Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.forth > #17811 > unrolled thread
| Started by | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| First post | 2012-12-02 23:48 +0200 |
| Last post | 2012-12-08 22:08 +0200 |
| Articles | 20 on this page of 31 — 5 participants |
Back to article view | Back to comp.lang.forth
SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-02 23:48 +0200
Re: SHA-512 jzakiya@gmail.com - 2012-12-07 14:47 -0800
Re: SHA-512 Coos Haak <chforth@hccnet.nl> - 2012-12-08 00:49 +0100
Re: SHA-512 jzakiya@gmail.com - 2012-12-07 16:54 -0800
Re: SHA-512 Coos Haak <chforth@hccnet.nl> - 2012-12-08 18:21 +0100
Re: SHA-512 jzakiya@gmail.com - 2012-12-08 18:36 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-09 09:14 +0200
Re: SHA-512 jzakiya@gmail.com - 2012-12-09 17:23 -0800
Re: SHA-512 jzakiya@gmail.com - 2012-12-09 17:29 -0800
Re: SHA-512 jzakiya@gmail.com - 2012-12-09 20:46 -0800
Re: SHA-512 m.a.m.hendrix@tue.nl - 2012-12-10 03:53 -0800
Re: SHA-512 jzakiya@gmail.com - 2012-12-10 13:05 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-10 23:17 +0200
Re: SHA-512 jzakiya@gmail.com - 2012-12-13 06:30 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-13 21:33 +0200
Re: SHA-512 jzakiya@gmail.com - 2012-12-13 19:38 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-14 22:52 +0200
Re: SHA-512 jzakiya@gmail.com - 2012-12-14 16:39 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-15 19:11 +0200
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-16 16:00 +0200
Re: SHA-512 jzakiya@gmail.com - 2012-12-16 17:33 -0800
Re: SHA-512 jzakiya@gmail.com - 2012-12-16 22:35 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-17 10:14 +0200
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-17 10:51 +0200
Re: SHA-512 jzakiya@gmail.com - 2012-12-17 09:13 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-17 22:24 +0200
Re: SHA-512 jzakiya@gmail.com - 2013-01-15 20:38 -0800
Re: SHA-512 jzakiya@gmail.com - 2013-01-15 20:54 -0800
Re: SHA-512 Howerd <howerdo@yahoo.co.uk> - 2012-12-13 13:06 -0800
Re: SHA-512 Howerd <howerdo@yahoo.co.uk> - 2012-12-13 13:03 -0800
Re: SHA-512 mhx@iae.nl (Marcel Hendrix) - 2012-12-08 22:08 +0200
Page 1 of 2 [1] 2 Next page →
| From | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| Date | 2012-12-02 23:48 +0200 |
| Subject | SHA-512 |
| Message-ID | <78871201918435@frunobulax.edu> |
I tried my hand at SHA-512, using iForth64.
ATM the results are wrong, but I guess the detailed test data
at http://csrc.nist.gov/groups/ST/toolkit/examples.html
will eventually let me fix that. I am reasonably sure that
the number of instructions is correct.
Using an i7 2.66 GHz CPU, the time to convert a 40 MB string
is 221 ms, or 68MB/s/GHz.
No macro's are used, this is 100% high-level. Source available
on request (remember: you need a 64bit Forth).
FORTH> in sha512
Creating --- SHA-512 64-bit Version 0.00 ---
Try: S" abc" SHA512_Data TYPE
SHAspeed -- test speed with a 40 MB buffer (>181 MB/sec).
ok
FORTH> S" abc" SHA512_Data .SHA512
66F8388B 39DA945C 7815A022 16740C7F 48EAF39A 508EE81D
353D0C20 19904711 9416DAA7 0D9C76FA 81EA7D11 42005067
8981B29D 107A5D90 E86D04F8 E90144A8 ok
FORTH> SHAspeed
Processing 40 Mbytes ... 0.221 seconds elapsed. ok
-marcel
[toc] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-07 14:47 -0800 |
| Message-ID | <997566ed-42e5-4677-9ab5-6e7bc9daa911@googlegroups.com> |
| In reply to | #17811 |
Marcel,
Based on the thread on SHA-256 and this one for SHA-512, I went back and looked at my code and found a deficiency. The old code won't process messages/files greater than 2^32 bits, and the NIST SHA-256 specification stipulates messages < 2^64 and SHA-256 < 2^128 bits.
I've corrected the SHA-256 code, and written a SHA-512 version for 64-bit cpus/OSs. Since I don't have a 64-bit forth I haven't run it but I'm pretty sure it works, as the architecture is the same as SHA-256, with just different sized constants and shifts/rotates.
The SHA-512 file is: SHA-512VFX.F (for 64-bit cpu forths)
The SHA-256 fiie is: SHA-256VFXC.F (for 32-bit cpu forths)
You can download both from here:
http://www.4shared.com/folder/4o-httdZ/Forth.html
Below is the code too:
Jabari Zakiya
--------------------------------------------------------------------------
\ VFX Forth code for Secure Hash Algorithm 512 (SHA-512)
\ NIST spec at: http://csrc.nist.gov/encryption/tkhash.html
\ For Little/Big Endian byte addressable CPUs, e.g. Intel/Power PC
\ DEPENDENCIES: CORE EXT WORDSET ; COMMON USAGE 3DROP ?DO CELL-
\ Use of this code is free subject to acknowledgment of copyright.
\ Copyright (c) 2012 Jabari Zakiya -- jzakiya@mail.com 12/07/2012
\ ======================= MACRO Wordset =======================
\ MACRO wordset from Wil Baden's Tool Belt series in
\ Forth Dimensions (FD) Vol. 19, No. 2, July/August 1997
\ Original code has been modified to make more efficient
\ MACRO allows insertion of parameters following the macro
\ "\" represents place where parameter is inserted
\ Example: MACRO ?? " IF \ THEN "
\ : FOO .. ?? EXIT .... ; ?? compiles to -- IF EXIT THEN
\ PLACE and STRING for system if needed
\ Not needed for SwiftForth v 2.00.3, needed for Win32Forth V 4.10
\ : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ;
: SSTRING ( char "ccc" -) WORD COUNT HERE OVER 1+ CHARS ALLOT PLACE ;
\ Versions of /STRING and ANEW if system doesn't have them
\ : /STRING ( a n k - a+k n-k) ( OVER MIN) TUCK - >R CHARS + R> ;
\ : ANEW >IN @ BL WORD FIND IF EXECUTE ELSE DROP THEN >IN ! MARKER ;
: split-at-char ( a n char - a k a+k n-k)
>R 2DUP BEGIN DUP WHILE OVER C@ R@ -
WHILE 1 /STRING REPEAT THEN
R> DROP TUCK 2>R - 2R>
;
: DOES>MACRO \ Compile the macro, including external parameters
DOES> COUNT BEGIN [CHAR] \ split-at-char 2>R EVALUATE R@
WHILE BL WORD COUNT EVALUATE 2R> 1 /STRING REPEAT
R> DROP R> DROP
;
\ Macro creation word which allows parameter insertion
: MACRO CREATE IMMEDIATE CHAR SSTRING DOES>MACRO ;
\ ==================== Start SHA-256 Code ====================
DECIMAL
64 CONSTANT CELLSIZE \ CPU bitsize
2VARIABLE SHAlen \ Holds byte length of string < 2^128 bits|2^125 bytes
CREATE SHAval 8 CELLS ALLOT \ Holds hash after each block
CREATE SHAsh 88 CELLS ALLOT \ Fully extended hash array
CREATE W 16 CELLS ALLOT \ Holds message block
1 W ! \ For compile time endian testing
HEX
\ SHA-512 round constants
428a2f98d728ae22 CONSTANT K0 7137449123ef65cd CONSTANT K1
b5c0fbcfec4d3b2f CONSTANT K2 e9b5dba58189dbbc CONSTANT K3
3956c25bf348b538 CONSTANT K4 59f111f1b605d019 CONSTANT K5
923f82a4af194f9b CONSTANT K6 ab1c5ed5da6d8118 CONSTANT K7
d807aa98a3030242 CONSTANT K8 12835b0145706fbe CONSTANT K9
243185be4ee4b28c CONSTANT K10 550c7dc3d5ffb4e2 CONSTANT K11
72be5d74f27b896f CONSTANT K12 80deb1fe3b1696b1 CONSTANT K13
9bdc06a725c71235 CONSTANT K14 c19bf174cf692694 CONSTANT K15
e49b69c19ef14ad2 CONSTANT K16 efbe4786384f25e3 CONSTANT K17
0fc19dc68b8cd5b5 CONSTANT K18 240ca1cc77ac9c65 CONSTANT K19
2de92c6f592b0275 CONSTANT K20 4a7484aa6ea6e483 CONSTANT K21
5cb0a9dcbd41fbd4 CONSTANT K22 76f988da831153b5 CONSTANT K23
983e5152ee66dfab CONSTANT K24 a831c66d2db43210 CONSTANT K25
b00327c898fb213f CONSTANT K26 bf597fc7beef0ee4 CONSTANT K27
c6e00bf33da88fc2 CONSTANT K28 d5a79147930aa725 CONSTANT K29
06ca6351e003826f CONSTANT K30 142929670a0e6e70 CONSTANT K31
27b70a8546d22ffc CONSTANT K32 2e1b21385c26c926 CONSTANT K33
4d2c6dfc5ac42aed CONSTANT K34 53380d139d95b3df CONSTANT K35
650a73548baf63de CONSTANT K36 766a0abb3c77b2a8 CONSTANT K37
81c2c92e47edaee6 CONSTANT K38 92722c851482353b CONSTANT K39
a2bfe8a14cf10364 CONSTANT K40 a81a664bbc423001 CONSTANT K41
c24b8b70d0f89791 CONSTANT K42 c76c51a30654be30 CONSTANT K43
d192e819d6ef5218 CONSTANT K44 d69906245565a910 CONSTANT K45
f40e35855771202a CONSTANT K46 106aa07032bbd1b8 CONSTANT K47
19a4c116b8d2d0c8 CONSTANT K48 1e376c085141ab53 CONSTANT K49
2748774cdf8eeb99 CONSTANT K50 34b0bcb5e19b48a8 CONSTANT K51
391c0cb3c5c95a63 CONSTANT K52 4ed8aa4ae3418acb CONSTANT K53
5b9cca4f7763e373 CONSTANT K54 682e6ff3d6b2b8a3 CONSTANT K55
748f82ee5defb2fc CONSTANT K56 78a5636f43172f60 CONSTANT K57
84c87814a1f0ab72 CONSTANT K58 8cc702081a6438ec CONSTANT K59
90befffa23631e28 CONSTANT K60 a4506cebde82bde9 CONSTANT K61
bef9a3f7b2c67915 CONSTANT K62 c67178f2e372532b CONSTANT K63
ca273eceea26619c CONSTANT K64 d186b8c721c0c207 CONSTANT K65
eada7dd6cde0eb1e CONSTANT K66 f57d4f7fee6ed178 CONSTANT K67
06f067aa72176fba CONSTANT K68 0a637dc5a2c898a6 CONSTANT K69
113f9804bef90dae CONSTANT K70 1b710b35131c471b CONSTANT K71
28db77f523047d84 CONSTANT K72 32caab7b40c72493 CONSTANT K73
3c9ebe0a15c9bebc CONSTANT K74 431d67c49c100d4c CONSTANT K75
4cc5d4becb3e42b6 CONSTANT K76 597f299cfc657e2a CONSTANT K77
5fcb6fab3ad6faec CONSTANT K78 6c44198c4a475817 CONSTANT K79
DECIMAL
: ]L S" ] LITERAL " EVALUATE ; IMMEDIATE
0 VALUE H[H] \ Pointer to addr of hash value H for each round
: H[G] S" H[H] [ 1 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return G adr
: H[F] S" H[H] [ 2 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return F adr
: H[E] S" H[H] [ 3 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return E adr
: H[D] S" H[H] [ 4 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return D adr
: H[C] S" H[H] [ 5 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return C adr
: H[A] S" H[H] [ 7 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return A adr
\ MACRO ror\ " DUP [ CELLSIZE \ TUCK - ]L LSHIFT SWAP LITERAL RSHIFT OR "
: SHAinit ( -) \ Load initial hash values H0 - H7
[ HEX ] 6a09e667f3bcc908 ( H0) bb67ae8584caa73b ( H1)
3c6ef372fe94f82b ( H2) a54ff53a5f1d36f1 ( H3)
510e527fade682d1 ( H4) 9b05688c2b3e6c1f ( H5)
1f83d9abfb41bd6b ( H6) 5be0cd19137e2179 ( H7)
[ DECIMAL ]
SHAsh 7 0 DO TUCK ! CELL+ LOOP ! \ Put initial hash in SHAsh array
SHAsh SHAval 8 CELLS CMOVE \ Put copy in SHAval array
SHAsh TO H[H] \ Init pointer to last hash value
;
: UpDateHash ( -) \ Update hash values and load arrays with new values
SHAsh SHAval H[H] \ Place array addresses on stack
8 0 DO DUP >R @ SWAP DUP >R @ + DUP \ Compute updated hash subvalue
R@ ! OVER ! CELL+ R> CELL+ R> CELL+ \ Store updated hash subvalue
LOOP 3DROP \ Clear stack when done
SHAsh TO H[H] \ Init pointer to last subvalue
;
\ ( - n ) n = (E AND F) XOR (~E AND G)
: Ch S" H[F] 2@ OVER AND SWAP INVERT H[G] @ AND XOR" EVALUATE ; IMMEDIATE
\ ( - n ) n = (A AND B) XOR (A AND C) XOR (B AND C)
: Maj S" H[C] DUP >R CELL+ 2@ OVER AND SWAP R@ @ AND XOR R> 2@ AND XOR" EVALUATE ; IMMEDIATE
\ ( - n ) T1x = Ch(e,f,g) + Sig1(e) + h
: T1x Ch H[E] @ DUP >R 14 ror R@ 18 ror XOR R> 41 ror XOR + H[H] @ + ;
\ ( - n ) T2 = Maj(a,b,c) + Sig0(a)
: T2 Maj H[A] @ DUP >R 28 ror R@ 34 ror XOR R> 39 ror XOR + ;
\ ( x - n ) n = ROR1(X) XOR ROR8(X) XOR SHR7(X)
: sig0 ( x - n ) DUP DUP 1 ROR SWAP 8 ROR XOR SWAP 7 RSHIFT XOR ;
\ ( x - n ) n = ROR19(X) XOR ROR61(X) XOR SHR6(X)
: sig1 ( x - n ) DUP DUP 19 ROR SWAP 61 ROR XOR SWAP 6 RSHIFT XOR ;
\ Put two copies of original Wi on stack, keep its address
: Wi@ ( [Wi] - wi [Wi] wi) S" DUP @ TUCK" EVALUATE ; IMMEDIATE
\ Create 2 copies of new Wi' from Wi on stack ( ..Wi -..Wi' Wi')
: Wi S" 15 PICK 15 PICK sig0 + 7 PICK + 2 PICK sig1 + DUP " EVALUATE ; IMMEDIATE
\ Drop 80 Wi cells from stack ( W0..W79 - )
: WiDROP S" 5 0 DO 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP LOOP" EVALUATE ; IMMEDIATE
: subrnd DUP H[D] +! T2 + H[G] TO H[H] H[A] ! ;
MACRO rndi\ " Wi@ T1x + \ + subrnd CELL+"
MACRO rndn\ " Wi T1x + \ + subrnd "
: SHA256 ( Wadr - )
rndi\ K0 rndi\ K1 rndi\ K2 rndi\ K3 \ Wi = Mi for 1st 16 rounds
rndi\ K4 rndi\ K5 rndi\ K6 rndi\ K7
rndi\ K8 rndi\ K9 rndi\ K10 rndi\ K11
rndi\ K12 rndi\ K13 rndi\ K14 rndi\ K15 DROP ( W0..W15 )
rndn\ K16 rndn\ K17 rndn\ K18 rndn\ K19 \ Wj now function of Wi
rndn\ K20 rndn\ K21 rndn\ K22 rndn\ K23
rndn\ K24 rndn\ K25 rndn\ K26 rndn\ K27
rndn\ K28 rndn\ K29 rndn\ K30 rndn\ K31
rndn\ K32 rndn\ K33 rndn\ K34 rndn\ K35
rndn\ K36 rndn\ K37 rndn\ K38 rndn\ K39
rndn\ K40 rndn\ K41 rndn\ K42 rndn\ K43
rndn\ K44 rndn\ K45 rndn\ K46 rndn\ K47
rndn\ K48 rndn\ K49 rndn\ K50 rndn\ K51
rndn\ K52 rndn\ K53 rndn\ K54 rndn\ K55
rndn\ K56 rndn\ K57 rndn\ K58 rndn\ K59
rndn\ K60 rndn\ K61 rndn\ K62 rndn\ K63
rndn\ K64 rndn\ K65 rndn\ K66 rndn\ K67
rndn\ K68 rndn\ K69 rndn\ K70 rndn\ K71
rndn\ K72 rndn\ K73 rndn\ K74 rndn\ K75
rndn\ K76 rndn\ K77 rndn\ K78 rndn\ K79 WiDROP ( - )
UpDateHash
;
: setlen ( -- ) \ Store bit count into last two cells
SHAlen 2@ D2* D2* D2* ( bytes->bits) [ W 112 CHARS + ]L ! [ W 120 CHARS + ]L !
;
: bytes>< ( m -- w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
[ HEX ] DUP >R 38 LSHIFT R@ FF00 AND 28 LSHIFT OR
R@ FF0000 AND 18 LSHIFT OR R@ FF000000 AND 8 LSHIFT OR
R@ 20 RSHIFT FF AND OR R@ 18 RSHIFT FF00 AND OR R@ 10 RSHIFT FF0000 AND OR
R> 8 RSHIFT FF000000 AND OR [ DECIMAL ]
;
: cellsreverse ( adr n -- ) \ Reverse bytes of n cells in array
0 DO DUP @ bytes>< OVER ! CELL+ LOOP DROP
;
W C@ [IF] \ if little ENDIAN, e.g. Intel/AMD
: endian16 ( adr -- adr ) S" DUP 16 cellsreverse " EVALUATE ; IMMEDIATE
: endian14 ( adr -- adr ) S" DUP 14 cellsreverse " EVALUATE ; IMMEDIATE
[ELSE] \ if big ENDIAN, e.g. Macs
: endian16 ( adr -- adr ) S" " EVALUATE ; IMMEDIATE \ Do nothing
: endian14 ( adr -- adr ) S" " EVALUATE ; IMMEDIATE \ Do nothing
[THEN]
\ Do all 128 byte blocks leaving remainder block
: hashfullblocks ( adr1 dcount -- adr2 count ) \ dcount is double number: lo hi
SWAP DUP >R 7 RSHIFT ( adr1 hi lo* ) \ Store lo on return, do lo*=lo/128
OVER [ CELLSIZE 7 - ]L LSHIFT OR >R ( adr1 hi ) \ Return is now: :R lo lo'
( hi) 7 RSHIFT 0 ?DO ( adr1 ) \ Do if hi'= hi/128 > 0
0 0 DO DUP endian16 SHA512 128 + LOOP ( lo' adr' ) \ Hash for 2^cellsize full blocks
LOOP ( adr' ) \ Hash for hi'*2^cellsize full blocks
R> 0 ?DO DUP endian16 SHA512 128 + LOOP ( adr' ) \ Hash block for lo count full 128 byte blocks
R> ( lo) 127 AND ( adr2 cnt2 ) \ Leave address and count for partial block
;
: hashfinal ( addr count -- ) \ Hash partial and/or last block
DUP >R W SWAP CMOVE \ Move bytes into block W array
W R@ + 128 OVER C! ( adr ) \ Put 80h after last message byte
CHAR+ 111 R@ - ( adr # ) \ Compute tentative 0 byte FILL count
R> 111 > ( adr # ? ) \ Is partial block byte count > 111 ?
IF 16 + 0 FILL ( -- ) \ If yes, FILL rest of block w/zeroes
W endian16 SHA512 ( -- ) \ Endian adjust block if required, then hash
W 112 ( adr 112 ) \ Now setup last block containing bit count
THEN ( adr # )
0 FILL setlen W endian14 SHA512 \ Zero FILL last block, set message bit count
; ( -- ) \ Endian adjust, except bit count, then hash
\ Compute SHA512 from a counted buffer of text
: SHAbuffer ( addr dcount -- )
SHAinit 2DUP SHAlen 2 ! hashfullblocks hashfinal
;
\ =============== Hash string display wordset ===============
DECIMAL
\ Array of digits 0123456789abcdef
: digit$ ( -- adr ) S" 0123456789abcdef" DROP ;
: intdigits ( -- ) 0 PAD ! ;
: savedigit ( n -- ) PAD C@ 1+ DUP PAD C! PAD + C! ;
: bytedigits ( n1 -- )
DUP 4 RSHIFT digit$ + C@ savedigit 15 AND digit$ + C@ savedigit
;
W C@ [IF] \ little ENDIAN
: celldigits ( a1 -- ) DUP 7 + DO I C@ bytedigits -1 +LOOP ;
[ELSE] \ big ENDIAN
: celldigits ( a1 -- ) DUP 8 + SWAP DO I C@ bytedigits LOOP ;
[THEN]
: SHAstring ( -- adr count ) \ Return counted SHA-512 string array
intdigits [ SHAval 7 CELLS + ]L
8 0 DO DUP celldigits CELL- LOOP DROP PAD COUNT
;
\ Display SHA-512 hash value in hex ( A B C D E F G H )
: HASH. CR SHAstring TYPE SPACE ;
: QuoteString ( adr cnt --) [CHAR] " EMIT TYPE [CHAR] " EMIT ;
\ ==================== File hash wordset ====================
VARIABLE rfileid \ Holds fileid number of input file
: InputFileName ( -- ior)
CR CR ." Filename: " PAD DUP 80 ACCEPT ( adr #)
R/O OPEN-FILE SWAP rfileid ! ( ior)
;
: TryAgain? ( -- ?)
CR CR ." Invalid iput file, try again? (Y/N)"
KEY DUP EMIT DUP [CHAR] N = SWAP [CHAR] n = OR
;
\ Read n bytes from input file, store at addr array
: bytes@ ( adr n - ) rfileid @ READ-FILE 2DROP ;
: storelen ( lo hi - ) \ Store bit count into last two cells
D2* D2* D2* ( bytes->bits) [ W 112 CHARS + ]L ! [ W 120 CHARS + ]L !
;
: getpartial ( cnt -- W' cnt2 ?)
W 2DUP SWAP DUP >R bytes@ ( cnt1 adr1 )
+ 128 OVER C! CHAR+ 111 R@ - R> 111 > ( adr2 cnt2 ?)
;
: block@ S" W 128 bytes@ " EVALUATE ; IMMEDIATE
: SHAfile ( -- )
BEGIN InputFileName ( ior) \ Enter filename
WHILE TryAgain? IF EXIT THEN \ Not valid, try (not) again
REPEAT SHAinit \ Valid file, init transform
rfileid @ FILE-SIZE DROP ( ud ) \ Get bytesize of input file
2 0 D- \ Dec cnt by 2 for CR|LF EOF
CR ." Bytesize: " 2DUP D. \ Display filesize to screen
2DUP 2>R \ ( lo hi ) Save file byte cnt on RETURN
OVER 7 RSHIFT OVER \ ( lo hi lo* hi )
[ CELLSIZE 7 - ]L LSHIFT OR SWAP 7 RSHIFT \ ( lo lo' hi') full block count
0 ?DO 0 0 DO block@ W endian16 SHA512 LOOP LOOP \ Hash hi*2^cellsize full blocks
0 ?DO block@ W endian16 SHA512 LOOP \ Hash lo count full 128 byte blocks
( lo) 127 AND ( rembytes) getpartial ( adr cnt ?) \ Read remaining bytes
IF 16 + 0 FILL W endian16 SHA512 W 112 THEN \ Do if rembytes > 111
0 FILL 2R> storelen W endian14 SHA512 \ Do last block
CR ." SHA-512 : " SHAstring TYPE CR \ Show SHA-512 hash for file
rfileid @ CLOSE-FILE DROP \ Close the input file
;
\ ==================== SHA-512 Test Suite =====================
DECIMAL
\ Load W array with data on stack
: WLoad ( d0..d15 -- ) [ W 15 CELLS + ]L ( d0..d15 W[15] )
16 0 DO TUCK ! CELL- LOOP DROP
;
\ -------------------------------------------------------------
\ EXAMPLE 1: from FIPS PUB
\ Message: ASCII string 'abc'
\ Hash = DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
\ 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
\ Compute and display hash for ASCII string 'abc'
: EX1 S" abc" 0 ( adr dcount) SHAbuffer HASH. ;
\ -------------------------------------------------------------
\ EXAMPLE 2: from FIPS PUB
\ Message:"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
\ Hash = 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
\ 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
: EX2a S" abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" 0 ( adr dcount) ;
: EX2 EX2a SHAbuffer HASH. ;
\ -------------------------------------------------------------
\ EXAMPLE 3:
\ Message: 2 million copies of 'a' (61h), (16 million bits)
\ Hash =
\ Load block of all 'a's (61h), must hash 15,625 times
: EX3a W 128 [CHAR] a FILL ;
\ Last message block: 1st bit a '1', bit-count = 16 million
: EX3b [ HEX ] 8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0
[ DECIMAL ] 0 16000000 WLoad
;
\ Do hash for message of 2 million copies of ASCII 'a' (61h)
: EX3 SHAinit EX3a 15625 0 DO W SHA512 LOOP EX3b W SHA512 HASH. ;
\ -------------------------------------------------------------
\ EXAMPLE 4:
\ Message: 400,000 SPACES 'BL' (20h), (3,200,000 bits)
\ Hash =
\ Load block of all "BL' (20h), hash 156 full blocks + 16 bytes
: EX4a W 128 BL FILL ;
\ Last message block: 1st bit a '1', bit-count = 3,200,000
: EX4b [ HEX ] 8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0
[ DECIMAL ] 0 3200000 WLoad
;
\ Do hash for message of 400,000 SPACES 'BL' (20h)
: EX4 SHAinit EX4a 3125 0 DO W SHA512 LOOP EX4b W SHA512 HASH. ;
\ -------------------------------------------------------------
\ Message: blank string ''
\ Hash =
: SHATest ( -- )
CR ." SHA-512 test suite:"
S" " 0 ( adr dcount) SHAbuffer HASH. S" " QuoteString
EX1 S" abc" QuoteString
EX2 EX2a QuoteString
EX3 S" 2 million copies of ASCII 'a' (61h)" TYPE
EX4 S" 400,000 copies of ASCII BL (20h)" TYPE CR
;
\ =========== VFX Forth specific performance test ===========
[undefined] GetTickCount
[IF] extern: DWORD PASCAL GetTickCount( void ) [THEN]
VARIABLE start-ms
: TIMER-START ( -- ) GetTickCount start-ms ! ;
: MS? ( -- u ) GetTickCount start-ms @ - ( abs ) ;
: .### ( -) BASE @ >R DECIMAL MS? 0 <# # # # [CHAR] . HOLD #S #> R> BASE ! TYPE ;
DECIMAL 1000 VALUE N#
: [EX1] S" abc" 0 ( adr dcount) SHAbuffer ;
: [EX2] EX2a SHAbuffer ;
: [EX3] SHAinit EX3a 15625 0 DO W SHA512 LOOP EX3b W SHA512 ;
: test1 [ DECIMAL ]
cr ." SHA-512 test for EX1 for " N# . ." loops in milliseconds is "
TIMER-START N# 0 DO [EX1] LOOP MS? U.
