does SecureHashAlgorithm pad correctly?

Rob Withers reefedjib at yahoo.com
Mon Oct 29 22:39:23 UTC 2007 

Oh, I see what you are saying now.  I got hung up on 64 bits vs bytes.

So I changed SHA1 to compute the final buffer and return it.  I get:
    'DA39A3EE5E6B4B0D3255BFEF95601890AFD80709'
as a result.  This matches http://en.wikipedia.org/wiki/SHA1:
SHA1("") = da39a3ee 5e6b4b0d 3255bfef 95601890 afd80709

Here is the code change I made in #hashStream:

 aPositionableStream atEnd ifTrue: [self processFinalBuffer: #() bitLength: 
0].

instead of the error.

Rob

----- Original Message ----- 
From: "Howard Stearns" <howard.stearns at qwaq.com>
To: "The general-purpose Squeak developers list" 
<squeak-dev at lists.squeakfoundation.org>
Sent: Monday, October 29, 2007 3:16 PM
Subject: Re: does SecureHashAlgorithm pad correctly?


> And zero length messages? What should I get back?
>
> Rob Withers wrote:
>> Howard,
>>
>> I think you are reading the code wrong.  In 
>> #processFinalBuffer:bitLength: a final buffer of soze 64 BYTES is being 
>> created and populated.  That is 512 bits.  Both SecureHashAlgorithm, from 
>> the base image, and SHA1, from the Cryptography Team Package are doing 
>> this.
>>
>> Rob
>>
>> ----- Original Message ----- From: "Howard Stearns" 
>> <howard.stearns at qwaq.com>
>> To: "The general-purpose Squeak developers list" 
>> <squeak-dev at lists.squeakfoundation.org>
>> Sent: Monday, October 29, 2007 2:05 PM
>> Subject: does SecureHashAlgorithm pad correctly?
>>
>>
>>> The class comment for SecureHashAlgorithm says it implements the SHA 
>>> standard, but I'm not sure it's padding correctly.
>>>
>>> My reading of the standard is that all messages -- including zero length 
>>> messages -- should be padded to 512 bit size in a certain way.
>>>
>>> See section "4. Message Padding" of 
>>> http://www.itl.nist.gov/fipspubs/fip180-1.htm
>>>
>>> My reading of the code is that it explicitly fails with an error for 
>>> zero length messages, and pads to 64 bit sizes.
>>>
>>> Am I nuts?
>>>
>>> -- 
>>> Howard Stearns
>>> AIM: qwaqHoward
>>> Qwaq: +1-650-331-1437
>>> office: +1-608-850-4482
>>> mobile: +1-608-658-2419
>>>
>>>
>>
>>
>
> -- 
> Howard Stearns
> AIM: qwaqHoward
> Qwaq: +1-650-331-1437
> office: +1-608-850-4482
> mobile: +1-608-658-2419
>
>

More information about the Squeak-dev mailing list