I think I understand what you are trying to say, but P and NP are not the right terms.  Those concepts are irrelevant for practical cryptography.  Going strictly by the definitions, since the output has fixed size, inverting SHA256 is not only P, but actually O(1). 

Complexity theory (where one defines P and NP) has nothing useful to say about computations in a finite domain, no matter how big.  Even the Halting problem is solvable, and O(1), in that setting.

The practical robustness of cryptographic tools like SHA is supported only by empirical tests: basically, lots of people try lots of possible attacks; after a few years, if no one finds a weakness, then it is assumed to be robust.