In [18]:
# NumPy.
import numpy as np

# Set NumPy to ignore overflow warnings for cleaner output during bitwise operations.
np.seterr(over='ignore')

{'divide': 'warn', 'over': 'ignore', 'under': 'ignore', 'invalid': 'warn'}

Problem 4: Hashes


In [19]:
# Problem 4

# Problem 1: Helper

- Functions implemented: `Ch(x, y, z)`, `Maj(x, y, z)`, `Rotr(x, n)`, `Shr(x, n)`, `Sigma0(x)`, `Sigma1(x)`, `sigma0(x)`, `sigma1(x)`

In [20]:
# Ch selects bits from y or z based on x: (x AND y) XOR (NOT x AND z), 32-bit ops.
def Ch(x, y, z):
    """
    Implements the Ch (Choose) function defined in the Secure Hash Standard.
    Ch(x, y, z) = (x AND y) XOR (NOT x AND z)
    All operations are done as 32-bit integers.
    """
    # Convert inputs to 32-bit integers to ensure correct bitwise operations.
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    # Perform the Ch operation and return the result as a 32-bit integer.
    return np.uint32((x & y) ^ (~x & z))

In [21]:
# Maj returns 1 if at least two inputs are 1, else 0.
def Maj(x, y, z):
    """
    Implements the Maj (Majority) function defined in the Secure Hash Standard.
    Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
    All operations are done as 32-bit integers.
    """
    # Convert inputs to 32-bit integers to ensure correct bitwise operations.
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    # Perform the Maj operation and return the result as a 32-bit integer.
    return np.uint32((x & y) ^ (x & z) ^ (y & z))

In [22]:
# Rotr rotates bits of x to the right by n positions, 32-bit ops.
def Rotr(x, num):
    """
    Implements the Rotr (Rotate right) function defined in the Secure Hash Standard.
    Rotr(n, x) = (x right rotated by n bits)
    All operations are done as 32-bit integers.
    """
    # Convert input to 32-bit integer to ensure correct bitwise operations.
    return np.uint32((x >> num) | (x << (32 - num)))

In [23]:
# Shr shifts bits of x to the right by n positions, 32-bit ops.
def Shr(x, num):
    """
    Implements the Shr (Shift right) function defined in the Secure Hash Standard.
    Shr(n, x) = (x right shifted by n bits)
    All operations are done as 32-bit integers.
    """
    # Convert input to 32-bit integer to ensure correct bitwise operations.
    return np.uint32(x >> num)

In [24]:
# sigma1 function as defined in the Secure Hash Standard.
def sigma1(x):
    """
    Implements the σ1 (sigma1) function defined in the Secure Hash Standard.
    σ1(x) = ROTR^17(x) XOR ROTR^19(x) XOR SHR^10(x)
    All operations are done as 32-bit integers.
    """
    # Convert input to a 32-bit unsigned integer to ensure correct bitwise operations.
    x = np.uint32(x)
    # Perform the rotations and shift operations.
    rotr17 = Rotr(x, 17)
    rotr19 = Rotr(x, 19)
    shr10 = Shr(x, 10)
    # Return the result as a 32-bit integer.
    return np.uint32(rotr17 ^ rotr19 ^ shr10)

In [25]:
# sigma0 function as defined in the Secure Hash Standard.
def sigma0(x):
    """
    Implements the σ0 (sigma0) function defined in the Secure Hash Standard.
    σ0(x) = ROTR^7(x) XOR ROTR^18(x) XOR SHR^3(x)
    All operations are done as 32-bit integers.
    """
    # Convert input to a 32-bit unsigned integer to ensure correct bitwise operations.
    x = np.uint32(x)
    # Perform the rotations and shift operations.
    rotr7 = Rotr(x, 7)
    rotr18 = Rotr(x, 18)
    shr3 = Shr(x, 3)
    # Return the result as a 32-bit integer.
    return np.uint32(rotr7 ^ rotr18 ^ shr3)

In [26]:
# Sigma1 function as defined in the Secure Hash Standard.
def Sigma1(x):
    """
    Implements the Σ1 (Sigma1) function defined in the Secure Hash Standard.
    Σ1(x) = ROTR^6(x) XOR ROTR^11(x) XOR ROTR^25(x)
    All operations are done as 32-bit integers.
    """
    # Convert input to a 32-bit unsigned integer to ensure correct bitwise operations.
    x = np.uint32(x)
    # Perform the rotations and XOR operations.
    rotr6 = Rotr(x, 6)
    rotr11 = Rotr(x, 11)
    rotr25 = Rotr(x, 25)
    # Return the result as a 32-bit integer.
    return np.uint32(rotr6 ^ rotr11 ^ rotr25)

