Open GoogleCodeExporter opened 9 years ago
Original comment by rame...@gmail.com
on 16 Aug 2011 at 10:56
Sadly during testing I ran into some trouble. Most of the tests work but one
fails for both SHA256 and SHA224. It seems to be some arithmetic related issue
(probably overflow or bit shifting related) inside GWT, the test run OK in JVM
but not in production mode (JS). I tested this on both GWT 2.3 and 2.4 (trunk)
with the same result. I might do more testing in the future but right now I
don't have enough time.
If anybody wants to give it a shot I'll commit the changes.
Weird thing is that SHA384 and SHA512 seem to be working correctly but they use
longs instead of int which are emulated differently in JS.
Maybe there is some glitch in the algorithm itself which combined with GWT
compile process will produce these errors but rechecking the entire algorithm
is out of a question (at least for me these days).
Original comment by rame...@gmail.com
on 16 Aug 2011 at 1:36
Hi, thanks for your response. Maybe this is a problem for a SHA1 issue
(http://code.google.com/p/gwt-crypto/issues/detail?id=11) as well.
Original comment by pandem...@googlemail.com
on 21 Aug 2011 at 10:07
Yep I think it could be the same problem. Most probable cause of these problems
is lack of overflow support for int (byte, char) in GWT (which emulates it as
double in JS). In order to correct this we would have to mask every assignment
like this:
{{{
Int i = (j + ...) & 0xffffffff;
}}}
Original comment by rame...@gmail.com
on 22 Aug 2011 at 5:59
[deleted comment]
Can you provide the input producing invalid SHA256 digest?
Original comment by tbra...@gmail.com
on 26 Mar 2012 at 12:14
You can find ones not working in test cases included in the project which you
can download from the SVN (note that you have to run the tests in production in
order for the bug to reproduce)
Original comment by rame...@gmail.com
on 26 Mar 2012 at 12:40
Invalid SHA256 digest is produced e.g. for following string:
"a1y28pfxfkrb3dc0ysjzkc4ef5510a8fleg5nf7ld911lgl7n4bv09em".
It is a problem related to lack of int JS overflow indeed.
I have replaces all "+=" operators with invocation of methods like:
private int safeAdd(int a, int b){
return ((a|0) + (b|0)) | 0;
}
Most likely instead of |0 you can use & 0xffffffff.
I have tested this with a random string generator (length of strings < 1000
chars) and comparing results with another JS sha256 implementation. It was
working fine.
Original comment by tbra...@gmail.com
on 19 Apr 2012 at 12:20
Could you send us a patch file... Thanks
Original comment by rame...@gmail.com
on 19 Apr 2012 at 12:47
Original issue reported on code.google.com by
pandem...@googlemail.com
on 15 Aug 2011 at 2:42