SHA256 support (SHA1 --> Digest<SHA,Size>)

It would be easy to add SHA384 and/or SHA512 too.
Or other digest types if we add crypto code implementing them.

Author: snej

Crypto/SecureDigest.cc

@@ -17,69 +17,117 @@
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdocumentation-deprecated-sync"
 #include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
 #pragma clang diagnostic pop
 
 #ifdef __APPLE__
-#define USE_COMMON_CRYPTO
+#  define USE_COMMON_CRYPTO
 #endif
 
 #ifdef USE_COMMON_CRYPTO
     #include <CommonCrypto/CommonDigest.h>
-    #define _CONTEXT ((CC_SHA1_CTX*)_context)
-#else
-    #define _CONTEXT ((mbedtls_sha1_context*)_context)
 #endif
 
 namespace litecore {
 
-    void SHA1::computeFrom(fleece::slice s) {
-        (SHA1Builder() << s).finish(&bytes, sizeof(bytes));
-    }
-
 
-    bool SHA1::setDigest(fleece::slice s) {
-        if (s.size != sizeof(bytes))
+    template <DigestType TYPE, size_t SIZE>
+    bool Digest<TYPE,SIZE>::setDigest(fleece::slice s) {
+        if (s.size != _bytes.size())
             return false;
-        memcpy(bytes, s.buf, sizeof(bytes));
+        s.copyTo(_bytes.data());
         return true;
     }
 
 
-    std::string SHA1::asBase64() const {
+    template <DigestType TYPE, size_t SIZE>
+    std::string Digest<TYPE,SIZE>::asBase64() const {
         return fleece::base64::encode(asSlice());
     }
 
 
-    SHA1Builder::SHA1Builder() {
+#pragma mark - SHA1:
+
+
+    template <>
+    Digest<SHA,1>::Builder::Builder() {
         static_assert(sizeof(_context) >= sizeof(mbedtls_sha1_context));
 #ifdef USE_COMMON_CRYPTO
         static_assert(sizeof(_context) >= sizeof(CC_SHA1_CTX));
-        CC_SHA1_Init(_CONTEXT);
+        CC_SHA1_Init((CC_SHA1_CTX*)_context);
 #else
-        mbedtls_sha1_init(_CONTEXT);
-        mbedtls_sha1_starts(_CONTEXT);
+        mbedtls_sha1_init((mbedtls_sha1_context*)_context);
+        mbedtls_sha1_starts((mbedtls_sha1_context*)_context);
 #endif
     }
 
 
-    SHA1Builder& SHA1Builder::operator<< (fleece::slice s) {
+    template <>
+    Digest<SHA,1>::Builder& Digest<SHA,1>::Builder::operator<< (fleece::slice s) {
 #ifdef USE_COMMON_CRYPTO
-        CC_SHA1_Update(_CONTEXT, s.buf, (CC_LONG)s.size);
+        CC_SHA1_Update((CC_SHA1_CTX*)_context, s.buf, (CC_LONG)s.size);
 #else
-        mbedtls_sha1_update(_CONTEXT, (unsigned char*)s.buf, s.size);
+        mbedtls_sha1_update((mbedtls_sha1_context*)_context, (unsigned char*)s.buf, s.size);
 #endif
         return *this;
     }
 
 
-    void SHA1Builder::finish(void *result, size_t resultSize) {
-        DebugAssert(resultSize == sizeof(SHA1::bytes));
+    template <>
+    void Digest<SHA,1>::Builder::finish(void *result, size_t resultSize) {
+        Assert(resultSize == kSizeInBytes);
 #ifdef USE_COMMON_CRYPTO
-        CC_SHA1_Final((uint8_t*)result, _CONTEXT);
+        CC_SHA1_Final((uint8_t*)result, (CC_SHA1_CTX*)_context);
 #else
-        mbedtls_sha1_finish(_CONTEXT, (uint8_t*)result);
-        mbedtls_sha1_free(_CONTEXT);
+        mbedtls_sha1_finish((mbedtls_sha1_context*)_context, (uint8_t*)result);
+        mbedtls_sha1_free((mbedtls_sha1_context*)_context);
 #endif
     }
 
+    // Force the non-specialized methods to be instantiated:
+    template class Digest<SHA,1>;
+
+
+#pragma mark - SHA256:
+
+
+    template <>
+    Digest<SHA,256>::Builder::Builder() {
+        static_assert(sizeof(_context) >= sizeof(mbedtls_sha256_context));
+#ifdef USE_COMMON_CRYPTO
+        static_assert(sizeof(_context) >= sizeof(CC_SHA256_CTX));
+        CC_SHA256_Init((CC_SHA256_CTX*)_context);
+#else
+        mbedtls_sha256_init((mbedtls_sha256_context*)_context);
+        mbedtls_sha256_starts((mbedtls_sha256_context*)_context, 0);
+#endif
+    }
+
+
+    template <>
+    Digest<SHA,256>::Builder& Digest<SHA,256>::Builder::operator<< (fleece::slice s) {
+#ifdef USE_COMMON_CRYPTO
+        CC_SHA256_Update((CC_SHA256_CTX*)_context, s.buf, (CC_LONG)s.size);
+#else
+        mbedtls_sha256_update((mbedtls_sha256_context*)_context, (unsigned char*)s.buf, s.size);
+#endif
+        return *this;
+    }
+
+
+    template <>
+    void Digest<SHA,256>::Builder::finish(void *result, size_t resultSize) {
+        Assert(resultSize == kSizeInBytes);
+#ifdef USE_COMMON_CRYPTO
+        CC_SHA256_Final((uint8_t*)result, (CC_SHA256_CTX*)_context);
+#else
+        mbedtls_sha256_finish((mbedtls_sha256_context*)_context, (uint8_t*)result);
+        mbedtls_sha256_free((mbedtls_sha256_context*)_context);
+#endif
+    }
+
+
+    // Force the non-specialized methods to be instantiated:
+    template class Digest<SHA,256>;
+
 }