;
: test2 [ DECIMAL ]
cr ." SHA-512 test for EX2 for " N# . ." loops in milliseconds is "
TIMER-START N# 0 DO [EX2] LOOP MS? U.
;
: test3 [ DECIMAL ]
cr ." SHA-512 test for EX3 for " N# . ." loops in milliseconds is "
TIMER-START N# 0 DO [EX3] LOOP MS? U.
;
[toc] | [prev] | [next] | [standalone]
| From | Coos Haak <chforth@hccnet.nl> |
|---|---|
| Date | 2012-12-08 00:49 +0100 |
| Message-ID | <ednf6ozb780a$.10wdcx308fy8h.dlg@40tude.net> |
| In reply to | #17919 |
Op Fri, 7 Dec 2012 14:47:00 -0800 (PST) schreef jzakiya@gmail.com: A little nitpick. > >: ]L S" ] LITERAL " EVALUATE ; IMMEDIATE Why not simply : ]L ] POSTPONE LITERAL ; IMMEDIATE > > 0 VALUE H[H] \ Pointer to addr of hash value H for each round > >: H[G] S" H[H] [ 1 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return G adr Nesting of EVALUATE consumes much stack(s) space and is bound to be slow. -- Coos CHForth, 16 bit DOS applications http://home.hccnet.nl/j.j.haak/forth.html
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-07 16:54 -0800 |
| Message-ID | <fa30e43e-2366-4652-a7c7-034b0e20eac5@googlegroups.com> |
| In reply to | #17920 |
On Friday, December 7, 2012 6:49:30 PM UTC-5, Coos Haak wrote: > Op Fri, 7 Dec 2012 14:47:00 -0800 (PST) schreef jzakiya@gmail.com: > > > > A little nitpick. > > > > > > > >: ]L S" ] LITERAL " EVALUATE ; IMMEDIATE > > > > Why not simply > > : ]L ] POSTPONE LITERAL ; IMMEDIATE > > > > > > > > 0 VALUE H[H] \ Pointer to addr of hash value H for each round > > > > > >: H[G] S" H[H] [ 1 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return G adr > > > > Nesting of EVALUATE consumes much stack(s) space and is bound to be slow. > > > > -- > > Coos > > > > CHForth, 16 bit DOS applications > > http://home.hccnet.nl/j.j.haak/forth.html These are macros to be used inside colon defined words. The code between S" ----- " will be "evaluated" at compile time when used in a colon word as if that code was written there as shown. It will be optimized by the compiler (if it's capable) as inline code. MPE-VFX optimizes this code very well. I also have a SwithForth centric version too. The purpose of this code is to be one reference on how to do the algorithm in a straightforward way without too many esoteric techniques, and providing decent performance. There are obviously other approaches. FYI, a good place to find files with SHA-256 signatures is at FREEBSD. Here's a list of files and SHA-256 hashes to check the algorithm against. ftp://ftp8.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ Download an iso and check it with the "shafile" word against the listed sha-256 signatures. ---WARNING--- "shafile" as written does a "2 0 D-" to subtract the cf|lf many text files append to their end. When hashing an iso change that to "0 0 D-" to get the listed values in the hash text files.
[toc] | [prev] | [next] | [standalone]
| From | Coos Haak <chforth@hccnet.nl> |
|---|---|
| Date | 2012-12-08 18:21 +0100 |
| Message-ID | <v2v7eqprzfxm.12doign1x5z.dlg@40tude.net> |
| In reply to | #17924 |
Op Fri, 7 Dec 2012 16:54:59 -0800 (PST) schreef jzakiya@gmail.com: > On Friday, December 7, 2012 6:49:30 PM UTC-5, Coos Haak wrote: >> Op Fri, 7 Dec 2012 14:47:00 -0800 (PST) schreef jzakiya@gmail.com: >> >> >> >> A little nitpick. >> >> >> >>> >> >>>: ]L S" ] LITERAL " EVALUATE ; IMMEDIATE >> > >> >> >> Why not simply >> >>: ]L ] POSTPONE LITERAL ; IMMEDIATE >> >> >> >>> >> >>> 0 VALUE H[H] \ Pointer to addr of hash value H for each round >> >>> >> >>>: H[G] S" H[H] [ 1 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return G adr >> >> >> >> Nesting of EVALUATE consumes much stack(s) space and is bound to be slow. >> >> >> >> -- >> >> Coos >> >> >> >> CHForth, 16 bit DOS applications >> >> http://home.hccnet.nl/j.j.haak/forth.html > > These are macros to be used inside colon defined words. > The code between S" ----- " will be "evaluated" at compile time when used in a colon word as if that code was written there as shown. It will be optimized by the compiler (if it's capable) as inline code. Yes, I know how evaluate works. But why use a complicatated word like your ]L when mine is much simpler and (as it is immediate) is forgiving to optimizing. > > MPE-VFX optimizes this code very well. I also have a SwithForth centric version too. > Of course, that's not the point. > The purpose of this code is to be one reference on how to do the algorithm in a straightforward way without too many esoteric techniques, and providing decent performance. There are obviously other approaches. Sorry, I have no need/interest in SHA. -- Coos CHForth, 16 bit DOS applications http://home.hccnet.nl/j.j.haak/forth.html
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-08 18:36 -0800 |
| Message-ID | <da31affb-78bd-415b-87ad-caa242cca438@googlegroups.com> |
| In reply to | #17920 |
On Friday, December 7, 2012 6:49:30 PM UTC-5, Coos Haak wrote: > Op Fri, 7 Dec 2012 14:47:00 -0800 (PST) schreef jzakiya@gmail.com: > > > > A little nitpick. > > > > > > > >: ]L S" ] LITERAL " EVALUATE ; IMMEDIATE > > > > Why not simply > > : ]L ] POSTPONE LITERAL ; IMMEDIATE > > > > > > > > 0 VALUE H[H] \ Pointer to addr of hash value H for each round > > > > > >: H[G] S" H[H] [ 1 CELLS ]L +" EVALUATE ; IMMEDIATE \ Return G adr > > > > Nesting of EVALUATE consumes much stack(s) space and is bound to be slow. > > > > -- > > Coos > > > > CHForth, 16 bit DOS applications > > http://home.hccnet.nl/j.j.haak/forth.html Marcel, Hopefully, this was THE error. 8cc702081a6438ec CONSTANT K59 should be 8cc702081a6439ec CONSTANT K59 Also, using : ]L ] POSTPONE LITERAL ; IMMEDIATE had no affect on words size nor speed, at least on VFX. I think I remember that when I wrote this code back in 2001 (over 11 years ago) the reason I 'macrod' the words I did was because it produced the best performance on the greatest number of forths (Swiftforth, VFX, Win32forth, gforth, pfe, kforth), because the macros will inline the code on all systems.
[toc] | [prev] | [next] | [standalone]
| From | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| Date | 2012-12-09 09:14 +0200 |
| Message-ID | <70899494918435@frunobulax.edu> |
| In reply to | #17953 |
jzakiya@gmail.com writes Re: SHA-512
[..]
> Hopefully, this was THE error.
> 8cc702081a6438ec CONSTANT K59 should be
> 8cc702081a6439ec CONSTANT K59
This doesn't fix the problem.
Here is the content of H[a] ... H[h] before and after the first round:
FORTH> EX1
t0: $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B $A54FF53A5F1D36F1
$510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B $5BE0CD19137E2179
t1: $AE260B24BD1CFDFB $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B
$10413EA07AD53F97 $510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B
h[a] and h[e] are wrong. Maybe something with 2@ ?
I suspected problems with HEX/DECIMAL, therefore the below listing is again
a bit different.
-marcel
--
ANEW -sha-512
\ Forth code for Secure Hash Algorithm 512 (SHA-512)
\ NIST spec at: http://csrc.nist.gov/encryption/tkhash.html
\ For Little/Big Endian byte addressable CPUs, e.g. Intel/Power PC
\ DEPENDENCIES: CORE EXT WORDSET ; COMMON USAGE 3DROP ?DO CELL-
\ Use of this code is free subject to acknowledgment of copyright.
\ Copyright (c) 2012 Jabari Zakiya -- jzakiya@mail.com 12/07/2012
\ ======================= MACRO Wordset ========================
\ MACRO wordset from Wil Baden's Tool Belt series in
\ Forth Dimensions (FD) Vol. 19, No. 2, July/August 1997
\ Original code has been modified to make more efficient
\ MACRO allows insertion of parameters following the macro
\ "\" represents place where parameter is inserted
\ Example: MACRO ?? " IF \ THEN "
\ : FOO .. ?? EXIT .... ; ?? compiles to -- IF EXIT THEN
\ PLACE and STRING for system if needed
\ Not needed for SwiftForth v 2.00.3, needed for Win32Forth V 4.10
\ : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ;
: SSTRING ( char "ccc" -) WORD COUNT HERE OVER 1+ CHARS ALLOT PACK DROP ;
\ Versions of /STRING and ANEW if system doesn't have them
\ : /STRING ( a n k - a+k n-k) ( OVER MIN) TUCK - >R CHARS + R> ;
\ : ANEW >IN @ BL WORD FIND IF EXECUTE ELSE DROP THEN >IN ! MARKER ;
\ : split-at-char ( a n char - a k a+k n-k)
\ >R 2DUP BEGIN DUP WHILE OVER C@ R@ -
\ WHILE 1 /STRING REPEAT THEN
\ R> DROP TUCK 2>R - 2R>
\ ;
: DOES>MACRO \ Compile the macro, including external parameters
DOES> COUNT BEGIN [CHAR] \ split-at-char 2>R EVALUATE R@
WHILE BL WORD COUNT EVALUATE 2R> 1 /STRING REPEAT
R> DROP R> DROP
;
\ Macro creation word which allows parameter insertion
: MACRO CREATE IMMEDIATE CHAR SSTRING DOES>MACRO ;
\ ==================== Start SHA-256 Code ====================
DECIMAL
64 CONSTANT CELLSIZE \ CPU bitsize
2VARIABLE SHAlen \ Holds byte length of string < 2^128 bits|2^125 bytes
CREATE SHAval 8 CELLS ALLOT \ Holds hash after each block
CREATE SHAsh 88 CELLS ALLOT \ Fully extended hash array
CREATE W 16 CELLS ALLOT \ Holds message block
1 W ! \ For compile time endian testing
HEX
\ SHA-512 round constants
428a2f98d728ae22 CONSTANT K0 7137449123ef65cd CONSTANT K1
b5c0fbcfec4d3b2f CONSTANT K2 e9b5dba58189dbbc CONSTANT K3
3956c25bf348b538 CONSTANT K4 59f111f1b605d019 CONSTANT K5
923f82a4af194f9b CONSTANT K6 ab1c5ed5da6d8118 CONSTANT K7
d807aa98a3030242 CONSTANT K8 12835b0145706fbe CONSTANT K9
243185be4ee4b28c CONSTANT K10 550c7dc3d5ffb4e2 CONSTANT K11
72be5d74f27b896f CONSTANT K12 80deb1fe3b1696b1 CONSTANT K13
9bdc06a725c71235 CONSTANT K14 c19bf174cf692694 CONSTANT K15
e49b69c19ef14ad2 CONSTANT K16 efbe4786384f25e3 CONSTANT K17
0fc19dc68b8cd5b5 CONSTANT K18 240ca1cc77ac9c65 CONSTANT K19
2de92c6f592b0275 CONSTANT K20 4a7484aa6ea6e483 CONSTANT K21
5cb0a9dcbd41fbd4 CONSTANT K22 76f988da831153b5 CONSTANT K23
983e5152ee66dfab CONSTANT K24 a831c66d2db43210 CONSTANT K25
b00327c898fb213f CONSTANT K26 bf597fc7beef0ee4 CONSTANT K27
c6e00bf33da88fc2 CONSTANT K28 d5a79147930aa725 CONSTANT K29
06ca6351e003826f CONSTANT K30 142929670a0e6e70 CONSTANT K31
27b70a8546d22ffc CONSTANT K32 2e1b21385c26c926 CONSTANT K33
4d2c6dfc5ac42aed CONSTANT K34 53380d139d95b3df CONSTANT K35
650a73548baf63de CONSTANT K36 766a0abb3c77b2a8 CONSTANT K37
81c2c92e47edaee6 CONSTANT K38 92722c851482353b CONSTANT K39
a2bfe8a14cf10364 CONSTANT K40 a81a664bbc423001 CONSTANT K41
c24b8b70d0f89791 CONSTANT K42 c76c51a30654be30 CONSTANT K43
d192e819d6ef5218 CONSTANT K44 d69906245565a910 CONSTANT K45
f40e35855771202a CONSTANT K46 106aa07032bbd1b8 CONSTANT K47
19a4c116b8d2d0c8 CONSTANT K48 1e376c085141ab53 CONSTANT K49
2748774cdf8eeb99 CONSTANT K50 34b0bcb5e19b48a8 CONSTANT K51
391c0cb3c5c95a63 CONSTANT K52 4ed8aa4ae3418acb CONSTANT K53
5b9cca4f7763e373 CONSTANT K54 682e6ff3d6b2b8a3 CONSTANT K55
748f82ee5defb2fc CONSTANT K56 78a5636f43172f60 CONSTANT K57
84c87814a1f0ab72 CONSTANT K58 8cc702081a6439ec CONSTANT K59
90befffa23631e28 CONSTANT K60 a4506cebde82bde9 CONSTANT K61
bef9a3f7b2c67915 CONSTANT K62 c67178f2e372532b CONSTANT K63
ca273eceea26619c CONSTANT K64 d186b8c721c0c207 CONSTANT K65
eada7dd6cde0eb1e CONSTANT K66 f57d4f7fee6ed178 CONSTANT K67
06f067aa72176fba CONSTANT K68 0a637dc5a2c898a6 CONSTANT K69
113f9804bef90dae CONSTANT K70 1b710b35131c471b CONSTANT K71
28db77f523047d84 CONSTANT K72 32caab7b40c72493 CONSTANT K73
3c9ebe0a15c9bebc CONSTANT K74 431d67c49c100d4c CONSTANT K75
4cc5d4becb3e42b6 CONSTANT K76 597f299cfc657e2a CONSTANT K77
5fcb6fab3ad6faec CONSTANT K78 6c44198c4a475817 CONSTANT K79
DECIMAL
0 VALUE H[H] \ Pointer to addr of hash value H for each round
: H[G] H[H] 1 CELLS + ; \ Return G adr
: H[F] H[H] 2 CELLS + ; \ Return F adr
: H[E] H[H] 3 CELLS + ; \ Return E adr
: H[D] H[H] 4 CELLS + ; \ Return D adr
: H[C] H[H] 5 CELLS + ; \ Return C adr
: H[B] H[H] 6 CELLS + ; \ Return B adr
: H[A] H[H] 7 CELLS + ; \ Return A adr
: SHAinit ( -) \ Load initial hash values H0 - H7
$6a09e667f3bcc908 ( H0) $bb67ae8584caa73b ( H1)
$3c6ef372fe94f82b ( H2) $a54ff53a5f1d36f1 ( H3)
$510e527fade682d1 ( H4) $9b05688c2b3e6c1f ( H5)
$1f83d9abfb41bd6b ( H6) $5be0cd19137e2179 ( H7)
SHAsh 7 0 DO TUCK ! CELL+ LOOP ! \ Put initial hash in SHAsh array
SHAsh SHAval 8 CELLS CMOVE \ Put copy in SHAval array
SHAsh TO H[H] ; \ Init pointer to last hash value
: UpDateHash ( -) \ Update hash values and load arrays with new values
SHAsh SHAval H[H] \ Place array addresses on stack
8 0 DO DUP >R @ SWAP DUP >R @ + DUP \ Compute updated hash subvalue
R@ ! OVER ! CELL+ R> CELL+ R> CELL+ \ Store updated hash subvalue
LOOP 3DROP \ Clear stack when done
SHAsh TO H[H] ; \ Init pointer to last subvalue
\ ( - n ) n = (E AND F) XOR (~E AND G)
: Ch H[F] 2@ OVER AND SWAP INVERT H[G] @ AND XOR ;
\ ( - n ) n = (A AND B) XOR (A AND C) XOR (B AND C)
: Maj H[C] DUP >R CELL+ 2@ OVER AND SWAP R@ @ AND XOR R> 2@ AND XOR ;
\ ( - n ) T1x = Ch(e,f,g) + Sig1(e) + h
: T1x Ch H[E] @ DUP >R #14 ror R@ #18 ror XOR R> #41 ror XOR + H[H] @ + ;
\ ( - n ) T2 = Maj(a,b,c) + Sig0(a)
: T2 Maj H[A] @ DUP >R #28 ror R@ #34 ror XOR R> #39 ror XOR + ;
\ ( x - n ) n = ROR1(X) XOR ROR8(X) XOR SHR7(X)
: sig0 ( x - n ) DUP DUP 1 ROR SWAP 8 ROR XOR SWAP 7 RSHIFT XOR ;
\ ( x - n ) n = ROR19(X) XOR ROR61(X) XOR SHR6(X)
: sig1 ( x - n ) DUP DUP #19 ROR SWAP #61 ROR XOR SWAP 6 RSHIFT XOR ;
\ Put two copies of original Wi on stack, keep its address
: Wi@ ( [Wi] - wi [Wi] wi) DUP @ TUCK ;
\ Create 2 copies of new Wi' from Wi on stack ( ..Wi -..Wi' Wi')
: Wi #15 PICK #15 PICK sig0 + 7 PICK + 2 PICK sig1 + DUP ;
\ Drop 80 Wi cells from stack ( W0..W79 - )
: WiDROP 5 0 DO 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP LOOP ;
: subrnd DUP H[D] +! T2 + H[G] TO H[H] H[A] ! ;
MACRO rndi\ " Wi@ T1x + \ + subrnd CELL+"
MACRO rndn\ " Wi T1x + \ + subrnd "
: show CR h[a] @ H. space h[b] @ H. space h[c] @ H. space h[d] @ H.
CR h[e] @ H. space h[f] @ H. space h[g] @ H. space h[h] @ H. ;
: SHA512 ( Wadr - )
show
rndi\ K0 show abort rndi\ K1 rndi\ K2 rndi\ K3 \ Wi = Mi for 1st 16 rounds
rndi\ K4 rndi\ K5 rndi\ K6 rndi\ K7
rndi\ K8 rndi\ K9 rndi\ K10 rndi\ K11
rndi\ K12 rndi\ K13 rndi\ K14 rndi\ K15 DROP ( W0..W15 )
rndn\ K16 rndn\ K17 rndn\ K18 rndn\ K19 \ Wj now function of Wi
rndn\ K20 rndn\ K21 rndn\ K22 rndn\ K23
rndn\ K24 rndn\ K25 rndn\ K26 rndn\ K27
rndn\ K28 rndn\ K29 rndn\ K30 rndn\ K31
rndn\ K32 rndn\ K33 rndn\ K34 rndn\ K35
rndn\ K36 rndn\ K37 rndn\ K38 rndn\ K39
rndn\ K40 rndn\ K41 rndn\ K42 rndn\ K43
rndn\ K44 rndn\ K45 rndn\ K46 rndn\ K47
rndn\ K48 rndn\ K49 rndn\ K50 rndn\ K51
rndn\ K52 rndn\ K53 rndn\ K54 rndn\ K55
rndn\ K56 rndn\ K57 rndn\ K58 rndn\ K59
rndn\ K60 rndn\ K61 rndn\ K62 rndn\ K63
rndn\ K64 rndn\ K65 rndn\ K66 rndn\ K67
rndn\ K68 rndn\ K69 rndn\ K70 rndn\ K71
rndn\ K72 rndn\ K73 rndn\ K74 rndn\ K75
rndn\ K76 rndn\ K77 rndn\ K78 rndn\ K79 WiDROP ( - )
UpDateHash
;
: setlen ( -- ) \ Store bit count into last two cells
SHAlen 2@ D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ;
: bytes>< ( m -- w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
DUP >R #38 LSHIFT
R@ $FF00 AND #28 LSHIFT OR
R@ $FF0000 AND #18 LSHIFT OR
R@ $FF000000 AND 8 LSHIFT OR
R@ #20 RSHIFT $FF AND OR
R@ #18 RSHIFT $FF00 AND OR
R@ #10 RSHIFT $FF0000 AND OR
R> 8 RSHIFT $FF000000 AND OR ;
: cellsreverse ( adr n -- ) \ Reverse bytes of n cells in array
0 DO DUP @ bytes>< OVER ! CELL+ LOOP DROP ;
W C@
[IF] \ if little ENDIAN, e.g. Intel/AMD
: endian16 ( adr -- adr ) DUP #16 cellsreverse ;
: endian14 ( adr -- adr ) DUP #14 cellsreverse ;
[ELSE] \ if big ENDIAN, e.g. Macs
: endian16 ( adr -- adr ) ; \ Do nothing
: endian14 ( adr -- adr ) ; \ Do nothing
[THEN]
\ Do all 128 byte blocks leaving remainder block
: hashfullblocks ( adr1 dcount -- adr2 count ) \ dcount is double number: lo hi
SWAP DUP >R 7 RSHIFT ( adr1 hi lo* ) \ Store lo on return, do lo*=lo/128
OVER CELLSIZE 7 - LSHIFT OR >R ( adr1 hi ) \ Return is now: :R lo lo'
( hi) 7 RSHIFT 0 ?DO ( adr1 ) \ Do if hi'= hi/128 > 0
0 0 DO DUP endian16 SHA512 #128 + LOOP ( lo' adr') \ Hash for 2^cellsize full blocks
LOOP ( adr' ) \ Hash for hi'*2^cellsize full blocks
R> 0 ?DO DUP endian16 SHA512 #128 + LOOP ( adr' ) \ Hash block for lo count full 128 byte blocks
R> ( lo) #127 AND ; ( adr2 cnt2 ) \ Leave address and count for partial block
: hashfinal ( addr count -- ) \ Hash partial and/or last block
DUP >R W SWAP CMOVE \ Move bytes into block W array
W R@ + #128 OVER C! ( adr ) \ Put 80h after last message byte
CHAR+ #111 R@ - ( adr # ) \ Compute tentative 0 byte FILL count
R> #111 > ( adr # ? ) \ Is partial block byte count > 111 ?
