Announcement

Collapse
No announcement yet.

SHA256 Padding Error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SHA256 Padding Error

    I discovered an error in the implementation of SHA256. If "Data MOD %BLOCKSIZE" is 55 bytes, then the checksum is incorrect.

    Does anyone know the definition of SHA256? I can't find a solution. So far I have only been able to isolate the error. ==> See code snippet

    Complete code:
    https://forum.powerbasic.com/forum/u...4-class-sha256

    Code:
    %BLOCKSIZE = 64
    
    
    CLASS METHOD calcBuffer (BYVAL hData AS DWORD, BYVAL Length AS DWORD) AS LONG
    LOCAL i AS DWORD
    LOCAL pstate AS LONG
    LOCAL lastbuff AS STRING
    LOCAL DataBuffer AS BYTE PTR
    LOCAL phash AS DWORD PTR
    DataBuffer = hData i = Length AND (%BLOCKSIZE-1) lastbuff = PEEK$((DataBuffer+Length)-i, i) lastbuff = lastbuff + me.MakePadding(Length) ... ... ...
    END METHOD CLASS METHOD MakePadding (BYVAL TotalBytes AS QUAD) AS STRING LOCAL i AS LONG LOCAL padBytes AS LONG LOCAL buffbits AS QUAD LOCAL padding AS STRING LOCAL pbyte1 AS BYTE PTR LOCAL pbyte2 AS BYTE PTR
    buffBits = TotalBytes * 8 padding = NUL$(8) pbyte1 = STRPTR(padding) pbyte2 = VARPTR(buffBits) '-- Reverse bytes during copy FOR i = 0 TO 7
    @pbyte1[i] = @pbyte2[7 - i]
    NEXT i padBytes = %BLOCKSIZE - ((TotalBytes+9) AND (%BLOCKSIZE-1)) ' When ((TotalBytes+9) AND (%BLOCKSIZE-1)) ' equal 0 ' then ==> checksum is false METHOD = CHR$(&h80) + NUL$(padBytes) + padding
    END METHOD

  • #2
    Does anyone know the definition of SHA256?
    FIPS Pub 180-4 at -
    https://csrc.nist.gov/publications/d...ps/180/4/final
    Not an easy read, but is the definition. Padding paragraph -

    5.1.1 SHA-1, SHA-224 and SHA-256
    Suppose that the length of the message, M, is l? bits. Append the bit “1” to the end of the
    message, followed by k zero bits, where k is the smallest, non-negative solution to the equation
    ? ?1? k ? 448mod512 . Then append the 64-bit block that is equal to the number ? expressed
    using a binary representation. For example, the (8-bit ASCII) message “abc” has length
    8?3 ? 24, so the message is padded with a one bit, then 448 ? (24 ?1) ? 423 zero bits, and then
    the message length, to become the 512-bit padded message
    423 64
    ??? ?????
    01100001 01100010 01100011 1 00…00 00…011000
    ????? ????? ????? ???
    “a” “b” “c” ? ? 24
    The length of the padded message should now be a multiple of 512 bits.

    (that didn't copy well from the pdf.)

    Cheers,
    Dale

    Comment


    • #3
      https://medium.com/bugbountywriteup/...m-2ce61d86f7a3

      1. Append : Padding bits

      First step of our hashing function begins with appending bits to our original message, so that its length will be same to the standard length required for the hash function. To do so we proceed by adding few bits to the message that we have in hand. The number of bits we add is calculated as such so that after addition of these bits the length of the message should be exactly 64 bits less than a multiple of 512. Let me depict it to you in mathematical terms for better understanding.

      M + P + 64 = n x 512

      i.e
      M = length of original message
      P = padded bits


      The bits that we append to the message, should begin with ‘1’ and the following bits must be ‘0’ till we are exactly 64 bits less than the multiple of 512.

      Click image for larger version

Name:	Pad256.jpg
Views:	37
Size:	9.1 KB
ID:	796131







      2. Append : Length bits

      Now that we have appended our padding bits to the original message we can further go ahead append our length bits which is equivalent to 64 bits, to the overall message to make the entire thing an exact multiple of 512.
      We know that we need to add 64 more bits, the way to calculate these 64 bits is by calculating the modulo of the original message i.e. the one without the padding, with 2³². The message we obtain we append those length to the padded bits and we get the entire message block, which must be a multiple of 512.

      Comment


      • #4
        I have a guess what's here.

        After
        padBytes = %BLOCKSIZE - ((TotalBytes+9) AND (%BLOCKSIZE-1))

        Miss
        padBytes = padBytes MOD %BLOCKSIZE

        I testing...

        Comment


        • #5
          Deleted. Bad arithmetic!