In [27]:
# Sigma0 function as defined in the Secure Hash Standard.
def Sigma0(x):
    """
    Implements the Σ0 (Sigma0) function defined in the Secure Hash Standard.
    Σ0(x) = ROTR^2(x) XOR ROTR^13(x) XOR ROTR^22(x)
    All operations are done as 32-bit integers.
    """
    # Convert input to a 32-bit unsigned integer to ensure correct bitwise operations.
    x = np.uint32(x)
    # Perform the rotations and XOR operations.
    rotr2 = Rotr(x, 2)
    rotr13 = Rotr(x, 13)
    rotr22 = Rotr(x, 22)
    # Return the result as a 32-bit integer.
    return np.uint32(rotr2 ^ rotr13 ^ rotr22)

# Problem 3: Helper

- Functions implemented: `append_terminator(padded)`, `pad_to_block_size(padded)`, `append_length(padded, msg_len_bits)`, `block_parse(msg)`

In [28]:
def append_terminator(padded):
    """
    Append the '1' bit (0x80 byte) to the message.
    """
    padded.append(0x80)

In [29]:
def pad_to_block_size(padded):
    """
    Append zero bytes until room for the 64-bit length field is available.
    """
    while (len(padded) + 8) % 64 != 0:
        padded.append(0x00)

In [30]:
def append_length(padded, msg_len_bits):
    """
    Append the original message length in bits as a 64-bit big-endian integer.
    """
    padded.extend(msg_len_bits.to_bytes(8, byteorder='big'))

In [31]:
def block_parse(msg):
    """
    Generator that yields 512-bit (64-byte) blocks from msg with SHA-256 padding.
    
    Implements FIPS 180-4 Section 5.1.1 (Padding) and 5.2.1 (Parsing).
    Uses helper functions to break padding into clear, modular steps.
    
    Args:
        msg (bytes): The message to process.
        
    Yields:
        bytes: Each 512-bit block (64 bytes).
    """
    if not isinstance(msg, bytes):
        raise TypeError("msg must be a bytes object")
    
    # Calculate original message length in bits
    msg_len_bits = len(msg) * 8
    
    # Start with the original message
    padded = bytearray(msg)
    
    # Apply padding steps
    append_terminator(padded)
    pad_to_block_size(padded)
    append_length(padded, msg_len_bits)
    
    # Yield 512-bit (64-byte) blocks
    for i in range(0, len(padded), 64):
        yield bytes(padded[i:i+64])


# `message_schedule(block)` — Message Schedule Expansion

- **Purpose**: Expand a 512-bit (64-byte) message block into 64 32-bit words for SHA-256 compression.
- **Formula**: 
  - $W[0..15]$ = first 16 words parsed from block as big-endian 32-bit integers
  - $W[t]$ = $\sigma_1^{(256)}(W[t-2]) \oplus W[t-7] \oplus \sigma_0^{(256)}(W[t-15]) \oplus W[t-16]$ for $t = 16..63$
- **Args**: `block` (bytes, 64 bytes) — one 512-bit message block
- **Returns**: `list[np.uint32]` of 64 words (W[0] through W[63])
- **FIPS Reference**: Section 6.2.2 (Parsing the Message Block)
- **Operations**: Uses `sigma0()` and `sigma1()` helper functions
- **Note**: All arithmetic is modulo $2^{32}$ (32-bit unsigned wraparound)

In [32]:
# Constants K: First 64 constants from cube roots of first 64 primes.
def message_schedule(block):
    """
    Expand a 512-bit message block into 64 32-bit words.
    
    Args:
        block: 64-byte message block (512 bits)
    
    Returns:
        List of 64 32-bit words (W[0] to W[63])
    
    From FIPS 180-4 Section 6.2.2:
    - W[0..15]: First 16 words (message block parsed as big-endian 32-bit words)
    - W[16..63]: Computed using sigma0 and sigma1 functions
    """
    # Parse block into 16 32-bit words (big-endian)
    W = []
    for i in range(16):
        word = int.from_bytes(block[i*4:(i+1)*4], byteorder='big')
        W.append(np.uint32(word))
    
    # Expand to 64 words
    for t in range(16, 64):
        s0 = sigma0(W[t-15])
        s1 = sigma1(W[t-2])
        W.append(np.uint32(W[t-16] + s0 + W[t-7] + s1) & 0xFFFFFFFF)
    
