From unknown Fri Jun 20 07:20:46 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#42020 <42020@debbugs.gnu.org> To: bug#42020 <42020@debbugs.gnu.org> Subject: Status: [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Reply-To: bug#42020 <42020@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:20:46 +0000 retitle 42020 [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s reassign 42020 guix-patches submitter 42020 Ludovic Court=C3=A8s severity 42020 normal tag 42020 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 23 11:36:50 2020 Received: (at submit) by debbugs.gnu.org; 23 Jun 2020 15:36:50 +0000 Received: from localhost ([127.0.0.1]:36970 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnkyc-0006pE-5F for submit@debbugs.gnu.org; Tue, 23 Jun 2020 11:36:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:41520) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnkyX-0006p2-EA for submit@debbugs.gnu.org; Tue, 23 Jun 2020 11:36:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50362) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jnkyX-0000l3-6q for guix-patches@gnu.org; Tue, 23 Jun 2020 11:36:41 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35589) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnkyW-0005EV-5o; Tue, 23 Jun 2020 11:36:40 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57334 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jnkyV-0004ZF-Bd; Tue, 23 Jun 2020 11:36:39 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Date: Tue, 23 Jun 2020 17:36:33 +0200 Message-Id: <20200623153633.15346-1-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! This is a followup to: https://issues.guix.gnu.org/41382 This patch series adds daemon support for a few more cryptographic hash functions, for use by fixed-output derivations (origins) and the likes. We should wait for a year or so before using those algorithms in package definitions so we can assume that the new daemon is widespread. Note that there are still places where SHA256 is hard-coded. For instance, the ‘query-path-hash’ RPC always returns a SHA256 hash. Internally, the ‘ValidPaths’ table of the database can store any hash, but in practice it only ever contains a SHA256 hash (see ‘LocalStore::addValidPath’ and (guix store database)). Feedback welcome! Ludo’. Ludovic Courtès (4): daemon: Map directly to gcrypt hash functions. daemon: Remove OpenSSL hash compatibility wrappers. daemon: Recognize SHA3 and BLAKE2s. packages: Recognize SHA3 and BLAKE2s for 'content-hash'. guix/packages.scm | 5 ++- nix/libutil/gcrypt-hash.cc | 51 ----------------------------- nix/libutil/gcrypt-hash.hh | 50 ---------------------------- nix/libutil/hash.cc | 67 +++++++++++++++++++------------------- nix/libutil/hash.hh | 20 +++++++----- nix/libutil/md5.h | 35 -------------------- nix/libutil/sha1.h | 35 -------------------- nix/libutil/sha256.h | 35 -------------------- nix/libutil/sha512.h | 35 -------------------- nix/local.mk | 12 ++----- tests/packages.scm | 26 +++++++++++++++ tests/store.scm | 4 +-- 12 files changed, 80 insertions(+), 295 deletions(-) delete mode 100644 nix/libutil/gcrypt-hash.cc delete mode 100644 nix/libutil/gcrypt-hash.hh delete mode 100644 nix/libutil/md5.h delete mode 100644 nix/libutil/sha1.h delete mode 100644 nix/libutil/sha256.h delete mode 100644 nix/libutil/sha512.h -- 2.26.