IF #16 + 0 FILL ( -- ) \ If yes, FILL rest of block w/zeroes
W endian16 SHA512 ( -- ) \ Endian adjust block if required, then hash
W #112 ( adr 112 ) \ Now setup last block containing bit count
THEN ( adr # )
0 FILL setlen W endian14 SHA512 ; \ Zero FILL last block, set message bit count
( -- ) \ Endian adjust, except bit count, then hash
\ Compute SHA512 from a counted buffer of text
: SHAbuffer ( addr dcount -- ) SHAinit 2DUP SHAlen 2! hashfullblocks hashfinal ;
\ =============== Hash string display wordset ===============
DECIMAL
\ Array of digits 0123456789abcdef
: digit$ ( -- adr ) S" 0123456789abcdef" DROP ;
: intdigits ( -- ) 0 PAD ! ;
: savedigit ( n -- ) PAD C@ 1+ DUP PAD C! PAD + C! ;
: bytedigits ( n1 -- ) DUP 4 RSHIFT digit$ + C@ savedigit #15 AND digit$ + C@ savedigit ;
W C@
[IF] \ little ENDIAN
: celldigits ( a1 -- ) DUP 7 + DO I C@ bytedigits -1 +LOOP ;
[ELSE] \ big ENDIAN
: celldigits ( a1 -- ) DUP 8 + SWAP DO I C@ bytedigits LOOP ;
[THEN]
: SHAstring ( -- adr count ) \ Return counted SHA-512 string array
intdigits SHAval 7 CELLS + 8 0 DO DUP celldigits CELL- LOOP DROP PAD COUNT ;
\ Display SHA-512 hash value in hex ( A B C D E F G H )
: HASH. CR SHAstring TYPE SPACE ;
: QuoteString ( adr cnt --) [CHAR] " EMIT TYPE [CHAR] " EMIT ;
\ ==================== File hash wordset ====================
VARIABLE rfileid \ Holds fileid number of input file
: InputFileName ( -- ior) CR CR ." Filename: " PAD DUP #80 ACCEPT ( adr #) R/O OPEN-FILE SWAP rfileid ! ( ior) ;
: TryAgain? ( -- ?) CR CR ." Invalid iput file, try again? (Y/N)" KEY DUP EMIT DUP [CHAR] N = SWAP [CHAR] n = OR ;
\ Read n bytes from input file, store at addr array
: bytes@ ( adr n - ) rfileid @ READ-FILE 2DROP ;
: storelen ( lo hi - ) \ Store bit count into last two cells
D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ;
: getpartial ( cnt -- W' cnt2 ?)
W 2DUP SWAP DUP >R bytes@ ( cnt1 adr1 )
+ #128 OVER C! CHAR+ #111 R@ - R> #111 > ; ( adr2 cnt2 ?)
: block@ W 128 bytes@ ;
: SHAfile ( -- )
BEGIN InputFileName ( ior) \ Enter filename
WHILE TryAgain? IF EXIT THEN \ Not valid, try (not) again
REPEAT SHAinit \ Valid file, init transform
rfileid @ FILE-SIZE DROP ( ud ) \ Get bytesize of input file
2. D- \ Dec cnt by 2 for CR|LF EOF
CR ." Bytesize: " 2DUP D. \ Display filesize to screen
2DUP 2>R \ ( lo hi ) Save file byte cnt on RETURN
OVER 7 RSHIFT OVER \ ( lo hi lo* hi )
CELLSIZE 7 - LSHIFT OR SWAP 7 RSHIFT \ ( lo lo' hi') full block count
0 ?DO 0 0 DO block@ W endian16 SHA512 LOOP LOOP \ Hash hi*2^cellsize full blocks
0 ?DO block@ W endian16 SHA512 LOOP \ Hash lo count full 128 byte blocks
( lo) #127 AND ( rembytes) getpartial ( adr cnt ?) \ Read remaining bytes
IF #16 + 0 FILL W endian16 SHA512 W #112 THEN \ Do if rembytes > 111
0 FILL 2R> storelen W endian14 SHA512 \ Do last block
CR ." SHA-512 : " SHAstring TYPE CR \ Show SHA-512 hash for file
rfileid @ CLOSE-FILE DROP ; \ Close the input file
\ ==================== SHA-512 Test Suite =====================
DECIMAL
\ Load W array with data on stack
: WLoad ( d0..d15 -- ) W #15 CELLS + ( d0..d15 W[15] ) #16 0 DO TUCK ! CELL- LOOP DROP ;
\ -------------------------------------------------------------
\ EXAMPLE 1: from FIPS PUB
\ Message: ASCII string 'abc'
\ Hash = DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
\ 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
\ Compute and display hash for ASCII string 'abc'
: EX1 S" abc" U>D ( adr dcount) SHAbuffer HASH. ;
\ -------------------------------------------------------------
\ EXAMPLE 2: from FIPS PUB
\ Message:"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
\ Hash = 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
\ 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
: EX2a S" abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" U>D ( adr dcount) ;
: EX2 EX2a SHAbuffer HASH. ;
\ -------------------------------------------------------------
\ EXAMPLE 3:
\ Message: 2 million copies of 'a' (61h), (16 million bits)
\ Hash =
\ Load block of all 'a's (61h), must hash 15,625 times
: EX3a W #128 [CHAR] a FILL ;
\ Last message block: 1st bit a '1', bit-count = 16 million
: EX3b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #16000000 WLoad ;
\ Do hash for message of 2 million copies of ASCII 'a' (61h)
: EX3 SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 HASH. ;
\ -------------------------------------------------------------
\ EXAMPLE 4:
\ Message: 400,000 SPACES 'BL' (20h), (3,200,000 bits)
\ Hash =
\ Load block of all "BL' (20h), hash 156 full blocks + 16 bytes
: EX4a W #128 BL FILL ;
\ Last message block: 1st bit a '1', bit-count = 3,200,000
: EX4b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #3200000 WLoad ;
\ Do hash for message of 400,000 SPACES 'BL' (20h)
: EX4 SHAinit EX4a #3125 0 DO W SHA512 LOOP EX4b W SHA512 HASH. ;
\ -------------------------------------------------------------
\ Message: blank string ''
\ Hash =
: SHATest ( -- )
CR ." SHA-512 test suite:"
S" " U>D ( adr dcount) SHAbuffer HASH. S" " QuoteString
EX1 S" abc" QuoteString
EX2 EX2a DROP QuoteString
EX3 S" 2 million copies of ASCII 'a' (61h)" TYPE
EX4 S" 400,000 copies of ASCII BL (20h)" TYPE CR ;
\ =========== Forth specific performance test ===========
VARIABLE start-ms
: TIMER-START ( -- ) ?MS start-ms ! ;
: MS? ( -- u ) ?MS start-ms @ - ( abs ) ;
: .### ( -) BASE @ >R DECIMAL MS? 0 <# # # # [CHAR] . HOLD #S #> R> BASE ! TYPE ;
DECIMAL #1000 VALUE N#
: [EX1] S" abc" U>D ( adr dcount) SHAbuffer ;
: [EX2] EX2a SHAbuffer ;
: [EX3] SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 ;
: test1 [ DECIMAL ]
cr ." SHA-512 test for EX1 for " N# . ." loops in milliseconds is "
TIMER-START N# 0 DO [EX1] LOOP MS? U. ;
: test2 [ DECIMAL ]
cr ." SHA-512 test for EX2 for " N# . ." loops in milliseconds is "
TIMER-START N# 0 DO [EX2] LOOP MS? U. ;
: test3 [ DECIMAL ]
cr ." SHA-512 test for EX3 for " N# . ." loops in milliseconds is "
TIMER-START N# 0 DO [EX3] LOOP MS? U. ;
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-09 17:23 -0800 |
| Message-ID | <62e45762-bcc8-40a9-ae3e-c7093e8336ac@googlegroups.com> |
| In reply to | #17954 |
On Sunday, December 9, 2012 2:14:33 AM UTC-5, Marcel Hendrix wrote:
> jzakiya@gmail.com writes Re: SHA-512
>
> [..]
>
> > Hopefully, this was THE error.
>
>
>
> > 8cc702081a6438ec CONSTANT K59 should be
>
> > 8cc702081a6439ec CONSTANT K59
>
>
>
> This doesn't fix the problem.
>
>
>
> Here is the content of H[a] ... H[h] before and after the first round:
>
>
>
> FORTH> EX1
>
> t0: $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B $A54FF53A5F1D36F1
>
> $510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B $5BE0CD19137E2179
>
>
>
> t1: $AE260B24BD1CFDFB $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B
>
> $10413EA07AD53F97 $510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B
>
>
>
> h[a] and h[e] are wrong. Maybe something with 2@ ?
>
>
>
> I suspected problems with HEX/DECIMAL, therefore the below listing is again
>
> a bit different.
>
>
>
> -marcel
>
>
>
> --
>
> ANEW -sha-512
>
>
>
> \ Forth code for Secure Hash Algorithm 512 (SHA-512)
>
> \ NIST spec at: http://csrc.nist.gov/encryption/tkhash.html
>
> \ For Little/Big Endian byte addressable CPUs, e.g. Intel/Power PC
>
> \ DEPENDENCIES: CORE EXT WORDSET ; COMMON USAGE 3DROP ?DO CELL-
>
> \ Use of this code is free subject to acknowledgment of copyright.
>
> \ Copyright (c) 2012 Jabari Zakiya -- jzakiya@mail.com 12/07/2012
>
>
>
> \ ======================= MACRO Wordset ========================
>
> \ MACRO wordset from Wil Baden's Tool Belt series in
>
> \ Forth Dimensions (FD) Vol. 19, No. 2, July/August 1997
>
> \ Original code has been modified to make more efficient
>
> \ MACRO allows insertion of parameters following the macro
>
> \ "\" represents place where parameter is inserted
>
> \ Example: MACRO ?? " IF \ THEN "
>
> \ : FOO .. ?? EXIT .... ; ?? compiles to -- IF EXIT THEN
>
>
>
> \ PLACE and STRING for system if needed
>
> \ Not needed for SwiftForth v 2.00.3, needed for Win32Forth V 4.10
>
> \ : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ;
>
> : SSTRING ( char "ccc" -) WORD COUNT HERE OVER 1+ CHARS ALLOT PACK DROP ;
>
>
>
> \ Versions of /STRING and ANEW if system doesn't have them
>
> \ : /STRING ( a n k - a+k n-k) ( OVER MIN) TUCK - >R CHARS + R> ;
>
> \ : ANEW >IN @ BL WORD FIND IF EXECUTE ELSE DROP THEN >IN ! MARKER ;
>
>
>
> \ : split-at-char ( a n char - a k a+k n-k)
>
> \ >R 2DUP BEGIN DUP WHILE OVER C@ R@ -
>
> \ WHILE 1 /STRING REPEAT THEN
>
> \ R> DROP TUCK 2>R - 2R>
>
> \ ;
>
>
>
> : DOES>MACRO \ Compile the macro, including external parameters
>
> DOES> COUNT BEGIN [CHAR] \ split-at-char 2>R EVALUATE R@
>
> WHILE BL WORD COUNT EVALUATE 2R> 1 /STRING REPEAT
>
> R> DROP R> DROP
>
> ;
>
>
>
> \ Macro creation word which allows parameter insertion
>
> : MACRO CREATE IMMEDIATE CHAR SSTRING DOES>MACRO ;
>
>
>
> \ ==================== Start SHA-256 Code ====================
>
> DECIMAL
>
> 64 CONSTANT CELLSIZE \ CPU bitsize
>
>
>
> 2VARIABLE SHAlen \ Holds byte length of string < 2^128 bits|2^125 bytes
>
> CREATE SHAval 8 CELLS ALLOT \ Holds hash after each block
>
> CREATE SHAsh 88 CELLS ALLOT \ Fully extended hash array
>
> CREATE W 16 CELLS ALLOT \ Holds message block
>
> 1 W ! \ For compile time endian testing
>
>
>
> HEX
>
>
>
> \ SHA-512 round constants
>
> 428a2f98d728ae22 CONSTANT K0 7137449123ef65cd CONSTANT K1
>
> b5c0fbcfec4d3b2f CONSTANT K2 e9b5dba58189dbbc CONSTANT K3
>
> 3956c25bf348b538 CONSTANT K4 59f111f1b605d019 CONSTANT K5
>
> 923f82a4af194f9b CONSTANT K6 ab1c5ed5da6d8118 CONSTANT K7
>
> d807aa98a3030242 CONSTANT K8 12835b0145706fbe CONSTANT K9
>
> 243185be4ee4b28c CONSTANT K10 550c7dc3d5ffb4e2 CONSTANT K11
>
> 72be5d74f27b896f CONSTANT K12 80deb1fe3b1696b1 CONSTANT K13
>
> 9bdc06a725c71235 CONSTANT K14 c19bf174cf692694 CONSTANT K15
>
> e49b69c19ef14ad2 CONSTANT K16 efbe4786384f25e3 CONSTANT K17
>
> 0fc19dc68b8cd5b5 CONSTANT K18 240ca1cc77ac9c65 CONSTANT K19
>
> 2de92c6f592b0275 CONSTANT K20 4a7484aa6ea6e483 CONSTANT K21
>
> 5cb0a9dcbd41fbd4 CONSTANT K22 76f988da831153b5 CONSTANT K23
>
> 983e5152ee66dfab CONSTANT K24 a831c66d2db43210 CONSTANT K25
>
> b00327c898fb213f CONSTANT K26 bf597fc7beef0ee4 CONSTANT K27
>
> c6e00bf33da88fc2 CONSTANT K28 d5a79147930aa725 CONSTANT K29
>
> 06ca6351e003826f CONSTANT K30 142929670a0e6e70 CONSTANT K31
>
> 27b70a8546d22ffc CONSTANT K32 2e1b21385c26c926 CONSTANT K33
>
> 4d2c6dfc5ac42aed CONSTANT K34 53380d139d95b3df CONSTANT K35
>
> 650a73548baf63de CONSTANT K36 766a0abb3c77b2a8 CONSTANT K37
>
> 81c2c92e47edaee6 CONSTANT K38 92722c851482353b CONSTANT K39
>
> a2bfe8a14cf10364 CONSTANT K40 a81a664bbc423001 CONSTANT K41
>
> c24b8b70d0f89791 CONSTANT K42 c76c51a30654be30 CONSTANT K43
>
> d192e819d6ef5218 CONSTANT K44 d69906245565a910 CONSTANT K45
>
> f40e35855771202a CONSTANT K46 106aa07032bbd1b8 CONSTANT K47
>
> 19a4c116b8d2d0c8 CONSTANT K48 1e376c085141ab53 CONSTANT K49
>
> 2748774cdf8eeb99 CONSTANT K50 34b0bcb5e19b48a8 CONSTANT K51
>
> 391c0cb3c5c95a63 CONSTANT K52 4ed8aa4ae3418acb CONSTANT K53
>
> 5b9cca4f7763e373 CONSTANT K54 682e6ff3d6b2b8a3 CONSTANT K55
>
> 748f82ee5defb2fc CONSTANT K56 78a5636f43172f60 CONSTANT K57
>
> 84c87814a1f0ab72 CONSTANT K58 8cc702081a6439ec CONSTANT K59
>
> 90befffa23631e28 CONSTANT K60 a4506cebde82bde9 CONSTANT K61
>
> bef9a3f7b2c67915 CONSTANT K62 c67178f2e372532b CONSTANT K63
>
> ca273eceea26619c CONSTANT K64 d186b8c721c0c207 CONSTANT K65
>
> eada7dd6cde0eb1e CONSTANT K66 f57d4f7fee6ed178 CONSTANT K67
>
> 06f067aa72176fba CONSTANT K68 0a637dc5a2c898a6 CONSTANT K69
>
> 113f9804bef90dae CONSTANT K70 1b710b35131c471b CONSTANT K71
>
> 28db77f523047d84 CONSTANT K72 32caab7b40c72493 CONSTANT K73
>
> 3c9ebe0a15c9bebc CONSTANT K74 431d67c49c100d4c CONSTANT K75
>
> 4cc5d4becb3e42b6 CONSTANT K76 597f299cfc657e2a CONSTANT K77
>
> 5fcb6fab3ad6faec CONSTANT K78 6c44198c4a475817 CONSTANT K79
>
>
>
> DECIMAL
>
>
>
> 0 VALUE H[H] \ Pointer to addr of hash value H for each round
>
>
>
> : H[G] H[H] 1 CELLS + ; \ Return G adr
>
> : H[F] H[H] 2 CELLS + ; \ Return F adr
>
> : H[E] H[H] 3 CELLS + ; \ Return E adr
>
> : H[D] H[H] 4 CELLS + ; \ Return D adr
>
> : H[C] H[H] 5 CELLS + ; \ Return C adr
>
> : H[B] H[H] 6 CELLS + ; \ Return B adr
>
> : H[A] H[H] 7 CELLS + ; \ Return A adr
>
>
>
> : SHAinit ( -) \ Load initial hash values H0 - H7
>
> $6a09e667f3bcc908 ( H0) $bb67ae8584caa73b ( H1)
>
> $3c6ef372fe94f82b ( H2) $a54ff53a5f1d36f1 ( H3)
>
> $510e527fade682d1 ( H4) $9b05688c2b3e6c1f ( H5)
>
> $1f83d9abfb41bd6b ( H6) $5be0cd19137e2179 ( H7)
>
> SHAsh 7 0 DO TUCK ! CELL+ LOOP ! \ Put initial hash in SHAsh array
>
> SHAsh SHAval 8 CELLS CMOVE \ Put copy in SHAval array
>
> SHAsh TO H[H] ; \ Init pointer to last hash value
>
>
>
> : UpDateHash ( -) \ Update hash values and load arrays with new values
>
> SHAsh SHAval H[H] \ Place array addresses on stack
>
> 8 0 DO DUP >R @ SWAP DUP >R @ + DUP \ Compute updated hash subvalue
>
> R@ ! OVER ! CELL+ R> CELL+ R> CELL+ \ Store updated hash subvalue
>
> LOOP 3DROP \ Clear stack when done
>
> SHAsh TO H[H] ; \ Init pointer to last subvalue
>
>
>
> \ ( - n ) n = (E AND F) XOR (~E AND G)
>
> : Ch H[F] 2@ OVER AND SWAP INVERT H[G] @ AND XOR ;
>
>
>
> \ ( - n ) n = (A AND B) XOR (A AND C) XOR (B AND C)
>
> : Maj H[C] DUP >R CELL+ 2@ OVER AND SWAP R@ @ AND XOR R> 2@ AND XOR ;
>
>
>
> \ ( - n ) T1x = Ch(e,f,g) + Sig1(e) + h
>
> : T1x Ch H[E] @ DUP >R #14 ror R@ #18 ror XOR R> #41 ror XOR + H[H] @ + ;
>
>
>
> \ ( - n ) T2 = Maj(a,b,c) + Sig0(a)
>
> : T2 Maj H[A] @ DUP >R #28 ror R@ #34 ror XOR R> #39 ror XOR + ;
>
>
>
> \ ( x - n ) n = ROR1(X) XOR ROR8(X) XOR SHR7(X)
>
> : sig0 ( x - n ) DUP DUP 1 ROR SWAP 8 ROR XOR SWAP 7 RSHIFT XOR ;
>
>
>
> \ ( x - n ) n = ROR19(X) XOR ROR61(X) XOR SHR6(X)
>
> : sig1 ( x - n ) DUP DUP #19 ROR SWAP #61 ROR XOR SWAP 6 RSHIFT XOR ;
>
>
>
> \ Put two copies of original Wi on stack, keep its address
>
> : Wi@ ( [Wi] - wi [Wi] wi) DUP @ TUCK ;
>
>
>
> \ Create 2 copies of new Wi' from Wi on stack ( ..Wi -..Wi' Wi')
>
> : Wi #15 PICK #15 PICK sig0 + 7 PICK + 2 PICK sig1 + DUP ;
>
>
>
> \ Drop 80 Wi cells from stack ( W0..W79 - )
>
> : WiDROP 5 0 DO 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP LOOP ;
>
>
>
> : subrnd DUP H[D] +! T2 + H[G] TO H[H] H[A] ! ;
>
>
>
> MACRO rndi\ " Wi@ T1x + \ + subrnd CELL+"
>
> MACRO rndn\ " Wi T1x + \ + subrnd "
>
>
>
> : show CR h[a] @ H. space h[b] @ H. space h[c] @ H. space h[d] @ H.
>
> CR h[e] @ H. space h[f] @ H. space h[g] @ H. space h[h] @ H. ;
>
>
>
> : SHA512 ( Wadr - )
>
> show
>
> rndi\ K0 show abort rndi\ K1 rndi\ K2 rndi\ K3 \ Wi = Mi for 1st 16 rounds
>
> rndi\ K4 rndi\ K5 rndi\ K6 rndi\ K7
>
> rndi\ K8 rndi\ K9 rndi\ K10 rndi\ K11
>
> rndi\ K12 rndi\ K13 rndi\ K14 rndi\ K15 DROP ( W0..W15 )
>
> rndn\ K16 rndn\ K17 rndn\ K18 rndn\ K19 \ Wj now function of Wi
>
> rndn\ K20 rndn\ K21 rndn\ K22 rndn\ K23
>
> rndn\ K24 rndn\ K25 rndn\ K26 rndn\ K27
>
> rndn\ K28 rndn\ K29 rndn\ K30 rndn\ K31
>
> rndn\ K32 rndn\ K33 rndn\ K34 rndn\ K35
>
> rndn\ K36 rndn\ K37 rndn\ K38 rndn\ K39
>
> rndn\ K40 rndn\ K41 rndn\ K42 rndn\ K43
>
> rndn\ K44 rndn\ K45 rndn\ K46 rndn\ K47
>
> rndn\ K48 rndn\ K49 rndn\ K50 rndn\ K51
>
> rndn\ K52 rndn\ K53 rndn\ K54 rndn\ K55
>
> rndn\ K56 rndn\ K57 rndn\ K58 rndn\ K59
>
> rndn\ K60 rndn\ K61 rndn\ K62 rndn\ K63
>
> rndn\ K64 rndn\ K65 rndn\ K66 rndn\ K67
>
> rndn\ K68 rndn\ K69 rndn\ K70 rndn\ K71
>
> rndn\ K72 rndn\ K73 rndn\ K74 rndn\ K75
>
> rndn\ K76 rndn\ K77 rndn\ K78 rndn\ K79 WiDROP ( - )
>
> UpDateHash
>
> ;
>
>
>
> : setlen ( -- ) \ Store bit count into last two cells
>
> SHAlen 2@ D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ;
>
>
>
> : bytes>< ( m -- w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
>
> DUP >R #38 LSHIFT
>
> R@ $FF00 AND #28 LSHIFT OR
>
> R@ $FF0000 AND #18 LSHIFT OR
>
> R@ $FF000000 AND 8 LSHIFT OR
>
> R@ #20 RSHIFT $FF AND OR
>
> R@ #18 RSHIFT $FF00 AND OR
>
> R@ #10 RSHIFT $FF0000 AND OR
>
> R> 8 RSHIFT $FF000000 AND OR ;
>
>
>
> : cellsreverse ( adr n -- ) \ Reverse bytes of n cells in array
>
> 0 DO DUP @ bytes>< OVER ! CELL+ LOOP DROP ;
>
>
>
> W C@
>
> [IF] \ if little ENDIAN, e.g. Intel/AMD
>
> : endian16 ( adr -- adr ) DUP #16 cellsreverse ;
>
> : endian14 ( adr -- adr ) DUP #14 cellsreverse ;
>
> [ELSE] \ if big ENDIAN, e.g. Macs
>
> : endian16 ( adr -- adr ) ; \ Do nothing
>
> : endian14 ( adr -- adr ) ; \ Do nothing
>
> [THEN]
>
>
>
> \ Do all 128 byte blocks leaving remainder block
>
> : hashfullblocks ( adr1 dcount -- adr2 count ) \ dcount is double number: lo hi
>
> SWAP DUP >R 7 RSHIFT ( adr1 hi lo* ) \ Store lo on return, do lo*=lo/128
>
> OVER CELLSIZE 7 - LSHIFT OR >R ( adr1 hi ) \ Return is now: :R lo lo'
>
> ( hi) 7 RSHIFT 0 ?DO ( adr1 ) \ Do if hi'= hi/128 > 0
>
> 0 0 DO DUP endian16 SHA512 #128 + LOOP ( lo' adr') \ Hash for 2^cellsize full blocks
>
> LOOP ( adr' ) \ Hash for hi'*2^cellsize full blocks
>
> R> 0 ?DO DUP endian16 SHA512 #128 + LOOP ( adr' ) \ Hash block for lo count full 128 byte blocks
>
> R> ( lo) #127 AND ; ( adr2 cnt2 ) \ Leave address and count for partial block
>
>
>
> : hashfinal ( addr count -- ) \ Hash partial and/or last block
>
> DUP >R W SWAP CMOVE \ Move bytes into block W array
>
> W R@ + #128 OVER C! ( adr ) \ Put 80h after last message byte
>
> CHAR+ #111 R@ - ( adr # ) \ Compute tentative 0 byte FILL count
>
> R> #111 > ( adr # ? ) \ Is partial block byte count > 111 ?
>
> IF #16 + 0 FILL ( -- ) \ If yes, FILL rest of block w/zeroes
>
> W endian16 SHA512 ( -- ) \ Endian adjust block if required, then hash
>
> W #112 ( adr 112 ) \ Now setup last block containing bit count
>
> THEN ( adr # )
>
> 0 FILL setlen W endian14 SHA512 ; \ Zero FILL last block, set message bit count
>
> ( -- ) \ Endian adjust, except bit count, then hash
>
>
>
> \ Compute SHA512 from a counted buffer of text
>
> : SHAbuffer ( addr dcount -- ) SHAinit 2DUP SHAlen 2! hashfullblocks hashfinal ;
>
>
>
> \ =============== Hash string display wordset ===============
>
> DECIMAL
>
>
>
> \ Array of digits 0123456789abcdef
>
> : digit$ ( -- adr ) S" 0123456789abcdef" DROP ;
>
>
>
> : intdigits ( -- ) 0 PAD ! ;
>
> : savedigit ( n -- ) PAD C@ 1+ DUP PAD C! PAD + C! ;
>
> : bytedigits ( n1 -- ) DUP 4 RSHIFT digit$ + C@ savedigit #15 AND digit$ + C@ savedigit ;
>
>
>
> W C@
>
> [IF] \ little ENDIAN
>
> : celldigits ( a1 -- ) DUP 7 + DO I C@ bytedigits -1 +LOOP ;
>
> [ELSE] \ big ENDIAN
>
> : celldigits ( a1 -- ) DUP 8 + SWAP DO I C@ bytedigits LOOP ;
>
> [THEN]
>
>
>
> : SHAstring ( -- adr count ) \ Return counted SHA-512 string array
>
> intdigits SHAval 7 CELLS + 8 0 DO DUP celldigits CELL- LOOP DROP PAD COUNT ;
>
>
>
> \ Display SHA-512 hash value in hex ( A B C D E F G H )
>
> : HASH. CR SHAstring TYPE SPACE ;
>
> : QuoteString ( adr cnt --) [CHAR] " EMIT TYPE [CHAR] " EMIT ;
>
>
>
> \ ==================== File hash wordset ====================
>
> VARIABLE rfileid \ Holds fileid number of input file
>
>
>
> : InputFileName ( -- ior) CR CR ." Filename: " PAD DUP #80 ACCEPT ( adr #) R/O OPEN-FILE SWAP rfileid ! ( ior) ;
>
> : TryAgain? ( -- ?) CR CR ." Invalid iput file, try again? (Y/N)" KEY DUP EMIT DUP [CHAR] N = SWAP [CHAR] n = OR ;
>
>
>
> \ Read n bytes from input file, store at addr array
>
> : bytes@ ( adr n - ) rfileid @ READ-FILE 2DROP ;
>
>
>
> : storelen ( lo hi - ) \ Store bit count into last two cells
>
> D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ;
>
> : getpartial ( cnt -- W' cnt2 ?)
