implement crypto.sha256 + some crypto cleanup

pull/1226/head
joe-conigliaro 2019-07-18 18:50:05 +10:00 committed by Alexander Medvednikov
parent c0911ea74b
commit 43070412f7
8 changed files with 424 additions and 38 deletions

View File

@ -48,7 +48,7 @@ fn (d mut Digest) reset() {
d.len = u64(0) d.len = u64(0)
} }
// new returns a new hash.Hash computing the MD5 checksum. // new returns a new Digest (implementing hash.Hash) computing the MD5 checksum.
pub fn new() *Digest { pub fn new() *Digest {
mut d := &Digest{} mut d := &Digest{}
d.reset() d.reset()

View File

@ -17,6 +17,7 @@ fn block_generic(dig &Digest, p []byte) {
mut b := dig.s[1] mut b := dig.s[1]
mut c := dig.s[2] mut c := dig.s[2]
mut d := dig.s[3] mut d := dig.s[3]
for i := 0; i <= p.len-BlockSize; i += BlockSize { for i := 0; i <= p.len-BlockSize; i += BlockSize {
mut q := p.right(i) mut q := p.right(i)
q = q.left(BlockSize) q = q.left(BlockSize)

View File

@ -0,0 +1,218 @@
// Copyright (c) 2019 Alexander Medvednikov. All rights reserved.
// Use of this source code is governed by an MIT license
// that can be found in the LICENSE file.
// Package sha256 implements the SHA224 and SHA256 hash algorithms as defined
// in FIPS 180-4.
// Adaped from https://github.com/golang/go/tree/master/src/crypto/sha256
module sha256
import math
import encoding.binary
const (
// The size of a SHA256 checksum in bytes.
Size = 32
// The size of a SHA224 checksum in bytes.
Size224 = 28
// The blocksize of SHA256 and SHA224 in bytes.
BlockSize = 64
)
const (
Chunk = 64
Init0 = 0x6A09E667
Init1 = 0xBB67AE85
Init2 = 0x3C6EF372
Init3 = 0xA54FF53A
Init4 = 0x510E527F
Init5 = 0x9B05688C
Init6 = 0x1F83D9AB
Init7 = 0x5BE0CD19
Init0_224 = 0xC1059ED8
Init1_224 = 0x367CD507
Init2_224 = 0x3070DD17
Init3_224 = 0xF70E5939
Init4_224 = 0xFFC00B31
Init5_224 = 0x68581511
Init6_224 = 0x64F98FA7
Init7_224 = 0xBEFA4FA4
)
// digest represents the partial evaluation of a checksum.
struct Digest {
mut:
h []u32
x []byte
nx int
len u64
is224 bool // mark if this digest is SHA-224
}
fn (d &Digest) reset() {
d.h = [u32(0); 8]
d.x = [byte(0); Chunk]
if !d.is224 {
d.h[0] = u32(Init0)
d.h[1] = u32(Init1)
d.h[2] = u32(Init2)
d.h[3] = u32(Init3)
d.h[4] = u32(Init4)
d.h[5] = u32(Init5)
d.h[6] = u32(Init6)
d.h[7] = u32(Init7)
} else {
d.h[0] = u32(Init0_224)
d.h[1] = u32(Init1_224)
d.h[2] = u32(Init2_224)
d.h[3] = u32(Init3_224)
d.h[4] = u32(Init4_224)
d.h[5] = u32(Init5_224)
d.h[6] = u32(Init6_224)
d.h[7] = u32(Init7_224)
}
d.nx = 0
d.len = u64(0)
}
// new returns a new Digest (implementing hash.Hash) computing the SHA256 checksum.
pub fn new() *Digest {
mut d := &Digest{}
d.reset()
return d
}
// new224 returns a new Digest (implementing hash.Hash) computing the SHA224 checksum.
pub fn new224() *Digest {
mut d := &Digest{}
d.is224 = true
d.reset()
return d
}
fn (d mut Digest) write(p []byte) ?int {
nn := p.len
d.len += u64(nn)
if d.nx > 0 {
n := int(math.min(f64(d.x.len), f64(p.len)))
for i:=0; i<n; i++ {
d.x.set(i+d.nx, p[i])
}
d.nx += n
if d.nx == Chunk {
block(d, d.x)
d.nx = 0
}
if n >= p.len {
p = []byte
} else {
p = p.right(n)
}
}
if p.len >= Chunk {
n := p.len &~ (Chunk - 1)
block(d, p.left(n))
if n >= p.len {
p = []byte
} else {
p = p.right(n)
}
}
if p.len > 0 {
d.nx = int(math.min(f64(d.x.len), f64(p.len)))
for i:=0; i<d.nx; i++ {
d.x.set(i, p[i])
}
}
return nn
}
fn (d &Digest) sum(b_in mut []byte) []byte {
// Make a copy of d so that caller can keep writing and summing.
mut d0 := *d
hash := d0.checksum()
if d0.is224 {
for b in hash.left(Size224) {
b_in << b
}
} else {
for b in hash {
b_in << b
}
}
return *b_in
}
fn (d mut Digest) checksum() []byte {
mut len := d.len
// Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
mut tmp := [byte(0); 64]
tmp[0] = 0x80
if int(len)%64 < 56 {
d.write(tmp.left(56-int(len)%64))
} else {
d.write(tmp.left(64+56-int(len)%64))
}
// Length in bits.
len <<= u64(3)
binary.big_endian_put_u64(tmp, len)
d.write(tmp.left(8))
if d.nx != 0 {
panic('d.nx != 0')
}
digest := [byte(0); Size]
binary.big_endian_put_u32(digest, d.h[0])
binary.big_endian_put_u32(digest.right(4), d.h[1])
binary.big_endian_put_u32(digest.right(8), d.h[2])
binary.big_endian_put_u32(digest.right(12), d.h[3])
binary.big_endian_put_u32(digest.right(16), d.h[4])
binary.big_endian_put_u32(digest.right(20), d.h[5])
binary.big_endian_put_u32(digest.right(24), d.h[6])
if !d.is224 {
binary.big_endian_put_u32(digest.right(28), d.h[7])
}
return digest
}
// sum256 returns the SHA256 checksum of the data.
pub fn sum(data []byte) []byte {
return sum256(data)
}
// sum256 returns the SHA256 checksum of the data.
pub fn sum256(data []byte) []byte {
mut d := new()
d.write(data)
return d.checksum()
}
// sum224 returns the SHA224 checksum of the data.
pub fn sum224(data []byte) []byte {
mut d := new224()
d.write(data)
sum := d.checksum()
sum224 := sum.left(Size224)
return sum224
}
fn block(dig &Digest, p []byte) {
// For now just use block_generic until we have specific
// architecture optimized versions
block_generic(dig, p)
}
pub fn (d &Digest) size() int {
if !d.is224 {
return Size
}
return Size224
}
pub fn (d &Digest) block_size() int { return BlockSize }