          Comment


          • #6
            When TotalBytes+9 = 64, then no more padding null-bytes are required.
            That's why padBytes MOD %BLOCKSIZE

            Comment


            • #7
              Originally posted by Bernhard Fomm View Post
              When TotalBytes+9 = 64, then no more padding null-bytes are required.
              That's why padBytes MOD %BLOCKSIZE
              You are correct. without the MOD, padBytes goes to 64
              Code:
              #COMPILE EXE
              #DIM ALL
              %BLOCKSIZE = 64
              FUNCTION PBMAIN () AS LONG
                   LOCAL Totalbytes,padBytes,fullblocks AS LONG
                   LOCAL strT AS STRING
                fullblocks = 0
               FOR TotalBytes = (fullblocks *64 + 54) TO (fullblocks  *64 + 56)
                   'padBytes = %BLOCKSIZE - ((TotalBytes+9) AND (%BLOCKSIZE-1))
                    padBytes = (%BLOCKSIZE - ((TotalBytes+9) AND (%BLOCKSIZE-1))) MOD 64
                       strT += $CRLF & USING$("A # byte string makes padBytes # which makes the padding string # long and the padded string # bytes long ",TotalBytes,padBytes,(1 + padbytes + 8),TotalBytes + 1 + padbytes + 8)
                NEXT
                   ? strT
              END FUNCTION
              '
              WITHOUT MOD
              ---------------------------
              A 54 byte string makes padBytes 1 which makes the padding string 10 long and the padded string 64 bytes long
              A 55 byte string makes padBytes 64 which makes the padding string 73 long and the padded string 128 bytes long
              A 56 byte string makes padBytes 63 which makes the padding string 72 long and the padded string 128 bytes long
              ---------------------------
              WITH MOD
              ---------------------------
              A 54 byte string makes padBytes 1 which makes the padding string 10 long and the padded string 64 bytes long
              A 55 byte string makes padBytes 0 which makes the padding string 9 long and the padded string 64 bytes long
              A 56 byte string makes padBytes 63 which makes the padding string 72 long and the padded string 128 bytes long
              ---------------------------

              Comment


              • #8
                Thanks!


                Is
                (TotalBytes+9) AND (%BLOCKSIZE-1)

                equal
                (TotalBytes+9) MOD %BLOCKSIZE

                ???

                Comment


                • #9
                  I think I lost the chain.
                  A 55 byte string makes padBytes 64 which makes the padding string 73 long and the padded string 128 bytes long
                  Is that supposed to be correct or incorrect?

                  55 bytes of string, plus 1 byte for mandatory 1 bit, plus 8 bytes for bit count equals 64 bytes. I think zero pad bytes needed. The 56 byte string goes one over 64, so padding needed to get to 128.

                  TIA
                  Dale

                  Comment


                  • #10
                    Solution is in #6 and #7

                    Comment


                    • #11
                      Originally posted by Dale Yarker View Post
                      I think I lost the chain.

                      A 55 byte string makes padBytes 64 which makes the padding string 73 long and the padded string 128 bytes long

                      Is that supposed to be correct or incorrect?

                      TIA
                      That's supposed to be incorrect. It's what happens WITHOUT MOD.

                      Comment


                      • #12
                        TA

                        (With MOD lines were added?)
                        Dale

                        Comment


                        • #13
                          Originally posted by Bernhard Fomm View Post
                          Thanks!


                          Is
                          (TotalBytes+9) AND (%BLOCKSIZE-1)

                          equal
                          (TotalBytes+9) MOD %BLOCKSIZE

                          ???
                          Not for every value of %BLOCKSIZE


                          Comment


                          • #14
                            Code:
                            FUNCTION MakePadding (BYVAL TotalBytes AS QUAD) AS STRING
                            LOCAL i AS LONG
                            LOCAL remains AS LONG
                            LOCAL padBytes AS LONG
                            LOCAL buffbits AS QUAD
                            LOCAL padding AS STRING
                            LOCAL pbyte1 AS BYTE PTR
                            LOCAL pbyte2 AS BYTE PTR
                            remains = (TotalBytes + 9) MOD %BLOCKSIZE padBytes = (%BLOCKSIZE - remains) MOD %BLOCKSIZE ' <<== here is the solution buffBits = TotalBytes * 8 padding = NUL$(8) pbyte1 = STRPTR(padding) pbyte2 = VARPTR(buffBits) '-- Reverse bytes during copy FOR i = 0 TO 7
                            @pbyte1[i] = @pbyte2[7 - i]
                            NEXT i
                            FUNCTION = CHR$(&h80) + NUL$(padBytes) + padding
                            END FUNCTION

                            Comment

                            Working...
                            X