-
-
Notifications
You must be signed in to change notification settings - Fork 701
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SHA-1 message digest #221
Conversation
SHA-1 is an important message digest. E.g. it is used by git. This implementation features: - optimized standard implementation. E.g. if compiled with -O -inline -release then there is not single function call or loop. - if SSSE3 support is detected then a special assembler function is used. This gives a speedup of 1.4 on 32 bit and about 1.8 on 64 bit The 64 bit implementation is a bit clumsy because of some issues with the dmd compiler (issues 6459 and 5355). Supports 32 bit Windows and 32 bit and 64 Linux. MacOS X, FreeBSD are untested.
I would prefer package std.digest. The assembler module already sits in std/internal/digest. |
I agree dsimcha's comment. In addition, I propose the API change. Sample code is below: struct SHA1
{
void put(const void[] input);
// alias if needed
alias put update;
} |
- Moved sha1 and md5 to new package - Introduced dummy modul std.md5
- Removed files in std/digest - Removed files in /std/internal/digest - Added changed makefiles
Please consider adapting my implementation of SHA family functions: https://github.com/pszturmaj/dmisc/blob/master/sha.d. There are almost all SHA flavors, but they lack SSE implementation. |
Issue 6459 is not fixed!
Conflicts: win32.mak
Ping? Are we still waiting on anything? |
// /****************** | ||
// * Prints a message digest in hexadecimal to stdout. | ||
// */ | ||
// void printDigest(const ubyte digest[16]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh, seems like a temporary debugging helper? Is it still in there for a reason?
Ah, I see, these were carried over from the original |
Could you please rebase so we can merge this? Thanks! |
Conflicts: std/md5.d win32.mak
Do we really want comprehensive std.crypto or just few hashes? I like this SHA1 implementation because of SSSE3 but SHA1 is old and is not recommended for current cryptography, just for backward compatibility. What about SHA 224, 256, 384 or 512? What about polymorphism - Imagine using HMAC with a hash which is known only at run time. Static ifs are not suitable because some hashes take parameters of great aplitude. |
As discussed in the newsgroups a while ago, I'm against having either of these in phobos (I know that md5 has been there essentially forever). There is a set of import files for openssh in deimos which is a far better path, imho. Re-invention and dealing with all the touchy security implications of having our own implementation of this sort of code is a bad idea. |
This is not re-invention, just implementation of well known algorithms in D. You are probably thinking about some side-channel attacks, which are practically impossible to overcome, even in OpenSS[H|L]. D makes writing correct and safe code easy. Why not make use of that in crypto code? Btw. I begun working on this some time ago: http://prowiki.org/wiki4d/wiki.cgi?CryptoDevel. |
I'm purposely not talking about specific failure modes since there are many. The entire category is very very hard to get right and the cost of failure is high. There's no way our implementation of any of this category of code will receive the same scrutiny and attention as openssl will get. For those that want to help improve things in that space, please contribute directly to openssl. You'll get a lot more help with proving them safe and correct and more people will benefit. Should there be a higher level, more D-like, layer on top of openssl? Absolutely, please. There's just about nothing friendly about openssl's api. |
What about code that doesn't need to be secure? If I'm computing the hash of a file for verification, do I care as long as the algorithm works? Do we really want a dependency on openssl for tasks this simple? At a quick look Java and Python seem to have these available, although they could be using openssl internally for all I know. |
IMHO, there are 2 different views which both should be supported. If you talk about security then you really talk about a plugin architecture which makes it easy to replace algorithms and implementations. In other words, you need a framework like the Java Crypto Engine. E.g., OpenSSL is great. But I use mainly Windows. Maybe I can't believe that Unix hackers can write secure Windows code, too. ;-) With such a plugin architecture I would be free to choose between a native D implementation, OpenSSL or the stuff provided by Windows. But: I played with git and simply needed a SHA1 implementation. I did not care about security but wanted a D interface and a fast implementation. That's all my pull request is about. As others already mentioned, this could be used to built something like a "D Security Provider". |
OK, let's see. Is @redstar still around? If so, please rebase and let's get this puppy in. Thanks! |
SHA-1 is an important message digest. E.g. it is used by git. This implementation features: - optimized standard implementation. E.g. if compiled with -O -inline -release then there is not single function call or loop. - if SSSE3 support is detected then a special assembler function is used. This gives a speedup of 1.4 on 32 bit and about 1.8 on 64 bit The 64 bit implementation is a bit clumsy because of some issues with the dmd compiler (issues 6459 and 5355). Supports 32 bit Windows and 32 bit and 64 Linux. MacOS X, FreeBSD are untested.
