search

wokier / gwt-crypto

Automatically exported from code.google.com/p/gwt-crypto
8 stars 1 forks source link

Include Sha256Digest #10

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi,

thanks for your efforts. Would be nice you included 
http://147.91.177.212/extra/java2/apis/bc138_docs1.5/org/bouncycastle/crypto/dig
ests/SHA256Digest.html
as well :)

Thanks again

Original issue reported on code.google.com by pandem...@googlemail.com on 15 Aug 2011 at 2:42

GoogleCodeExporter commented 9 years ago

Original comment by rame...@gmail.com on 16 Aug 2011 at 10:56

GoogleCodeExporter commented 9 years ago 
Sadly during testing I ran into some trouble. Most of the tests work but one 
fails for both SHA256 and SHA224. It seems to be some arithmetic related issue 
(probably overflow or bit shifting related) inside GWT, the test run OK in JVM 
but not in production mode (JS). I tested this on both GWT 2.3 and 2.4 (trunk) 
with the same result. I might do more testing in the future but right now I 
don't have enough time.
If anybody wants to give it a shot I'll commit the changes.
Weird thing is that SHA384 and SHA512 seem to be working correctly but they use 
longs instead of int which are emulated differently in JS.
Maybe there is some glitch in the algorithm itself which combined with GWT 
compile process will produce these errors but rechecking the entire algorithm 
is out of a question (at least for me these days).

Original comment by rame...@gmail.com on 16 Aug 2011 at 1:36

GoogleCodeExporter commented 9 years ago 
Hi, thanks for your response. Maybe this is a problem for a SHA1 issue 
(http://code.google.com/p/gwt-crypto/issues/detail?id=11) as well.

Original comment by pandem...@googlemail.com on 21 Aug 2011 at 10:07

GoogleCodeExporter commented 9 years ago 
Yep I think it could be the same problem. Most probable cause of these problems 
is lack of overflow support for int (byte, char)  in GWT (which emulates it as 
double in JS). In order to correct this we would have to mask every assignment 
like this:
{{{
Int i = (j + ...) & 0xffffffff;
}}}

Original comment by rame...@gmail.com on 22 Aug 2011 at 5:59

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Can you provide the input producing invalid SHA256 digest?

Original comment by tbra...@gmail.com on 26 Mar 2012 at 12:14

GoogleCodeExporter commented 9 years ago 
You can find ones not working in test cases included in the project which you 
can download from the SVN (note that you have to run the tests in production in 
order for the bug to reproduce)

Original comment by rame...@gmail.com on 26 Mar 2012 at 12:40

GoogleCodeExporter commented 9 years ago 
Invalid SHA256 digest is produced e.g. for following string:  
"a1y28pfxfkrb3dc0ysjzkc4ef5510a8fleg5nf7ld911lgl7n4bv09em". 

It is a problem related to lack of int JS overflow indeed.

I have replaces all "+=" operators with invocation of methods like:

    private int safeAdd(int a, int b){
        return  ((a|0) + (b|0)) | 0;
    }

Most likely instead of |0 you can use & 0xffffffff.

I have tested this with a random string generator (length of strings < 1000 
chars) and comparing results with another JS sha256 implementation. It was 
working fine.

Original comment by tbra...@gmail.com on 19 Apr 2012 at 12:20

GoogleCodeExporter commented 9 years ago 
Could you send us a patch file... Thanks

Original comment by rame...@gmail.com on 19 Apr 2012 at 12:47