Re: [PATCH v3 10/12] Add a base implementation of SHA-256 support
"brian m. carlson" writes: > SHA-1 is weak and we need to transition to a new hash function. For > some time, we have referred to this new function as NewHash. Recently, > we decided to pick SHA-256 as NewHash. Even if we have decided to not repeat the reasoning behind the need to switch away from SHA-1, and the choice of SHA-256 as NewHash, I think we should provide _references_ to those discussion (either to the mailing list via public-inbox, or via Git Rev News articles). So the above paragraph would be: SHA-1 is weak and we need to transition to a new hash function [1]. For some time, we have referred to this new function as NewHash. Recently, we decided to pick SHA-256 as NewHash [2]. [1]: [2]: > > Add a basic implementation of SHA-256 based off libtomcrypt, which is in > the public domain. Optimize it and restructure it to meet our coding > standards. Pull in the update and final functions from the SHA-1 block > implementation, as we know these function correctly with all compilers. > This implementation is slower than SHA-1, but more performant > implementations will be introduced in future commits. > > Wire up SHA-256 in the list of hash algorithms, and add a test that the > algorithm works correctly. > > Note that with this patch, it is still not possible to switch to using > SHA-256 in Git. Additional patches are needed to prepare the code to > handle a larger hash algorithm and further test fixes are needed. > > Signed-off-by: brian m. carlson Best, -- Jakub Narębski
Re: [PATCH v3 10/12] Add a base implementation of SHA-256 support
On Mon, Oct 22, 2018 at 11:44:40AM +0200, SZEDER Gábor wrote: > To protect us from potential "macro redefinition" errors, these > #undefs should come before the #defines above. Note also that BLKSIZE > is not #undef-ed. Ah, okay. I think I misread your suggestion. I'll see if anyone has more comments, and then reroll with that change. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204 signature.asc Description: PGP signature
Re: [PATCH v3 10/12] Add a base implementation of SHA-256 support
On Mon, Oct 22, 2018 at 02:43:40AM +, brian m. carlson wrote: > diff --git a/sha256/block/sha256.c b/sha256/block/sha256.c > new file mode 100644 > index 00..683bc6e39b > --- /dev/null > +++ b/sha256/block/sha256.c > @@ -0,0 +1,186 @@ > +#include "git-compat-util.h" > +#include "./sha256.h" > + > +#define BLKSIZE blk_SHA256_BLKSIZE [...] > +#define Ch(x,y,z) (z ^ (x & (y ^ z))) > +#define Maj(x,y,z) (((x | y) & z) | (x & y)) > +#define S(x, n) ror((x),(n)) > +#define R(x, n) ((x)>>(n)) > +#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) > +#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) > +#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) > +#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) [...] > +#define RND(a,b,c,d,e,f,g,h,i,ki)\ > + t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ > + t1 = Sigma0(a) + Maj(a, b, c); \ > + d += t0;\ > + h = t0 + t1; [...] > +#undef RND > +#undef Ch > +#undef Maj > +#undef S > +#undef R > +#undef Sigma0 > +#undef Sigma1 > +#undef Gamma0 > +#undef Gamma1 To protect us from potential "macro redefinition" errors, these #undefs should come before the #defines above. Note also that BLKSIZE is not #undef-ed.
[PATCH v3 10/12] Add a base implementation of SHA-256 support
SHA-1 is weak and we need to transition to a new hash function. For
some time, we have referred to this new function as NewHash. Recently,
we decided to pick SHA-256 as NewHash.
Add a basic implementation of SHA-256 based off libtomcrypt, which is in
the public domain. Optimize it and restructure it to meet our coding
standards. Pull in the update and final functions from the SHA-1 block
implementation, as we know these function correctly with all compilers.
This implementation is slower than SHA-1, but more performant
implementations will be introduced in future commits.
Wire up SHA-256 in the list of hash algorithms, and add a test that the
algorithm works correctly.
Note that with this patch, it is still not possible to switch to using
SHA-256 in Git. Additional patches are needed to prepare the code to
handle a larger hash algorithm and further test fixes are needed.
