johanns / sha3 Goto Github PK
View Code? Open in Web Editor NEWSHA3 for Ruby is a XKCP based native (C) binding to SHA3 (FIPS 202) cryptographic hashing algorithm
License: MIT License
SHA3 for Ruby is a XKCP based native (C) binding to SHA3 (FIPS 202) cryptographic hashing algorithm
License: MIT License
HMAC support for sha3?
In e03087c the "TO DO" comment to add SHAKE128/SHAKE256 support was removed, but it doesn't seem like it was added. Are there any plans to add it in the future or will that remain unsupported?
I am trying to use sha3 as the digest to sign a message with OpenSSL. But it looks like Ruby 2.5.1 doesn't work with this library. Any thoughts on how I can combine the two? Thanks!
If you do:
s = SHA3::Digest::SHA512.new()
s.update("lalala")
s.hexdigest would be:
"89d131506a2bb6d406a15a25ffc477889e2829fe96f3f198c8493f4d58ab1c4f03772ff278caf450e9067e6ab7ac1e5762eda69915f4e1e4c5e66a3c91b94df1"
Whereas if you use https://github.com/phusion/digest-sha3-ruby:
Digest::SHA3.hexdigest("lalala")
would be:
"94040d49dc3fc75bce6c4d585ad4f7b3ce2358759174cb546daaabce11afc63db0eea61c25100b55650fba1afb88452cd65969c4f07956a4380b7ea5f490b306"
They are different, But both claimed that they are Keccak
In the section Usage > Basics, the order of the arguments should be switched
### Digest class-methods: ###
SHA3::Digest.hexdigest("Hash me, please", :sha224)
# => "200e7bc18cd613..."
should become
### Digest class-methods: ###
SHA3::Digest.hexdigest(:sha224, "Hash me, please")
# => "200e7bc18cd613..."
As found and reported by Nicky Mouha [1] and reported as CVE-2022-37454 [2] there is a buffer overflow in the XKCP implementation.
Tested with v1.0.4 on Ruby 3.1.1
% cat sha3.rb
require 'sha3'
h = SHA3::Digest::SHA224.new
h.update("\x00")
h.update("\x00" * 4294967295)
% ruby sha3.rb
sha3.rb:7: [BUG] Segmentation fault at 0x000055c2e88c7000
ruby 3.1.1p18 (2022-02-18 revision 53f5fc4236) [x86_64-linux]
-- Control frame information -----------------------------------------------
c:0003 p:---- s:0012 e:000011 CFUNC :update
c:0002 p:0044 s:0007 E:001c18 EVAL sha3.rb:7 [FINISH]
c:0001 p:0000 s:0003 E:0009f0 (none) [FINISH]
-- Ruby level backtrace information ----------------------------------------
sha3.rb:7:in `<main>'
sha3.rb:7:in `update'
-- Machine register context ------------------------------------------------
RIP: 0x00007f25d6da28b2 RBP: 0x000055c2e888bf40 RSP: 0x00007fffe70e9810
RAX: 0x0000000000007618 RBX: 0x0000000000007618 RCX: 0x0000000000000000
RDX: 0x0000000000000000 RDI: 0x00007fffe70e9810 RSI: 0x0000000000000000
R8: 0x0000000000000008 R9: 0x0000000000000001 R10: 0x00007f25dac80558
R11: 0x00007f25dae11910 R12: 0x0000000000000000 R13: 0x000055c2e888bf40
R14: 0x00007f24d6dd30cf R15: 0x0000000000007619 EFL: 0x0000000000010246
-- C level backtrace information -------------------------------------------
/home/x/.rvm/rubies/ruby-3.1.1/lib/libruby.so.3.1(rb_print_backtrace+0x11) [0x7f25db36e14c] vm_dump.c:759
/home/x/.rvm/rubies/ruby-3.1.1/lib/libruby.so.3.1(rb_vm_bugreport) vm_dump.c:1045
/home/x/.rvm/rubies/ruby-3.1.1/lib/libruby.so.3.1(rb_bug_for_fatal_signal+0xf4) [0x7f25db166eb4] error.c:821
/home/x/.rvm/rubies/ruby-3.1.1/lib/libruby.so.3.1(sigsegv+0x4d) [0x7f25db2c21bd] signal.c:964
/lib/x86_64-linux-gnu/libc.so.6(__restore_rt+0x0) [0x7f25dacb3520]
/home/x/.rvm/gems/ruby-3.1.1/gems/sha3-1.0.4/lib/sha3_n.so(KeccakF1600_StateXORBytesInLane+0x42) [0x7f25d6da28b2]
/home/x/.rvm/gems/ruby-3.1.1/gems/sha3-1.0.4/lib/sha3_n.so(Keccak_SpongeAbsorb+0x131) [0x7f25d6dbe291]
/home/x/.rvm/gems/ruby-3.1.1/gems/sha3-1.0.4/lib/sha3_n.so(0x1ea52) [0x7f25d6dbea52]
...
