does SecureHashAlgorithm pad correctly?

> The class comment for SecureHashAlgorithm says it implements the SHA
> standard, but I'm not sure it's padding correctly.
>
> My reading of the standard is that all messages -- including zero length
> messages -- should be padded to 512 bit size in a certain way.
>
> See section "4. Message Padding" of
> http://www.itl.nist.gov/fipspubs/fip180-1.htm
>
> My reading of the code is that it explicitly fails with an error for zero
> length messages, and pads to 64 bit sizes.
>
> Am I nuts?
>
> --
> Howard Stearns
> AIM: qwaqHoward
> Qwaq: +1-650-331-1437
> office: +1-608-850-4482
> mobile: +1-608-658-2419
>
>

> Howard,
>
> I think you are reading the code wrong.  In
> #processFinalBuffer:bitLength: a final buffer of soze 64 BYTES is being
> created and populated.  That is 512 bits.  Both SecureHashAlgorithm,
> from the base image, and SHA1, from the Cryptography Team Package are
> doing this.
>
> Rob
>
> ----- Original Message ----- From: "Howard Stearns"
> <[hidden email]>
> To: "The general-purpose Squeak developers list"
> <[hidden email]>
> Sent: Monday, October 29, 2007 2:05 PM
> Subject: does SecureHashAlgorithm pad correctly?
>
>
>> The class comment for SecureHashAlgorithm says it implements the SHA
>> standard, but I'm not sure it's padding correctly.
>>
>> My reading of the standard is that all messages -- including zero
>> length messages -- should be padded to 512 bit size in a certain way.
>>
>> See section "4. Message Padding" of
>> http://www.itl.nist.gov/fipspubs/fip180-1.htm
>>
>> My reading of the code is that it explicitly fails with an error for
>> zero length messages, and pads to 64 bit sizes.
>>
>> Am I nuts?
>>
>> --
>> Howard Stearns
>> AIM: qwaqHoward
>> Qwaq: +1-650-331-1437
>> office: +1-608-850-4482
>> mobile: +1-608-658-2419
>>
>>
>
>

> And zero length messages? What should I get back?
>
> Rob Withers wrote:
>> Howard,
>>
>> I think you are reading the code wrong.  In
>> #processFinalBuffer:bitLength: a final buffer of soze 64 BYTES is being
>> created and populated.  That is 512 bits.  Both SecureHashAlgorithm, from
>> the base image, and SHA1, from the Cryptography Team Package are doing
>> this.
>>
>> Rob
>>
>> ----- Original Message ----- From: "Howard Stearns"
>> <[hidden email]>
>> To: "The general-purpose Squeak developers list"
>> <[hidden email]>
>> Sent: Monday, October 29, 2007 2:05 PM
>> Subject: does SecureHashAlgorithm pad correctly?
>>
>>
>>> The class comment for SecureHashAlgorithm says it implements the SHA
>>> standard, but I'm not sure it's padding correctly.
>>>
>>> My reading of the standard is that all messages -- including zero length
>>> messages -- should be padded to 512 bit size in a certain way.
>>>
>>> See section "4. Message Padding" of
>>> http://www.itl.nist.gov/fipspubs/fip180-1.htm
>>>
>>> My reading of the code is that it explicitly fails with an error for
>>> zero length messages, and pads to 64 bit sizes.
>>>
>>> Am I nuts?
>>>
>>> --
>>> Howard Stearns
>>> AIM: qwaqHoward
>>> Qwaq: +1-650-331-1437
>>> office: +1-608-850-4482
>>> mobile: +1-608-658-2419
>>>
>>>
>>
>>
>
> --
> Howard Stearns
> AIM: qwaqHoward
> Qwaq: +1-650-331-1437
> office: +1-608-850-4482
> mobile: +1-608-658-2419
>
>

> Oh, I see what you are saying now.  I got hung up on 64 bits vs bytes.
>
> So I changed SHA1 to compute the final buffer and return it.  I get:
>    'DA39A3EE5E6B4B0D3255BFEF95601890AFD80709'
> as a result.  This matches http://en.wikipedia.org/wiki/SHA1:
> SHA1("") = da39a3ee 5e6b4b0d 3255bfef 95601890 afd80709
>
> Here is the code change I made in #hashStream:
>
> aPositionableStream atEnd ifTrue: [self processFinalBuffer: #()
> bitLength: 0].
>
> instead of the error.
>
> Rob
>
> ----- Original Message ----- From: "Howard Stearns"
> <[hidden email]>
> To: "The general-purpose Squeak developers list"
> <[hidden email]>
> Sent: Monday, October 29, 2007 3:16 PM
> Subject: Re: does SecureHashAlgorithm pad correctly?
>
>
>> And zero length messages? What should I get back?
>>
>> Rob Withers wrote:
>>> Howard,
>>>
>>> I think you are reading the code wrong.  In
>>> #processFinalBuffer:bitLength: a final buffer of soze 64 BYTES is
>>> being created and populated.  That is 512 bits.  Both
>>> SecureHashAlgorithm, from the base image, and SHA1, from the
>>> Cryptography Team Package are doing this.
>>>
>>> Rob
>>>
>>> ----- Original Message ----- From: "Howard Stearns"
>>> <[hidden email]>
>>> To: "The general-purpose Squeak developers list"
>>> <[hidden email]>
>>> Sent: Monday, October 29, 2007 2:05 PM
>>> Subject: does SecureHashAlgorithm pad correctly?
>>>
>>>
>>>> The class comment for SecureHashAlgorithm says it implements the SHA
>>>> standard, but I'm not sure it's padding correctly.
>>>>
>>>> My reading of the standard is that all messages -- including zero
>>>> length messages -- should be padded to 512 bit size in a certain way.
>>>>
>>>> See section "4. Message Padding" of
>>>> http://www.itl.nist.gov/fipspubs/fip180-1.htm
>>>>
>>>> My reading of the code is that it explicitly fails with an error for
>>>> zero length messages, and pads to 64 bit sizes.
>>>>
>>>> Am I nuts?
>>>>
>>>> --
>>>> Howard Stearns
>>>> AIM: qwaqHoward
>>>> Qwaq: +1-650-331-1437
>>>> office: +1-608-850-4482
>>>> mobile: +1-608-658-2419
>>>>
>>>>
>>>
>>>
>>
>> --
>> Howard Stearns
>> AIM: qwaqHoward
>> Qwaq: +1-650-331-1437
>> office: +1-608-850-4482
>> mobile: +1-608-658-2419
>>
>>
>
>