flat assembler
Message board for the users of flat assembler.

flat assembler > Examples and Tutorials > SHA-256 in fasm

Author
Thread Post new topic Reply to topic
bzt



Joined: 09 Nov 2018
Posts: 17
Hi,

I've implemented SHA-256 in protmode fasm with the same API as OpenSSL (init/update/final).
I haven't unrolled the sha loop, but I've used a lookup table to avoid root calculation.
Compiled code is small (958 bytes), source licensed under MIT:
https://gitlab.com/bztsrc/sha256asm

Cheers,
bzt
Post 09 Nov 2018, 13:21
View user's profile Send private message Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 293
Location: Australia
Excellent!

This is nicely done for a super-small SHA256 implementation. The one I wrote for my HeavyThing library ( here ) is about 10x larger in size. I like your coding style, well done Smile

_________________
2 Ton Digital - https://2ton.com.au/
Post 10 Nov 2018, 23:15
View user's profile Send private message Reply with quote
bzt



Joined: 09 Nov 2018
Posts: 17
Hi,

Thanks! I've checked your code, nicely done! You have a full, universal implementation! Mine is heaviliy optimized for 256 and one context only, because I wanted to use it in a bootloader. Unlike your's, mine is for a specific case only, no wonder it's much smaller.

Cheers,
bzt
Post 12 Nov 2018, 10:30
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 286
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
I found bug in sha_upd()
Code:
            ; IN: ESI = buffer,ECX = length. Clobbers EAX,EDI.
sha_upd:    mov         edi,dword [sha_l]
            add         edi,sha_d
            ; for(;len--;d++) {
            ; ctx->d[ctx->l++]=*d;
.next:      movsb
            inc         byte [sha_l]
            ; if(ctx->l==64) {
            cmp         byte [sha_l],64
            jne         @f
            ; sha256_t(ctx);
            call        sha_final.sha_t
            ; SHA_ADD(ctx->b[0],ctx->b[1],512);
            add         dword [sha_b],512
            adc         dword [sha_b+4],0
            ; ctx->l=0;
            mov         byte [sha_l],0
            ; }
@@:         dec         ecx
            jnz         sha_upd;.next        ;bug in this line
            ret    

_________________
smaller is better
Post 12 Nov 2018, 23:31
View user's profile Send private message Reply with quote
bzt



Joined: 09 Nov 2018
Posts: 17
Hi,

First of all, thank you very much for checking out my code!

Why do you think that's a bug? Why should the code reload the edi register on every iteration?
I think the bug is more likely not setting edi to sha_d when sha_l overflows, isn't it? I'll create a test case specially for that, and come back to you with the results.

Thank you again for noticing!
bzt

EDIT: you were right! As it turned out all my test vectors were shorter than 64 bytes, so I haven't noticed that bug! My mistake. Now that I've also tested with "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" (length 896 bits), the problem is fixed!

Playing around with NIST test vectors, I've found another one that didn't work: the empty message. Honestly I use sha for hashing disk encryption passwords, so it never popped into my mind to test it against an empty message... Anyway, I've fixed that too! Smile

Just for the records, those fixes added 9 bytes to the code, so now it's 967 bytes long.
Post 14 Nov 2018, 11:43
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2018, Tomasz Grysztar.

Powered by rwasa.