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 23 11:56:01 2020 Received: (at 42020) by debbugs.gnu.org; 23 Jun 2020 15:56:01 +0000 Received: from localhost ([127.0.0.1]:36996 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHF-0007Ji-A9 for submit@debbugs.gnu.org; Tue, 23 Jun 2020 11:56:01 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHD-0007JR-4T for 42020@debbugs.gnu.org; Tue, 23 Jun 2020 11:55:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35820) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnlH7-0000MZ-GA; Tue, 23 Jun 2020 11:55:53 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57536 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jnlH6-0006sV-PD; Tue, 23 Jun 2020 11:55:53 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 42020@debbugs.gnu.org Subject: [PATCH 1/4] daemon: Map directly to gcrypt hash functions. Date: Tue, 23 Jun 2020 17:55:44 +0200 Message-Id: <20200623155547.15886-1-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42020 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * nix/libutil/hash.hh (HashType): Map directly to GCRY_MD_ values. (md5HashSize, sha1HashSize, sha256HashSize, sha512HashSize): Remove. * nix/libutil/hash.cc (Hash::Hash): Use 'gcry_md_get_algo_dlen'. --- nix/libutil/hash.cc | 8 +++----- nix/libutil/hash.hh | 17 +++++++++-------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc index ea69aa64f9..251f18f60e 100644 --- a/nix/libutil/hash.cc +++ b/nix/libutil/hash.cc @@ -38,11 +38,9 @@ Hash::Hash() Hash::Hash(HashType type) { this->type = type; - if (type == htMD5) hashSize = md5HashSize; - else if (type == htSHA1) hashSize = sha1HashSize; - else if (type == htSHA256) hashSize = sha256HashSize; - else if (type == htSHA512) hashSize = sha512HashSize; - else throw Error("unknown hash type"); + hashSize = gcry_md_get_algo_dlen(type); + + if (hashSize == 0) throw Error("unknown hash type"); assert(hashSize <= maxHashSize); memset(hash, 0, maxHashSize); } diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh index 6b5e47cd8a..7357a34e1d 100644 --- a/nix/libutil/hash.hh +++ b/nix/libutil/hash.hh @@ -1,5 +1,7 @@ #pragma once +#include + #include "types.hh" #include "serialise.hh" @@ -7,16 +9,15 @@ namespace nix { -typedef enum { htUnknown, htMD5, htSHA1, htSHA256, htSHA512 } HashType; - - -const int md5HashSize = 16; -const int sha1HashSize = 20; -const int sha256HashSize = 32; -const int sha512HashSize = 64; - extern const string base32Chars; +typedef enum { + htUnknown = 0, + htMD5 = GCRY_MD_MD5, + htSHA1 = GCRY_MD_SHA1, + htSHA256 = GCRY_MD_SHA256, + htSHA512 = GCRY_MD_SHA512 +} HashType; struct Hash { -- 2.26.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 23 11:56:07 2020 Received: (at 42020) by debbugs.gnu.org; 23 Jun 2020 15:56:07 +0000 Received: from localhost ([127.0.0.1]:37000 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHH-0007KK-Mh for submit@debbugs.gnu.org; Tue, 23 Jun 2020 11:56:07 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42768) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHG-0007JX-Dt for 42020@debbugs.gnu.org; Tue, 23 Jun 2020 11:56:02 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35822) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnlHB-0000Ni-3d; Tue, 23 Jun 2020 11:55:57 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57536 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jnlHA-0006sV-6p; Tue, 23 Jun 2020 11:55:56 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 42020@debbugs.gnu.org Subject: [PATCH 3/4] daemon: Recognize SHA3 and BLAKE2s. Date: Tue, 23 Jun 2020 17:55:46 +0200 Message-Id: <20200623155547.15886-3-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200623155547.15886-1-ludo@gnu.org> References: <20200623155547.15886-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42020 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * nix/libutil/hash.hh (HashType): Add htSHA3_256, htSHA3_512, and htBLAKE2s_256. * nix/libutil/hash.cc (parseHashType, printHashType): Recognize them. * tests/store.scm ("add-to-store"): Test