View File

@ -0,0 +1,9 @@
// Copyright (c) 2019 Alexander Medvednikov. All rights reserved.
// Use of this source code is governed by an MIT license
// that can be found in the LICENSE file.
import crypto.sha256
fn test_crypto_sha256() {
assert sha256.sum('This is a sha256 checksum.'.bytes()).hex() == 'DC7163299659529EAE29683EB1FFEC50D6C8FC7275ECB10C145FDE0E125B8727'
}

View File

@ -0,0 +1,158 @@
// Copyright (c) 2019 Alexander Medvednikov. All rights reserved.
// Use of this source code is governed by an MIT license
// that can be found in the LICENSE file.
// SHA256 block step.
// This is the generic version with no architecture optimizations.
// In its own file so that an architecture
// optimized verision can be substituted
module sha256
import math.bits
const (
_K = [
0x428a2f98,
0x71374491,
0xb5c0fbcf,
0xe9b5dba5,
0x3956c25b,
0x59f111f1,
0x923f82a4,
0xab1c5ed5,
0xd807aa98,
0x12835b01,
0x243185be,
0x550c7dc3,
0x72be5d74,
0x80deb1fe,
0x9bdc06a7,
0xc19bf174,
0xe49b69c1,
0xefbe4786,
0x0fc19dc6,
0x240ca1cc,
0x2de92c6f,
0x4a7484aa,
0x5cb0a9dc,
0x76f988da,
0x983e5152,
0xa831c66d,
0xb00327c8,
0xbf597fc7,
0xc6e00bf3,
0xd5a79147,
0x06ca6351,
0x14292967,
0x27b70a85,
0x2e1b2138,
0x4d2c6dfc,
0x53380d13,
0x650a7354,
0x766a0abb,
0x81c2c92e,
0x92722c85,
0xa2bfe8a1,
0xa81a664b,
0xc24b8b70,
0xc76c51a3,
0xd192e819,
0xd6990624,
0xf40e3585,
0x106aa070,
0x19a4c116,
0x1e376c08,
0x2748774c,
0x34b0bcb5,
0x391c0cb3,
0x4ed8aa4a,
0x5b9cca4f,
0x682e6ff3,
0x748f82ee,
0x78a5636f,
0x84c87814,
0x8cc70208,
0x90befffa,
0xa4506ceb,
0xbef9a3f7,
0xc67178f2,
]
)
fn block_generic(dig &Digest, p []byte) {
mut w := [u32(0); 64]
mut h0 := dig.h[0]
mut h1 := dig.h[1]
mut h2 := dig.h[2]
mut h3 := dig.h[3]
mut h4 := dig.h[4]
mut h5 := dig.h[5]
mut h6 := dig.h[6]
mut h7 := dig.h[7]
for p.len >= Chunk {
// Can interlace the computation of w with the
// rounds below if needed for speed.
for i := 0; i < 16; i++ {
j := i * 4
w[i] = u32(u32(p[j])<<u32(24)) | u32(u32(p[j+1])<<u32(16)) | u32(u32(p[j+2])<<u32(8)) | u32(p[j+3])
}
for i := 16; i < 64; i++ {
v1 := w[i-2]
t1 := (bits.rotate_left_32(v1, -17)) ^ (bits.rotate_left_32(v1, -19)) ^ u32((v1 >> u32(10)))
v2 := w[i-15]
t2 := (bits.rotate_left_32(v2, -7)) ^ (bits.rotate_left_32(v2, -18)) ^ u32((v2 >> u32(3)))
w[i] = t1 + w[i-7] + t2 + w[i-16]
}
mut a := h0
mut b := h1
mut c := h2
mut d := h3
mut e := h4
mut f := h5
mut g := h6
mut h := h7
for i := 0; i < 64; i++ {
t1 := h + ((bits.rotate_left_32(e, -6)) ^ (bits.rotate_left_32(e, -11)) ^ (bits.rotate_left_32(e, -25))) + ((e & f) ^ (~e & g)) + u32(_K[i]) + w[i]
t2 := ((bits.rotate_left_32(a, -2)) ^ (bits.rotate_left_32(a, -13)) ^ (bits.rotate_left_32(a, -22))) + ((a & b) ^ (a & c) ^ (b & c))
h = g
g = f
f = e
e = d + t1
d = c
c = b
b = a
a = t1 + t2
}
h0 += a
h1 += b
h2 += c
h3 += d
h4 += e
h5 += f
h6 += g
h7 += h
if Chunk >= p.len {
p = []byte
} else {
p = p.right(Chunk)
}
}
dig.h[0] = h0
dig.h[1] = h1
dig.h[2] = h2
dig.h[3] = h3
dig.h[4] = h4
dig.h[5] = h5
dig.h[6] = h6
dig.h[7] = h7
}