    return W

# `hash(current, block)` — SHA-256 Compression Function

- **Purpose**: Update SHA-256 hash state by processing one 512-bit message block through 64 compression rounds.
- **Input**: 
  - `current` (list of 8 `np.uint32`) — current hash state $(H_0, H_1, ..., H_7)$
  - `block` (bytes, 64 bytes) — one 512-bit message block
- **Output**: `list[np.uint32]` of 8 updated hash words $(H'_0, H'_1, ..., H'_7)$
- **Algorithm** (FIPS 180-4 Section 6.2.2):
  1. Initialize working variables $(a, b, c, d, e, f, g, h)$ from `current` hash
  2. Expand block into 64 words using `message_schedule(block)`
  3. For each of 64 rounds $t = 0..63$:
     - $T_1 = h + \Sigma_1^{(256)}(e) + \text{Ch}(e, f, g) + K_t + W_t$
     - $T_2 = \Sigma_0^{(256)}(a) + \text{Maj}(a, b, c)$
     - Shift variables: $(h, g, f, e, d, c, b, a) \leftarrow (g, f, e, d+T_1, c, b, a, T_1+T_2)$
  4. Add working variables back to hash: $H_i' = H_i + v_i$ (mod $2^{32}$)
- **Helper Functions**: Uses `message_schedule()`, `Sigma0()`, `Sigma1()`, `Ch()`, `Maj()`, and cube root constants
- **Note**: All arithmetic modulo $2^{32}$; function is deterministic and idempotent per block

In [33]:
# Generate the first 64 cube root constants in hexadecimal.
def hash(current, block):
    """
    Compute the next SHA-256 hash value.
    
    From FIPS 180-4 Section 6.2.2 - SHA-256 Hash Computation:
    - Takes current 256-bit hash (8 words) and a 512-bit message block
    - Performs 64 rounds of compression function
    - Returns new 256-bit hash (8 words)
    
    Args:
        current: Tuple/list of 8 32-bit integers (H0-H7) representing current hash
        block: 64-byte message block (512 bits)
    
    Returns:
        Tuple of 8 32-bit integers representing the updated hash
    """
    # Initialize working variables from current hash
    a, b, c, d, e, f, g, h = [np.uint32(x) for x in current]
    
    # Get K constants (first 64 constants from cube roots of first 64 primes)
    # this only for testing purposes. this won't be in the problems code. as it will get it from the previous problem 2
    K_HEX = [
        "428a2f98","71374491","b5c0fbcf","e9b5dba5","3956c25b","59f111f1","923f82a4","ab1c5ed5",
        "d807aa98","12835b01","243185be","550c7dc3","72be5d74","80deb1fe","9bdc06a7","c19bf174",
        "e49b69c1","efbe4786","0fc19dc6","240ca1cc","2de92c6f","4a7484aa","5cb0a9dc","76f988da",
        "983e5152","a831c66d","b00327c8","bf597fc7","c6e00bf3","d5a79147","06ca6351","14292967",
        "27b70a85","2e1b2138","4d2c6dfc","53380d13","650a7354","766a0abb","81c2c92e","92722c85",
        "a2bfe8a1","a81a664b","c24b8b70","c76c51a3","d192e819","d6990624","f40e3585","106aa070",
        "19a4c116","1e376c08","2748774c","34b0bcb5","391c0cb3","4ed8aa4a","5b9cca4f","682e6ff3",
        "748f82ee","78a5636f","84c87814","8cc70208","90befffa","a4506ceb","bef9a3f7","c67178f2",
    ]    
    # Convert hex constants to 32-bit unsigned integers
    K = [np.uint32(int(k, 16)) for k in K_HEX]
    
    # Get message schedule (64 words from block)
    W = message_schedule(block)
    
    # 64 compression rounds
    for t in range(64):
        T1 = np.uint32(h + Sigma1(e) + Ch(e, f, g) + K[t] + W[t])
        T2 = np.uint32(Sigma0(a) + Maj(a, b, c))
        h = g
        g = f
        f = e
        e = np.uint32(d + T1)
        d = c
        c = b
        b = a
        a = np.uint32(T1 + T2)
    
    # Add compressed chunk to current hash values
    H = [
        np.uint32(current[0] + a),
        np.uint32(current[1] + b),
        np.uint32(current[2] + c),
        np.uint32(current[3] + d),
        np.uint32(current[4] + e),
        np.uint32(current[5] + f),
        np.uint32(current[6] + g),
        np.uint32(current[7] + h),
    ]
    
    return H

In [34]:
# Test usage of the hash function
print("\nTesting the hash function with the message 'abc':")
test_msg = b'abc'

padded_msg = block_parse(test_msg) # won't work as block_parse is not defined

# padded_msg is a generator of 64-byte blocks — consume it directly
blocks = list(padded_msg)

# Initial hash values (H0-H7) from FIPS 180-4 Section 5.3.3
initial_hash = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
                 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ]

# Process each block
for block in blocks:
    # Update hash with current block
    current_hash = hash(initial_hash, block)

# Format final hash as hexadecimal strings
hash_hex = [f"0x{value:08x}" for value in current_hash]
print(f"Computed hash for 'abc': {hash_hex}")


Testing the hash function with the message 'abc':
Computed hash for 'abc': ['0xba7816bf', '0x8f01cfea', '0x414140de', '0x5dae2223', '0xb00361a3', '0x96177a9c', '0xb410ff61', '0xf20015ad']
