Thanks Rog for the answer.
But that won't work.
SHA-256 is a standard (FIPS180-4) and if one uses it, is for interoperate
in most cases.
It may happen that you need only to hash 8bit bounded streams, but it also
may not be the case. So, any implementation should be careful of being
correct.
You example is flawed for the reason the if you WRAP the original
algorithm, it will anyway 'Finalize' your input padding it again (look at
the Sha256 code), so, the checksum that you will obtain will not match with
the one of some who has correctly implemented the standard.
On the other hand, if your example worked, it would mean that for each 'odd
bitted' stream (i.e. 12 bits) there is a sequence that can be
deterministically calculated adding a couple of bytes that has the same
sha256. This would the demonstration that sha256 is broken.
To obtain a correct implementation you should grab the sha256.go code and
bring into your own package correcting the limitation, but this has the
problem of the usage of some internal packages, which in turn complicates
everything. And also change the interface hash.Hash to let it be usable in
hmac, for example.
Anyway, don't let me be misunderstood, I can live with it, simply I trusted
the package declaration
// Package sha256 implements the SHA224 and SHA256 hash algorithms as defined
// in FIPS 180-4.
that revealed partially true. Technically speaking it's not a BUG, because
since I can NOT input spare bits, I will never obtain wrong results. But for
sure it's not a full and correct implementation.
Paolo
On Monday, April 15, 2019 at 11:48:23 AM UTC+2, rog wrote:
>
> The answer depends on what why you want to do this. If you don't need to
> interoperate with some other party that needs to arrive at the same
> checksum, you could write your own wrapper around sha256 that adds the
> necessary information to specify how many bits are significant. Something
> like this, perhaps:
>
> // hashBits returns a hash of the first nbits bits of b,
> // starting at the most significant bit of the first
> // byte of b.
> //
> // So hashBits([]byte{0x5a, 0xbc, 0xde}, 12) would
> // hash 0x5ab, ignoring the final 0xcde.
> //
> // It works by hashing an extra 2 bytes that encode
> // the final bits and how many there are.
> //
> // hashBits will panic if nbits is greater than len(b) * 8.
> func hashBits(b []byte, nbits int) [sha256.Size]byte {
> oddBits := nbits & 7
> blen := nbits >> 3
> b1 := make([]byte, blen+2)
> copy(b1, b[0:blen])
> if oddBits > 0 {
> b1[blen] = b[blen] & ^(0xff >> uint(oddBits))
> b1[blen+1] = byte(oddBits)
> }
> return sha256.Sum256(b1)
> }
>
> Note that the code above is almost untested, and there are probably more
> standard ways to do it - that was just the first thing that came into my
> head.
>
> cheers,
> rog.
>
> On Sun, 14 Apr 2019 at 22:02, Paolo C. <paoc...@gmail.com <javascript:>>
> wrote:
>
>> SHA256 (SHA in general) has a precise behavior if you wanna hash a number
>> of bits not multiple of the block (512bit)
>> Sha256.go handle this correcty ONLY in the case that you input is at
>> least multiple of 8 bits.
>> If you wanna hash, say, 20bit (0xABCDE) you cannot obtain a correct
>> result.
>> Note that Sha256(0xABCDE) is (See FIPS and NIST publications) not the
>> same of Sha256 of 0x0ABCDE o 0xABCDE0.
>> Any idea or any implementation available on the web?
>> A .Write(data []byte, effectciveLenInBits int) would be required, while
>> today Write([]byte) assumes that each bit of the last byte is meaningful
>> and to be hashed
>>
>> Thanks,
>>
>> Paolo
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to golan...@googlegroups.com <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