>
> W 2DUP SWAP DUP >R bytes@ ( cnt1 adr1 )
>
> + #128 OVER C! CHAR+ #111 R@ - R> #111 > ; ( adr2 cnt2 ?)
>
>
>
> : block@ W 128 bytes@ ;
>
>
>
> : SHAfile ( -- )
>
> BEGIN InputFileName ( ior) \ Enter filename
>
> WHILE TryAgain? IF EXIT THEN \ Not valid, try (not) again
>
> REPEAT SHAinit \ Valid file, init transform
>
> rfileid @ FILE-SIZE DROP ( ud ) \ Get bytesize of input file
>
> 2. D- \ Dec cnt by 2 for CR|LF EOF
>
> CR ." Bytesize: " 2DUP D. \ Display filesize to screen
>
> 2DUP 2>R \ ( lo hi ) Save file byte cnt on RETURN
>
> OVER 7 RSHIFT OVER \ ( lo hi lo* hi )
>
> CELLSIZE 7 - LSHIFT OR SWAP 7 RSHIFT \ ( lo lo' hi') full block count
>
> 0 ?DO 0 0 DO block@ W endian16 SHA512 LOOP LOOP \ Hash hi*2^cellsize full blocks
>
> 0 ?DO block@ W endian16 SHA512 LOOP \ Hash lo count full 128 byte blocks
>
> ( lo) #127 AND ( rembytes) getpartial ( adr cnt ?) \ Read remaining bytes
>
> IF #16 + 0 FILL W endian16 SHA512 W #112 THEN \ Do if rembytes > 111
>
> 0 FILL 2R> storelen W endian14 SHA512 \ Do last block
>
> CR ." SHA-512 : " SHAstring TYPE CR \ Show SHA-512 hash for file
>
> rfileid @ CLOSE-FILE DROP ; \ Close the input file
>
>
>
> \ ==================== SHA-512 Test Suite =====================
>
> DECIMAL
>
>
>
> \ Load W array with data on stack
>
> : WLoad ( d0..d15 -- ) W #15 CELLS + ( d0..d15 W[15] ) #16 0 DO TUCK ! CELL- LOOP DROP ;
>
>
>
> \ -------------------------------------------------------------
>
> \ EXAMPLE 1: from FIPS PUB
>
> \ Message: ASCII string 'abc'
>
> \ Hash = DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
>
> \ 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
>
>
>
> \ Compute and display hash for ASCII string 'abc'
>
> : EX1 S" abc" U>D ( adr dcount) SHAbuffer HASH. ;
>
>
>
> \ -------------------------------------------------------------
>
> \ EXAMPLE 2: from FIPS PUB
>
> \ Message:"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
>
> \ Hash = 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
>
> \ 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
>
>
>
> : EX2a S" abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" U>D ( adr dcount) ;
>
> : EX2 EX2a SHAbuffer HASH. ;
>
>
>
> \ -------------------------------------------------------------
>
> \ EXAMPLE 3:
>
> \ Message: 2 million copies of 'a' (61h), (16 million bits)
>
> \ Hash =
>
>
>
> \ Load block of all 'a's (61h), must hash 15,625 times
>
> : EX3a W #128 [CHAR] a FILL ;
>
>
>
> \ Last message block: 1st bit a '1', bit-count = 16 million
>
> : EX3b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #16000000 WLoad ;
>
>
>
> \ Do hash for message of 2 million copies of ASCII 'a' (61h)
>
> : EX3 SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 HASH. ;
>
>
>
> \ -------------------------------------------------------------
>
> \ EXAMPLE 4:
>
> \ Message: 400,000 SPACES 'BL' (20h), (3,200,000 bits)
>
> \ Hash =
>
>
>
> \ Load block of all "BL' (20h), hash 156 full blocks + 16 bytes
>
> : EX4a W #128 BL FILL ;
>
>
>
> \ Last message block: 1st bit a '1', bit-count = 3,200,000
>
> : EX4b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #3200000 WLoad ;
>
>
>
> \ Do hash for message of 400,000 SPACES 'BL' (20h)
>
> : EX4 SHAinit EX4a #3125 0 DO W SHA512 LOOP EX4b W SHA512 HASH. ;
>
>
>
> \ -------------------------------------------------------------
>
> \ Message: blank string ''
>
> \ Hash =
>
>
>
> : SHATest ( -- )
>
> CR ." SHA-512 test suite:"
>
> S" " U>D ( adr dcount) SHAbuffer HASH. S" " QuoteString
>
> EX1 S" abc" QuoteString
>
> EX2 EX2a DROP QuoteString
>
> EX3 S" 2 million copies of ASCII 'a' (61h)" TYPE
>
> EX4 S" 400,000 copies of ASCII BL (20h)" TYPE CR ;
>
>
>
> \ =========== Forth specific performance test ===========
>
>
>
> VARIABLE start-ms
>
>
>
> : TIMER-START ( -- ) ?MS start-ms ! ;
>
> : MS? ( -- u ) ?MS start-ms @ - ( abs ) ;
>
> : .### ( -) BASE @ >R DECIMAL MS? 0 <# # # # [CHAR] . HOLD #S #> R> BASE ! TYPE ;
>
>
>
> DECIMAL #1000 VALUE N#
>
>
>
> : [EX1] S" abc" U>D ( adr dcount) SHAbuffer ;
>
> : [EX2] EX2a SHAbuffer ;
>
> : [EX3] SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 ;
>
>
>
> : test1 [ DECIMAL ]
>
> cr ." SHA-512 test for EX1 for " N# . ." loops in milliseconds is "
>
> TIMER-START N# 0 DO [EX1] LOOP MS? U. ;
>
>
>
> : test2 [ DECIMAL ]
>
> cr ." SHA-512 test for EX2 for " N# . ." loops in milliseconds is "
>
> TIMER-START N# 0 DO [EX2] LOOP MS? U. ;
>
>
>
> : test3 [ DECIMAL ]
>
> cr ." SHA-512 test for EX3 for " N# . ." loops in milliseconds is "
>
> TIMER-START N# 0 DO [EX3] LOOP MS? U. ;
Hey Marcel,
The problem is bytes><
All the numbers in the original code are HEX. You changed the HEX values for the shifts to decimal without converting them from HEX.
Your code:
: bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
DUP >R #38 LSHIFT
R@ $FF00 AND #28 LSHIFT OR
R@ $FF0000 AND #18 LSHIFT OR
R@ $FF000000 AND 8 LSHIFT OR
R@ #20 RSHIFT $FF AND OR
R@ #18 RSHIFT $FF00 AND OR
R@ #10 RSHIFT $FF0000 AND OR
R> 8 RSHIFT $FF000000 AND OR ;
Correct code:
: bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
DUP >R $38 LSHIFT
R@ $FF00 AND $28 LSHIFT OR
R@ $FF0000 AND $18 LSHIFT OR
R@ $FF000000 AND 8 LSHIFT OR
R@ $20 RSHIFT $FF AND OR
R@ $18 RSHIFT $FF00 AND OR
R@ #10 RSHIFT $FF0000 AND OR
R> 8 RSHIFT $FF000000 AND OR ;
To test do:
$1234567890abcdef bytes>< hex .
should display efcdab9078563412
Jabari
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-09 17:29 -0800 |
| Message-ID | <38caf893-c352-4ab6-87df-d8fc2181de52@googlegroups.com> |
| In reply to | #17958 |
On Sunday, December 9, 2012 8:23:01 PM UTC-5, jza...@gmail.com wrote:
> On Sunday, December 9, 2012 2:14:33 AM UTC-5, Marcel Hendrix wrote:
>
> > jzakiya@gmail.com writes Re: SHA-512
>
> >
>
> > [..]
>
> >
>
> > > Hopefully, this was THE error.
>
> >
>
> >
>
> >
>
> > > 8cc702081a6438ec CONSTANT K59 should be
>
> >
>
> > > 8cc702081a6439ec CONSTANT K59
>
> >
>
> >
>
> >
>
> > This doesn't fix the problem.
>
> >
>
> >
>
> >
>
> > Here is the content of H[a] ... H[h] before and after the first round:
>
> >
>
> >
>
> >
>
> > FORTH> EX1
>
> >
>
> > t0: $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B $A54FF53A5F1D36F1
>
> >
>
> > $510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B $5BE0CD19137E2179
>
> >
>
> >
>
> >
>
> > t1: $AE260B24BD1CFDFB $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B
>
> >
>
> > $10413EA07AD53F97 $510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B
>
> >
>
> >
>
> >
>
> > h[a] and h[e] are wrong. Maybe something with 2@ ?
>
> >
>
> >
>
> >
>
> > I suspected problems with HEX/DECIMAL, therefore the below listing is again
>
> >
>
> > a bit different.
>
> >
>
> >
>
> >
>
> > -marcel
>
> >
>
> >
>
> >
>
> > --
>
> >
>
> > ANEW -sha-512
>
> >
>
> >
>
> >
>
> > \ Forth code for Secure Hash Algorithm 512 (SHA-512)
>
> >
>
> > \ NIST spec at: http://csrc.nist.gov/encryption/tkhash.html
>
> >
>
> > \ For Little/Big Endian byte addressable CPUs, e.g. Intel/Power PC
>
> >
>
> > \ DEPENDENCIES: CORE EXT WORDSET ; COMMON USAGE 3DROP ?DO CELL-
>
> >
>
> > \ Use of this code is free subject to acknowledgment of copyright.
>
> >
>
> > \ Copyright (c) 2012 Jabari Zakiya -- jzakiya@mail.com 12/07/2012
>
> >
>
> >
>
> >
>
> > \ ======================= MACRO Wordset ========================
>
> >
>
> > \ MACRO wordset from Wil Baden's Tool Belt series in
>
> >
>
> > \ Forth Dimensions (FD) Vol. 19, No. 2, July/August 1997
>
> >
>
> > \ Original code has been modified to make more efficient
>
> >
>
> > \ MACRO allows insertion of parameters following the macro
>
> >
>
> > \ "\" represents place where parameter is inserted
>
> >
>
> > \ Example: MACRO ?? " IF \ THEN "
>
> >
>
> > \ : FOO .. ?? EXIT .... ; ?? compiles to -- IF EXIT THEN
>
> >
>
> >
>
> >
>
> > \ PLACE and STRING for system if needed
>
> >
>
> > \ Not needed for SwiftForth v 2.00.3, needed for Win32Forth V 4.10
>
> >
>
> > \ : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ;
>
> >
>
> > : SSTRING ( char "ccc" -) WORD COUNT HERE OVER 1+ CHARS ALLOT PACK DROP ;
>
> >
>
> >
>
> >
>
> > \ Versions of /STRING and ANEW if system doesn't have them
>
> >
>
> > \ : /STRING ( a n k - a+k n-k) ( OVER MIN) TUCK - >R CHARS + R> ;
>
> >
>
> > \ : ANEW >IN @ BL WORD FIND IF EXECUTE ELSE DROP THEN >IN ! MARKER ;
>
> >
>
> >
>
> >
>
> > \ : split-at-char ( a n char - a k a+k n-k)
>
> >
>
> > \ >R 2DUP BEGIN DUP WHILE OVER C@ R@ -
>
> >
>
> > \ WHILE 1 /STRING REPEAT THEN
>
> >
>
> > \ R> DROP TUCK 2>R - 2R>
>
> >
>
> > \ ;
>
> >
>
> >
>
> >
>
> > : DOES>MACRO \ Compile the macro, including external parameters
>
> >
>
> > DOES> COUNT BEGIN [CHAR] \ split-at-char 2>R EVALUATE R@
>
> >
>
> > WHILE BL WORD COUNT EVALUATE 2R> 1 /STRING REPEAT
>
> >
>
> > R> DROP R> DROP
>
> >
>
> > ;
>
> >
>
> >
>
> >
>
> > \ Macro creation word which allows parameter insertion
>
> >
>
> > : MACRO CREATE IMMEDIATE CHAR SSTRING DOES>MACRO ;
>
> >
>
> >
>
> >
>
> > \ ==================== Start SHA-256 Code ====================
>
> >
>
> > DECIMAL
>
> >
>
> > 64 CONSTANT CELLSIZE \ CPU bitsize
>
> >
>
> >
>
> >
>
> > 2VARIABLE SHAlen \ Holds byte length of string < 2^128 bits|2^125 bytes
>
> >
>
> > CREATE SHAval 8 CELLS ALLOT \ Holds hash after each block
>
> >
>
> > CREATE SHAsh 88 CELLS ALLOT \ Fully extended hash array
>
> >
>
> > CREATE W 16 CELLS ALLOT \ Holds message block
>
> >
>
> > 1 W ! \ For compile time endian testing
>
> >
>
> >
>
> >
>
> > HEX
>
> >
>
> >
>
> >
>
> > \ SHA-512 round constants
>
> >
>
> > 428a2f98d728ae22 CONSTANT K0 7137449123ef65cd CONSTANT K1
>
> >
>
> > b5c0fbcfec4d3b2f CONSTANT K2 e9b5dba58189dbbc CONSTANT K3
>
> >
>
> > 3956c25bf348b538 CONSTANT K4 59f111f1b605d019 CONSTANT K5
>
> >
>
> > 923f82a4af194f9b CONSTANT K6 ab1c5ed5da6d8118 CONSTANT K7
>
> >
>
> > d807aa98a3030242 CONSTANT K8 12835b0145706fbe CONSTANT K9
>
> >
>
> > 243185be4ee4b28c CONSTANT K10 550c7dc3d5ffb4e2 CONSTANT K11
>
> >
>
> > 72be5d74f27b896f CONSTANT K12 80deb1fe3b1696b1 CONSTANT K13
>
> >
>
> > 9bdc06a725c71235 CONSTANT K14 c19bf174cf692694 CONSTANT K15
>
> >
>
> > e49b69c19ef14ad2 CONSTANT K16 efbe4786384f25e3 CONSTANT K17
>
> >
>
> > 0fc19dc68b8cd5b5 CONSTANT K18 240ca1cc77ac9c65 CONSTANT K19
>
> >
>
> > 2de92c6f592b0275 CONSTANT K20 4a7484aa6ea6e483 CONSTANT K21
>
> >
>
> > 5cb0a9dcbd41fbd4 CONSTANT K22 76f988da831153b5 CONSTANT K23
>
> >
>
> > 983e5152ee66dfab CONSTANT K24 a831c66d2db43210 CONSTANT K25
>
> >
>
> > b00327c898fb213f CONSTANT K26 bf597fc7beef0ee4 CONSTANT K27
>
> >
>
> > c6e00bf33da88fc2 CONSTANT K28 d5a79147930aa725 CONSTANT K29
>
> >
>
> > 06ca6351e003826f CONSTANT K30 142929670a0e6e70 CONSTANT K31
>
> >
>
> > 27b70a8546d22ffc CONSTANT K32 2e1b21385c26c926 CONSTANT K33
>
> >
>
> > 4d2c6dfc5ac42aed CONSTANT K34 53380d139d95b3df CONSTANT K35
>
> >
>
> > 650a73548baf63de CONSTANT K36 766a0abb3c77b2a8 CONSTANT K37
>
> >
>
> > 81c2c92e47edaee6 CONSTANT K38 92722c851482353b CONSTANT K39
>
> >
>
> > a2bfe8a14cf10364 CONSTANT K40 a81a664bbc423001 CONSTANT K41
>
> >
>
> > c24b8b70d0f89791 CONSTANT K42 c76c51a30654be30 CONSTANT K43
>
> >
>
> > d192e819d6ef5218 CONSTANT K44 d69906245565a910 CONSTANT K45
>
> >
>
> > f40e35855771202a CONSTANT K46 106aa07032bbd1b8 CONSTANT K47
>
> >
>
> > 19a4c116b8d2d0c8 CONSTANT K48 1e376c085141ab53 CONSTANT K49
>
> >
>
> > 2748774cdf8eeb99 CONSTANT K50 34b0bcb5e19b48a8 CONSTANT K51
>
> >
>
> > 391c0cb3c5c95a63 CONSTANT K52 4ed8aa4ae3418acb CONSTANT K53
>
> >
>
> > 5b9cca4f7763e373 CONSTANT K54 682e6ff3d6b2b8a3 CONSTANT K55
>
> >
>
> > 748f82ee5defb2fc CONSTANT K56 78a5636f43172f60 CONSTANT K57
>
> >
>
> > 84c87814a1f0ab72 CONSTANT K58 8cc702081a6439ec CONSTANT K59
>
> >
>
> > 90befffa23631e28 CONSTANT K60 a4506cebde82bde9 CONSTANT K61
>
> >
>
> > bef9a3f7b2c67915 CONSTANT K62 c67178f2e372532b CONSTANT K63
>
> >
>
> > ca273eceea26619c CONSTANT K64 d186b8c721c0c207 CONSTANT K65
>
> >
>
> > eada7dd6cde0eb1e CONSTANT K66 f57d4f7fee6ed178 CONSTANT K67
>
> >
>
> > 06f067aa72176fba CONSTANT K68 0a637dc5a2c898a6 CONSTANT K69
>
> >
>
> > 113f9804bef90dae CONSTANT K70 1b710b35131c471b CONSTANT K71
>
> >
>
> > 28db77f523047d84 CONSTANT K72 32caab7b40c72493 CONSTANT K73
>
> >
>
> > 3c9ebe0a15c9bebc CONSTANT K74 431d67c49c100d4c CONSTANT K75
>
> >
>
> > 4cc5d4becb3e42b6 CONSTANT K76 597f299cfc657e2a CONSTANT K77
>
> >
>
> > 5fcb6fab3ad6faec CONSTANT K78 6c44198c4a475817 CONSTANT K79
>
> >
>
> >
>
> >
>
> > DECIMAL
>
> >
>
> >
>
> >
>
> > 0 VALUE H[H] \ Pointer to addr of hash value H for each round
>
> >
>
> >
>
> >
>
> > : H[G] H[H] 1 CELLS + ; \ Return G adr
>
> >
>
> > : H[F] H[H] 2 CELLS + ; \ Return F adr
>
> >
>
> > : H[E] H[H] 3 CELLS + ; \ Return E adr
>
> >
>
> > : H[D] H[H] 4 CELLS + ; \ Return D adr
>
> >
>
> > : H[C] H[H] 5 CELLS + ; \ Return C adr
>
> >
>
> > : H[B] H[H] 6 CELLS + ; \ Return B adr
>
> >
>
> > : H[A] H[H] 7 CELLS + ; \ Return A adr
>
> >
>
> >
>
> >
>
> > : SHAinit ( -) \ Load initial hash values H0 - H7
>
> >
>
> > $6a09e667f3bcc908 ( H0) $bb67ae8584caa73b ( H1)
>
> >
>
> > $3c6ef372fe94f82b ( H2) $a54ff53a5f1d36f1 ( H3)
>
> >
>
> > $510e527fade682d1 ( H4) $9b05688c2b3e6c1f ( H5)
>
> >
>
> > $1f83d9abfb41bd6b ( H6) $5be0cd19137e2179 ( H7)
>
> >
>
> > SHAsh 7 0 DO TUCK ! CELL+ LOOP ! \ Put initial hash in SHAsh array
>
> >
>
> > SHAsh SHAval 8 CELLS CMOVE \ Put copy in SHAval array
>
> >
>
> > SHAsh TO H[H] ; \ Init pointer to last hash value
>
> >
>
> >
>
> >
>
> > : UpDateHash ( -) \ Update hash values and load arrays with new values
>
> >
>
> > SHAsh SHAval H[H] \ Place array addresses on stack
>
> >
>
> > 8 0 DO DUP >R @ SWAP DUP >R @ + DUP \ Compute updated hash subvalue
>
> >
>
> > R@ ! OVER ! CELL+ R> CELL+ R> CELL+ \ Store updated hash subvalue
>
> >
>
> > LOOP 3DROP \ Clear stack when done
>
> >
>
> > SHAsh TO H[H] ; \ Init pointer to last subvalue
>
> >
>
> >
>
> >
>
> > \ ( - n ) n = (E AND F) XOR (~E AND G)
>
> >
>
> > : Ch H[F] 2@ OVER AND SWAP INVERT H[G] @ AND XOR ;
>
> >
>
> >
>
> >
>
> > \ ( - n ) n = (A AND B) XOR (A AND C) XOR (B AND C)
>
> >
>
> > : Maj H[C] DUP >R CELL+ 2@ OVER AND SWAP R@ @ AND XOR R> 2@ AND XOR ;
>
> >
>
> >
>
> >
>
> > \ ( - n ) T1x = Ch(e,f,g) + Sig1(e) + h
>
> >
>
> > : T1x Ch H[E] @ DUP >R #14 ror R@ #18 ror XOR R> #41 ror XOR + H[H] @ + ;
>
> >
>
> >
>
> >
>
> > \ ( - n ) T2 = Maj(a,b,c) + Sig0(a)
>
> >
>
> > : T2 Maj H[A] @ DUP >R #28 ror R@ #34 ror XOR R> #39 ror XOR + ;
>
> >
>
> >
>
> >
>
> > \ ( x - n ) n = ROR1(X) XOR ROR8(X) XOR SHR7(X)
>
> >
>
> > : sig0 ( x - n ) DUP DUP 1 ROR SWAP 8 ROR XOR SWAP 7 RSHIFT XOR ;
>
> >
>
> >
>
> >
>
> > \ ( x - n ) n = ROR19(X) XOR ROR61(X) XOR SHR6(X)
>
> >
>
> > : sig1 ( x - n ) DUP DUP #19 ROR SWAP #61 ROR XOR SWAP 6 RSHIFT XOR ;
>
> >
>
> >
>
> >
>
> > \ Put two copies of original Wi on stack, keep its address
>
> >
>
> > : Wi@ ( [Wi] - wi [Wi] wi) DUP @ TUCK ;
>
> >
>
> >
>
> >
>
> > \ Create 2 copies of new Wi' from Wi on stack ( ..Wi -..Wi' Wi')
>
> >
>
> > : Wi #15 PICK #15 PICK sig0 + 7 PICK + 2 PICK sig1 + DUP ;
>
> >
>
> >
>
> >
>
> > \ Drop 80 Wi cells from stack ( W0..W79 - )
>
> >
>
> > : WiDROP 5 0 DO 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP LOOP ;
>
> >
>
> >
>
> >
>
> > : subrnd DUP H[D] +! T2 + H[G] TO H[H] H[A] ! ;
>
> >
>
> >
>
> >
>
> > MACRO rndi\ " Wi@ T1x + \ + subrnd CELL+"
>
> >
>
> > MACRO rndn\ " Wi T1x + \ + subrnd "
>
> >
>
> >
>
> >
>
> > : show CR h[a] @ H. space h[b] @ H. space h[c] @ H. space h[d] @ H.