Signed-off-by: brian m. carlson
---
Makefile | 4 +
cache.h| 12 ++-
hash.h | 19 -
sha1-file.c| 45 ++
sha256/block/sha256.c | 186 +
sha256/block/sha256.h | 26 ++
t/helper/test-sha256.c | 7 ++
t/helper/test-tool.c | 1 +
t/helper/test-tool.h | 1 +
t/t0015-hash.sh| 25 ++
10 files changed, 322 insertions(+), 4 deletions(-)
create mode 100644 sha256/block/sha256.c
create mode 100644 sha256/block/sha256.h
create mode 100644 t/helper/test-sha256.c
diff --git a/Makefile b/Makefile
index 68169a7abb..e99b7712f6 100644
--- a/Makefile
+++ b/Makefile
@@ -739,6 +739,7 @@ TEST_BUILTINS_OBJS += test-run-command.o
TEST_BUILTINS_OBJS += test-scrap-cache-tree.o
TEST_BUILTINS_OBJS += test-sha1.o
TEST_BUILTINS_OBJS += test-sha1-array.o
+TEST_BUILTINS_OBJS += test-sha256.o
TEST_BUILTINS_OBJS += test-sigchain.o
TEST_BUILTINS_OBJS += test-strcmp-offset.o
TEST_BUILTINS_OBJS += test-string-list.o
@@ -1633,6 +1634,9 @@ endif
endif
endif
+LIB_OBJS += sha256/block/sha256.o
+BASIC_CFLAGS += -DSHA256_BLK
+
ifdef SHA1_MAX_BLOCK_SIZE
LIB_OBJS += compat/sha1-chunked.o
BASIC_CFLAGS += -DSHA1_MAX_BLOCK_SIZE="$(SHA1_MAX_BLOCK_SIZE)"
diff --git a/cache.h b/cache.h
index 9e5d1dd85a..48ce1565e6 100644
--- a/cache.h
+++ b/cache.h
@@ -48,11 +48,17 @@ unsigned long git_deflate_bound(git_zstream *, unsigned
long);
/* The block size of SHA-1. */
#define GIT_SHA1_BLKSZ 64
+/* The length in bytes and in hex digits of an object name (SHA-256 value). */
+#define GIT_SHA256_RAWSZ 32
+#define GIT_SHA256_HEXSZ (2 * GIT_SHA256_RAWSZ)
+/* The block size of SHA-256. */
+#define GIT_SHA256_BLKSZ 64
+
/* The length in byte and in hex digits of the largest possible hash value. */
-#define GIT_MAX_RAWSZ GIT_SHA1_RAWSZ
-#define GIT_MAX_HEXSZ GIT_SHA1_HEXSZ
+#define GIT_MAX_RAWSZ GIT_SHA256_RAWSZ
+#define GIT_MAX_HEXSZ GIT_SHA256_HEXSZ
/* The largest possible block size for any supported hash. */
-#define GIT_MAX_BLKSZ GIT_SHA1_BLKSZ
+#define GIT_MAX_BLKSZ GIT_SHA256_BLKSZ
struct object_id {
unsigned char hash[GIT_MAX_RAWSZ];
diff --git a/hash.h b/hash.h
index 1bcf7ab6fd..a9bc624020 100644
--- a/hash.h
+++ b/hash.h
@@ -15,6 +15,8 @@
#include "block-sha1/sha1.h"
#endif
+#include "sha256/block/sha256.h"
+
#ifndef platform_SHA_CTX
/*
* platform's underlying implementation of SHA-1; could be OpenSSL,
@@ -34,6 +36,18 @@
#define git_SHA1_Updateplatform_SHA1_Update
#define git_SHA1_Final platform_SHA1_Final
+#ifndef platform_SHA256_CTX
+#define platform_SHA256_CTXSHA256_CTX
+#define platform_SHA256_Init SHA256_Init
+#define platform_SHA256_Update SHA256_Update
+#define platform_SHA256_Final SHA256_Final
+#endif
+
+#define git_SHA256_CTX platform_SHA256_CTX
+#define git_SHA256_Initplatform_SHA256_Init
+#define git_SHA256_Update platform_SHA256_Update
+#define git_SHA256_Final platform_SHA256_Final
+
#ifdef SHA1_MAX_BLOCK_SIZE
#include "compat/sha1-chunked.h"
#undef git_SHA1_Update
@@ -52,12 +66,15 @@
#define GIT_HASH_UNKNOWN 0
/* SHA-1 */
#define GIT_HASH_SHA1 1
+/* SHA-256 */
+#define GIT_HASH_SHA256 2
/* Number of algorithms supported (including unknown). */
-#define GIT_HASH_NALGOS (GIT_HASH_SHA1 + 1)
+#define GIT_HASH_NALGOS (GIT_HASH_SHA256 + 1)
/* A suitably aligned type for stack allocations of hash contexts. */
union git_hash_ctx {
git_SHA_CTX sha1;
+ git_SHA256_CTX sha256;
};
typedef union git_hash_ctx git_hash_ctx;
diff --git a/sha1-file.c b/sha1-file.c
index 9bdd04ea45..c97d93a14a 100644
--- a/sha1-file.c
+++ b/sha1-file.c
@@ -40,10 +40,20 @@
#define EMPTY_TREE_SHA1_BIN_LITERAL \
"\x4b\x82\x5d\xc6\x42\xcb\x6e\xb9\xa0\x60" \
"\xe5\x4b\xf8\xd6\x92\x88\xfb\xee\x49\x04"
+#define EMPTY_TREE_SHA256_BIN_LITERAL \
+ "\x6e\xf1\x9b\x41\x22\x5c\x53\x69\xf1\xc1" \
+ "\x04\xd4\x5d\x8d\x85\xef\xa9\xb0\x57\xb5" \
+ "\x3b\x14\xb4\xb9\xb9\x39\xdd\x74\xde\xcc" \
