Re: [PATCH v3 10/12] Add a base implementation of SHA-256 support
"brian m. carlson" writes: > SHA-1 is weak and we need to transition to a new hash function. For > some time, we have referred to this new function as NewHash. Recently, > we decided to pick SHA-256 as NewHash. Even if we have decided to not repeat the reasoning behind the need to switch away from SHA-1, and the choice of SHA-256 as NewHash, I think we should provide _references_ to those discussion (either to the mailing list via public-inbox, or via Git Rev News articles). So the above paragraph would be: SHA-1 is weak and we need to transition to a new hash function [1]. For some time, we have referred to this new function as NewHash. Recently, we decided to pick SHA-256 as NewHash [2]. [1]: [2]: > > Add a basic implementation of SHA-256 based off libtomcrypt, which is in > the public domain. Optimize it and restructure it to meet our coding > standards. Pull in the update and final functions from the SHA-1 block > implementation, as we know these function correctly with all compilers. > This implementation is slower than SHA-1, but more performant > implementations will be introduced in future commits. > > Wire up SHA-256 in the list of hash algorithms, and add a test that the > algorithm works correctly. > > Note that with this patch, it is still not possible to switch to using > SHA-256 in Git. Additional patches are needed to prepare the code to > handle a larger hash algorithm and further test fixes are needed. > > Signed-off-by: brian m. carlson Best, -- Jakub Narębski
Re: [PATCH v3 10/12] Add a base implementation of SHA-256 support
On Mon, Oct 22, 2018 at 11:44:40AM +0200, SZEDER Gábor wrote: > To protect us from potential "macro redefinition" errors, these > #undefs should come before the #defines above. Note also that BLKSIZE > is not #undef-ed. Ah, okay. I think I misread your suggestion. I'll see if anyone has more comments, and then reroll with that change. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204 signature.asc Description: PGP signature
Re: [PATCH v3 10/12] Add a base implementation of SHA-256 support
On Mon, Oct 22, 2018 at 02:43:40AM +, brian m. carlson wrote: > diff --git a/sha256/block/sha256.c b/sha256/block/sha256.c > new file mode 100644 > index 00..683bc6e39b > --- /dev/null > +++ b/sha256/block/sha256.c > @@ -0,0 +1,186 @@ > +#include "git-compat-util.h" > +#include "./sha256.h" > + > +#define BLKSIZE blk_SHA256_BLKSIZE [...] > +#define Ch(x,y,z) (z ^ (x & (y ^ z))) > +#define Maj(x,y,z) (((x | y) & z) | (x & y)) > +#define S(x, n) ror((x),(n)) > +#define R(x, n) ((x)>>(n)) > +#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) > +#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) > +#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) > +#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) [...] > +#define RND(a,b,c,d,e,f,g,h,i,ki)\ > + t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ > + t1 = Sigma0(a) + Maj(a, b, c); \ > + d += t0;\ > + h = t0 + t1; [...] > +#undef RND > +#undef Ch > +#undef Maj > +#undef S > +#undef R > +#undef Sigma0 > +#undef Sigma1 > +#undef Gamma0 > +#undef Gamma1 To protect us from potential "macro redefinition" errors, these #undefs should come before the #defines above. Note also that BLKSIZE is not #undef-ed.
[PATCH v3 10/12] Add a base implementation of SHA-256 support
SHA-1 is weak and we need to transition to a new hash function. For some time, we have referred to this new function as NewHash. Recently, we decided to pick SHA-256 as NewHash. Add a basic implementation of SHA-256 based off libtomcrypt, which is in the public domain. Optimize it and restructure it to meet our coding standards. Pull in the update and final functions from the SHA-1 block implementation, as we know these function correctly with all compilers. This implementation is slower than SHA-1, but more performant implementations will be introduced in future commits. Wire up SHA-256 in the list of hash algorithms, and