should this be entered into issue tracker?
On Mon, Apr 15, 2019 at 11:38 PM roger peppe <rogpe...@gmail.com> wrote:
> Yes, you're right. As I said, my solution won't work if you need to
> interoperate with other implementations.
>
> It's interesting that the SHA256 standard is defined to work on an number
> of bits though. I wasn't aware of that.
>
> I had a look around and I didn't find any other language's SHA256
> implementation that allows input which isn't a multiple of 8 bits. Are you
> aware of one? Which implementation are you needing to interoperate with
> that does allow this?
>
> ISTM that if you do require this, it wouldn't be too hard to copy the
> existing implementation and change the digest.checkSum method so that it
> could pad from an arbitrary number of bits.
>
> cheers,
> rog.
>
>
> On Mon, 15 Apr 2019 at 20:52, Paolo C. <paoca...@gmail.com> wrote:
>
>> Thanks Rog for the answer.
>> But that won't work.
>> SHA-256 is a standard (FIPS180-4) and if one uses it, is for interoperate
>> in most cases.
>> It may happen that you need only to hash 8bit bounded streams, but it
>> also may not be the case. So, any implementation should be careful of being
>> correct.
>> You example is flawed for the reason the if you WRAP the original
>> algorithm, it will anyway 'Finalize' your input padding it again (look at
>> the Sha256 code), so, the checksum that you will obtain will not match with
>> the one of some who has correctly implemented the standard.
>> On the other hand, if your example worked, it would mean that for each
>> 'odd bitted' stream (i.e. 12 bits) there is a sequence that can be
>> deterministically calculated adding a couple of bytes that has the same
>> sha256. This would the demonstration that sha256 is broken.
>> To obtain a correct implementation you should grab the sha256.go code and
>> bring into your own package correcting the limitation, but this has the
>> problem of the usage of some internal packages, which in turn complicates
>> everything. And also change the interface hash.Hash to let it be usable in
>> hmac, for example.
>> Anyway, don't let me be misunderstood, I can live with it, simply I
>> trusted the package declaration
>>
>> // Package sha256 implements the SHA224 and SHA256 hash algorithms as defined
>>
>> // in FIPS 180-4.
>>
>> that revealed partially true. Technically speaking it's not a BUG, because
>> since I can NOT input spare bits, I will never obtain wrong results. But for
>> sure it's not a full and correct implementation.
>>
>> Paolo
>>
>> On Monday, April 15, 2019 at 11:48:23 AM UTC+2, rog wrote:
>>>
>>> The answer depends on what why you want to do this. If you don't need to
>>> interoperate with some other party that needs to arrive at the same
>>> checksum, you could write your own wrapper around sha256 that adds the
>>> necessary information to specify how many bits are significant. Something
>>> like this, perhaps:
>>>
>>> // hashBits returns a hash of the first nbits bits of b,
>>> // starting at the most significant bit of the first
>>> // byte of b.
>>> //
>>> // So hashBits([]byte{0x5a, 0xbc, 0xde}, 12) would
>>> // hash 0x5ab, ignoring the final 0xcde.
>>> //
>>> // It works by hashing an extra 2 bytes that encode
>>> // the final bits and how many there are.
>>> //
>>> // hashBits will panic if nbits is greater than len(b) * 8.
>>> func hashBits(b []byte, nbits int) [sha256.Size]byte {
>>> oddBits := nbits & 7
>>> blen := nbits >> 3
>>> b1 := make([]byte, blen+2)
>>> copy(b1, b[0:blen])
>>> if oddBits > 0 {
>>> b1[blen] = b[blen] & ^(0xff >> uint(oddBits))
>>> b1[blen+1] = byte(oddBits)
>>> }
>>> return sha256.Sum256(b1)
>>> }
>>>
>>> Note that the code above is almost untested, and there are probably more
>>> standard ways to do it - that was just the first thing that came into my
>>> head.
>>>
>>> cheers,
>>> rog.
>>>
>>> On Sun, 14 Apr 2019 at 22:02, Paolo C. <paoc...@gmail.com> wrote:
>>>
>>>> SHA256 (SHA in general) has a precise behavior if you wanna hash a
>>>> number of bits not multiple of the block (512bit)
>>>> Sha256.go handle this correcty ONLY in the case that you input is at
>>>> least multiple of 8 bits.
>>>> If you wanna hash, say, 20bit (0xABCDE) you cannot obtain a correct
>>>> result.
>>>> Note that Sha256(0xABCDE) is (See FIPS and NIST publications) not the
>>>> same of Sha256 of 0x0ABCDE o 0xABCDE0.
>>>> Any idea or any implementation available on the web?
>>>> A .Write(data []byte, effectciveLenInBits int) would be required, while
>>>> today Write([]byte) assumes that each bit of the last byte is meaningful
>>>> and to be hashed
>>>>
>>>> Thanks,
>>>>
>>>> Paolo
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "golang-nuts" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to golan...@googlegroups.com.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to golang-nuts+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