these algorithms. --- nix/libutil/hash.cc | 6 ++++++ nix/libutil/hash.hh | 5 ++++- tests/store.scm | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc index 20d2e4b724..7853acdd49 100644 --- a/nix/libutil/hash.cc +++ b/nix/libutil/hash.cc @@ -321,6 +321,9 @@ HashType parseHashType(const string & s) else if (s == "sha1") return htSHA1; else if (s == "sha256") return htSHA256; else if (s == "sha512") return htSHA512; + else if (s == "sha3-256") return htSHA3_256; + else if (s == "sha3-512") return htSHA3_512; + else if (s == "blake2s-256") return htBLAKE2s_256; else return htUnknown; } @@ -331,6 +334,9 @@ string printHashType(HashType ht) else if (ht == htSHA1) return "sha1"; else if (ht == htSHA256) return "sha256"; else if (ht == htSHA512) return "sha512"; + else if (ht == htSHA3_256) return "sha3-256"; + else if (ht == htSHA3_512) return "sha3-512"; + else if (ht == htBLAKE2s_256) return "blake2s-256"; else throw Error("cannot print unknown hash type"); } diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh index 7357a34e1d..ac58651a02 100644 --- a/nix/libutil/hash.hh +++ b/nix/libutil/hash.hh @@ -16,7 +16,10 @@ typedef enum { htMD5 = GCRY_MD_MD5, htSHA1 = GCRY_MD_SHA1, htSHA256 = GCRY_MD_SHA256, - htSHA512 = GCRY_MD_SHA512 + htSHA512 = GCRY_MD_SHA512, + htSHA3_256 = GCRY_MD_SHA3_256, + htSHA3_512 = GCRY_MD_SHA3_512, + htBLAKE2s_256 = GCRY_MD_BLAKE2S_256 } HashType; struct Hash diff --git a/tests/store.scm b/tests/store.scm index 06f7939657..ee3e01f33b 100644 --- a/tests/store.scm +++ b/tests/store.scm @@ -116,7 +116,7 @@ (list (stat:uid s) (stat:perms s)))) (test-equal "add-to-store" - '("sha1" "sha256" "sha512") + '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256") (let* ((file (search-path %load-path "guix.scm")) (content (call-with-input-file file get-bytevector-all))) (map (lambda (hash-algo) @@ -125,7 +125,7 @@ (bytevector=? (call-with-input-file file get-bytevector-all) content) hash-algo))) - '("sha1" "sha256" "sha512")))) + '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256")))) (test-equal "add-data-to-store" #vu8(1 2 3 4 5) -- 2.26.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 23 11:56:13 2020 Received: (at 42020) by debbugs.gnu.org; 23 Jun 2020 15:56:13 +0000 Received: from localhost ([127.0.0.1]:37003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHL-0007KV-Gz for submit@debbugs.gnu.org; Tue, 23 Jun 2020 11:56:13 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42764) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHF-0007JV-6D for 42020@debbugs.gnu.org; Tue, 23 Jun 2020 11:56:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35821) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnlH9-0000NQ-Sv; Tue, 23 Jun 2020 11:55:55 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57536 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jnlH7-0006sV-Of; Tue, 23 Jun 2020 11:55:55 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 42020@debbugs.gnu.org Subject: [PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers. Date: Tue, 23 Jun 2020 17:55:45 +0200 Message-Id: <20200623155547.15886-2-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200623155547.15886-1-ludo@gnu.org> References: <20200623155547.15886-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: 42020 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) * nix/libutil/hash.cc (struct Ctx): Copy from gcrypt-hash.hh. (start, update, finish): Use gcrypt functions directly instead of OpenSSL-like wrappers. * nix/libutil/gcrypt-hash.cc, nix/libutil/gcrypt-hash.hh, nix/libutil/md5.h, nix/libutil/sha1.h, nix/libutil/sha256.h, nix/libutil/sha512.h: Remove. * nix/local.mk (libutil_a_SOURCES, libutil_headers): Adjust