View File

@ -5,7 +5,7 @@
// Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 // Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256
// hash algorithms as defined in FIPS 180-4. // hash algorithms as defined in FIPS 180-4.
// Adaped from https://github.com/golang/go/tree/master/src/crypto/sha256 // Adaped from https://github.com/golang/go/tree/master/src/crypto/sha512
module sha512 module sha512
@ -65,8 +65,6 @@ const (
// digest represents the partial evaluation of a checksum. // digest represents the partial evaluation of a checksum.
struct Digest { struct Digest {
// h [8]uint64
// x [chunk]byte
mut: mut:
h []u64 h []u64
x []byte x []byte
@ -173,22 +171,22 @@ fn _new(hash crypto.Hash) *Digest {
return d return d
} }
// new returns a new hash.Hash computing the SHA-512 checksum. // new returns a new Digest (implementing hash.Hash) computing the SHA-512 checksum.
pub fn new() *Digest { pub fn new() *Digest {
return _new(crypto.Hash.SHA512) return _new(crypto.Hash.SHA512)
} }
// new512_224 returns a new hash.Hash computing the SHA-512/224 checksum. // new512_224 returns a new Digest (implementing hash.Hash) computing the SHA-512/224 checksum.
fn new512_224() *Digest { fn new512_224() *Digest {
return _new(crypto.Hash.SHA512_224) return _new(crypto.Hash.SHA512_224)
} }
// new512_256 returns a new hash.Hash computing the SHA-512/256 checksum. // new512_256 returns a new Digest (implementing hash.Hash) computing the SHA-512/256 checksum.
fn new512_256() *Digest { fn new512_256() *Digest {
return _new(crypto.Hash.SHA512_256) return _new(crypto.Hash.SHA512_256)
} }
// new384 returns a new hash.Hash computing the SHA-384 checksum. // new384 returns a new Digest (implementing hash.Hash) computing the SHA-384 checksum.
fn new384() *Digest { fn new384() *Digest {
return _new(crypto.Hash.SHA384) return _new(crypto.Hash.SHA384)
} }

View File

@ -180,6 +180,7 @@ fn block_generic(dig &Digest, p []byte) {
] ]
mut w := [u64(0); 80] mut w := [u64(0); 80]
mut h0 := dig.h[0] mut h0 := dig.h[0]
mut h1 := dig.h[1] mut h1 := dig.h[1]
mut h2 := dig.h[2] mut h2 := dig.h[2]
@ -188,6 +189,7 @@ fn block_generic(dig &Digest, p []byte) {
mut h5 := dig.h[5] mut h5 := dig.h[5]
mut h6 := dig.h[6] mut h6 := dig.h[6]
mut h7 := dig.h[7] mut h7 := dig.h[7]
for p.len >= Chunk { for p.len >= Chunk {
for i := 0; i < 16; i++ { for i := 0; i < 16; i++ {
j := i * 8 j := i * 8