Add SHA-1 message digest #221

Closed
wants to merge 28 commits into
from

Projects

None yet
@redstar

SHA-1 is an important message digest. E.g. it is used by git. This implementation features:

  • optimized standard implementation, based on a verbatim copy of std/md5.d E.g. if compiled with -O -inline -release then there is not single function call or loop inside function transform.
  • if SSSE3 support is detected then a special assembler function is used. This gives a speedup of 1.4 on 32 bit and about 1.8 on 64 bit

The 64 bit implementation is a bit clumsy because of some issues with the dmd compiler (issues 6459 and 5355). Supports 32 bit Windows and 32 bit and 64 Linux. MacOS X, FreeBSD are untested, but should also work.

@redstar redstar Add SHA-1 message digest
SHA-1 is an important message digest. E.g. it is used by git. This implementation features:
- optimized standard implementation. E.g. if compiled with -O -inline -release then there is not single function call or loop.
- if SSSE3 support is detected then a special assembler function is used. This gives a speedup of 1.4 on 32 bit and about 1.8 on 64 bit
The 64 bit implementation is a bit clumsy because of some issues with the dmd compiler (issues 6459 and 5355).
Supports 32 bit Windows and 32 bit and 64 Linux. MacOS X, FreeBSD are untested.
4592a4b
@dsimcha

Nice work! I do think it's silly, though, to put sha1 and md5 in separate modules, especially in the top level std package. I think we should schedule std.md5 for deprecation and do one of the following:

  1. Combine this code and std.md5 into a new module called std.hash or std.digest or something. This would be publicly imported by std.md5 while it still exists.

  2. Create a new package called std.hash and move this code to std.hash.sha1 and move md5 to std.hash.md5. (Or, s/hash/digest or whatever. The exact name isn't what's important.) Again, std.hash.md5 would be publicly imported by std.md5 until std.md5 is removed.

@redstar

I would prefer package std.digest. The assembler module already sits in std/internal/digest.

@repeatedly
D Programming Language member

I agree dsimcha's comment.

In addition, I propose the API change.
I think SHA1_CTX(and MD5_CTX) is bad name on D and SHA1_CTX seems to be an OutputRange.

Sample code is below:

struct SHA1
{
    void put(const void[] input);
    // alias if needed
    alias put update;
}
@redstar redstar Created new package std.digest.
- Moved sha1 and md5 to new package
- Introduced dummy modul std.md5
7ec2946
@andralex
D Programming Language member

I think digest is too narrow a package. We should define package crypt, and the digest implementations would be part of it. Later on we can add stream encryption to the same package.

@andralex
D Programming Language member

line length

redstar added some commits Aug 29, 2011
@redstar redstar Renamed package digest to crypt. ddbb69e
@redstar redstar Removed files in package digest.
- Removed files in std/digest
- Removed files in /std/internal/digest
- Added changed makefiles
2550298
@redstar redstar Issue 6459 seems to be solved. 4030fa3
@pszturmaj

Please consider adapting my implementation of SHA family functions: https://github.com/pszturmaj/dmisc/blob/master/sha.d. There are almost all SHA flavors, but they lack SSE implementation.

redstar added some commits Sep 24, 2011
@redstar redstar Reverted last commit.
Issue 6459 is not fixed!
4d31a27
@redstar redstar Merge branch 'master' into sha1
Conflicts:
	win32.mak
a1bba6b
@dsimcha

Ping? Are we still waiting on anything?

@klickverbot klickverbot commented on an outdated diff Dec 18, 2011
std/crypt/md5.d
+
+void sum(ref ubyte[16] digest, in void[][] data...)
+{
+ MD5_CTX context;
+ context.start();
+ foreach (datum; data)
+ {
+ context.update(datum);
+ }
+ context.finish(digest);
+}
+
+// /******************
+// * Prints a message digest in hexadecimal to stdout.
+// */
+// void printDigest(const ubyte digest[16])
@klickverbot
klickverbot Dec 18, 2011

Huh, seems like a temporary debugging helper? Is it still in there for a reason?