>
> >
>
> > CR h[e] @ H. space h[f] @ H. space h[g] @ H. space h[h] @ H. ;
>
> >
>
> >
>
> >
>
> > : SHA512 ( Wadr - )
>
> >
>
> > show
>
> >
>
> > rndi\ K0 show abort rndi\ K1 rndi\ K2 rndi\ K3 \ Wi = Mi for 1st 16 rounds
>
> >
>
> > rndi\ K4 rndi\ K5 rndi\ K6 rndi\ K7
>
> >
>
> > rndi\ K8 rndi\ K9 rndi\ K10 rndi\ K11
>
> >
>
> > rndi\ K12 rndi\ K13 rndi\ K14 rndi\ K15 DROP ( W0..W15 )
>
> >
>
> > rndn\ K16 rndn\ K17 rndn\ K18 rndn\ K19 \ Wj now function of Wi
>
> >
>
> > rndn\ K20 rndn\ K21 rndn\ K22 rndn\ K23
>
> >
>
> > rndn\ K24 rndn\ K25 rndn\ K26 rndn\ K27
>
> >
>
> > rndn\ K28 rndn\ K29 rndn\ K30 rndn\ K31
>
> >
>
> > rndn\ K32 rndn\ K33 rndn\ K34 rndn\ K35
>
> >
>
> > rndn\ K36 rndn\ K37 rndn\ K38 rndn\ K39
>
> >
>
> > rndn\ K40 rndn\ K41 rndn\ K42 rndn\ K43
>
> >
>
> > rndn\ K44 rndn\ K45 rndn\ K46 rndn\ K47
>
> >
>
> > rndn\ K48 rndn\ K49 rndn\ K50 rndn\ K51
>
> >
>
> > rndn\ K52 rndn\ K53 rndn\ K54 rndn\ K55
>
> >
>
> > rndn\ K56 rndn\ K57 rndn\ K58 rndn\ K59
>
> >
>
> > rndn\ K60 rndn\ K61 rndn\ K62 rndn\ K63
>
> >
>
> > rndn\ K64 rndn\ K65 rndn\ K66 rndn\ K67
>
> >
>
> > rndn\ K68 rndn\ K69 rndn\ K70 rndn\ K71
>
> >
>
> > rndn\ K72 rndn\ K73 rndn\ K74 rndn\ K75
>
> >
>
> > rndn\ K76 rndn\ K77 rndn\ K78 rndn\ K79 WiDROP ( - )
>
> >
>
> > UpDateHash
>
> >
>
> > ;
>
> >
>
> >
>
> >
>
> > : setlen ( -- ) \ Store bit count into last two cells
>
> >
>
> > SHAlen 2@ D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ;
>
> >
>
> >
>
> >
>
> > : bytes>< ( m -- w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
>
> >
>
> > DUP >R #38 LSHIFT
>
> >
>
> > R@ $FF00 AND #28 LSHIFT OR
>
> >
>
> > R@ $FF0000 AND #18 LSHIFT OR
>
> >
>
> > R@ $FF000000 AND 8 LSHIFT OR
>
> >
>
> > R@ #20 RSHIFT $FF AND OR
>
> >
>
> > R@ #18 RSHIFT $FF00 AND OR
>
> >
>
> > R@ #10 RSHIFT $FF0000 AND OR
>
> >
>
> > R> 8 RSHIFT $FF000000 AND OR ;
>
> >
>
> >
>
> >
>
> > : cellsreverse ( adr n -- ) \ Reverse bytes of n cells in array
>
> >
>
> > 0 DO DUP @ bytes>< OVER ! CELL+ LOOP DROP ;
>
> >
>
> >
>
> >
>
> > W C@
>
> >
>
> > [IF] \ if little ENDIAN, e.g. Intel/AMD
>
> >
>
> > : endian16 ( adr -- adr ) DUP #16 cellsreverse ;
>
> >
>
> > : endian14 ( adr -- adr ) DUP #14 cellsreverse ;
>
> >
>
> > [ELSE] \ if big ENDIAN, e.g. Macs
>
> >
>
> > : endian16 ( adr -- adr ) ; \ Do nothing
>
> >
>
> > : endian14 ( adr -- adr ) ; \ Do nothing
>
> >
>
> > [THEN]
>
> >
>
> >
>
> >
>
> > \ Do all 128 byte blocks leaving remainder block
>
> >
>
> > : hashfullblocks ( adr1 dcount -- adr2 count ) \ dcount is double number: lo hi
>
> >
>
> > SWAP DUP >R 7 RSHIFT ( adr1 hi lo* ) \ Store lo on return, do lo*=lo/128
>
> >
>
> > OVER CELLSIZE 7 - LSHIFT OR >R ( adr1 hi ) \ Return is now: :R lo lo'
>
> >
>
> > ( hi) 7 RSHIFT 0 ?DO ( adr1 ) \ Do if hi'= hi/128 > 0
>
> >
>
> > 0 0 DO DUP endian16 SHA512 #128 + LOOP ( lo' adr') \ Hash for 2^cellsize full blocks
>
> >
>
> > LOOP ( adr' ) \ Hash for hi'*2^cellsize full blocks
>
> >
>
> > R> 0 ?DO DUP endian16 SHA512 #128 + LOOP ( adr' ) \ Hash block for lo count full 128 byte blocks
>
> >
>
> > R> ( lo) #127 AND ; ( adr2 cnt2 ) \ Leave address and count for partial block
>
> >
>
> >
>
> >
>
> > : hashfinal ( addr count -- ) \ Hash partial and/or last block
>
> >
>
> > DUP >R W SWAP CMOVE \ Move bytes into block W array
>
> >
>
> > W R@ + #128 OVER C! ( adr ) \ Put 80h after last message byte
>
> >
>
> > CHAR+ #111 R@ - ( adr # ) \ Compute tentative 0 byte FILL count
>
> >
>
> > R> #111 > ( adr # ? ) \ Is partial block byte count > 111 ?
>
> >
>
> > IF #16 + 0 FILL ( -- ) \ If yes, FILL rest of block w/zeroes
>
> >
>
> > W endian16 SHA512 ( -- ) \ Endian adjust block if required, then hash
>
> >
>
> > W #112 ( adr 112 ) \ Now setup last block containing bit count
>
> >
>
> > THEN ( adr # )
>
> >
>
> > 0 FILL setlen W endian14 SHA512 ; \ Zero FILL last block, set message bit count
>
> >
>
> > ( -- ) \ Endian adjust, except bit count, then hash
>
> >
>
> >
>
> >
>
> > \ Compute SHA512 from a counted buffer of text
>
> >
>
> > : SHAbuffer ( addr dcount -- ) SHAinit 2DUP SHAlen 2! hashfullblocks hashfinal ;
>
> >
>
> >
>
> >
>
> > \ =============== Hash string display wordset ===============
>
> >
>
> > DECIMAL
>
> >
>
> >
>
> >
>
> > \ Array of digits 0123456789abcdef
>
> >
>
> > : digit$ ( -- adr ) S" 0123456789abcdef" DROP ;
>
> >
>
> >
>
> >
>
> > : intdigits ( -- ) 0 PAD ! ;
>
> >
>
> > : savedigit ( n -- ) PAD C@ 1+ DUP PAD C! PAD + C! ;
>
> >
>
> > : bytedigits ( n1 -- ) DUP 4 RSHIFT digit$ + C@ savedigit #15 AND digit$ + C@ savedigit ;
>
> >
>
> >
>
> >
>
> > W C@
>
> >
>
> > [IF] \ little ENDIAN
>
> >
>
> > : celldigits ( a1 -- ) DUP 7 + DO I C@ bytedigits -1 +LOOP ;
>
> >
>
> > [ELSE] \ big ENDIAN
>
> >
>
> > : celldigits ( a1 -- ) DUP 8 + SWAP DO I C@ bytedigits LOOP ;
>
> >
>
> > [THEN]
>
> >
>
> >
>
> >
>
> > : SHAstring ( -- adr count ) \ Return counted SHA-512 string array
>
> >
>
> > intdigits SHAval 7 CELLS + 8 0 DO DUP celldigits CELL- LOOP DROP PAD COUNT ;
>
> >
>
> >
>
> >
>
> > \ Display SHA-512 hash value in hex ( A B C D E F G H )
>
> >
>
> > : HASH. CR SHAstring TYPE SPACE ;
>
> >
>
> > : QuoteString ( adr cnt --) [CHAR] " EMIT TYPE [CHAR] " EMIT ;
>
> >
>
> >
>
> >
>
> > \ ==================== File hash wordset ====================
>
> >
>
> > VARIABLE rfileid \ Holds fileid number of input file
>
> >
>
> >
>
> >
>
> > : InputFileName ( -- ior) CR CR ." Filename: " PAD DUP #80 ACCEPT ( adr #) R/O OPEN-FILE SWAP rfileid ! ( ior) ;
>
> >
>
> > : TryAgain? ( -- ?) CR CR ." Invalid iput file, try again? (Y/N)" KEY DUP EMIT DUP [CHAR] N = SWAP [CHAR] n = OR ;
>
> >
>
> >
>
> >
>
> > \ Read n bytes from input file, store at addr array
>
> >
>
> > : bytes@ ( adr n - ) rfileid @ READ-FILE 2DROP ;
>
> >
>
> >
>
> >
>
> > : storelen ( lo hi - ) \ Store bit count into last two cells
>
> >
>
> > D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ;
>
> >
>
> > : getpartial ( cnt -- W' cnt2 ?)
>
> >
>
> > W 2DUP SWAP DUP >R bytes@ ( cnt1 adr1 )
>
> >
>
> > + #128 OVER C! CHAR+ #111 R@ - R> #111 > ; ( adr2 cnt2 ?)
>
> >
>
> >
>
> >
>
> > : block@ W 128 bytes@ ;
>
> >
>
> >
>
> >
>
> > : SHAfile ( -- )
>
> >
>
> > BEGIN InputFileName ( ior) \ Enter filename
>
> >
>
> > WHILE TryAgain? IF EXIT THEN \ Not valid, try (not) again
>
> >
>
> > REPEAT SHAinit \ Valid file, init transform
>
> >
>
> > rfileid @ FILE-SIZE DROP ( ud ) \ Get bytesize of input file
>
> >
>
> > 2. D- \ Dec cnt by 2 for CR|LF EOF
>
> >
>
> > CR ." Bytesize: " 2DUP D. \ Display filesize to screen
>
> >
>
> > 2DUP 2>R \ ( lo hi ) Save file byte cnt on RETURN
>
> >
>
> > OVER 7 RSHIFT OVER \ ( lo hi lo* hi )
>
> >
>
> > CELLSIZE 7 - LSHIFT OR SWAP 7 RSHIFT \ ( lo lo' hi') full block count
>
> >
>
> > 0 ?DO 0 0 DO block@ W endian16 SHA512 LOOP LOOP \ Hash hi*2^cellsize full blocks
>
> >
>
> > 0 ?DO block@ W endian16 SHA512 LOOP \ Hash lo count full 128 byte blocks
>
> >
>
> > ( lo) #127 AND ( rembytes) getpartial ( adr cnt ?) \ Read remaining bytes
>
> >
>
> > IF #16 + 0 FILL W endian16 SHA512 W #112 THEN \ Do if rembytes > 111
>
> >
>
> > 0 FILL 2R> storelen W endian14 SHA512 \ Do last block
>
> >
>
> > CR ." SHA-512 : " SHAstring TYPE CR \ Show SHA-512 hash for file
>
> >
>
> > rfileid @ CLOSE-FILE DROP ; \ Close the input file
>
> >
>
> >
>
> >
>
> > \ ==================== SHA-512 Test Suite =====================
>
> >
>
> > DECIMAL
>
> >
>
> >
>
> >
>
> > \ Load W array with data on stack
>
> >
>
> > : WLoad ( d0..d15 -- ) W #15 CELLS + ( d0..d15 W[15] ) #16 0 DO TUCK ! CELL- LOOP DROP ;
>
> >
>
> >
>
> >
>
> > \ -------------------------------------------------------------
>
> >
>
> > \ EXAMPLE 1: from FIPS PUB
>
> >
>
> > \ Message: ASCII string 'abc'
>
> >
>
> > \ Hash = DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
>
> >
>
> > \ 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
>
> >
>
> >
>
> >
>
> > \ Compute and display hash for ASCII string 'abc'
>
> >
>
> > : EX1 S" abc" U>D ( adr dcount) SHAbuffer HASH. ;
>
> >
>
> >
>
> >
>
> > \ -------------------------------------------------------------
>
> >
>
> > \ EXAMPLE 2: from FIPS PUB
>
> >
>
> > \ Message:"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
>
> >
>
> > \ Hash = 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
>
> >
>
> > \ 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
>
> >
>
> >
>
> >
>
> > : EX2a S" abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" U>D ( adr dcount) ;
>
> >
>
> > : EX2 EX2a SHAbuffer HASH. ;
>
> >
>
> >
>
> >
>
> > \ -------------------------------------------------------------
>
> >
>
> > \ EXAMPLE 3:
>
> >
>
> > \ Message: 2 million copies of 'a' (61h), (16 million bits)
>
> >
>
> > \ Hash =
>
> >
>
> >
>
> >
>
> > \ Load block of all 'a's (61h), must hash 15,625 times
>
> >
>
> > : EX3a W #128 [CHAR] a FILL ;
>
> >
>
> >
>
> >
>
> > \ Last message block: 1st bit a '1', bit-count = 16 million
>
> >
>
> > : EX3b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #16000000 WLoad ;
>
> >
>
> >
>
> >
>
> > \ Do hash for message of 2 million copies of ASCII 'a' (61h)
>
> >
>
> > : EX3 SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 HASH. ;
>
> >
>
> >
>
> >
>
> > \ -------------------------------------------------------------
>
> >
>
> > \ EXAMPLE 4:
>
> >
>
> > \ Message: 400,000 SPACES 'BL' (20h), (3,200,000 bits)
>
> >
>
> > \ Hash =
>
> >
>
> >
>
> >
>
> > \ Load block of all "BL' (20h), hash 156 full blocks + 16 bytes
>
> >
>
> > : EX4a W #128 BL FILL ;
>
> >
>
> >
>
> >
>
> > \ Last message block: 1st bit a '1', bit-count = 3,200,000
>
> >
>
> > : EX4b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #3200000 WLoad ;
>
> >
>
> >
>
> >
>
> > \ Do hash for message of 400,000 SPACES 'BL' (20h)
>
> >
>
> > : EX4 SHAinit EX4a #3125 0 DO W SHA512 LOOP EX4b W SHA512 HASH. ;
>
> >
>
> >
>
> >
>
> > \ -------------------------------------------------------------
>
> >
>
> > \ Message: blank string ''
>
> >
>
> > \ Hash =
>
> >
>
> >
>
> >
>
> > : SHATest ( -- )
>
> >
>
> > CR ." SHA-512 test suite:"
>
> >
>
> > S" " U>D ( adr dcount) SHAbuffer HASH. S" " QuoteString
>
> >
>
> > EX1 S" abc" QuoteString
>
> >
>
> > EX2 EX2a DROP QuoteString
>
> >
>
> > EX3 S" 2 million copies of ASCII 'a' (61h)" TYPE
>
> >
>
> > EX4 S" 400,000 copies of ASCII BL (20h)" TYPE CR ;
>
> >
>
> >
>
> >
>
> > \ =========== Forth specific performance test ===========
>
> >
>
> >
>
> >
>
> > VARIABLE start-ms
>
> >
>
> >
>
> >
>
> > : TIMER-START ( -- ) ?MS start-ms ! ;
>
> >
>
> > : MS? ( -- u ) ?MS start-ms @ - ( abs ) ;
>
> >
>
> > : .### ( -) BASE @ >R DECIMAL MS? 0 <# # # # [CHAR] . HOLD #S #> R> BASE ! TYPE ;
>
> >
>
> >
>
> >
>
> > DECIMAL #1000 VALUE N#
>
> >
>
> >
>
> >
>
> > : [EX1] S" abc" U>D ( adr dcount) SHAbuffer ;
>
> >
>
> > : [EX2] EX2a SHAbuffer ;
>
> >
>
> > : [EX3] SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 ;
>
> >
>
> >
>
> >
>
> > : test1 [ DECIMAL ]
>
> >
>
> > cr ." SHA-512 test for EX1 for " N# . ." loops in milliseconds is "
>
> >
>
> > TIMER-START N# 0 DO [EX1] LOOP MS? U. ;
>
> >
>
> >
>
> >
>
> > : test2 [ DECIMAL ]
>
> >
>
> > cr ." SHA-512 test for EX2 for " N# . ." loops in milliseconds is "
>
> >
>
> > TIMER-START N# 0 DO [EX2] LOOP MS? U. ;
>
> >
>
> >
>
> >
>
> > : test3 [ DECIMAL ]
>
> >
>
> > cr ." SHA-512 test for EX3 for " N# . ." loops in milliseconds is "
>
> >
>
> > TIMER-START N# 0 DO [EX3] LOOP MS? U. ;
>
>
>
> Hey Marcel,
>
>
>
> The problem is bytes><
>
>
>
> All the numbers in the original code are HEX. You changed the HEX values for the shifts to decimal without converting them from HEX.
>
>
>
> Your code:
>
>
>
> : bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
>
> DUP >R #38 LSHIFT
>
> R@ $FF00 AND #28 LSHIFT OR
>
> R@ $FF0000 AND #18 LSHIFT OR
>
> R@ $FF000000 AND 8 LSHIFT OR
>
> R@ #20 RSHIFT $FF AND OR
>
> R@ #18 RSHIFT $FF00 AND OR
>
> R@ #10 RSHIFT $FF0000 AND OR
>
> R> 8 RSHIFT $FF000000 AND OR ;
>
>
>
> Correct code:
>
>
>
> : bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
>
> DUP >R $38 LSHIFT
>
> R@ $FF00 AND $28 LSHIFT OR
>
> R@ $FF0000 AND $18 LSHIFT OR
>
> R@ $FF000000 AND 8 LSHIFT OR
>
> R@ $20 RSHIFT $FF AND OR
>
> R@ $18 RSHIFT $FF00 AND OR
>
> R@ #10 RSHIFT $FF0000 AND OR
>
> R> 8 RSHIFT $FF000000 AND OR ;
>
>
>
> To test do:
>
>
>
> $1234567890abcdef bytes>< hex .
>
> should display efcdab9078563412
>
>
>
> Jabari
Ahhhhh...corrected correction:
: bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412
DUP >R $38 LSHIFT
R@ $FF00 AND $28 LSHIFT OR
R@ $FF0000 AND $18 LSHIFT OR
R@ $FF000000 AND 8 LSHIFT OR
R@ $20 RSHIFT $FF AND OR
R@ $18 RSHIFT $FF00 AND OR
R@ $10 RSHIFT $FF0000 AND OR
R> 8 RSHIFT $FF000000 AND OR ;
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-09 20:46 -0800 |
| Message-ID | <f4ddf2e1-b60e-4d21-b7c8-728ad995f69a@googlegroups.com> |
| In reply to | #17959 |
On Sunday, December 9, 2012 8:29:04 PM UTC-5, jza...@gmail.com wrote: > On Sunday, December 9, 2012 8:23:01 PM UTC-5, jza...@gmail.com wrote: > > > On Sunday, December 9, 2012 2:14:33 AM UTC-5, Marcel Hendrix wrote: > > > > > > > jzakiya@gmail.com writes Re: SHA-512 > > > > > > > > > > > > > > [..] > > > > > > > > > > > > > > > Hopefully, this was THE error. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 8cc702081a6438ec CONSTANT K59 should be > > > > > > > > > > > > > > > 8cc702081a6439ec CONSTANT K59 > > > > > > > > > > > > > > > > > > > > > > > > > > > > This doesn't fix the problem. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Here is the content of H[a] ... H[h] before and after the first round: > > > > > > > > > > > > > > > > > > > > > > > > > > > > FORTH> EX1 > > > > > > > > > > > > > > t0: $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B $A54FF53A5F1D36F1 > > > > > > > > > > > > > > $510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B $5BE0CD19137E2179 > > > > > > > > > > > > > > > > > > > > > > > > > > > > t1: $AE260B24BD1CFDFB $6A09E667F3BCC908 $BB67AE8584CAA73B $3C6EF372FE94F82B > > > > > > > > > > > > > > $10413EA07AD53F97 $510E527FADE682D1 $9B05688C2B3E6C1F $1F83D9ABFB41BD6B > > > > > > > > > > > > > > > > > > > > > > > > > > > > h[a] and h[e] are wrong. Maybe something with 2@ ? > > > > > > > > > > > > > > > > > > > > > > > > > > > > I suspected problems with HEX/DECIMAL, therefore the below listing is again > > > > > > > > > > > > > > a bit different. > > > > > > > > > > > > > > > > > > > > > > > > > > > > -marcel > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > ANEW -sha-512 > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Forth code for Secure Hash Algorithm 512 (SHA-512) > > > > > > > > > > > > > > \ NIST spec at: http://csrc.nist.gov/encryption/tkhash.html > > > > > > > > > > > > > > \ For Little/Big Endian byte addressable CPUs, e.g. Intel/Power PC > > > > > > > > > > > > > > \ DEPENDENCIES: CORE EXT WORDSET ; COMMON USAGE 3DROP ?DO CELL- > > > > > > > > > > > > > > \ Use of this code is free subject to acknowledgment of copyright. > > > > > > > > > > > > > > \ Copyright (c) 2012 Jabari Zakiya -- jzakiya@mail.com 12/07/2012 > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ======================= MACRO Wordset ======================== > > > > > > > > > > > > > > \ MACRO wordset from Wil Baden's Tool Belt series in > > > > > > > > > > > > > > \ Forth Dimensions (FD) Vol. 19, No. 2, July/August 1997 > > > > > > > > > > > > > > \ Original code has been modified to make more efficient > > > > > > > > > > > > > > \ MACRO allows insertion of parameters following the macro > > > > > > > > > > > > > > \ "\" represents place where parameter is inserted > > > > > > > > > > > > > > \ Example: MACRO ?? " IF \ THEN " > > > > > > > > > > > > > > \ : FOO .. ?? EXIT .... ; ?? compiles to -- IF EXIT THEN > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ PLACE and STRING for system if needed > > > > > > > > > > > > > > \ Not needed for SwiftForth v 2.00.3, needed for Win32Forth V 4.10 > > > > > > > > > > > > > > \ : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ; > > > > > > > > > > > > > > : SSTRING ( char "ccc" -) WORD COUNT HERE OVER 1+ CHARS ALLOT PACK DROP ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Versions of /STRING and ANEW if system doesn't have them > > > > > > > > > > > > > > \ : /STRING ( a n k - a+k n-k) ( OVER MIN) TUCK - >R CHARS + R> ; > > > > > > > > > > > > > > \ : ANEW >IN @ BL WORD FIND IF EXECUTE ELSE DROP THEN >IN ! MARKER ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ : split-at-char ( a n char - a k a+k n-k) > > > > > > > > > > > > > > \ >R 2DUP BEGIN DUP WHILE OVER C@ R@ - > > > > > > > > > > > > > > \ WHILE 1 /STRING REPEAT THEN > > > > > > > > > > > > > > \ R> DROP TUCK 2>R - 2R> > > > > > > > > > > > > > > \ ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : DOES>MACRO \ Compile the macro, including external parameters > > > > > > > > > > > > > > DOES> COUNT BEGIN [CHAR] \ split-at-char 2>R EVALUATE R@ > > > > > > > > > > > > > > WHILE BL WORD COUNT EVALUATE 2R> 1 /STRING REPEAT > > > > > > > > > > > > > > R> DROP R> DROP > > > > > > > > > > > > > > ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Macro creation word which allows parameter insertion > > > > > > > > > > > > > > : MACRO CREATE IMMEDIATE CHAR SSTRING DOES>MACRO ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ==================== Start SHA-256 Code ==================== > > > > > > > > > > > > > > DECIMAL > > > > > > > > > > > > > > 64 CONSTANT CELLSIZE \ CPU bitsize > > > > > > > > > > > > > > > > > > > > > > > > > > > > 2VARIABLE SHAlen \ Holds byte length of string < 2^128 bits|2^125 bytes > > > > > > > > > > > > > > CREATE SHAval 8 CELLS ALLOT \ Holds hash after each block > > > > > > > > > > > > > > CREATE SHAsh 88 CELLS ALLOT \ Fully extended hash array > > > > > > > > > > > > > > CREATE W 16 CELLS ALLOT \ Holds message block > > > > > > > > > > > > > > 1 W ! \ For compile time endian testing > > > > > > > > > > > > > > > > > > > > > > > > > > > > HEX > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ SHA-512 round constants > > > > > > > > > > > > > > 428a2f98d728ae22 CONSTANT K0 7137449123ef65cd CONSTANT K1 > > > > > > > > > > > > > > b5c0fbcfec4d3b2f CONSTANT K2 e9b5dba58189dbbc CONSTANT K3 > > > > > > > > > > > > > > 3956c25bf348b538 CONSTANT K4 59f111f1b605d019 CONSTANT K5 > > > > > > > > > > > > > > 923f82a4af194f9b CONSTANT K6 ab1c5ed5da6d8118 CONSTANT K7 > > > > > > > > > > > > > > d807aa98a3030242 CONSTANT K8 12835b0145706fbe CONSTANT K9 > > > > > > > > > > > > > > 243185be4ee4b28c CONSTANT K10 550c7dc3d5ffb4e2 CONSTANT K11 > > > > > > > > > > > > > > 72be5d74f27b896f CONSTANT K12 80deb1fe3b1696b1 CONSTANT K13 > > > > > > > > > > > > > > 9bdc06a725c71235 CONSTANT K14 c19bf174cf692694 CONSTANT K15 > > > > > > > > > > > > > > e49b69c19ef14ad2 CONSTANT K16 efbe4786384f25e3 CONSTANT K17 > > > > > > > > > > > > > > 0fc19dc68b8cd5b5 CONSTANT K18 240ca1cc77ac9c65 CONSTANT K19 > > > > > > > > > > > > > > 2de92c6f592b0275 CONSTANT K20 4a7484aa6ea6e483 CONSTANT K21 > > > > > > > > > > > > > > 5cb0a9dcbd41fbd4 CONSTANT K22 76f988da831153b5 CONSTANT K23 > > > > > > > > > > > > > > 983e5152ee66dfab CONSTANT K24 a831c66d2db43210 CONSTANT K25 > > > > > > > > > > > > > > b00327c898fb213f CONSTANT K26 bf597fc7beef0ee4 CONSTANT K27 > > > > > > > > > > > > > > c6e00bf33da88fc2 CONSTANT K28 d5a79147930aa725 CONSTANT K29 > > > > > > > > > > > > > > 06ca6351e003826f CONSTANT K30 142929670a0e6e70 CONSTANT K31 > > > > > > > > > > > > > > 27b70a8546d22ffc CONSTANT K32 2e1b21385c26c926 CONSTANT K33 > > > > > > > > > > > > > > 4d2c6dfc5ac42aed CONSTANT K34 53380d139d95b3df CONSTANT K35 > > > > > > > > > > > > > > 650a73548baf63de CONSTANT K36 766a0abb3c77b2a8 CONSTANT K37 > > > > > > > > > > > > > > 81c2c92e47edaee6 CONSTANT K38 92722c851482353b CONSTANT K39 > > > > > > > > > > > > > > a2bfe8a14cf10364 CONSTANT K40 a81a664bbc423001 CONSTANT K41 > > > > > > > > > > > > > > c24b8b70d0f89791 CONSTANT K42 c76c51a30654be30 CONSTANT K43 > > > > > > > > > > > > > > d192e819d6ef5218 CONSTANT K44 d69906245565a910 CONSTANT K45 > > > > > > > > > > > > > > f40e35855771202a CONSTANT K46 106aa07032bbd1b8 CONSTANT K47 > > > > > > > > > > > > > > 19a4c116b8d2d0c8 CONSTANT K48 1e376c085141ab53 CONSTANT K49 > > > > > > > > > > > > > > 2748774cdf8eeb99 CONSTANT K50 34b0bcb5e19b48a8 CONSTANT K51 > > > > > > > > > > > > > > 391c0cb3c5c95a63 CONSTANT K52 4ed8aa4ae3418acb CONSTANT K53 > > > > > > > > > > > > > > 5b9cca4f7763e373 CONSTANT K54 682e6ff3d6b2b8a3 CONSTANT K55 > > > > > > > > > > > > > > 748f82ee5defb2fc CONSTANT K56 78a5636f43172f60 CONSTANT K57 > > > > > > > > > > > > > > 84c87814a1f0ab72 CONSTANT K58 8cc702081a6439ec CONSTANT K59 > > > > > > > > > > > > > > 90befffa23631e28 CONSTANT K60 a4506cebde82bde9 CONSTANT K61 > > > > > > > > > > > > > > bef9a3f7b2c67915 CONSTANT K62 c67178f2e372532b CONSTANT K63 > > > > > > > > > > > > > > ca273eceea26619c CONSTANT K64 d186b8c721c0c207 CONSTANT K65 > > > > > > > > > > > > > > eada7dd6cde0eb1e CONSTANT K66 f57d4f7fee6ed178 CONSTANT K67 > > > > > > > > > > > > > > 06f067aa72176fba CONSTANT K68 0a637dc5a2c898a6 CONSTANT K69 > > > > > > > > > > > > > > 