From: Jeff King <peff@peff.net>
To: git@vger.kernel.org
Subject: [PATCH] replace sha1 with another algorithm
Date: Tue, 25 Oct 2011 17:12:37 -0700 [thread overview]
Message-ID: <20111026001237.GA22195@sigill.intra.peff.net> (raw)
SHA-1 is due to be cryptographically broken sometime in the
next decade, with collision attacks becoming possible. But
we don't have to wait! We can act now and replace it,
treating us to all of the pain of a flag day without any
delay!
We could of course use the SHA-2 family, or wait for the
upcoming SHA-3. But any good cryptographer knows that you
should _never_ use a standard algorithm. It's always better
to roll your own. After all, if _you_ can't break it, how
could anyone else?
Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Brandon Casey <drafnel@gmail.com>
Mocked-by: Rick Balocca <richard.balocca@ericsson.com>
Enjoyed-by: Elijah Newren <newren@gmail.com>
---
block-sha1/sha1.h | 2 +-
cache.h | 4 +++-
sha1_file.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/block-sha1/sha1.h b/block-sha1/sha1.h
index b864df6..49331e3 100644
--- a/block-sha1/sha1.h
+++ b/block-sha1/sha1.h
@@ -19,4 +19,4 @@
#define git_SHA_CTX blk_SHA_CTX
#define git_SHA1_Init blk_SHA1_Init
#define git_SHA1_Update blk_SHA1_Update
-#define git_SHA1_Final blk_SHA1_Final
+#define real_git_SHA1_Final blk_SHA1_Final
diff --git a/cache.h b/cache.h
index 2e6ad36..068062b 100644
--- a/cache.h
+++ b/cache.h
@@ -13,9 +13,11 @@
#define git_SHA_CTX SHA_CTX
#define git_SHA1_Init SHA1_Init
#define git_SHA1_Update SHA1_Update
-#define git_SHA1_Final SHA1_Final
+#define real_git_SHA1_Final SHA1_Final
#endif
+void git_SHA1_Final(unsigned char out[20], git_SHA_CTX *ctx);
+
#include <zlib.h>
typedef struct git_zstream {
z_stream z;
diff --git a/sha1_file.c b/sha1_file.c
index 27f3b9b..23e0107 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2833,3 +2833,35 @@ void assert_sha1_type(const unsigned char *sha1, enum object_type expect)
die("%s is not a valid '%s' object", sha1_to_hex(sha1),
typename(expect));
}
+
+static void xor_bytes(unsigned char *out, unsigned char *a, unsigned char *b,
+ unsigned n)
+{
+ unsigned i;
+ for (i = 0; i < n; i++)
+ out[i] = a[i] ^ b[i];
+}
+
+static void mix_hash(unsigned char *h, unsigned n)
+{
+ unsigned char out[20];
+ unsigned mid = n / 2;
+
+ if (2*mid < n)
+ return;
+
+ xor_bytes(out, h, h + mid, mid);
+ xor_bytes(out + mid, h + mid, h, mid);
+ memcpy(h, out, n);
+
+ /* If a little bit of mixing is good, then a lot must be GREAT! */
+ mix_hash(h, mid);
+ mix_hash(h + mid, mid);
+}
+
+void git_SHA1_Final(unsigned char out[20], git_SHA_CTX *ctx)
+{
+ /* We build on top of the regular SHA1, but then "enhance" it. */
+ real_git_SHA1_Final(out, ctx);
+ mix_hash(out, 20);
+}
--
1.7.7.troll
next reply other threads:[~2011-10-26 0:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-26 0:12 Jeff King [this message]
2011-10-26 9:59 ` [PATCH] replace sha1 with another algorithm Michael J Gruber
2011-10-26 19:44 ` Junio C Hamano
2011-10-27 0:01 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111026001237.GA22195@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).