accordingly. --- nix/libutil/gcrypt-hash.cc | 51 ------------------------------------ nix/libutil/gcrypt-hash.hh | 50 ----------------------------------- nix/libutil/hash.cc | 53 +++++++++++++++++--------------------- nix/libutil/md5.h | 35 ------------------------- nix/libutil/sha1.h | 35 ------------------------- nix/libutil/sha256.h | 35 ------------------------- nix/libutil/sha512.h | 35 ------------------------- nix/local.mk | 12 +++------ 8 files changed, 27 insertions(+), 279 deletions(-) delete mode 100644 nix/libutil/gcrypt-hash.cc delete mode 100644 nix/libutil/gcrypt-hash.hh delete mode 100644 nix/libutil/md5.h delete mode 100644 nix/libutil/sha1.h delete mode 100644 nix/libutil/sha256.h delete mode 100644 nix/libutil/sha512.h diff --git a/nix/libutil/gcrypt-hash.cc b/nix/libutil/gcrypt-hash.cc deleted file mode 100644 index c4ae7bfcc2..0000000000 --- a/nix/libutil/gcrypt-hash.cc +++ /dev/null @@ -1,51 +0,0 @@ -/* GNU Guix --- Functional package management for GNU - Copyright (C) 2012, 2013 Ludovic Courtès - - This file is part of GNU Guix. - - GNU Guix is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or (at - your option) any later version. - - GNU Guix is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNU Guix. If not, see . */ - -#include - -#include -#include - -extern "C" { - -void -guix_hash_init (struct guix_hash_context *ctx, int algo) -{ - gcry_error_t err; - - err = gcry_md_open (&ctx->md_handle, algo, 0); - assert (err == GPG_ERR_NO_ERROR); -} - -void -guix_hash_update (struct guix_hash_context *ctx, const void *buffer, size_t len) -{ - gcry_md_write (ctx->md_handle, buffer, len); -} - -void -guix_hash_final (void *resbuf, struct guix_hash_context *ctx, - int algo) -{ - memcpy (resbuf, gcry_md_read (ctx->md_handle, algo), - gcry_md_get_algo_dlen (algo)); - gcry_md_close (ctx->md_handle); - ctx->md_handle = NULL; -} - -} diff --git a/nix/libutil/gcrypt-hash.hh b/nix/libutil/gcrypt-hash.hh deleted file mode 100644 index 11f061159f..0000000000 --- a/nix/libutil/gcrypt-hash.hh +++ /dev/null @@ -1,50 +0,0 @@ -/* GNU Guix --- Functional package management for GNU - Copyright (C) 2012, 2013 Ludovic Courtès - - This file is part of GNU Guix. - - GNU Guix is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or (at - your option) any later version. - - GNU Guix is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNU Guix. If not, see . */ - -/* An OpenSSL-like interface to GNU libgcrypt cryptographic hash - functions. */ - -#pragma once -#include -#include - -struct guix_hash_context -{ - /* This copy constructor is needed in 'HashSink::currentHash()' where we - expect the copy of a 'Ctx' object to yield a truly different context. */ - guix_hash_context (guix_hash_context &ref) - { - if (ref.md_handle == NULL) - md_handle = NULL; - else - gcry_md_copy (&md_handle, ref.md_handle); - } - - /* Make sure 'md_handle' is always initialized. */ - guix_hash_context (): md_handle (NULL) { }; - - gcry_md_hd_t md_handle; -}; - -extern "C" { -extern void guix_hash_init (struct guix_hash_context *ctx, int algo); -extern void guix_hash_update (struct guix_hash_context *ctx, const void *buffer, - size_t len); -extern void guix_hash_final (void *resbuf, struct guix_hash_context *ctx, - int algo); -} diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc index 251f18f60e..20d2e4b724 100644 --- a/nix/libutil/hash.cc +++ b/nix/libutil/hash.cc @@ -3,18 +3,6 @@ #include #include -#ifdef HAVE_OPENSSL -#include -#include -#else -extern "C" { -#include "md5.h" -#include "sha1.h" -#include "sha256.h" -#include "sha512.h" -} -#endif - #include "hash.hh" #include "archive.hh" #include "util.hh" @@ -193,41 +181,48 @@ bool isHash(const