ocaml-nocrypto icon indicating copy to clipboard operation
ocaml-nocrypto copied to clipboard
verified publisher icon mirleft

Implement SHA512/t

Open cfcs opened this issue 8 years ago • 0 comments

It would be nice to have the /t flavor of SHA512 implemented (I specifically care about SHA512/256, but don't see much reason not to implement the generic function). SHA512/256 is, for example, used in the salsa20 stream cipher, and for libsodium's crypto_auth primitive.

See: https://en.wikipedia.org/wiki/SHA-2

The C code for this was commented out, apparently due to the use of sprintf() in the default: .. of the switch statement, which carries a dependency on libc: https://github.com/mirleft/ocaml-nocrypto/blob/master/src/native/hash/sha512.c#L236

SHA512/t is roughly similar to SHA512, but the initialization is slightly different, as can be seen in the commented-out C code linked to above (the nc_sha512_init_t() function).

The sprintf (if we care about generic t's - again, I mostly care about SHA512/256) can be replaced with something like

memcpy(buf, "SHA-512/", 8);

i = 0;

memset(buf + 8, 0, 4);
int scale = 100;
for(; scale > 0; scale /= 10)
{
    if (t / scale)
        buf[8 + (i++)] = (t / scale) % 10 | 0x30;
}

The algorithm is described here: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

Test vectors are available here:

  • SHA512/224: http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA512_224.pdf
  • SHA512/256: http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA512_256.pdf

cfcs avatar May 16 '17 08:05 cfcs