Version: Next

SHA-256

Algorithm

SHA-256 (FIPS 180-4, SHS family) is a 256-bit Merkle–Damgård hash built from a 512-bit block compression function. It is the workhorse digest for TLS 1.2 transcripts, HKDF labels when SHA-256 is selected, and general-purpose integrity.

Purpose

NoxTLS exposes SHA-256 as a one-shot function and as a streaming Sha256 hasher.

Rust API

Crate: noxtls-crypto
Module path (conceptual): noxtls_crypto::hash (re-exported at crate root)
Primary symbols:
- noxtls_sha256
- Sha256
- Digest

Functions and types:

noxtls_sha256(data: &[u8]) -> [u8; 32] - Parameters: data is the full byte slice to hash. Behavior: computes SHA-256 in one pass. Returns: [u8; 32] digest bytes.
Sha256 - Parameters: hasher state is managed through update(&[u8]) calls and consumed by finalize(). Behavior: supports incremental hashing for chunked inputs. Returns: finalize() yields Vec<u8> containing 32 digest bytes.

Feature flags and policy

Default.

Examples

One-shot digest

use noxtls_crypto::noxtls_sha256;

let digest: [u8; 32] = noxtls_sha256(b"hello, noxtls");
assert_eq!(digest.len(), 32);

Streaming (chunked input)

use noxtls_crypto::{Digest, Sha256};

let mut hasher = Sha256::new();
hasher.update(b"first chunk");
hasher.update(b"second chunk");
let digest_vec = hasher.finalize();
assert_eq!(digest_vec.len(), 32);

The streaming finalize path returns a Vec<u8>; enable the alloc feature on no_std builds that use heap allocation.

Security and compatibility

Use SHA-256 as the default digest for new integrity checks and modern TLS-related tooling.

Algorithm​

Purpose​

Rust API​

Feature flags and policy​

Examples​

One-shot digest​

Streaming (chunked input)​

Security and compatibility​

Related​