Crypto/SecureDigest.hh

@@ -12,66 +12,96 @@
 
 #pragma once
 #include "fleece/slice.hh"
+#include <array>
 #include <string>
 
 namespace litecore {
 
-    /// A SHA-1 digest.
-    class SHA1 {
+    enum DigestType {
+        SHA,
+    };
+
+
+    /// A cryptographic digest. Available instantiations are <SHA,1> and <SHA,256>.
+    /// (SHA384 and SHA512 could be added by doing some copy-and-pasting in the .cc file.)
+    template <DigestType TYPE, size_t SIZE>
+    class Digest {
     public:
-        SHA1()                               { memset(bytes, 0, sizeof(bytes)); }
+        class Builder;
+
+        Digest()                               {_bytes.fill(std::byte{0});}
+
+        /// Constructs instance with a digest of the data in `s`.
+        explicit Digest(fleece::slice s)       {computeFrom(s);}
 
-        /// Constructs instance with a SHA-1 digest of the data in `s`
-        explicit SHA1(fleece::slice s)       {computeFrom(s);}
+        inline Digest(Builder&&);
 
-        /// Computes a SHA-1 digest of the data
-        void computeFrom(fleece::slice);
+        /// Computes a digest of the data.
+        void computeFrom(fleece::slice data);
 
-        /// Stores a digest; returns false if slice is the wrong size
-        bool setDigest(fleece::slice);
+        /// Stores a digest; returns false if slice is the wrong size.
+        bool setDigest(fleece::slice digestData);
 
-        /// The digest as a slice
-        fleece::slice asSlice() const         {return {bytes, sizeof(bytes)};}
+        /// The digest as a slice.
+        fleece::slice asSlice() const         {return {_bytes.data(), _bytes.size()};}
         operator fleece::slice() const        {return asSlice();}
 
+        /// The digest encoded in Base64.
         std::string asBase64() const;
 
-        bool operator==(const SHA1 &x) const  {return memcmp(&bytes, &x.bytes, sizeof(bytes)) == 0;}
-        bool operator!= (const SHA1 &x) const {return !(*this == x);}
+        bool operator==(const Digest &x) const   {return _bytes == x._bytes;}
+        bool operator!=(const Digest &x) const   {return _bytes != x._bytes;}
 
     private:
-        char bytes[20];
+        static constexpr size_t kSizeInBytes = ((TYPE == SHA && SIZE == 1) ? 160 : SIZE) / 8;
 
-        friend class SHA1Builder;
+        std::array<std::byte,kSizeInBytes> _bytes;
     };
 
 
-    /// Builder for creating SHA-1 digests from piece-by-piece data.
-    class SHA1Builder {
+    /// Builder for creating digests incrementally from piece-by-piece data.
+    template <DigestType TYPE, size_t SIZE>
+    class Digest<TYPE, SIZE>::Builder {
     public:
-        SHA1Builder();
+        Builder();
 
-        /// Add a single byte
-        SHA1Builder& operator<< (fleece::slice s);
+        /// Adds data.
+        Builder& operator<< (fleece::slice s);
 
-        /// Add data
-        SHA1Builder& operator<< (uint8_t b)     {return *this << fleece::slice(&b, 1);}
+        /// Adds a single byte.
+        Builder& operator<< (uint8_t b)     {return *this << fleece::slice(&b, 1);}
 
-        /// Finish and write the digest to `result`. (Don't reuse the builder.)
+        /// Finishes and writes the digest.
+        /// @warning Don't reuse this builder.
+        /// @param result  The address to write the digest to.
+        /// @param resultSize  Must be equal to the size of a digest.
         void finish(void *result, size_t resultSize);
 
-        /// Finish and return the digest as a SHA1 object. (Don't reuse the builder.)
-        SHA1 finish() {
-            SHA1 result;
-            finish(&result.bytes, sizeof(result.bytes));
-            return result;
-        }
+        /// Finishes and returns the digest as a new object.
+        /// @warning Don't reuse this builder.
+        Digest finish()                     {return Digest(std::move(*this));}
 
     private:
-        uint8_t _context[100];  // big enough to hold any platform's context struct
+        std::byte _context[110];  // big enough to hold any platform's context struct
     };
 
 
+    template<DigestType TYPE, size_t SIZE>
+    Digest<TYPE, SIZE>::Digest(Builder &&builder) {
+        builder.finish(_bytes.data(), _bytes.size());
+    }
+
+    template <DigestType TYPE, size_t SIZE>
+    void Digest<TYPE,SIZE>::computeFrom(fleece::slice s) {
+        (Builder() << s).finish(_bytes.data(), _bytes.size());
+    }
+
+
+    // Shorthand names:
+    using SHA1        = Digest<SHA,1>;
+    using SHA1Builder = Digest<SHA,1>::Builder;
+
+    using SHA256      = Digest<SHA,256>;
 }