Conflicts: posix.mak win32.mak
Yes, I am still around. I rebased this pull request. Hopefully, this works now. I had some difficulties with both makefiles. |
Before this is merged, please take into account pull request #585 (and the associated discussion). |
Given the situation with crc32 as discussed in pull request #585 (i.e. the fact that it's a hash function but not really cryptographic), I'd strongly argue that we should go with std.hash rather than std.crypt. |
No problem. I just renamed the package from std.crypt to std.hash. |
Why are so many of the functions in this pull request using the wrong naming conventions? Functions should be camelCased (e.g. |
I wanted to have the same interface as std.md5. Therefore the unusual names. But I can change the new classes to have names with the right conventions. |
std.md5 really shouldn't have those names either. It's only that way, because it's old. And actually, since it's being moved to std.hash.md5, it's names should be fixed. That may mean leaving std.md5 where it is (still scheduled for deprecation - just without doing the public import of std.hash.md5), if aliases in std.md5 aren't enough (and at first glance, it doesn't look like they are, since it's not just free functions), but it gives us the opportunity to fix its naming scheme. Having a module which uses an alternate naming scheme makes it harder to remember and use its functions, and we already went to a fair bit of work to fix most of the rest of Phobos' names so that they were consistent (though obviously std.md5 was missed). So, please fix both std.hash modules so that they follow the correct naming scheme (PascalCase for types and camelCase for pretty much everything else). |
Ok, I start changing the names. |
Thanks. |
A thread has been started in the newsgroup about cleaning up and standardizing the API for hash functions: http://forum.dlang.org/post/js1e5p$1q6d$1@digitalmars.com Unfortunately, the first message seems to have been lost from the forum somehow, but the first reply retains enough of it that you can figure out what it said. |
I posted a follow up message regarding the new API, please see I also included your SHA1 implementation. Because of the new API I had to modify the file structure a lot, but I made sure you're still listed as the original author in the documentation and in the git log, I hope that's OK. However, you didn't add a license to your module, is it OK to release it under the boost license? And if you could do me a favor: Could you please test the SSSE3 code again? I modified the transform function signature, so it's:
Imho that is better than silently assuming the length. However, code which did this before:
now has to be rewritten into this:
And I can't check the SSSE3 code right now. |
We have now the recently approved proposal that includes SHA-1. |
Approved proposal? A redesign of the hash stuff has been under discussion, but I'm not aware of anything being "approved" with relation to that. It's still being sorted out and is probably going to need a full review in the newsgroup. That being said, no, we don't need this pull request anymore, because a fuller redesign is being worked on. |
The SHA-1 implementation used in the redesign is actually this implementation, so closing this pull request is probably fine. I think the redesign is ready for review now, so I'll add std.hash to the review queue if we decide that a full review is necessary. |
Changed.d: emit nightly header merged-on-behalf-of: Vladimir Panteleev <github@thecybershadow.net>
SHA-1 is an important message digest. E.g. it is used by git. This implementation features:
E.g. if compiled with -O -inline -release then there is not single function call or loop inside function transform.
The 64 bit implementation is a bit clumsy because of some issues with the dmd compiler (issues 6459 and 5355). Supports 32 bit Windows and 32 bit and 64 Linux. MacOS X, FreeBSD are untested, but should also work.