113f9804bef90dae CONSTANT K70 1b710b35131c471b CONSTANT K71 > > > > > > > > > > > > > > 28db77f523047d84 CONSTANT K72 32caab7b40c72493 CONSTANT K73 > > > > > > > > > > > > > > 3c9ebe0a15c9bebc CONSTANT K74 431d67c49c100d4c CONSTANT K75 > > > > > > > > > > > > > > 4cc5d4becb3e42b6 CONSTANT K76 597f299cfc657e2a CONSTANT K77 > > > > > > > > > > > > > > 5fcb6fab3ad6faec CONSTANT K78 6c44198c4a475817 CONSTANT K79 > > > > > > > > > > > > > > > > > > > > > > > > > > > > DECIMAL > > > > > > > > > > > > > > > > > > > > > > > > > > > > 0 VALUE H[H] \ Pointer to addr of hash value H for each round > > > > > > > > > > > > > > > > > > > > > > > > > > > > : H[G] H[H] 1 CELLS + ; \ Return G adr > > > > > > > > > > > > > > : H[F] H[H] 2 CELLS + ; \ Return F adr > > > > > > > > > > > > > > : H[E] H[H] 3 CELLS + ; \ Return E adr > > > > > > > > > > > > > > : H[D] H[H] 4 CELLS + ; \ Return D adr > > > > > > > > > > > > > > : H[C] H[H] 5 CELLS + ; \ Return C adr > > > > > > > > > > > > > > : H[B] H[H] 6 CELLS + ; \ Return B adr > > > > > > > > > > > > > > : H[A] H[H] 7 CELLS + ; \ Return A adr > > > > > > > > > > > > > > > > > > > > > > > > > > > > : SHAinit ( -) \ Load initial hash values H0 - H7 > > > > > > > > > > > > > > $6a09e667f3bcc908 ( H0) $bb67ae8584caa73b ( H1) > > > > > > > > > > > > > > $3c6ef372fe94f82b ( H2) $a54ff53a5f1d36f1 ( H3) > > > > > > > > > > > > > > $510e527fade682d1 ( H4) $9b05688c2b3e6c1f ( H5) > > > > > > > > > > > > > > $1f83d9abfb41bd6b ( H6) $5be0cd19137e2179 ( H7) > > > > > > > > > > > > > > SHAsh 7 0 DO TUCK ! CELL+ LOOP ! \ Put initial hash in SHAsh array > > > > > > > > > > > > > > SHAsh SHAval 8 CELLS CMOVE \ Put copy in SHAval array > > > > > > > > > > > > > > SHAsh TO H[H] ; \ Init pointer to last hash value > > > > > > > > > > > > > > > > > > > > > > > > > > > > : UpDateHash ( -) \ Update hash values and load arrays with new values > > > > > > > > > > > > > > SHAsh SHAval H[H] \ Place array addresses on stack > > > > > > > > > > > > > > 8 0 DO DUP >R @ SWAP DUP >R @ + DUP \ Compute updated hash subvalue > > > > > > > > > > > > > > R@ ! OVER ! CELL+ R> CELL+ R> CELL+ \ Store updated hash subvalue > > > > > > > > > > > > > > LOOP 3DROP \ Clear stack when done > > > > > > > > > > > > > > SHAsh TO H[H] ; \ Init pointer to last subvalue > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ( - n ) n = (E AND F) XOR (~E AND G) > > > > > > > > > > > > > > : Ch H[F] 2@ OVER AND SWAP INVERT H[G] @ AND XOR ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ( - n ) n = (A AND B) XOR (A AND C) XOR (B AND C) > > > > > > > > > > > > > > : Maj H[C] DUP >R CELL+ 2@ OVER AND SWAP R@ @ AND XOR R> 2@ AND XOR ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ( - n ) T1x = Ch(e,f,g) + Sig1(e) + h > > > > > > > > > > > > > > : T1x Ch H[E] @ DUP >R #14 ror R@ #18 ror XOR R> #41 ror XOR + H[H] @ + ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ( - n ) T2 = Maj(a,b,c) + Sig0(a) > > > > > > > > > > > > > > : T2 Maj H[A] @ DUP >R #28 ror R@ #34 ror XOR R> #39 ror XOR + ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ( x - n ) n = ROR1(X) XOR ROR8(X) XOR SHR7(X) > > > > > > > > > > > > > > : sig0 ( x - n ) DUP DUP 1 ROR SWAP 8 ROR XOR SWAP 7 RSHIFT XOR ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ( x - n ) n = ROR19(X) XOR ROR61(X) XOR SHR6(X) > > > > > > > > > > > > > > : sig1 ( x - n ) DUP DUP #19 ROR SWAP #61 ROR XOR SWAP 6 RSHIFT XOR ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Put two copies of original Wi on stack, keep its address > > > > > > > > > > > > > > : Wi@ ( [Wi] - wi [Wi] wi) DUP @ TUCK ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Create 2 copies of new Wi' from Wi on stack ( ..Wi -..Wi' Wi') > > > > > > > > > > > > > > : Wi #15 PICK #15 PICK sig0 + 7 PICK + 2 PICK sig1 + DUP ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Drop 80 Wi cells from stack ( W0..W79 - ) > > > > > > > > > > > > > > : WiDROP 5 0 DO 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP 2DROP LOOP ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : subrnd DUP H[D] +! T2 + H[G] TO H[H] H[A] ! ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > MACRO rndi\ " Wi@ T1x + \ + subrnd CELL+" > > > > > > > > > > > > > > MACRO rndn\ " Wi T1x + \ + subrnd " > > > > > > > > > > > > > > > > > > > > > > > > > > > > : show CR h[a] @ H. space h[b] @ H. space h[c] @ H. space h[d] @ H. > > > > > > > > > > > > > > CR h[e] @ H. space h[f] @ H. space h[g] @ H. space h[h] @ H. ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : SHA512 ( Wadr - ) > > > > > > > > > > > > > > show > > > > > > > > > > > > > > rndi\ K0 show abort rndi\ K1 rndi\ K2 rndi\ K3 \ Wi = Mi for 1st 16 rounds > > > > > > > > > > > > > > rndi\ K4 rndi\ K5 rndi\ K6 rndi\ K7 > > > > > > > > > > > > > > rndi\ K8 rndi\ K9 rndi\ K10 rndi\ K11 > > > > > > > > > > > > > > rndi\ K12 rndi\ K13 rndi\ K14 rndi\ K15 DROP ( W0..W15 ) > > > > > > > > > > > > > > rndn\ K16 rndn\ K17 rndn\ K18 rndn\ K19 \ Wj now function of Wi > > > > > > > > > > > > > > rndn\ K20 rndn\ K21 rndn\ K22 rndn\ K23 > > > > > > > > > > > > > > rndn\ K24 rndn\ K25 rndn\ K26 rndn\ K27 > > > > > > > > > > > > > > rndn\ K28 rndn\ K29 rndn\ K30 rndn\ K31 > > > > > > > > > > > > > > rndn\ K32 rndn\ K33 rndn\ K34 rndn\ K35 > > > > > > > > > > > > > > rndn\ K36 rndn\ K37 rndn\ K38 rndn\ K39 > > > > > > > > > > > > > > rndn\ K40 rndn\ K41 rndn\ K42 rndn\ K43 > > > > > > > > > > > > > > rndn\ K44 rndn\ K45 rndn\ K46 rndn\ K47 > > > > > > > > > > > > > > rndn\ K48 rndn\ K49 rndn\ K50 rndn\ K51 > > > > > > > > > > > > > > rndn\ K52 rndn\ K53 rndn\ K54 rndn\ K55 > > > > > > > > > > > > > > rndn\ K56 rndn\ K57 rndn\ K58 rndn\ K59 > > > > > > > > > > > > > > rndn\ K60 rndn\ K61 rndn\ K62 rndn\ K63 > > > > > > > > > > > > > > rndn\ K64 rndn\ K65 rndn\ K66 rndn\ K67 > > > > > > > > > > > > > > rndn\ K68 rndn\ K69 rndn\ K70 rndn\ K71 > > > > > > > > > > > > > > rndn\ K72 rndn\ K73 rndn\ K74 rndn\ K75 > > > > > > > > > > > > > > rndn\ K76 rndn\ K77 rndn\ K78 rndn\ K79 WiDROP ( - ) > > > > > > > > > > > > > > UpDateHash > > > > > > > > > > > > > > ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : setlen ( -- ) \ Store bit count into last two cells > > > > > > > > > > > > > > SHAlen 2@ D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : bytes>< ( m -- w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412 > > > > > > > > > > > > > > DUP >R #38 LSHIFT > > > > > > > > > > > > > > R@ $FF00 AND #28 LSHIFT OR > > > > > > > > > > > > > > R@ $FF0000 AND #18 LSHIFT OR > > > > > > > > > > > > > > R@ $FF000000 AND 8 LSHIFT OR > > > > > > > > > > > > > > R@ #20 RSHIFT $FF AND OR > > > > > > > > > > > > > > R@ #18 RSHIFT $FF00 AND OR > > > > > > > > > > > > > > R@ #10 RSHIFT $FF0000 AND OR > > > > > > > > > > > > > > R> 8 RSHIFT $FF000000 AND OR ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : cellsreverse ( adr n -- ) \ Reverse bytes of n cells in array > > > > > > > > > > > > > > 0 DO DUP @ bytes>< OVER ! CELL+ LOOP DROP ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > W C@ > > > > > > > > > > > > > > [IF] \ if little ENDIAN, e.g. Intel/AMD > > > > > > > > > > > > > > : endian16 ( adr -- adr ) DUP #16 cellsreverse ; > > > > > > > > > > > > > > : endian14 ( adr -- adr ) DUP #14 cellsreverse ; > > > > > > > > > > > > > > [ELSE] \ if big ENDIAN, e.g. Macs > > > > > > > > > > > > > > : endian16 ( adr -- adr ) ; \ Do nothing > > > > > > > > > > > > > > : endian14 ( adr -- adr ) ; \ Do nothing > > > > > > > > > > > > > > [THEN] > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Do all 128 byte blocks leaving remainder block > > > > > > > > > > > > > > : hashfullblocks ( adr1 dcount -- adr2 count ) \ dcount is double number: lo hi > > > > > > > > > > > > > > SWAP DUP >R 7 RSHIFT ( adr1 hi lo* ) \ Store lo on return, do lo*=lo/128 > > > > > > > > > > > > > > OVER CELLSIZE 7 - LSHIFT OR >R ( adr1 hi ) \ Return is now: :R lo lo' > > > > > > > > > > > > > > ( hi) 7 RSHIFT 0 ?DO ( adr1 ) \ Do if hi'= hi/128 > 0 > > > > > > > > > > > > > > 0 0 DO DUP endian16 SHA512 #128 + LOOP ( lo' adr') \ Hash for 2^cellsize full blocks > > > > > > > > > > > > > > LOOP ( adr' ) \ Hash for hi'*2^cellsize full blocks > > > > > > > > > > > > > > R> 0 ?DO DUP endian16 SHA512 #128 + LOOP ( adr' ) \ Hash block for lo count full 128 byte blocks > > > > > > > > > > > > > > R> ( lo) #127 AND ; ( adr2 cnt2 ) \ Leave address and count for partial block > > > > > > > > > > > > > > > > > > > > > > > > > > > > : hashfinal ( addr count -- ) \ Hash partial and/or last block > > > > > > > > > > > > > > DUP >R W SWAP CMOVE \ Move bytes into block W array > > > > > > > > > > > > > > W R@ + #128 OVER C! ( adr ) \ Put 80h after last message byte > > > > > > > > > > > > > > CHAR+ #111 R@ - ( adr # ) \ Compute tentative 0 byte FILL count > > > > > > > > > > > > > > R> #111 > ( adr # ? ) \ Is partial block byte count > 111 ? > > > > > > > > > > > > > > IF #16 + 0 FILL ( -- ) \ If yes, FILL rest of block w/zeroes > > > > > > > > > > > > > > W endian16 SHA512 ( -- ) \ Endian adjust block if required, then hash > > > > > > > > > > > > > > W #112 ( adr 112 ) \ Now setup last block containing bit count > > > > > > > > > > > > > > THEN ( adr # ) > > > > > > > > > > > > > > 0 FILL setlen W endian14 SHA512 ; \ Zero FILL last block, set message bit count > > > > > > > > > > > > > > ( -- ) \ Endian adjust, except bit count, then hash > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Compute SHA512 from a counted buffer of text > > > > > > > > > > > > > > : SHAbuffer ( addr dcount -- ) SHAinit 2DUP SHAlen 2! hashfullblocks hashfinal ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ =============== Hash string display wordset =============== > > > > > > > > > > > > > > DECIMAL > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Array of digits 0123456789abcdef > > > > > > > > > > > > > > : digit$ ( -- adr ) S" 0123456789abcdef" DROP ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : intdigits ( -- ) 0 PAD ! ; > > > > > > > > > > > > > > : savedigit ( n -- ) PAD C@ 1+ DUP PAD C! PAD + C! ; > > > > > > > > > > > > > > : bytedigits ( n1 -- ) DUP 4 RSHIFT digit$ + C@ savedigit #15 AND digit$ + C@ savedigit ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > W C@ > > > > > > > > > > > > > > [IF] \ little ENDIAN > > > > > > > > > > > > > > : celldigits ( a1 -- ) DUP 7 + DO I C@ bytedigits -1 +LOOP ; > > > > > > > > > > > > > > [ELSE] \ big ENDIAN > > > > > > > > > > > > > > : celldigits ( a1 -- ) DUP 8 + SWAP DO I C@ bytedigits LOOP ; > > > > > > > > > > > > > > [THEN] > > > > > > > > > > > > > > > > > > > > > > > > > > > > : SHAstring ( -- adr count ) \ Return counted SHA-512 string array > > > > > > > > > > > > > > intdigits SHAval 7 CELLS + 8 0 DO DUP celldigits CELL- LOOP DROP PAD COUNT ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Display SHA-512 hash value in hex ( A B C D E F G H ) > > > > > > > > > > > > > > : HASH. CR SHAstring TYPE SPACE ; > > > > > > > > > > > > > > : QuoteString ( adr cnt --) [CHAR] " EMIT TYPE [CHAR] " EMIT ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ==================== File hash wordset ==================== > > > > > > > > > > > > > > VARIABLE rfileid \ Holds fileid number of input file > > > > > > > > > > > > > > > > > > > > > > > > > > > > : InputFileName ( -- ior) CR CR ." Filename: " PAD DUP #80 ACCEPT ( adr #) R/O OPEN-FILE SWAP rfileid ! ( ior) ; > > > > > > > > > > > > > > : TryAgain? ( -- ?) CR CR ." Invalid iput file, try again? (Y/N)" KEY DUP EMIT DUP [CHAR] N = SWAP [CHAR] n = OR ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Read n bytes from input file, store at addr array > > > > > > > > > > > > > > : bytes@ ( adr n - ) rfileid @ READ-FILE 2DROP ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : storelen ( lo hi - ) \ Store bit count into last two cells > > > > > > > > > > > > > > D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ; > > > > > > > > > > > > > > : getpartial ( cnt -- W' cnt2 ?) > > > > > > > > > > > > > > W 2DUP SWAP DUP >R bytes@ ( cnt1 adr1 ) > > > > > > > > > > > > > > + #128 OVER C! CHAR+ #111 R@ - R> #111 > ; ( adr2 cnt2 ?) > > > > > > > > > > > > > > > > > > > > > > > > > > > > : block@ W 128 bytes@ ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : SHAfile ( -- ) > > > > > > > > > > > > > > BEGIN InputFileName ( ior) \ Enter filename > > > > > > > > > > > > > > WHILE TryAgain? IF EXIT THEN \ Not valid, try (not) again > > > > > > > > > > > > > > REPEAT SHAinit \ Valid file, init transform > > > > > > > > > > > > > > rfileid @ FILE-SIZE DROP ( ud ) \ Get bytesize of input file > > > > > > > > > > > > > > 2. D- \ Dec cnt by 2 for CR|LF EOF > > > > > > > > > > > > > > CR ." Bytesize: " 2DUP D. \ Display filesize to screen > > > > > > > > > > > > > > 2DUP 2>R \ ( lo hi ) Save file byte cnt on RETURN > > > > > > > > > > > > > > OVER 7 RSHIFT OVER \ ( lo hi lo* hi ) > > > > > > > > > > > > > > CELLSIZE 7 - LSHIFT OR SWAP 7 RSHIFT \ ( lo lo' hi') full block count > > > > > > > > > > > > > > 0 ?DO 0 0 DO block@ W endian16 SHA512 LOOP LOOP \ Hash hi*2^cellsize full blocks > > > > > > > > > > > > > > 0 ?DO block@ W endian16 SHA512 LOOP \ Hash lo count full 128 byte blocks > > > > > > > > > > > > > > ( lo) #127 AND ( rembytes) getpartial ( adr cnt ?) \ Read remaining bytes > > > > > > > > > > > > > > IF #16 + 0 FILL W endian16 SHA512 W #112 THEN \ Do if rembytes > 111 > > > > > > > > > > > > > > 0 FILL 2R> storelen W endian14 SHA512 \ Do last block > > > > > > > > > > > > > > CR ." SHA-512 : " SHAstring TYPE CR \ Show SHA-512 hash for file > > > > > > > > > > > > > > rfileid @ CLOSE-FILE DROP ; \ Close the input file > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ==================== SHA-512 Test Suite ===================== > > > > > > > > > > > > > > DECIMAL > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Load W array with data on stack > > > > > > > > > > > > > > : WLoad ( d0..d15 -- ) W #15 CELLS + ( d0..d15 W[15] ) #16 0 DO TUCK ! CELL- LOOP DROP ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ------------------------------------------------------------- > > > > > > > > > > > > > > \ EXAMPLE 1: from FIPS PUB > > > > > > > > > > > > > > \ Message: ASCII string 'abc' > > > > > > > > > > > > > > \ Hash = DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A > > > > > > > > > > > > > > \ 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Compute and display hash for ASCII string 'abc' > > > > > > > > > > > > > > : EX1 S" abc" U>D ( adr dcount) SHAbuffer HASH. ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ------------------------------------------------------------- > > > > > > > > > > > > > > \ EXAMPLE 2: from FIPS PUB > > > > > > > > > > > > > > \ Message:"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" > > > > > > > > > > > > > > \ Hash = 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018 > > > > > > > > > > > > > > \ 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909 > > > > > > > > > > > > > > > > > > > > > > > > > > > > : EX2a S" abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" U>D ( adr dcount) ; > > > > > > > > > > > > > > : EX2 EX2a SHAbuffer HASH. ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ------------------------------------------------------------- > > > > > > > > > > > > > > \ EXAMPLE 3: > > > > > > > > > > > > > > \ Message: 2 million copies of 'a' (61h), (16 million bits) > > > > > > > > > > > > > > \ Hash = > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Load block of all 'a's (61h), must hash 15,625 times > > > > > > > > > > > > > > : EX3a W #128 [CHAR] a FILL ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Last message block: 1st bit a '1', bit-count = 16 million > > > > > > > > > > > > > > : EX3b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #16000000 WLoad ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Do hash for message of 2 million copies of ASCII 'a' (61h) > > > > > > > > > > > > > > : EX3 SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 HASH. ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ------------------------------------------------------------- > > > > > > > > > > > > > > \ EXAMPLE 4: > > > > > > > > > > > > > > \ Message: 400,000 SPACES 'BL' (20h), (3,200,000 bits) > > > > > > > > > > > > > > \ Hash = > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Load block of all "BL' (20h), hash 156 full blocks + 16 bytes > > > > > > > > > > > > > > : EX4a W #128 BL FILL ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Last message block: 1st bit a '1', bit-count = 3,200,000 > > > > > > > > > > > > > > : EX4b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #3200000 WLoad ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ Do hash for message of 400,000 SPACES 'BL' (20h) > > > > > > > > > > > > > > : EX4 SHAinit EX4a #3125 0 DO W SHA512 LOOP EX4b W SHA512 HASH. ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ ------------------------------------------------------------- > > > > > > > > > > > > > > \ Message: blank string '' > > > > > > > > > > > > > > \ Hash = > > > > > > > > > > > > > > > > > > > > > > > > > > > > : SHATest ( -- ) > > > > > > > > > > > > > > CR ." SHA-512 test suite:" > > > > > > > > > > > > > > S" " U>D ( adr dcount) SHAbuffer HASH. S" " QuoteString > > > > > > > > > > > > > > EX1 S" abc" QuoteString > > > > > > > > > > > > > > EX2 EX2a DROP QuoteString > > > > > > > > > > > > > > EX3 S" 2 million copies of ASCII 'a' (61h)" TYPE > > > > > > > > > > > > > > EX4 S" 400,000 copies of ASCII BL (20h)" TYPE CR ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > \ =========== Forth specific performance test =========== > > > > > > > > > > > > > > > > > > > > > > > > > > > > VARIABLE start-ms > > > > > > > > > > > > > > > > > > > > > > > > > > > > : TIMER-START ( -- ) ?MS start-ms ! ; > > > > > > > > > > > > > > : MS? ( -- u ) ?MS start-ms @ - ( abs ) ; > > > > > > > > > > > > > > : .### ( -) BASE @ >R DECIMAL MS? 0 <# # # # [CHAR] . HOLD #S #> R> BASE ! TYPE ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > DECIMAL #1000 VALUE N# > > > > > > > > > > > > > > > > > > > > > > > > > > > > : [EX1] S" abc" U>D ( adr dcount) SHAbuffer ; > > > > > > > > > > > > > > : [EX2] EX2a SHAbuffer ; > > > > > > > > > > > > > > : [EX3] SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : test1 [ DECIMAL ] > > > > > > > > > > > > > > cr ." SHA-512 test for EX1 for " N# . ." loops in milliseconds is " > > > > > > > > > > > > > > TIMER-START N# 0 DO [EX1] LOOP MS? U. ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : test2 [ DECIMAL ] > > > > > > > > > > > > > > cr ." SHA-512 test for EX2 for " N# . ." loops in milliseconds is " > > > > > > > > > > > > > > TIMER-START N# 0 DO [EX2] LOOP MS? U. ; > > > > > > > > > > > > > > > > > > > > > > > > > > > > : test3 [ DECIMAL ] > > > > > > > > > > > > > > cr ." SHA-512 test for EX3 for " N# . ." loops in milliseconds is " > > > > > > > > > > > > > > TIMER-START N# 0 DO [EX3] LOOP MS? U. ; > > > > > > > > > > > > Hey Marcel, > > > > > > > > > > > > The problem is bytes>< > > > > > > > > > > > > All the numbers in the original code are HEX. You changed the HEX values for the shifts to decimal without converting them from HEX. > > > > > > > > > > > > Your code: > > > > > > > > > > > > : bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412 > > > > > > DUP >R #38 LSHIFT > > > > > > R@ $FF00 AND #28 LSHIFT OR > > > > > > R@ $FF0000 AND #18 LSHIFT OR > > > > > > R@ $FF000000 AND 8 LSHIFT OR > > > > > > R@ #20 RSHIFT $FF AND OR > > > > > > R@ #18 RSHIFT $FF00 AND OR > > > > > > R@ #10 RSHIFT $FF0000 AND OR > > > > > > R> 8 RSHIFT $FF000000 AND OR ; > > > > > > > > > > > > Correct code: > > > > > > > > > > > > : bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412 > > > > > > DUP >R $38 LSHIFT > > > > > > R@ $FF00 AND $28 LSHIFT OR > > > > > > R@ $FF0000 AND $18 LSHIFT OR > > > > > > R@ $FF000000 AND 8 LSHIFT OR > > > > > > R@ $20 RSHIFT $FF AND OR > > > > > > R@ $18 RSHIFT $FF00 AND OR > > > > > > R@ #10 RSHIFT $FF0000 AND OR > > > > > > R> 8 RSHIFT $FF000000 AND OR ; > > > > > > > > > > > > To test do: > > > > > > > > > > > > $1234567890abcdef bytes>< hex . > > > > > > should display efcdab9078563412 > > > > > > > > > > > > Jabari > > > > Ahhhhh...corrected correction: > > > > : bytes>< ( m - w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412 > > DUP >R $38 LSHIFT > > R@ $FF00 AND $28 LSHIFT OR > > R@ $FF0000 AND $18 LSHIFT OR > > R@ $FF000000 AND 8 LSHIFT OR > > R@ $20 RSHIFT $FF AND OR > > R@ $18 RSHIFT $FF00 AND OR > > R@ $10 RSHIFT $FF0000 AND OR > > R> 8 RSHIFT $FF000000 AND OR ; This should speed thing up a bit. \ ( - n ) n = (A AND B) XOR (A AND C) XOR (B AND C) : Maj H[B] 2@ AND H[C] 2@ DUP >R AND XOR H[A] @ R> AND XOR ;
[toc] | [prev] | [next] | [standalone]
| From | m.a.m.hendrix@tue.nl |
|---|---|
| Date | 2012-12-10 03:53 -0800 |
| Message-ID | <f580d92b-4087-41c7-9c60-61db299b31b0@googlegroups.com> |
| In reply to | #17959 |
On Monday, December 10, 2012 2:29:04 AM UTC+1, jza...@gmail.com wrote: [..] [ Egg on my face, should not have touched the DECIMAL/HEX issues yet. ] Yes, the code now runs and gives the correct results for S" abc". This would be the first working SHA-512 in 64-bit Forth! -marcel
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-10 13:05 -0800 |
| Message-ID | <2737d607-cb81-41e6-a7fa-f19e8455f6a6@googlegroups.com> |
| In reply to | #17961 |
On Monday, December 10, 2012 6:53:44 AM UTC-5, m.a.m....@tue.nl wrote: > On Monday, December 10, 2012 2:29:04 AM UTC+1, jza...@gmail.com wrote: > > [..] > > > > [ Egg on my face, should not have touched the DECIMAL/HEX issues yet. ] > > > > Yes, the code now runs and gives the correct results for S" abc". > > This would be the first working SHA-512 in 64-bit Forth! > > > > -marcel Hey GREAT! :-) Be sure to do the longer example also to make sure there are no other problems (which I don't forsee). I haven't found any Linux distro or apps that provide a SHA512 signature yet, but if I do I'll send you the link so you can test the 'shafile' with. Since I know this SHA512 code works on 64-bit systems, I will do the other NIST hashes that are specified in NIST FIPS-4, which introduced two new hashes from FIPS-3, SHA512/224 and SHA512/256, which just use different initial hash values, and truncates the outputs to 224/256 bits for 64-bit cpus. The one I really am eager to do is the winner of the NIST hash competition just announced in October 2012, Keccak, which will be SHA-3. http://keccak.noekeon.org/ I ALWAYS start from the algorithm description to do Forth versions, even if I look at other existing language implementations, because I think so much differently when I create in Forth. Jabari
[toc] | [prev] | [next] | [standalone]
| From | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| Date | 2012-12-10 23:17 +0200 |
| Message-ID | <11181293918435@frunobulax.edu> |
| In reply to | #17965 |
jzakiya@gmail.com writes Re: SHA-512 > On Monday, December 10, 2012 6:53:44 AM UTC-5, m.a.m....@tue.nl wrote: >> On Monday, December 10, 2012 2:29:04 AM UTC+1, jza...@gmail.com wrote: >> >> [..] >> >> [ Egg on my face, should not have touched the DECIMAL/HEX issues yet. ] > >> Yes, the code now runs and gives the correct results for S" abc". >> >> This would be the first working SHA-512 in 64-bit Forth! > Hey GREAT! :-) > Be sure to do the longer example also to make sure there are no > other problems (which I don't forsee). Unfortunately, the longer string does not hash properly. To avoid more egg on my face, I downloaded your latest code from 4share. To make it work in iForth64 I needed the patch that I have appended (Enable PLACE and rewrite timer-start and ms?, typos in SHA256 and SHAinit, extra stack item in EX2a dropped.) [..] > I ALWAYS start from the algorithm description to do Forth versions, even if > I look at other existing language implementations, because I think so much > differently when I create in Forth. Ok. Please forget about macro's, ]L and EVALUATE for the time being. Also, the 15 PICKs you may get rid off without any ill effects :-) Here are the current results with your patched code: FORTH> in Redefining split-at-char Redefining MACRO Redefining MS? ok FORTH> SHAtest SHA-512 test suite: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e "" ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f "abc" 8cc1fec83f21176a675306d9f80b26597469eff277ab9d0f03a725b15d57d33a2e3aadea4727cf632a3e5ec3c744bcc0eb2183c41c717cc4a84fa6dbf8244243 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" 9bc68759247e3332bec1c79d128d28a8931d0c9f96c8aa975731b563475fdddddf7f873c25086908effe270e23c5a01e5dfb3289bf5d091d8fb454b1bcf98dda 2 million copies of ASCII 'a' (61h) 19ef4876e03c93476e00b486c62108d4d7136f6d4782817b449bacf44d0963e03f5ab474cb6822c2963a979e8e15298cd60f22841c51f6161620c0e031c65f4a 400,000 copies of ASCII BL (20h) ok -marcel -- ---------- Compare: (<)C:\Users\marcel\Desktop\SHA-512.frt with: (>)C:\Users\marcel\Desktop\SHA-512VFX.F 1d1 < ANEW -sha-512 19c18,19 < : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ; --- > \ Not needed for SwiftForth v 2.00.3, needed for Win32Forth V 4.10 > \ : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ; 161c161 < : SHA512 ( Wadr - ) --- > : SHA256 ( Wadr - ) 233c233 < SHAinit 2DUP SHAlen 2! hashfullblocks hashfinal --- > SHAinit 2DUP SHAlen 2 ! hashfullblocks hashfinal 375,376c375,376 < EX1 S" abc" QuoteString < EX2 EX2a DROP QuoteString --- > EX1 S" abc" QuoteString > EX2 EX2a QuoteString 381,384c381,391 < VARIABLE start-ms < < : TIMER-START ( -- ) ?MS start-ms ! ; < : MS? ( -- u ) ?MS start-ms @ - ( abs ) ; --- > \ =========== VFX Forth specific performance test =========== > > [undefined] GetTickCount > [IF] extern: DWORD PASCAL GetTickCount( void ) [THEN] > > VARIABLE start-ms > > : TIMER-START ( -- ) GetTickCount start-ms ! ; > > : MS? ( -- u ) GetTickCount start-ms @ - ( abs ) ; >
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-13 06:30 -0800 |
| Message-ID | <a934a7e2-07db-4e93-8b5e-3627c48e547e@googlegroups.com> |
| In reply to | #17967 |
On Monday, December 10, 2012 4:17:24 PM UTC-5, Marcel Hendrix wrote: > jzakiya@gmail.com writes Re: SHA-512 > > > > > On Monday, December 10, 2012 6:53:44 AM UTC-5, m.a.m....@tue.nl wrote: > > >> On Monday, December 10, 2012 2:29:04 AM UTC+1, jza...@gmail.com wrote: > > >> > > >> [..] > > >> > > >> [ Egg on my face, should not have touched the DECIMAL/HEX issues yet. ] > > > > > >> Yes, the code now runs and gives the correct results for S" abc". > > >> > > >> This would be the first working SHA-512 in 64-bit Forth! > > > > > Hey GREAT! :-) > > > > > Be sure to do the longer example also to make sure there are no > > > other problems (which I don't forsee). > > > > Unfortunately, the longer string does not hash properly. To avoid > > more egg on my face, I downloaded your latest code from 4share. > > To make it work in iForth64 I needed the patch that I have appended > > (Enable PLACE and rewrite timer-start and ms?, typos in SHA256 and > > SHAinit, extra stack item in EX2a dropped.) > > > > [..] > > > > > I ALWAYS start from the algorithm description to do Forth versions, even if > > > I look at other existing language implementations, because I think so much > > > differently when I create in Forth. > > > > Ok. Please forget about macro's, ]L and EVALUATE for the time being. Also, > > the 15 PICKs you may get rid off without any ill effects :-) > > > > Here are the current results with your patched code: > > > > FORTH> in > > Redefining split-at-char > > Redefining MACRO > > Redefining MS? ok > > FORTH> SHAtest > > SHA-512 test suite: > > cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e "" > > ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f "abc" > > 8cc1fec83f21176a675306d9f80b26597469eff277ab9d0f03a725b15d57d33a2e3aadea4727cf632a3e5ec3c744bcc0eb2183c41c717cc4a84fa6dbf8244243 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" > > 9bc68759247e3332bec1c79d128d28a8931d0c9f96c8aa975731b563475fdddddf7f873c25086908effe270e23c5a01e5dfb3289bf5d091d8fb454b1bcf98dda 2 million copies of ASCII 'a' (61h) > > 19ef4876e03c93476e00b486c62108d4d7136f6d4782817b449bacf44d0963e03f5ab474cb6822c2963a979e8e15298cd60f22841c51f6161620c0e031c65f4a 400,000 copies of ASCII BL (20h) > > ok > > > > -marcel > > > > -- ---------- > > Compare: (<)C:\Users\marcel\Desktop\SHA-512.frt > > with: (>)C:\Users\marcel\Desktop\SHA-512VFX.F > > > > 1d1 > > < ANEW -sha-512 > > 19c18,19 > > < : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ; > > --- > > > \ Not needed for SwiftForth v 2.00.3, needed for Win32Forth V 4.10 > > > \ : PLACE ( caddr n addr -) 2DUP C! CHAR+ SWAP CHARS MOVE ; > > 161c161 > > < : SHA512 ( Wadr - ) > > --- > > > : SHA256 ( Wadr - ) > > 233c233 > > < SHAinit 2DUP SHAlen 2! hashfullblocks hashfinal > > --- > > > SHAinit 2DUP SHAlen 2 ! hashfullblocks hashfinal > > 375,376c375,376 > > < EX1 S" abc" QuoteString > > < EX2 EX2a DROP QuoteString > > --- > > > EX1 S" abc" QuoteString > > > EX2 EX2a QuoteString > > 381,384c381,391 > > < VARIABLE start-ms > > < > > < : TIMER-START ( -- ) ?MS start-ms ! ; > > < : MS? ( -- u ) ?MS start-ms @ - ( abs ) ; > > --- > > > \ =========== VFX Forth specific performance test =========== > > > > > > [undefined] GetTickCount > > > [IF] extern: DWORD PASCAL GetTickCount( void ) [THEN] > > > > > > VARIABLE start-ms > > > > > > : TIMER-START ( -- ) GetTickCount start-ms ! ; > > > > > > : MS? ( -- u ) GetTickCount start-ms @ - ( abs ) ; > > > Marcel, could you run EX2 by itself, and see what the output is. I think it may have to do with my making the count from the string word EX2a return a double number count instead of a single, so I changed it as below to make it consistent with 'abc' : EX2a S" abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" ; : EX2 EX2a U>D ( adr ud) SHAbuffer HASH. Also, do you know the words the current SwiftForth uses for timing. I'm running SwiftForth i386-Win32 3.4.5 03-Oct-2012 under WINE on Linux and the old cold that uses ucounter and utimer bombs on this version. You may be more pleased with the newer code I'll release on all the SHA-xxx algorithms, which will make it a little more upto date from the code I did circa 2001, after all the issues with SHA512 are fixed. :-)
[toc] | [prev] | [next] | [standalone]
| From | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| Date | 2012-12-13 21:33 +0200 |
| Message-ID | <07701490918435@frunobulax.edu> |
| In reply to | #17996 |
jzakiya@gmail.com writes Re: SHA-512 >On Monday, December 10, 2012 4:17:24 PM UTC-5, Marcel Hendrix wrote: >> jzakiya@gmail.com writes Re: SHA-512 > [..] > Marcel, could you run EX2 by itself, and see what the output is. > I think it may have to do with my making the count from the string word EX2a return a double number count > instead of a single, so I changed it as below to make it consistent with 'abc' No, it is less subtle -- bytes>< is wrong! This works: : bytes>< ( m -- w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412 [ HEX ] DUP >R 38 LSHIFT R@ FF00 AND 28 LSHIFT OR R@ FF0000 AND 18 LSHIFT OR R@ FF000000 AND 8 LSHIFT OR \ R@ 20 RSHIFT FF AND OR R@ 18 RSHIFT FF00 AND OR R@ 10 RSHIFT FF0000 AND OR \ R> 8 RSHIFT FF000000 AND OR [ DECIMAL ] R@ 38 RSHIFT FF AND OR R@ 28 RSHIFT FF00 AND OR R@ 18 RSHIFT FF0000 AND OR R> 8 RSHIFT FF000000 AND OR [ DECIMAL ] ; \ In iForth: BSWAP ( u1 -- u2 ) After which the examples both pass: FORTH> SHAtest SHA-512 test suite: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e "" ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f "abc" 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" 9bc68759247e3332bec1c79d128d28a8931d0c9f96c8aa975731b563475fdddddf7f873c25086908effe270e23c5a01e5dfb3289bf5d091d8fb454b1bcf98dda 2 million copies of ASCII 'a' (61h) 19ef4876e03c93476e00b486c62108d4d7136f6d4782817b449bacf44d0963e03f5ab474cb6822c2963a979e8e15298cd60f22841c51f6161620c0e031c65f4a 400,000 copies of ASCII BL (20h) > Also, do you know the words the current SwiftForth uses for timing. > I'm running SwiftForth i386-Win32 3.4.5 03-Oct-2012 under WINE on Linux and > the old code that uses ucounter and utimer bombs on this version. It works here (under Win7), so I guess it's a [newly introduced?] bug in the Linux version: SwiftForth i386-Win32 3.4.2 11-Feb-2012 ucounter 100 ms utimer 110305 ok -marcel
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-13 19:38 -0800 |
| Message-ID | <0bea10e6-ccf1-4ec0-ba3a-fe0183afd4ad@googlegroups.com> |
| In reply to | #17997 |
On Thursday, December 13, 2012 2:33:28 PM UTC-5, Marcel Hendrix wrote: > jzakiya@gmail.com writes Re: SHA-512 > > > > >On Monday, December 10, 2012 4:17:24 PM UTC-5, Marcel Hendrix wrote: > > >> jzakiya@gmail.com writes Re: SHA-512 > > > [..] > > > Marcel, could you run EX2 by itself, and see what the output is. > > > > > I think it may have to do with my making the count from the string word EX2a return a double number count > > > instead of a single, so I changed it as below to make it consistent with 'abc' > > > > No, it is less subtle -- bytes>< is wrong! This works: > > > > : bytes>< ( m -- w ) \ Reverse cell bytes: 1234567890abcdef <-> efcdab9078563412 > > [ HEX ] DUP >R 38 LSHIFT R@ FF00 AND 28 LSHIFT OR > > R@ FF0000 AND 18 LSHIFT OR R@ FF000000 AND 8 LSHIFT OR > > \ R@ 20 RSHIFT FF AND OR R@ 18 RSHIFT FF00 AND OR R@ 10 RSHIFT FF0000 AND OR > > \ R> 8 RSHIFT FF000000 AND OR [ DECIMAL ] > > R@ 38 RSHIFT FF AND OR R@ 28 RSHIFT FF00 AND OR R@ 18 RSHIFT FF0000 AND OR > > R> 8 RSHIFT FF000000 AND OR [ DECIMAL ] > > ; > > > > \ In iForth: BSWAP ( u1 -- u2 ) > > > > After which the examples both pass: > > > > FORTH> SHAtest > > SHA-512 test suite: > > cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e "" > > ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f "abc" > > 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" > > 9bc68759247e3332bec1c79d128d28a8931d0c9f96c8aa975731b563475fdddddf7f873c25086908effe270e23c5a01e5dfb3289bf5d091d8fb454b1bcf98dda 2 million copies of ASCII 'a' (61h) > > 19ef4876e03c93476e00b486c62108d4d7136f6d4782817b449bacf44d0963e03f5ab474cb6822c2963a979e8e15298cd60f22841c51f6161620c0e031c65f4a 400,000 copies of ASCII BL (20h) > > > > > Also, do you know the words the current SwiftForth uses for timing. > > > I'm running SwiftForth i386-Win32 3.4.5 03-Oct-2012 under WINE on Linux and > > > the old code that uses ucounter and utimer bombs on this version. > > > > It works here (under Win7), so I guess it's a [newly introduced?] bug in the Linux version: > > > > SwiftForth i386-Win32 3.4.2 11-Feb-2012 > > ucounter 100 ms utimer 110305 ok > > > > -marcel I thought the problem was bytes>< because 'abc' was too small to show the bytes being reversed incorrectly. So now use shafile and take the sha512 hash of a really big file (like a linux distro or video file) and see that it works correctly. I haven't found sha512 signatures of distros yet, but FREEBSD has sha256 hashes of their iso which I've checked them against with shafile. Oh, the reason why the timing test suite was messing up with SwiftForth was because I need to correctly use convert the string count to a double number in those examples. Once I did all the tests ran correctly using: ucount ..... utimer. In fact on Windows 7, SwiftForth ran test3 in 15+ seconds for sha256, which VFX took 17+ seconds (haven't done Win32Forth). Will try on Gforth when I get a chance. Since the SHAxxx class hashes all use a similar architecture I plan to do all 7 of them, since it they just use different constants and truncate the outputs for the smaller hash sizes. Howard, I can get rid of those bad PICKs :-) if I restructure the implementation to hold the extended message in memory, instead of on the stack. I'll do it if I get the itch (probably). But I'm not a fundamentalist about them, since they make it so much easier to use the stack. Hey, PICK was created for something, right. :-) Once I get th SHAxxx cleaned up, finished, on to Keccak (SHA-3)! Jabari
[toc] | [prev] | [next] | [standalone]
| From | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| Date | 2012-12-14 22:52 +0200 |
| Message-ID | <93831389918435@frunobulax.edu> |
| In reply to | #18003 |
jzakiya@gmail.com writes Re: SHA-512 > On Thursday, December 13, 2012 2:33:28 PM UTC-5, Marcel Hendrix wrote: >> jzakiya@gmail.com writes Re: SHA-512 > [..] > I thought the problem was bytes>< because 'abc' was too small to show the > bytes being reversed incorrectly. If you thought bytes>< was wrong, why didn't you tell me so? Luckily I immediately spotted the problem when I dumped the W buffer at the start of SHA512. > So now use shafile and take the sha512 hash of a really big file (like a > linux distro or video file) and see that it works correctly. I haven't found > sha512 signatures of distros yet, but FREEBSD has sha256 hashes of their iso > which I've checked them against with shafile. Further checks are only possible when the SHA512 hash of the test file is known. SHA256 can't tell me that SHA512 is correct. SHA512 might fail when size is a multiple of 128 bytes, a multiple + some, or a multiple of 4 GBytes. > In fact on Windows 7, SwiftForth ran test3 in 15+ seconds for sha256, which > VFX took 17+ seconds (haven't done Win32Forth). > Will try on Gforth when I get a chance. [..] On my machine (i7 920 2,66 GHz) I now get 14.4 seconds for SHA512. This is 1000 * 1MB / 14.4s / 2.66 GHz = 26 MB/s/GHz. For a big file: FORTH> S" C:\idfwforth\df_snapshot_4.0_2010_08_19.tar.gz" TIMER-RESET @SHAfile .ELAPSED Bytesize: 385,241,618 SHA-512 : 45800c7d8fe7c13f 6670176b93b82c34 6f6f072ff1f50aee 586ccd6e7b02ef7c e27eb8f5a3cb814a 74e1d18b3107ea9b 8fdf171bf573a420 2a666c67703437bf 3.320 seconds elapsed. ok FORTH> 385.241618e 3.320e f/ 2.66e f/ f. 43.622794 ok FORTH> 385.241618e 3.320e f/ f. 116.036632 ok Strangely enough this is 43.6 MB/s/GHz, or 116MB/s, so diskfile I/O makse it twice faster?? The NIST reference implementation for SHA512 quotes 99 MB/s on a 1.8 GHz Core2. -marcel
[toc] | [prev] | [next] | [standalone]
| From | jzakiya@gmail.com |
|---|---|
| Date | 2012-12-14 16:39 -0800 |
| Message-ID | <c6d2ba2e-adaa-41cd-a9e2-3edb96cc988d@googlegroups.com> |
| In reply to | #18019 |
On Friday, December 14, 2012 3:52:10 PM UTC-5, Marcel Hendrix wrote:
> jzakiya@gmail.com writes Re: SHA-512
>
>
>
> > On Thursday, December 13, 2012 2:33:28 PM UTC-5, Marcel Hendrix wrote:
>
> >> jzakiya@gmail.com writes Re: SHA-512
>
> > [..]
>
> > I thought the problem was bytes>< because 'abc' was too small to show the
>
> > bytes being reversed incorrectly.
>
>
>
> If you thought bytes>< was wrong, why didn't you tell me so? Luckily
>
> I immediately spotted the problem when I dumped the W buffer at the start
>
> of SHA512.
>
>
>
> > So now use shafile and take the sha512 hash of a really big file (like a
>
> > linux distro or video file) and see that it works correctly. I haven't found
>
> > sha512 signatures of distros yet, but FREEBSD has sha256 hashes of their iso
>
> > which I've checked them against with shafile.
>
>
>
> Further checks are only possible when the SHA512 hash of the test file is
>
> known. SHA256 can't tell me that SHA512 is correct. SHA512 might fail when
>
> size is a multiple of 128 bytes, a multiple + some, or a multiple of
>
> 4 GBytes.
>
>
>
> > In fact on Windows 7, SwiftForth ran test3 in 15+ seconds for sha256, which
>
> > VFX took 17+ seconds (haven't done Win32Forth).
>
> > Will try on Gforth when I get a chance.
>
> [..]
>
>
>
> On my machine (i7 920 2,66 GHz) I now get 14.4 seconds for SHA512. This is
>
> 1000 * 1MB / 14.4s / 2.66 GHz = 26 MB/s/GHz.
>
>
>
> For a big file:
>
>
>
> FORTH> S" C:\idfwforth\df_snapshot_4.0_2010_08_19.tar.gz" TIMER-RESET @SHAfile .ELAPSED
>
> Bytesize: 385,241,618
>
> SHA-512 :
>
> 45800c7d8fe7c13f 6670176b93b82c34 6f6f072ff1f50aee 586ccd6e7b02ef7c e27eb8f5a3cb814a 74e1d18b3107ea9b 8fdf171bf573a420 2a666c67703437bf
>
> 3.320 seconds elapsed. ok
>
>
>
> FORTH> 385.241618e 3.320e f/ 2.66e f/ f. 43.622794 ok
>
> FORTH> 385.241618e 3.320e f/ f. 116.036632 ok
>
>
>
> Strangely enough this is 43.6 MB/s/GHz, or 116MB/s, so diskfile I/O makse it
>
> twice faster??
>
>
>
> The NIST reference implementation for SHA512 quotes 99 MB/s on a 1.8 GHz Core2.
>
>
>
> -marcel
Correction about VFX vs SwiftForth times.
VFX is about 10x faster than SwiftForth for "test3".
The first times I ran SwiftForth it was only doing 100 iterations for test3 while VFX was doing 1000. Doing 1000 iterations with SwiftForth is about 150+ seconds, but 16-17 secs with VFX.
I assume you got your times with your PICK-less :-) version?
Now Marcel, if you go look back in this thread I asked you to check to see if the cell reversal words were working, so I did try to steer you there. :-)
To check out 'shafile' create text files with the reference phrase ('abc', et al) and enter them into shafile. Be sure to check the length of the text file first and subtract off any control characters that are inserted in the file so they don't get hashed too. That's why I put the 0 0 D- line in shafile so I could test file hashing with the reference phrases. Usually you just need to do a 1 0 D- for LF or CR, or 2 0 D- if both a CR|LF are inserted.
I've just about finished converting SHA-512 to SHA-384, SHA-512/224 and SHA-512/256, to round out the 64-bit family of hashes, and the same for SHA-224 for the 32-bit hashes. When I finish I'll upload them to my 4Share site and let you know.
[toc] | [prev] | [next] | [standalone]
| From | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| Date | 2012-12-15 19:11 +0200 |
| Message-ID | <16921688918435@frunobulax.edu> |
| In reply to | #18021 |
jzakiya@gmail.com writes Re: SHA-512
> On Friday, December 14, 2012 3:52:10 PM UTC-5, Marcel Hendrix wrote:
[..]
> Correction about VFX vs SwiftForth times.
>VFX is about 10x faster than SwiftForth for "test3".
>The first times I ran SwiftForth it was only doing 100 iterations for test3
>while VFX was doing 1000. Doing 1000 iterations with SwiftForth is about
>150+ seconds, but 16-17 secs with VFX.