@klickverbot klickverbot commented on an outdated diff Dec 18, 2011
std/crypt/md5.d
+
+version(unittest) import std.stdio;
+unittest
+{
+ string a = "Mary has ", b = "a little lamb";
+ int[] c = [ 1, 2, 3, 4, 5 ];
+ string d = getDigestString(a, b, c);
+ assert(d == "F36625A66B2A8D9F47270C00C8BEFD2F", d);
+}
+
+/**
+ * Holds context of MD5 computation.
+ *
+ * Used when data to be digested is buffered.
+ */
+struct MD5_CTX
@klickverbot
klickverbot Dec 18, 2011

Not a very D-ish name, same for all the helper functions ROTATE_LEFT, …

@klickverbot
D Programming Language member

Ah, I see, these were carried over from the original std.md5

@andralex
D Programming Language member

Could you please rebase so we can merge this? Thanks!

@pszturmaj

Do we really want comprehensive std.crypto or just few hashes? I like this SHA1 implementation because of SSSE3 but SHA1 is old and is not recommended for current cryptography, just for backward compatibility. What about SHA 224, 256, 384 or 512?

What about polymorphism - Imagine using HMAC with a hash which is known only at run time. Static ifs are not suitable because some hashes take parameters of great aplitude.

@braddr
D Programming Language member

As discussed in the newsgroups a while ago, I'm against having either of these in phobos (I know that md5 has been there essentially forever). There is a set of import files for openssh in deimos which is a far better path, imho. Re-invention and dealing with all the touchy security implications of having our own implementation of this sort of code is a bad idea.

@pszturmaj

This is not re-invention, just implementation of well known algorithms in D. You are probably thinking about some side-channel attacks, which are practically impossible to overcome, even in OpenSS[H|L]. D makes writing correct and safe code easy. Why not make use of that in crypto code?

Btw. I begun working on this some time ago: http://prowiki.org/wiki4d/wiki.cgi?CryptoDevel.

@braddr
D Programming Language member

I'm purposely not talking about specific failure modes since there are many. The entire category is very very hard to get right and the cost of failure is high. There's no way our implementation of any of this category of code will receive the same scrutiny and attention as openssl will get.

For those that want to help improve things in that space, please contribute directly to openssl. You'll get a lot more help with proving them safe and correct and more people will benefit.

Should there be a higher level, more D-like, layer on top of openssl? Absolutely, please. There's just about nothing friendly about openssl's api.

@yebblies
D Programming Language member

What about code that doesn't need to be secure? If I'm computing the hash of a file for verification, do I care as long as the algorithm works? Do we really want a dependency on openssl for tasks this simple? At a quick look Java and Python seem to have these available, although they could be using openssl internally for all I know.

@redstar

IMHO, there are 2 different views which both should be supported.

If you talk about security then you really talk about a plugin architecture which makes it easy to replace algorithms and implementations. In other words, you need a framework like the Java Crypto Engine. E.g., OpenSSL is great. But I use mainly Windows. Maybe I can't believe that Unix hackers can write secure Windows code, too. ;-) With such a plugin architecture I would be free to choose between a native D implementation, OpenSSL or the stuff provided by Windows.

But: I played with git and simply needed a SHA1 implementation. I did not care about security but wanted a D interface and a fast implementation. That's all my pull request is about. As others already mentioned, this could be used to built something like a "D Security Provider".
If someone creates the mentioned plugin architecture then we could have both.

@andralex
D Programming Language member

OK, let's see. Is @redstar still around? If so, please rebase and let's get this puppy in. Thanks!

redstar added some commits Aug 25, 2011
@redstar redstar Add SHA-1 message digest
SHA-1 is an important message digest. E.g. it is used by git. This implementation features:
- optimized standard implementation. E.g. if compiled with -O -inline -release then there is not single function call or loop.
- if SSSE3 support is detected then a special assembler function is used. This gives a speedup of 1.4 on 32 bit and about 1.8 on 64 bit
The 64 bit implementation is a bit clumsy because of some issues with the dmd compiler (issues 6459 and 5355).
Supports 32 bit Windows and 32 bit and 64 Linux. MacOS X, FreeBSD are untested.
75af4b6
@redstar redstar Merge remote-tracking branch 'origin/sha1' into sha1
Conflicts:
	posix.mak
	win32.mak
a30ae94
@redstar

Yes, I am still around. I rebased this pull request. Hopefully, this works now. I had some difficulties with both makefiles.