string & s) return true; } - +/* The "hash context". */ struct Ctx { - MD5_CTX md5; - SHA_CTX sha1; - SHA256_CTX sha256; - SHA512_CTX sha512; + /* This copy constructor is needed in 'HashSink::currentHash()' where we + expect the copy of a 'Ctx' object to yield a truly different context. */ + Ctx(Ctx &ref) + { + if (ref.md_handle == NULL) + md_handle = NULL; + else + gcry_md_copy (&md_handle, ref.md_handle); + } + + /* Make sure 'md_handle' is always initialized. */ + Ctx(): md_handle (NULL) { }; + + gcry_md_hd_t md_handle; }; static void start(HashType ht, Ctx & ctx) { - if (ht == htMD5) MD5_Init(&ctx.md5); - else if (ht == htSHA1) SHA1_Init(&ctx.sha1); - else if (ht == htSHA256) SHA256_Init(&ctx.sha256); - else if (ht == htSHA512) SHA512_Init(&ctx.sha512); + gcry_error_t err; + + err = gcry_md_open (&ctx.md_handle, ht, 0); + assert (err == GPG_ERR_NO_ERROR); } static void update(HashType ht, Ctx & ctx, const unsigned char * bytes, unsigned int len) { - if (ht == htMD5) MD5_Update(&ctx.md5, bytes, len); - else if (ht == htSHA1) SHA1_Update(&ctx.sha1, bytes, len); - else if (ht == htSHA256) SHA256_Update(&ctx.sha256, bytes, len); - else if (ht == htSHA512) SHA512_Update(&ctx.sha512, bytes, len); + gcry_md_write (ctx.md_handle, bytes, len); } static void finish(HashType ht, Ctx & ctx, unsigned char * hash) { - if (ht == htMD5) MD5_Final(hash, &ctx.md5); - else if (ht == htSHA1) SHA1_Final(hash, &ctx.sha1); - else if (ht == htSHA256) SHA256_Final(hash, &ctx.sha256); - else if (ht == htSHA512) SHA512_Final(hash, &ctx.sha512); + memcpy (hash, gcry_md_read (ctx.md_handle, ht), + gcry_md_get_algo_dlen (ht)); + gcry_md_close (ctx.md_handle); + ctx.md_handle = NULL; } diff --git a/nix/libutil/md5.h b/nix/libutil/md5.h deleted file mode 100644 index 4583a458b3..0000000000 --- a/nix/libutil/md5.h +++ /dev/null @@ -1,35 +0,0 @@ -/* GNU Guix --- Functional package management for GNU - Copyright (C) 2012 Ludovic Courtès - - This file is part of GNU Guix. - - GNU Guix is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or (at - your option) any later version. - - GNU Guix is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNU Guix. If not, see . */ - -#include - -#define MD5_CTX guix_hash_context - -static inline void -MD5_Init (struct MD5_CTX *ctx) -{ - guix_hash_init (ctx, GCRY_MD_MD5); -} - -#define MD5_Update guix_hash_update - -static inline void -MD5_Final (void *resbuf, struct MD5_CTX *ctx) -{ - guix_hash_final (resbuf, ctx, GCRY_MD_MD5); -} diff --git a/nix/libutil/sha1.h b/nix/libutil/sha1.h deleted file mode 100644 index d2d071e058..0000000000 --- a/nix/libutil/sha1.h +++ /dev/null @@ -1,35 +0,0 @@ -/* GNU Guix --- Functional package management for GNU - Copyright (C) 2012 Ludovic Courtès - - This file is part of GNU Guix. - - GNU Guix is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or (at - your option) any later version. - - GNU Guix is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNU Guix. If not, see . */ - -#include - -#define SHA_CTX guix_hash_context - -static inline void -SHA1_Init (struct SHA_CTX *ctx) -{ - guix_hash_init (ctx, GCRY_MD_SHA1); -} - -#define SHA1_Update guix_hash_update - -static inline void -SHA1_Final (void *resbuf, struct SHA_CTX *ctx) -{ - guix_hash_final (resbuf, ctx, GCRY_MD_SHA1); -} diff --git a/nix/libutil/sha256.h b/nix/libutil/sha256.h deleted file mode 100644 index ca95d7fea8..0000000000 --- a/nix/libutil/sha256.h +++ /dev/null @@ -1,35 +0,0 @@ -/* GNU Guix --- Functional package management for GNU - Copyright (C) 2012 Ludovic Courtès - - This file is part of GNU Guix. - - GNU Guix is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or (at - your option) any later version. - - GNU Guix is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNU Guix. If not, see . */ - -#include - -#define SHA256_CTX guix_hash_context - -static inline void -SHA256_Init (struct SHA256_CTX *ctx) -{ - guix_hash_init (ctx, GCRY_MD_SHA256); -} - -#define SHA256_Update guix_hash_update - -static inline void -SHA256_Final (void *resbuf, struct SHA256_CTX *ctx) -{ - guix_hash_final (resbuf, ctx, GCRY_MD_SHA256); -} diff --git a/nix/libutil/sha512.h b/nix/libutil/sha512.h deleted file mode 100644 index d2abab4c5f..0000000000 --- a/nix/libutil/sha512.h +++ /dev/null @@ -1,35 +0,0 @@ -/* GNU Guix --- Functional package management for GNU - Copyright (C) 2012, 2015 Ludovic Courtès - - This file is part of GNU Guix. - - GNU Guix is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or (at - your option) any later version. - - GNU Guix is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNU Guix. If not, see . */ - -#include - -#define SHA512_CTX guix_hash_context - -static inline void -SHA512_Init (struct SHA512_CTX *ctx) -{ - guix_hash_init (ctx, GCRY_MD_SHA512); -} - -#define SHA512_Update guix_hash_update - -static inline void -SHA512_Final (void *resbuf, struct SHA512_CTX *ctx) -{ - guix_hash_final (resbuf, ctx, GCRY_MD_SHA512); -} diff --git a/nix/local.mk b/nix/local.mk index c136fb7202..005cde5563 100644 --- a/nix/local.mk +++ b/nix/local.mk @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019 Ludovic Courtès +# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020 Ludovic Courtès # Copyright © 2016 Mathieu Lirzin # Copyright © 2020 Tobias Geerinckx-Rice # @@ -56,8 +56,7 @@ libutil_a_SOURCES = \ %D%/libutil/affinity.cc \ %D%/libutil/serialise.cc \ %D%/libutil/util.cc \ - %D%/libutil/hash.cc \ - %D%/libutil/gcrypt-hash.cc + %D%/libutil/hash.cc libutil_headers = \ %D%/libutil/affinity.hh \ @@ -65,12 +64,7 @@ libutil_headers = \ %D%/libutil/serialise.hh \ %D%/libutil/util.hh \ %D%/libutil/archive.hh \ - %D%/libutil/types.hh \ - %D%/libutil/gcrypt-hash.hh \ - %D%/libutil/md5.h \ - %D%/libutil/sha1.h \ - %D%/libutil/sha256.h \ - %D%/libutil/sha512.h + %D%/libutil/types.hh libutil_a_CPPFLAGS = \ -I$(top_builddir)/nix \ -- 2.26.2 From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 23 11:56:13 2020 Received: (at 42020) by debbugs.gnu.org; 23 Jun 2020 15:56:13 +0000 Received: from localhost ([127.0.0.1]:37005 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHR-0007Ko-6c for submit@debbugs.gnu.org; Tue, 23 Jun 2020 11:56:13 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42784) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnlHI-0007Ja-4k for 42020@debbugs.gnu.org; Tue, 23 Jun 2020 11:56:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35823) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnlHC-0000OO-RS; Tue, 23 Jun 2020 11:55:58 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57536 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jnlHB-0006sV-E3; Tue, 23 Jun 2020 11:55:58 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 42020@debbugs.gnu.org Subject: [PATCH 4/4] packages: Recognize SHA3 and BLAKE2s for 'content-hash'. Date: Tue, 23 Jun 2020 17:55:47 +0200 Message-Id: <20200623155547.15886-4-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200623155547.15886-1-ludo@gnu.org> References: <20200623155547.15886-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42020 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/packages.scm (build-content-hash): Add 'sha3-256', 'sha3-512', and 'blake2s-256'. * tests/packages.scm ("package-source-derivation, origin, sha3-512"): New test. --- guix/packages.scm | 5 ++++- tests/packages.scm | 26 ++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/guix/packages.scm