add a test that the algorithm works correctly. Note that with this patch, it is still not possible to switch to using SHA-256 in Git. Additional patches are needed to prepare the code to handle a larger hash algorithm and further test fixes are needed. Signed-off-by: brian m. carlson --- Makefile | 4 + cache.h| 12 ++- hash.h | 19 - sha1-file.c| 45 ++ sha256/block/sha256.c | 186 + sha256/block/sha256.h | 26 ++ t/helper/test-sha256.c | 7 ++ t/helper/test-tool.c | 1 + t/helper/test-tool.h | 1 + t/t0015-hash.sh| 25 ++ 10 files changed, 322 insertions(+), 4 deletions(-) create mode 100644 sha256/block/sha256.c create mode 100644 sha256/block/sha256.h create mode 100644 t/helper/test-sha256.c diff --git a/Makefile b/Makefile index 68169a7abb..e99b7712f6 100644 --- a/Makefile +++ b/Makefile @@ -739,6 +739,7 @@ TEST_BUILTINS_OBJS += test-run-command.o TEST_BUILTINS_OBJS += test-scrap-cache-tree.o TEST_BUILTINS_OBJS += test-sha1.o TEST_BUILTINS_OBJS += test-sha1-array.o +TEST_BUILTINS_OBJS += test-sha256.o TEST_BUILTINS_OBJS += test-sigchain.o TEST_BUILTINS_OBJS += test-strcmp-offset.o TEST_BUILTINS_OBJS += test-string-list.o @@ -1633,6 +1634,9 @@ endif endif endif +LIB_OBJS += sha256/block/sha256.o +BASIC_CFLAGS += -DSHA256_BLK + ifdef SHA1_MAX_BLOCK_SIZE LIB_OBJS += compat/sha1-chunked.o BASIC_CFLAGS += -DSHA1_MAX_BLOCK_SIZE="$(SHA1_MAX_BLOCK_SIZE)" diff --git a/cache.h b/cache.h index 9e5d1dd85a..48ce1565e6 100644 --- a/cache.h +++ b/cache.h @@ -48,11 +48,17 @@ unsigned long git_deflate_bound(git_zstream *, unsigned long); /* The block size of SHA-1. */ #define GIT_SHA1_BLKSZ 64 +/* The length in bytes and in hex digits of an object name (SHA-256 value). */ +#define GIT_SHA256_RAWSZ 32 +#define GIT_SHA256_HEXSZ (2 * GIT_SHA256_RAWSZ) +/* The block size of SHA-256. */ +#define GIT_SHA256_BLKSZ 64 + /* The length in byte and in hex digits of the largest possible hash value. */ -#define GIT_MAX_RAWSZ GIT_SHA1_RAWSZ -#define GIT_MAX_HEXSZ GIT_SHA1_HEXSZ +#define GIT_MAX_RAWSZ GIT_SHA256_RAWSZ +#define GIT_MAX_HEXSZ GIT_SHA256_HEXSZ /* The largest possible block size for any supported hash. */ -#define GIT_MAX_BLKSZ GIT_SHA1_BLKSZ +#define GIT_MAX_BLKSZ GIT_SHA256_BLKSZ struct object_id { unsigned char hash[GIT_MAX_RAWSZ]; diff --git a/hash.h b/hash.h index 1bcf7ab6fd..a9bc624020 100644 --- a/hash.h +++ b/hash.h @@ -15,6 +15,8 @@ #include "block-sha1/sha1.h" #endif +#include "sha256/block/sha256.h" + #ifndef platform_SHA_CTX /* * platform's underlying implementation of SHA-1; could be OpenSSL, @@ -34,6 +36,18 @@ #define git_SHA1_Updateplatform_SHA1_Update #define git_SHA1_Final platform_SHA1_Final +#ifndef platform_SHA256_CTX +#define platform_SHA256_CTXSHA256_CTX +#define platform_SHA256_Init SHA256_Init +#define platform_SHA256_Update SHA256_Update +#define platform_SHA256_Final SHA256_Final +#endif + +#define git_SHA256_CTX platform_SHA256_CTX +#define git_SHA256_Initplatform_SHA256_Init +#define git_SHA256_Update platform_SHA256_Update +#define git_SHA256_Final platform_SHA256_Final + #ifdef SHA1_MAX_BLOCK_SIZE #include "compat/sha1-chunked.h" #undef git_SHA1_Update @@ -52,12 +66,15 @@ #define GIT_HASH_UNKNOWN 0 /* SHA-1 */ #define GIT_HASH_SHA1 1 +/* SHA-256 */ +#define GIT_HASH_SHA256 2 /* Number of algorithms supported (including unknown). */ -#define GIT_HASH_NALGOS (GIT_HASH_SHA1 + 1) +#define GIT_HASH_NALGOS (GIT_HASH_SHA256 + 1) /* A suitably aligned type for stack allocations of hash contexts. */ union git_hash_ctx { git_SHA_CTX sha1; + git_SHA256_CTX sha256; }; typedef union git_hash_ctx git_hash_ctx; diff --git a/sha1-file.c b/sha1-file.c index 9bdd04ea45..c97d93a14a 100644 --- a/sha1-file.c +++ b/sha1-file.c @@ -40,10 +40,20 @@ #define EMPTY_TREE_SHA1_BIN_LITERAL \ "\x4b\x82\x5d\xc6\x42\xcb\x6e\xb9\xa0\x60" \ "\xe5\x4b\xf8\xd6\x92\x88\xfb\xee\x49\x04" +#define EMPTY_TREE_SHA256_BIN_LITERAL \ + "\x6e\xf1\x9b\x41\x22\x5c\x53\x69\xf1\xc1" \ + "\x04\xd4\x5d\x8d\x85\xef\xa9\xb0\x57\xb5" \ + "\x3b\x14\xb4\xb9\xb9\x39\xdd\x74\xde\xcc" \