@kyllingstad
D Programming Language member

Before this is merged, please take into account pull request #585 (and the associated discussion).

@jmdavis
D Programming Language member

Given the situation with crc32 as discussed in pull request #585 (i.e. the fact that it's a hash function but not really cryptographic), I'd strongly argue that we should go with std.hash rather than std.crypt.

@alexrp
D Programming Language member

@redstar Ping? I think we need some input on whether you're OK with using std.hash instead of std.crypt so we can have both this and #585 merged.

@redstar

No problem. I just renamed the package from std.crypt to std.hash.

@jmdavis
D Programming Language member

Why are so many of the functions in this pull request using the wrong naming conventions? Functions should be camelCased (e.g. decode, not Decode, and rotateLeft, not ROTATE_LEFT ), as should variable names. Types should be PascalCased.

@redstar

I wanted to have the same interface as std.md5. Therefore the unusual names. But I can change the new classes to have names with the right conventions.

@jmdavis
D Programming Language member

std.md5 really shouldn't have those names either. It's only that way, because it's old. And actually, since it's being moved to std.hash.md5, it's names should be fixed. That may mean leaving std.md5 where it is (still scheduled for deprecation - just without doing the public import of std.hash.md5), if aliases in std.md5 aren't enough (and at first glance, it doesn't look like they are, since it's not just free functions), but it gives us the opportunity to fix its naming scheme. Having a module which uses an alternate naming scheme makes it harder to remember and use its functions, and we already went to a fair bit of work to fix most of the rest of Phobos' names so that they were consistent (though obviously std.md5 was missed).

So, please fix both std.hash modules so that they follow the correct naming scheme (PascalCase for types and camelCase for pretty much everything else).

@redstar

Ok, I start changing the names.

@jmdavis
D Programming Language member

Ok, I start changing the names.

Thanks.

@jmdavis
D Programming Language member

A thread has been started in the newsgroup about cleaning up and standardizing the API for hash functions:

http://forum.dlang.org/post/js1e5p$1q6d$1@digitalmars.com

Unfortunately, the first message seems to have been lost from the forum somehow, but the first reply retains enough of it that you can figure out what it said.

@jpf91

I posted a follow up message regarding the new API, please see
http://forum.dlang.org/thread/js7bd7$7sr$1@digitalmars.com#post-js7bd7:247sr:241:40digitalmars.com

I also included your SHA1 implementation. Because of the new API I had to modify the file structure a lot, but I made sure you're still listed as the original author in the documentation and in the git log, I hope that's OK.

However, you didn't add a license to your module, is it OK to release it under the boost license?

And if you could do me a favor: Could you please test the SSSE3 code again? I modified the transform function signature, so it's:

transformSSSE3(uint[5]* state, const(ubyte[64])* buffer)

Imho that is better than silently assuming the length. However, code which did this before:

state[0]

now has to be rewritten into this:

(*state)[0]

And I can't check the SSSE3 code right now.

@andralex
D Programming Language member

We have now the recently approved proposal that includes SHA-1.

@andralex andralex closed this Jul 8, 2012
@jmdavis
D Programming Language member

Approved proposal? A redesign of the hash stuff has been under discussion, but I'm not aware of anything being "approved" with relation to that. It's still being sorted out and is probably going to need a full review in the newsgroup. That being said, no, we don't need this pull request anymore, because a fuller redesign is being worked on.

@jpf91

The SHA-1 implementation used in the redesign is actually this implementation, so closing this pull request is probably fine.

I think the redesign is ready for review now, so I'll add std.hash to the review queue if we decide that a full review is necessary.

@redstar redstar deleted the redstar:sha1 branch Nov 1, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment