~rootmos/lua-hack

3b66d6d23f2cc8582bd9a0d9f295f1ab1148c234 — Gustav Behm 1 year, 3 months ago 9bf6213
Correct sha256 implementation
2 files changed, 38 insertions(+), 34 deletions(-)

M sha/sha.lua
M sha/sha.test.lua
M sha/sha.lua => sha/sha.lua +21 -34
@@ 53,32 53,18 @@ local function sha256_process_blocks(ctx)
      return
   end

   local W = {
      u32.from_bytes(ctx.buf:sub(1,4)),
      u32.from_bytes(ctx.buf:sub(5,8)),
      u32.from_bytes(ctx.buf:sub(9,12)),
      u32.from_bytes(ctx.buf:sub(13,16)),
      u32.from_bytes(ctx.buf:sub(17,20)),
      u32.from_bytes(ctx.buf:sub(21,24)),
      u32.from_bytes(ctx.buf:sub(25,28)),
      u32.from_bytes(ctx.buf:sub(29,32)),
      u32.from_bytes(ctx.buf:sub(33,36)),
      u32.from_bytes(ctx.buf:sub(37,40)),
      u32.from_bytes(ctx.buf:sub(41,44)),
      u32.from_bytes(ctx.buf:sub(45,48)),
      u32.from_bytes(ctx.buf:sub(49,52)),
      u32.from_bytes(ctx.buf:sub(53,56)),
      u32.from_bytes(ctx.buf:sub(57,60)),
      u32.from_bytes(ctx.buf:sub(61,64)),
   }
   local W = {}
   for t = 1,16 do
      W[t] = u32.from_bytes(ctx.buf:sub(t*4-3,t*4))
   end
   assert(#W == 16)

   for i = 17,64 do
      W[i] = sum(
         M.sha256.ssig1(W[i-2]),
         W[i-7],
         M.sha256.ssig0(W[i-15]),
         W[i-16]
   for t = 17,64 do
      W[t] = sum(
         M.sha256.ssig1(W[t-2]),
         W[t-7],
         M.sha256.ssig0(W[t-15]),
         W[t-16]
      )
   end
   assert(#W == 64)


@@ 105,18 91,19 @@ local function sha256_process_blocks(ctx)
      e = sum(d, T1)
      d = c
      c = b
      b = a
      a = sum(T1, T2)

      ctx.H[1] = sum(a, ctx.H[1])
      ctx.H[2] = sum(b, ctx.H[2])
      ctx.H[3] = sum(c, ctx.H[3])
      ctx.H[4] = sum(d, ctx.H[4])
      ctx.H[5] = sum(e, ctx.H[5])
      ctx.H[6] = sum(f, ctx.H[6])
      ctx.H[7] = sum(g, ctx.H[7])
      ctx.H[8] = sum(h, ctx.H[8])
   end

   ctx.H[1] = sum(a, ctx.H[1])
   ctx.H[2] = sum(b, ctx.H[2])
   ctx.H[3] = sum(c, ctx.H[3])
   ctx.H[4] = sum(d, ctx.H[4])
   ctx.H[5] = sum(e, ctx.H[5])
   ctx.H[6] = sum(f, ctx.H[6])
   ctx.H[7] = sum(g, ctx.H[7])
   ctx.H[8] = sum(h, ctx.H[8])

   ctx.buf = ctx.buf:sub(65)

   return sha256_process_blocks(ctx)


@@ 130,7 117,7 @@ end

function M.sha256.pad(buf, l)
   local k = 0
   while (l*8 + 1 + k) ~= 448 do
   while (l*8 + 1 + k) % 512 ~= 448 do
      k = k + 1
   end
   assert(k % 8 == 7)

M sha/sha.test.lua => sha/sha.test.lua +17 -0
@@ 2,6 2,7 @@ local lu = require("luaunit")
local ref = require("ref")
local L = require("sha")
local H = require("hex")
local F = require("fresh")

local N = 100



@@ 23,6 24,22 @@ function test_sha256_pad()
    lu.assertEquals(padded, H.decode("61626364658000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028"))
end

function test_sha256_fresh()
    for _ = 1,N do
        local bs0 = F.bytestring()
        local bs1 = F.bytestring()
        local bs2 = F.bytestring()

        local ctx = L.sha256.init(bs0)
        L.sha256.update(ctx, bs1)
        L.sha256.update(ctx, bs2)
        local digest = L.sha256.finalize(ctx)

        lu.assertEquals(H.encode(digest), H.encode(ref.openssl.sha256(bs0, bs1, bs2)))
        lu.assertEquals(H.encode(digest), H.encode(ref.rfc.sha256(bs0, bs1, bs2)))
    end
end

function test_ch_and_maj()
    for _ = 1,N do
        local x = ref.uint32.fresh()