[1] https://mouha.be/sha-3-buffer-overflow/
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-37454
Hi there,
I've getting an error while installing sha3 gen on a raspeberry pi:
current directory: /var/lib/gems/2.3.0/gems/sha3-1.0.1/ext/sha3
/usr/bin/ruby2.3 -r ./siteconf20180309-2241-ivy7ku.rb extconf.rb
checking for sha3.h... yes
checking for digest.h... yes
creating MakefileTo see why this extension failed to compile, please check the mkmf.log which can be found here:
/var/lib/gems/2.3.0/extensions/arm-linux/2.3.0/sha3-1.0.1/mkmf.log
current directory: /var/lib/gems/2.3.0/gems/sha3-1.0.1/ext/sha3
make "DESTDIR=" cleancurrent directory: /var/lib/gems/2.3.0/gems/sha3-1.0.1/ext/sha3
make "DESTDIR="
compiling KeccakF-1600-reference.c
gcc: error: unrecognized argument in option ‘-march=nocona’
gcc: note: valid arguments to ‘-march=’ are: armv2 armv2a armv3 armv3m armv4 armv4t armv5 armv5e armv5t armv5te armv6 armv6-m armv6j
armv6k armv6kz armv6s-m armv6t2 armv6z armv6zk armv7 armv7-a armv7-m armv7-r armv7e-m armv7ve armv8-a armv8-a+crc armv8.1-a armv8.1-a+crc
iwmmxt iwmmxt2 native
Makefile:239: recipe for target 'KeccakF-1600-reference.o' failed
make: *** [KeccakF-1600-reference.o] Error 1make failed, exit code 2
Gem files will remain installed in /var/lib/gems/2.3.0/gems/sha3-1.0.1 for inspection.
Results logged to /var/lib/gems/2.3.0/extensions/arm-linux/2.3.0/sha3-1.0.1/gem_make.outAn error occurred while installing sha3 (1.0.1), and Bundler cannot continue.
Make sure thatgem install sha3 -v '1.0.1'
succeeds before bundling.
Any idea how to solve this?
Hello @johanns / @mmoghadas,
Thanks for the gem. As you know that Apple M1 doesn't support march=native
, please add support for --disable-march-tune-native
.
https://developer.apple.com/forums/thread/672654
--- a/ext/sha3/extconf.rb
+++ b/ext/sha3/extconf.rb
@@ -17,5 +17,10 @@ end
find_header("sha3.h")
find_header("digest.h")
-$CFLAGS = ' -fomit-frame-pointer -O3 -g0 -march=native '
+if enable_config('march-tune-native', false)
+ $CFLAGS = ' -fomit-frame-pointer -O3 -g0 '
+else
+ $CFLAGS = ' -fomit-frame-pointer -O3 -g0 -march=native '
+end
+
$ irb -f
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::HMAC.digest OpenSSL::Digest::SHA512.new, '', ''
=> "\xB96\xCE\xE8l\x9F\x87\xAA]<o.\x84\xCBZB9\xA5\xFEPH\nn\xC6kp\xAB[\x1FJ\xC6s\flQT!\xB3'\xEC\[email protected]\xDF\xB4\x9A\xD78\x1E\xB0g\xB38\xFD{\f\xB2\"G\"]G"
irb(main):003:0> require 'sha3'
=> true
irb(main):004:0> OpenSSL::HMAC.digest OpenSSL::Digest::SHA512.new, '', ''
TypeError: wrong argument (OpenSSL::Digest::SHA512)! (Expected kind of SHA3::Digest)
from (irb):4:in `digest'
from (irb):4
from /usr/bin/irb:11:in `<main>'
both snappy & sha3 have the same build failure,
which looks suspicious, eh?
my learning-programming environment is:
aarch64 / Android / Termux / Ubuntu server jammy, aka 22.04 LTS
and Ruby 3.0.2 within.