b/guix/packages.scm index 1e0ec41b76..68ef718872 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -191,7 +191,10 @@ its first argument has the right size for the chosen algorithm." (define-content-hash-constructor build-content-hash (sha256 32) - (sha512 64)) + (sha512 64) + (sha3-256 32) + (sha3-512 64) + (blake2s-256 64)) (define-syntax content-hash (lambda (s) diff --git a/tests/packages.scm b/tests/packages.scm index c7b6f669b5..26377b269b 100644 --- a/tests/packages.scm +++ b/tests/packages.scm @@ -524,6 +524,32 @@ (build-derivations %store (list drv)) (call-with-input-file output get-string-all))) +(test-equal "package-source-derivation, origin, sha3-512" + "hello, sha3" + (let* ((bash (search-bootstrap-binary "bash" (%current-system))) + (builder (add-text-to-store %store "my-fixed-builder.sh" + "echo -n hello, sha3 > $out" '())) + (method (lambda* (url hash-algo hash #:optional name + #:rest rest) + (and (eq? hash-algo 'sha3-512) + (raw-derivation name bash (list builder) + #:sources (list builder) + #:hash hash + #:hash-algo hash-algo)))) + (source (origin + (method method) + (uri "unused://") + (file-name "origin-sha3") + (hash (content-hash + (gcrypt:bytevector-hash (string->utf8 "hello, sha3") + (gcrypt:lookup-hash-algorithm + 'sha3-512)) + sha3-512)))) + (drv (package-source-derivation %store source)) + (output (derivation->output-path drv))) + (build-derivations %store (list drv)) + (call-with-input-file output get-string-all))) + (unless (network-reachable?) (test-skip 1)) (test-equal "package-source-derivation, snippet" "OK" -- 2.26.2 From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 27 17:44:38 2020 Received: (at 42020-done) by debbugs.gnu.org; 27 Jun 2020 21:44:38 +0000 Received: from localhost ([127.0.0.1]:44748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpIco-0008QA-1m for submit@debbugs.gnu.org; Sat, 27 Jun 2020 17:44:38 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39378) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpIcl-0008Pw-Ls for 42020-done@debbugs.gnu.org; Sat, 27 Jun 2020 17:44:36 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33768) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jpIcf-0003SJ-Ul for 42020-done@debbugs.gnu.org; Sat, 27 Jun 2020 17:44:30 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39162 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jpIcb-0000a6-EU for 42020-done@debbugs.gnu.org; Sat, 27 Jun 2020 17:44:28 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 42020-done@debbugs.gnu.org Subject: Re: [bug#42020] [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s References: <20200623153633.15346-1-ludo@gnu.org> Date: Sat, 27 Jun 2020 23:44:24 +0200 In-Reply-To: <20200623153633.15346-1-ludo@gnu.org> ("Ludovic \=\?utf-8\?Q\?Cou\?\= \=\?utf-8\?Q\?rt\=C3\=A8s\=22's\?\= message of "Tue, 23 Jun 2020 17:36:33 +0200") Message-ID: <87k0zsji9z.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42020-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: > This patch series adds daemon support for a few more cryptographic > hash functions, for use by fixed-output derivations (origins) and > the likes. We should wait for a year or so before using those > algorithms in package definitions so we can assume that the new > daemon is widespread. Pushed! 0505eda9c7 packages: Recognize SHA3 and BLAKE2s for 'content-hash'. 8e6c1415d8 daemon: Recognize SHA3 and BLAKE2s. 8dc6c38785 daemon: Remove OpenSSL hash compatibility wrappers. 3fb6b8f304 daemon: Map directly to gcrypt hash functions. Ludo=E2=80=99. From unknown Fri Jun 20 07:20:46 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 26 Jul 2020 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator