334 if self.buf_len == 128 {
335 let block = self.buf;
336 sha512_compress(&mut self.state, &block);
337 self.buf_len = 0;
338 }
339 }
340
341 while offset + 128 <= data.len() {
342 let block: [u8; 128] = data[offset..offset + 128].try_into().unwrap();
343 sha512_compress(&mut self.state, &block);
344 offset += 128;
345 }
346
347 let remaining = data.len() - offset;
348 if remaining > 0 {
349 self.buf[..remaining].copy_from_slice(&data[offset..]);
350 self.buf_len = remaining;
351 }
352 }
353
354 pub fn finalize(mut self) -> [u8; 64] {
355 // Pad per FIPS 180-4 §5.1.2.
356 let bit_len = self.total_len * 8;
357
358 self.buf[self.buf_len] = 0x80;
359 self.buf_len += 1;
360
361 // Need 16 bytes for the 128-bit length at the end.
362 if self.buf_len > 112 {
363 for i in self.buf_len..128 {
364 self.buf[i] = 0;
365 }
366 let block = self.buf;
367 sha512_compress(&mut self.state, &block);
368 self.buf_len = 0;
369 }
370
371 for i in self.buf_len..112 {
372 self.buf[i] = 0;
373 }
374 self.buf[112..128].copy_from_slice(&bit_len.to_be_bytes());
375 let block = self.buf;
376 sha512_compress(&mut self.state, &block);
377
378 let mut out = [0u8; 64];
379 for (i, word) in self.state.iter().enumerate() {
380 out[i * 8..(i + 1) * 8].copy_from_slice(&word.to_be_bytes());
381 }
382 out
383 }
384}
385
386impl Default for Sha512 {
387 fn default() -> Self {
388 Self::new()
389 }
390}
391
392/// One-shot SHA-512.
393pub fn sha512(data: &[u8]) -> [u8; 64] {
394 let mut h = Sha512::new();
395 h.update(data);
396 h.finalize()
397}
398
399/// SHA-512 compression function: process one 128-byte block.
400fn sha512_compress(state: &mut [u64; 8], block: &[u8; 128]) {
401 let mut w = [0u64; 80];
402 for i in 0..16 {
403 w[i] = u64::from_be_bytes([
404 block[i * 8],
405 block[i * 8 + 1],
406 block[i * 8 + 2],
407 block[i * 8 + 3],
408 block[i * 8 + 4],
409 block[i * 8 + 5],
410 block[i * 8 + 6],
411 block[i * 8 + 7],
412 ]);
413 }
414 for i in 16..80 {
415 let s0 = w[i - 15].rotate_right(1) ^ w[i - 15].rotate_right(8) ^ (w[i - 15] >> 7);
416 let s1 = w[i - 2].rotate_right(19) ^ w[i - 2].rotate_right(61) ^ (w[i - 2] >> 6);
417 w[i] = w[i - 16]
418 .wrapping_add(s0)
419 .wrapping_add(w[i - 7])
420 .wrapping_add(s1);
421 }
422
423 let [mut a, mut b, mut c, mut d, mut e, mut f, mut g, mut h] = *state;
424
425 for i in 0..80 {
426 let s1 = e.rotate_right(14) ^ e.rotate_right(18) ^ e.rotate_right(41);
427 let ch = (e & f) ^ ((!e) & g);
428 let temp1 = h
429 .wrapping_add(s1)
430 .wrapping_add(ch)
431 .wrapping_add(K512[i])
432 .wrapping_add(w[i]);
433 let s0 = a.rotate_right(28) ^ a.rotate_right(34) ^ a.rotate_right(39);
434 let maj = (a & b) ^ (a & c) ^ (b & c);
435 let temp2 = s0.wrapping_add(maj);
436
437 h = g;
438 g = f;
439 f = e;
440 e = d.wrapping_add(temp1);
441 d = c;
442 c = b;
443 b = a;
444 a = temp1.wrapping_add(temp2);
445 }
446
447 state[0] = state[0].wrapping_add(a);
448 state[1] = state[1].wrapping_add(b);
449 state[2] = state[2].wrapping_add(c);
450 state[3] = state[3].wrapping_add(d);
451 state[4] = state[4].wrapping_add(e);
452 state[5] = state[5].wrapping_add(f);
453 state[6] = state[6].wrapping_add(g);
454 state[7] = state[7].wrapping_add(h);
455}
456
457// ---------------------------------------------------------------------------
458// SHA-384
459// ---------------------------------------------------------------------------
460
461/// SHA-384 hasher (SHA-512 with different initial values, truncated to 384 bits).
462#[derive(Clone)]
463pub struct Sha384 {
464 inner: Sha512,
465}
466
467impl Sha384 {
468 pub fn new() -> Self {
469 Self {
470 inner: Sha512::with_init(H384_INIT),
471 }
472 }
473
474 pub fn update(&mut self, data: &[u8]) {
475 self.inner.update(data);
476 }
477
478 pub fn finalize(self) -> [u8; 48] {
479 let full = self.inner.finalize();
480 let mut out = [0u8; 48];
481 out.copy_from_slice(&full[..48]);
482 out
483 }
484}
485
486impl Default for Sha384 {
487 fn default() -> Self {
488 Self::new()
489 }
490}
491
492/// One-shot SHA-384.
493pub fn sha384(data: &[u8]) -> [u8; 48] {
494 let mut h = Sha384::new();
495 h.update(data);
496 h.finalize()
497}
498
499// ---------------------------------------------------------------------------
500// Tests
501// ---------------------------------------------------------------------------
502
503#[cfg(test)]
504mod tests {
505 use super::*;
506
507 fn hex(bytes: &[u8]) -> String {
508 bytes.iter().map(|b| format!("{b:02x}")).collect()
509 }
510
511 // -----------------------------------------------------------------------
512 // SHA-256 NIST test vectors (FIPS 180-4 / NIST CSRC examples)
513 // -----------------------------------------------------------------------
514
515 #[test]
516 fn sha256_empty() {
517 assert_eq!(
518 hex(&sha256(b"")),
519 "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
520 );
521 }
522
523 #[test]
524 fn sha256_abc() {
525 assert_eq!(
526 hex(&sha256(b"abc")),
527 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
528 );
529 }
530
531 #[test]
532 fn sha256_448bit() {
533 // "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" (448 bits)
534 assert_eq!(
535 hex(&sha256(
536 b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
537 )),
538 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"
539 );
540 }
541
542 #[test]
543 fn sha256_896bit() {
544 // "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
545 assert_eq!(
546 hex(&sha256(b"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")),
547 "cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1"
548 );
549 }
550
551 #[test]
552 fn sha256_million_a() {
553 // 1,000,000 repetitions of 'a'
554 let mut h = Sha256::new();
555 // Feed in chunks to test streaming.
556 let chunk = [b'a'; 1000];
557 for _ in 0..1000 {
558 h.update(&chunk);
559 }
560 assert_eq!(
561 hex(&h.finalize()),
562 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0"
563 );
564 }
565
566 #[test]
567 fn sha256_streaming() {
568 // Verify streaming matches one-shot.
569 let data = b"The quick brown fox jumps over the lazy dog";
570 let expected = sha256(data);
571
572 let mut h = Sha256::new();
573 h.update(&data[..10]);
574 h.update(&data[10..20]);
575 h.update(&data[20..]);
576 assert_eq!(h.finalize(), expected);
577 }
578
579 // -----------------------------------------------------------------------
580 // SHA-512 NIST test vectors
581 // -----------------------------------------------------------------------
582
583 #[test]
584 fn sha512_empty() {
585 assert_eq!(
586 hex(&sha512(b"")),
587 "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
588 );
589 }
590
591 #[test]
592 fn sha512_abc() {
593 assert_eq!(
594 hex(&sha512(b"abc")),
595 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"
596 );
597 }
598
599 #[test]
600 fn sha512_896bit() {
601 assert_eq!(
602 hex(&sha512(b"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")),
603 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909"
604 );
605 }
606
607 #[test]
608 fn sha512_million_a() {
609 let mut h = Sha512::new();
610 let chunk = [b'a'; 1000];
611 for _ in 0..1000 {
612 h.update(&chunk);
613 }
614 assert_eq!(
615 hex(&h.finalize()),
616 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b"
617 );
618 }
619
620 #[test]
621 fn sha512_streaming() {
622 let data = b"The quick brown fox jumps over the lazy dog";
623 let expected = sha512(data);
624
625 let mut h = Sha512::new();
626 h.update(&data[..5]);
627 h.update(&data[5..]);
628 assert_eq!(h.finalize(), expected);
629 }
630
631 // -----------------------------------------------------------------------
632 // SHA-384 NIST test vectors
633 // -----------------------------------------------------------------------
634
635 #[test]
636 fn sha384_empty() {
637 assert_eq!(
638 hex(&sha384(b"")),
639 "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
640 );
641 }
642
643 #[test]
644 fn sha384_abc() {
645 assert_eq!(
646 hex(&sha384(b"abc")),
647 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7"
648 );
649 }
650
651 #[test]
652 fn sha384_896bit() {
653 assert_eq!(
654 hex(&sha384(b"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")),
655 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039"
656 );
657 }
658
659 #[test]
660 fn sha384_million_a() {
661 let mut h = Sha384::new();
662 let chunk = [b'a'; 1000];
663 for _ in 0..1000 {
664 h.update(&chunk);
665 }
666 assert_eq!(
667 hex(&h.finalize()),
668 "9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985"
669 );
670 }
671
672 #[test]
673 fn sha384_streaming() {
674 let data = b"The quick brown fox jumps over the lazy dog";
675 let expected = sha384(data);
676
677 let mut h = Sha384::new();
678 h.update(&data[..15]);
679 h.update(&data[15..]);
680 assert_eq!(h.finalize(), expected);
681 }
682
683 // -----------------------------------------------------------------------
684 // Edge cases
685 // -----------------------------------------------------------------------
686
687 #[test]
688 fn sha256_exactly_one_block() {
689 // 55 bytes + 1 byte (0x80) + 8 bytes (length) = 64 = one block after padding
690 let data = [0xABu8; 55];
691 let result = sha256(&data);
692 // Verify streaming matches.
693 let mut h = Sha256::new();
694 h.update(&data);
695 assert_eq!(h.finalize(), result);
696 }
697
698 #[test]
699 fn sha256_exactly_56_bytes() {
700 // 56 bytes requires two blocks (56 + 1 + 8 > 64).
701 let data = [0xCDu8; 56];
702 let result = sha256(&data);
703 let mut h = Sha256::new();
704 h.update(&data);
705 assert_eq!(h.finalize(), result);
706 }
707
708 #[test]
709 fn sha512_exactly_one_block() {
710 // 111 bytes + 1 + 16 = 128
711 let data = [0xABu8; 111];
712 let result = sha512(&data);
713 let mut h = Sha512::new();
714 h.update(&data);
715 assert_eq!(h.finalize(), result);
716 }
717
718 #[test]
719 fn sha512_exactly_112_bytes() {
720 // 112 + 1 + 16 > 128 => requires second block
721 let data = [0xCDu8; 112];
722 let result = sha512(&data);
723 let mut h = Sha512::new();
724 h.update(&data);
725 assert_eq!(h.finalize(), result);
726 }
727
728 #[test]
729 fn sha256_byte_at_a_time() {
730 let data = b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
731 let expected = sha256(data);
732 let mut h = Sha256::new();
733 for byte in data.iter() {
734 h.update(&[*byte]);
735 }
736 assert_eq!(h.finalize(), expected);
737 }
738}