gem install sha3 produced, on stdout:
1 ERROR: Error installing sha3:
2 ERROR: Failed to build gem native extension.
3
4 current directory: /var/lib/gems/3.0.0/gems/sha3-1.0.4/ext/sha3
5 /usr/bin/ruby3.0 -I /usr/lib/ruby/vendor_ruby -r ./siteconf20220609-1113-hj7d07.rb extconf.rb
6 checking for sha3.h... yes
7 checking for digest.h... yes
8 creating Makefile
9
10 current directory: /var/lib/gems/3.0.0/gems/sha3-1.0.4/ext/sha3
11 make DESTDIR\= clean
12
13 current directory: /var/lib/gems/3.0.0/gems/sha3-1.0.4/ext/sha3
14 make DESTDIR\=
15 compiling KeccakF-1600-reference.c
16 compiling KeccakHash.c
17 compiling KeccakSponge.c
18 compiling SnP-FBWL-default.c
19 compiling digest.c
20 compiling displayIntermediateValues.c
21 compiling sha3.c
22 linking shared-object sha3_n.so
23
24 current directory: /var/lib/gems/3.0.0/gems/sha3-1.0.4/ext/sha3
25 make DESTDIR\= install
26 make: /usr/bin/mkdir: No such file or directory
27 make: *** [Makefile:202: .sitearchdir.time] Error 127
28
29 make install failed, exit code 2
30
31 Gem files will remain installed in /var/lib/gems/3.0.0/gems/sha3-1.0.4 for inspection.
32 Results logged to /var/lib/gems/3.0.0/extensions/aarch64-linux/3.0.0/sha3-1.0.4/gem_make.out
mkdir is in /bin, not in /usr/bin/mkdir, eh?
Salut, Namaste, & Kaizen!
( :
Hi,
It seems that the the :SHA512
does not output a correct hash.
I actually needed to check my hashes through Qt and Rails.
I have test some ways, see:
QCryptographicHash::hash(QByteArray(QString("foo").toUtf8()), QCryptographicHash::Sha3_512).toHex();
==
require 'digest/sha3'
Digest::SHA3.hexdigest 'foo'
!=
require 'sha3'
SHA3::Digest::SHA512.hexdigest 'foo'
Haven't test the other lengths so far.
Hey,
I'm trying to find a SHA3 library for Ruby, but it seems like every library (this one included) is, if I'm not mistaken, using an old version of Keccak for validation, not the actual standardized SHA3.
The most recent SHA3 test vectors say that the hash of the blank string should be:
A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
however, in this library, it works out to:
C5D2460186F7233C927E7DB2DCC703C0E500B653CA82273B7BFAD8045D85A470
After some research, I found some pages that calculate both the original keccak and the sha3, and it confirms that the first output is correct. Here's one such page:
https://www.npmjs.com/package/js-sha3
And here's a blank test vector from the original docs:
http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA3-256_Msg0.pdf
Which agrees with everything else, and shows that the output is wrong.
Is there any chance of getting this fixed? Or of adding an option to use the new variation?
The gem worked well with ruby 3.0, but after updating to ruby 3.1, the native ext fails to build with a number of errors of this form:
compiling digest.c
In file included from digest.c:3:
In file included from ./sha3.h:6:
In file included from /opt/local/include/ruby-3.1.1/ruby.h:38:
In file included from /opt/local/include/ruby-3.1.1/ruby/ruby.h:25:
In file included from /opt/local/include/ruby-3.1.1/ruby/defines.h:73:
In file included from /opt/local/include/ruby-3.1.1/ruby/backward/2/attributes.h:42:
In file included from /opt/local/include/ruby-3.1.1/ruby/internal/attr/pure.h:25:
/opt/local/include/ruby-3.1.1/ruby/assert.h:132:1: error: '__declspec' attributes are not enabled; use '-fdeclspec' or '-fms-extensions' to enable
support for __declspec attributes
RBIMPL_ATTR_NORETURN()
^
/opt/local/include/ruby-3.1.1/ruby/internal/attr/noreturn.h:29:33: note: expanded from macro 'RBIMPL_ATTR_NORETURN'
# define RBIMPL_ATTR_NORETURN() __declspec(noreturn)
^
$ ruby --version
ruby 3.1.1p18 (2022-02-18 revision 53f5fc4236) [arm64-darwin21]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.