> I assume you got your times with your PICK-less :-) version?
No, my timings are with your [debugged] original code for SHA-512 (64bit).
PICK is still in there. Note that SHA-512 is considered to be fundamentally
slower than SHA-256.
> Now Marcel, if you go look back in this thread I asked you to check to see
> if the cell reversal words were working, so I did try to steer you there.
> :-)
I apologize! You did show a corrected ( DECIMAL<->HEX ) bytes>< and invited
me to test it. I did apply the correction, but did NOT test it, probably
because I was too excited about S" abc" being correctly hashed.
> To check out 'shafile' create text files with the reference phrase ('abc',
> et al) and enter them into shafile. Be sure to check the length of the text
> file first and subtract off any control characters that are inserted in the
> file so they don't get hashed too. That's why I put the 0 0 D- line in shafile
> so I could test file hashing with the reference phrases. Usually you just need
> to do a 1 0 D- for LF or CR, or 2 0 D- if both a CR|LF are inserted.
Well, ok. Unfortunately that limits the testing of SHAfile to the very short
length of the two known test strings. Looking at the implementation of SHAfile,
many bugs *could* be in there for lengths > 128 bytes.
> I've just about finished converting SHA-512 to SHA-384, SHA-512/224 and SHA-512/256,
> to round out the 64-bit family of hashes, and the same for SHA-224 for the 32-bit
> hashes. When I finish I'll upload them to my 4Share site and let you know.
I have looked at my own (PICK-less) idea of SHA-512 again, and it couldn't work.
However, I found a way to improve your algorithm (literalize H[x]). ATM test3
runs in 11.048 seconds on my 2.66 GHz i7 system. SHAfile needs 2.741 seconds
to process 385,241,618 bytes (64.9.. 50 MB/s/GHz). Hopefully your fix of 15 PICK
will create additional room for speedup.
I have appended the core of the new algorithm.
-marcel
--
0 VALUE =H -- Pointer to addr of hash value H for each round
CREATE cbuffer $8000 CHARS ALLOT
: >cb cbuffer CELLPLACE+ BL cbuffer CELLCHAR+ ; ( c-addr u -- )
: InitMake SHAsh TO =H cbuffer 0! S" : SHA512 ( -- )" >cb ;
: EndMake S" ;" >cb cbuffer @+ EVALUATE ;
: :=: CREATE , DOES> @ (H.) >cb ;
$428a2f98d728ae22 :=: K0 $7137449123ef65cd :=: K1 $b5c0fbcfec4d3b2f :=: K2 $e9b5dba58189dbbc :=: K3
$3956c25bf348b538 :=: K4 $59f111f1b605d019 :=: K5 $923f82a4af194f9b :=: K6 $ab1c5ed5da6d8118 :=: K7
$d807aa98a3030242 :=: K8 $12835b0145706fbe :=: K9 $243185be4ee4b28c :=: K10 $550c7dc3d5ffb4e2 :=: K11
$72be5d74f27b896f :=: K12 $80deb1fe3b1696b1 :=: K13 $9bdc06a725c71235 :=: K14 $c19bf174cf692694 :=: K15
$e49b69c19ef14ad2 :=: K16 $efbe4786384f25e3 :=: K17 $0fc19dc68b8cd5b5 :=: K18 $240ca1cc77ac9c65 :=: K19
$2de92c6f592b0275 :=: K20 $4a7484aa6ea6e483 :=: K21 $5cb0a9dcbd41fbd4 :=: K22 $76f988da831153b5 :=: K23
$983e5152ee66dfab :=: K24 $a831c66d2db43210 :=: K25 $b00327c898fb213f :=: K26 $bf597fc7beef0ee4 :=: K27
$c6e00bf33da88fc2 :=: K28 $d5a79147930aa725 :=: K29 $06ca6351e003826f :=: K30 $142929670a0e6e70 :=: K31
$27b70a8546d22ffc :=: K32 $2e1b21385c26c926 :=: K33 $4d2c6dfc5ac42aed :=: K34 $53380d139d95b3df :=: K35
$650a73548baf63de :=: K36 $766a0abb3c77b2a8 :=: K37 $81c2c92e47edaee6 :=: K38 $92722c851482353b :=: K39
$a2bfe8a14cf10364 :=: K40 $a81a664bbc423001 :=: K41 $c24b8b70d0f89791 :=: K42 $c76c51a30654be30 :=: K43
$d192e819d6ef5218 :=: K44 $d69906245565a910 :=: K45 $f40e35855771202a :=: K46 $106aa07032bbd1b8 :=: K47
$19a4c116b8d2d0c8 :=: K48 $1e376c085141ab53 :=: K49 $2748774cdf8eeb99 :=: K50 $34b0bcb5e19b48a8 :=: K51
$391c0cb3c5c95a63 :=: K52 $4ed8aa4ae3418acb :=: K53 $5b9cca4f7763e373 :=: K54 $682e6ff3d6b2b8a3 :=: K55
$748f82ee5defb2fc :=: K56 $78a5636f43172f60 :=: K57 $84c87814a1f0ab72 :=: K58 $8cc702081a6439ec :=: K59
$90befffa23631e28 :=: K60 $a4506cebde82bde9 :=: K61 $bef9a3f7b2c67915 :=: K62 $c67178f2e372532b :=: K63
$ca273eceea26619c :=: K64 $d186b8c721c0c207 :=: K65 $eada7dd6cde0eb1e :=: K66 $f57d4f7fee6ed178 :=: K67
$06f067aa72176fba :=: K68 $0a637dc5a2c898a6 :=: K69 $113f9804bef90dae :=: K70 $1b710b35131c471b :=: K71
$28db77f523047d84 :=: K72 $32caab7b40c72493 :=: K73 $3c9ebe0a15c9bebc :=: K74 $431d67c49c100d4c :=: K75
$4cc5d4becb3e42b6 :=: K76 $597f299cfc657e2a :=: K77 $5fcb6fab3ad6faec :=: K78 $6c44198c4a475817 :=: K79
: H[H] =H (H.) >cb ; -- Return H addr
: H[G] =H 1 CELLS + (H.) >cb ; -- Return G addr
: H[F] =H 2 CELLS + (H.) >cb ; -- Return F addr
: H[E] =H 3 CELLS + (H.) >cb ; -- Return E addr
: H[D] =H 4 CELLS + (H.) >cb ; -- Return D addr
: H[C] =H 5 CELLS + (H.) >cb ; -- Return C addr
: H[B] =H 6 CELLS + (H.) >cb ; -- Return B addr
: H[A] =H 7 CELLS + (H.) >cb ; -- Return A addr
: SHAinit ( -- ) \ Load initial hash values H0 - H7
$6a09e667f3bcc908 ( H0) $bb67ae8584caa73b ( H1)
$3c6ef372fe94f82b ( H2) $a54ff53a5f1d36f1 ( H3)
$510e527fade682d1 ( H4) $9b05688c2b3e6c1f ( H5)
$1f83d9abfb41bd6b ( H6) $5be0cd19137e2179 ( H7)
SHAsh 7 0 DO TUCK ! CELL+ LOOP ! \ Put initial hash in SHAsh array
SHAsh SHAval 8 CELLS CMOVE ; \ Put copy in SHAval array
: UpDateHash ( ab c -- ) \ Update hash values and load arrays with new values
8 0 DO DUP >R @ SWAP DUP >R @ + DUP \ Compute updated hash subvalue
R@ ! OVER ! CELL+ R> CELL+ R> CELL+ \ Store updated hash subvalue
LOOP 3DROP ; \ Clear stack when done
: sig0 DUP DUP 1 ROR SWAP 8 ROR XOR SWAP 7 RSHIFT XOR ; ( x -- n )
: sig1 DUP DUP #19 ROR SWAP #61 ROR XOR SWAP 6 RSHIFT XOR ; ( x -- n )
: Wi@ DUP @ TUCK ; ( [Wi] -- wi [Wi] wi )
: Wi #15 PICK #15 PICK sig0 + 7 PICK + 2 PICK sig1 + DUP ; ( ..Wi --..Wi' Wi')
: WiDROP 5 0 DO 4DROP 4DROP 4DROP 4DROP LOOP ; ( W0..W79 -- )
: Ch H[F] S" 2@ OVER AND SWAP INVERT" >cb H[G] S" @ AND XOR" >cb ; ( -- n )
: Maj H[C] S" DUP >R CELL+ 2@ OVER AND SWAP R@ @ AND XOR R> 2@ AND XOR" >cb ; ( -- n )
: T1x Ch H[E] S" @ DUP >R #14 ror R@ #18 ror XOR R> #41 ror XOR +" >cb H[H] S" @ +" >cb ; ( -- n )
: T2 Maj H[A] S" @ DUP >R #28 ror R@ #34 ror XOR R> #39 ror XOR +" >cb ; ( -- n )
: subrnd S" DUP" >cb H[D] S" +!" >cb T2 S" +" >cb H[A] S" CELL+ !" >cb CELL +TO =H ;
: rndi[ S" Wi@" >cb T1x S" +" >cb ;
: ]rndi S" +" >cb subrnd S" CELL+" >cb ;
: rndn[ S" Wi" >cb T1x S" +" >cb ;
: ]rndn S" +" >cb subrnd ;
: ~rndi S" DROP" >cb ;
: ~rndn S" WiDROP SHAsh SHAval" >cb H[H] S" UpDateHash" >cb ;
InitMake ( generates SHA512 )
rndi[ K0 ]rndi rndi[ K1 ]rndi rndi[ K2 ]rndi rndi[ K3 ]rndi
rndi[ K4 ]rndi rndi[ K5 ]rndi rndi[ K6 ]rndi rndi[ K7 ]rndi
rndi[ K8 ]rndi rndi[ K9 ]rndi rndi[ K10 ]rndi rndi[ K11 ]rndi
rndi[ K12 ]rndi rndi[ K13 ]rndi rndi[ K14 ]rndi rndi[ K15 ]rndi ~rndi
rndn[ K16 ]rndn rndn[ K17 ]rndn rndn[ K18 ]rndn rndn[ K19 ]rndn
rndn[ K20 ]rndn rndn[ K21 ]rndn rndn[ K22 ]rndn rndn[ K23 ]rndn
rndn[ K24 ]rndn rndn[ K25 ]rndn rndn[ K26 ]rndn rndn[ K27 ]rndn
rndn[ K28 ]rndn rndn[ K29 ]rndn rndn[ K30 ]rndn rndn[ K31 ]rndn
rndn[ K32 ]rndn rndn[ K33 ]rndn rndn[ K34 ]rndn rndn[ K35 ]rndn
rndn[ K36 ]rndn rndn[ K37 ]rndn rndn[ K38 ]rndn rndn[ K39 ]rndn
rndn[ K40 ]rndn rndn[ K41 ]rndn rndn[ K42 ]rndn rndn[ K43 ]rndn
rndn[ K44 ]rndn rndn[ K45 ]rndn rndn[ K46 ]rndn rndn[ K47 ]rndn
rndn[ K48 ]rndn rndn[ K49 ]rndn rndn[ K50 ]rndn rndn[ K51 ]rndn
rndn[ K52 ]rndn rndn[ K53 ]rndn rndn[ K54 ]rndn rndn[ K55 ]rndn
rndn[ K56 ]rndn rndn[ K57 ]rndn rndn[ K58 ]rndn rndn[ K59 ]rndn
rndn[ K60 ]rndn rndn[ K61 ]rndn rndn[ K62 ]rndn rndn[ K63 ]rndn
rndn[ K64 ]rndn rndn[ K65 ]rndn rndn[ K66 ]rndn rndn[ K67 ]rndn
rndn[ K68 ]rndn rndn[ K69 ]rndn rndn[ K70 ]rndn rndn[ K71 ]rndn
rndn[ K72 ]rndn rndn[ K73 ]rndn rndn[ K74 ]rndn rndn[ K75 ]rndn
rndn[ K76 ]rndn rndn[ K77 ]rndn rndn[ K78 ]rndn rndn[ K79 ]rndn ~rndn
EndMake
[toc] | [prev] | [next] | [standalone]
| From | mhx@iae.nl (Marcel Hendrix) |
|---|---|
| Date | 2012-12-16 16:00 +0200 |
| Message-ID | <96031919918435@frunobulax.edu> |
| In reply to | #18029 |
mhx@iae.nl (Marcel Hendrix) writes Re: SHA-512
> jzakiya@gmail.com writes Re: SHA-512
[..]
> I have looked at my own (PICK-less) idea of SHA-512 again, and it couldn't work.
> However, I found a way to improve your algorithm (literalize H[x]). ATM test3
> runs in 11.048 seconds on my 2.66 GHz i7 system. SHAfile needs 2.741 seconds
> to process 385,241,618 bytes (64.9.. 50 MB/s/GHz). Hopefully your fix of 15 PICK
> will create additional room for speedup.
[..]
The PICK fix works now too, but the speedup is only slight.
Performance is 65.95 MB/s/GHz for strings, 52.16 MB/s/GHz for file.
This should be faster than the NIST reference (99MB/s on a 1.8 GHz Core2).
The following code is not portable.
-marcel
--
(*
* LANGUAGE : ANS Forth with extensions
* PROJECT : Forth Environments
* DESCRIPTION : SHA-512 64-bit Hash algorithm
* CATEGORY : Utility
* AUTHOR : Copyright (c) 2012 Jabari Zakiya -- jzakiya@mail.com 12/07/2012
* LAST CHANGE : December 16, 2012, Marcel Hendrix
*)
NEEDS -miscutil
REVISION -sha-512 "--- SHA-512 Version 1.01 ---"
PRIVATES
DOC
(*
NIST spec at: http://csrc.nist.gov/encryption/tkhash.html
FORTH> SHAtest
SHA-512 test suite:
""
cf83e1357eefb8bd f1542850d66d8007 d620e4050b5715dc 83f4a921d36ce9ce 47d0d13c5d85f2b0 ff8318d2877eec2f 63b931bd47417a81 a538327af927da3e
cf83e1357eefb8bd f1542850d66d8007 d620e4050b5715dc 83f4a921d36ce9ce 47d0d13c5d85f2b0 ff8318d2877eec2f 63b931bd47417a81 a538327af927da3e
"abc"
ddaf35a193617aba cc417349ae204131 12e6fa4e89a97ea2 0a9eeee64b55d39a 2192992a274fc1a8 36ba3c23a3feebbd 454d4423643ce80e 2a9ac94fa54ca49f
ddaf35a193617aba cc417349ae204131 12e6fa4e89a97ea2 0a9eeee64b55d39a 2192992a274fc1a8 36ba3c23a3feebbd 454d4423643ce80e 2a9ac94fa54ca49f
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
"The quick brown fox jumps over the lazy dog"
07e547d9586f6a73 f73fbac0435ed769 51218fb7d0c8d788 a309d785436bbb64 2e93a252a954f239 12547d1e8a3b5ed6 e1bfd7097821233f a0538f3db854fee6
07e547d9586f6a73 f73fbac0435ed769 51218fb7d0c8d788 a309d785436bbb64 2e93a252a954f239 12547d1e8a3b5ed6 e1bfd7097821233f a0538f3db854fee6
2 million copies of ASCII 'a' (61h)
9bc68759247e3332 bec1c79d128d28a8 931d0c9f96c8aa97 5731b563475fdddd df7f873c25086908 effe270e23c5a01e 5dfb3289bf5d091d 8fb454b1bcf98dda
400,000 copies of ASCII BL (20h)
19ef4876e03c9347 6e00b486c62108d4 d7136f6d4782817b 449bacf44d0963e0 3f5ab474cb6822c2 963a979e8e15298c d60f22841c51f616 1620c0e031c65f4a
ok
FORTH> SHAbm
SHA-512 test for EX1, 1000 loops: 0.001 seconds elapsed.
SHA-512 test for EX2, 1000 loops: 0.003 seconds elapsed.
SHA-512 test for EX3, 1000 loops: 10.872 seconds elapsed. ok
2e6 (bytes) 1000e f* ( loops) 10.872e ( s) f/ 2.66e ( GHz) f/ 20e f2^x ( 1MB) f/ f. ( 65.95 MB/s/GHz )
( NIST ref.: 99 MB/s on 1.8 GHz Core2 )
FORTH> TIMER-RESET S" C:\idfwforth\df_snapshot_4.0_2010_08_19.tar.gz" @SHAfile .ELAPSED
Bytesize: 385241618
SHA-512 : 45800c7d8fe7c13f 6670176b93b82c34 6f6f072ff1f50aee 586ccd6e7b02ef7c e27eb8f5a3cb814a 74e1d18b3107ea9b 8fdf171bf573a420 2a666c67703437bf
2.648 seconds elapsed. ok
385241618e ( bytes) 2.741e ( s) f/ 2.66e ( GHz) f/ 20e f2^x ( 1MB) f/ f. ( 52.16 MB/s/GHz )
*)
ENDDOC
#64 =: CELLSIZE PRIVATE -- CPU bitsize
0. DVALUE SHAlen PRIVATE -- Holds byte length of string < 2^128 bits|2^125 bytes
CREATE SHAval PRIVATE 8 CELLS ALLOT -- Holds hash after each block
CREATE SHAsh PRIVATE #88 CELLS ALLOT -- Fully extended hash array
CREATE W PRIVATE #16 CELLS ALLOT -- Holds message block
ALIGN1024 -- this helps, why??
CREATE X PRIVATE #80 CELLS ALLOT -- Holds temp processed data
0 VALUE =X PRIVATE -- Pointer to addr of temp data
0 VALUE =H PRIVATE -- Pointer to addr of hash value H for each round
CREATE cbuffer PRIVATE $8000 CHARS ALLOT
: >cb cbuffer CELLPLACE+ BL cbuffer CELLCHAR+ ; PRIVATE ( c-addr u -- )
: InitMake SHAsh TO =H X TO =X cbuffer 0! S" : SHA512 ( -- )" >cb ; PRIVATE
: EndMake S" ;" >cb cbuffer @+ EVALUATE ; PRIVATE
: :=: CREATE PRIVATE , DOES> @ (H.) >cb ; PRIVATE
$428a2f98d728ae22 :=: K0 $7137449123ef65cd :=: K1 $b5c0fbcfec4d3b2f :=: K2 $e9b5dba58189dbbc :=: K3
$3956c25bf348b538 :=: K4 $59f111f1b605d019 :=: K5 $923f82a4af194f9b :=: K6 $ab1c5ed5da6d8118 :=: K7
$d807aa98a3030242 :=: K8 $12835b0145706fbe :=: K9 $243185be4ee4b28c :=: K10 $550c7dc3d5ffb4e2 :=: K11
$72be5d74f27b896f :=: K12 $80deb1fe3b1696b1 :=: K13 $9bdc06a725c71235 :=: K14 $c19bf174cf692694 :=: K15
$e49b69c19ef14ad2 :=: K16 $efbe4786384f25e3 :=: K17 $0fc19dc68b8cd5b5 :=: K18 $240ca1cc77ac9c65 :=: K19
$2de92c6f592b0275 :=: K20 $4a7484aa6ea6e483 :=: K21 $5cb0a9dcbd41fbd4 :=: K22 $76f988da831153b5 :=: K23
$983e5152ee66dfab :=: K24 $a831c66d2db43210 :=: K25 $b00327c898fb213f :=: K26 $bf597fc7beef0ee4 :=: K27
$c6e00bf33da88fc2 :=: K28 $d5a79147930aa725 :=: K29 $06ca6351e003826f :=: K30 $142929670a0e6e70 :=: K31
$27b70a8546d22ffc :=: K32 $2e1b21385c26c926 :=: K33 $4d2c6dfc5ac42aed :=: K34 $53380d139d95b3df :=: K35
$650a73548baf63de :=: K36 $766a0abb3c77b2a8 :=: K37 $81c2c92e47edaee6 :=: K38 $92722c851482353b :=: K39
$a2bfe8a14cf10364 :=: K40 $a81a664bbc423001 :=: K41 $c24b8b70d0f89791 :=: K42 $c76c51a30654be30 :=: K43
$d192e819d6ef5218 :=: K44 $d69906245565a910 :=: K45 $f40e35855771202a :=: K46 $106aa07032bbd1b8 :=: K47
$19a4c116b8d2d0c8 :=: K48 $1e376c085141ab53 :=: K49 $2748774cdf8eeb99 :=: K50 $34b0bcb5e19b48a8 :=: K51
$391c0cb3c5c95a63 :=: K52 $4ed8aa4ae3418acb :=: K53 $5b9cca4f7763e373 :=: K54 $682e6ff3d6b2b8a3 :=: K55
$748f82ee5defb2fc :=: K56 $78a5636f43172f60 :=: K57 $84c87814a1f0ab72 :=: K58 $8cc702081a6439ec :=: K59
$90befffa23631e28 :=: K60 $a4506cebde82bde9 :=: K61 $bef9a3f7b2c67915 :=: K62 $c67178f2e372532b :=: K63
$ca273eceea26619c :=: K64 $d186b8c721c0c207 :=: K65 $eada7dd6cde0eb1e :=: K66 $f57d4f7fee6ed178 :=: K67
$06f067aa72176fba :=: K68 $0a637dc5a2c898a6 :=: K69 $113f9804bef90dae :=: K70 $1b710b35131c471b :=: K71
$28db77f523047d84 :=: K72 $32caab7b40c72493 :=: K73 $3c9ebe0a15c9bebc :=: K74 $431d67c49c100d4c :=: K75
$4cc5d4becb3e42b6 :=: K76 $597f299cfc657e2a :=: K77 $5fcb6fab3ad6faec :=: K78 $6c44198c4a475817 :=: K79
: H[H] =H (H.) >cb ; PRIVATE -- Return H addr
: H[G] =H 1 CELLS + (H.) >cb ; PRIVATE -- Return G addr
: H[F] =H 2 CELLS + (H.) >cb ; PRIVATE -- Return F addr
: H[E] =H 3 CELLS + (H.) >cb ; PRIVATE -- Return E addr
: H[D] =H 4 CELLS + (H.) >cb ; PRIVATE -- Return D addr
: H[C] =H 5 CELLS + (H.) >cb ; PRIVATE -- Return C addr
: H[B] =H 6 CELLS + (H.) >cb ; PRIVATE -- Return B addr
: H[A] =H 7 CELLS + (H.) >cb ; PRIVATE -- Return A addr
: SHAinit ( -- ) \ Load initial hash values H0 - H7
$6a09e667f3bcc908 ( H0) $bb67ae8584caa73b ( H1)
$3c6ef372fe94f82b ( H2) $a54ff53a5f1d36f1 ( H3)
$510e527fade682d1 ( H4) $9b05688c2b3e6c1f ( H5)
$1f83d9abfb41bd6b ( H6) $5be0cd19137e2179 ( H7)
SHAsh 7 0 DO TUCK ! CELL+ LOOP ! \ Put initial hash in SHAsh array
SHAsh SHAval 8 CELLS CMOVE ; PRIVATE \ Put copy in SHAval array
: UpDateHash ( a b c -- ) \ Update hash values and load arrays with new values
8 0 DO DUP >R @ SWAP DUP >R @ + DUP \ Compute updated hash subvalue
R@ ! OVER ! CELL+ R> CELL+ R> CELL+ \ Store updated hash subvalue
LOOP 3DROP ; PRIVATE \ Clear stack when done
: >offs ( u -- addr ) CELLS =X + (H.) >cb ; PRIVATE
: sig0 DUP DUP 1 ROR SWAP 8 ROR XOR SWAP 7 RSHIFT XOR ; PRIVATE ( x -- n )
: sig1 DUP DUP #19 ROR SWAP #61 ROR XOR SWAP 6 RSHIFT XOR ; PRIVATE ( x -- n )
: Wi #-16 >offs S" D@ sig0 +" >cb -7 >offs S" @ +" >cb -2 >offs S" @ sig1 + DUP" >cb 0 >offs S" !" >cb CELL +TO =X ; PRIVATE ( ..Wi --..Wi' Wi')
: Wi@ S" DUP @ DUP" >cb 0 >offs S" !" >cb CELL +TO =X ; PRIVATE \ dup @ tuck
: Ch H[F] S" 2@ OVER AND SWAP INVERT" >cb H[G] S" @ AND XOR" >cb ; PRIVATE ( -- n )
: Maj H[C] S" DUP >R CELL+ 2@ OVER AND SWAP R@ @ AND XOR R> 2@ AND XOR" >cb ; PRIVATE ( -- n )
: T1x Ch H[E] S" @ DUP >R #14 ror R@ #18 ror XOR R> #41 ror XOR +" >cb H[H] S" @ +" >cb ; PRIVATE ( -- n )
: T2 Maj H[A] S" @ DUP >R #28 ror R@ #34 ror XOR R> #39 ror XOR +" >cb ; PRIVATE ( -- n )
: subrnd S" DUP" >cb H[D] S" +!" >cb T2 S" +" >cb H[A] S" CELL+ !" >cb CELL +TO =H ; PRIVATE
: rndi[ Wi@ T1x S" +" >cb ; PRIVATE
: rndn[ Wi T1x S" +" >cb ; PRIVATE
: ]rndi S" +" >cb subrnd S" CELL+" >cb ; PRIVATE
: ]rndn S" +" >cb subrnd ; PRIVATE
: ~rndi S" DROP" >cb ; PRIVATE
: ~rndn S" SHAsh SHAval" >cb H[H] S" UpDateHash" >cb ; PRIVATE
InitMake
rndi[ K0 ]rndi rndi[ K1 ]rndi rndi[ K2 ]rndi rndi[ K3 ]rndi
rndi[ K4 ]rndi rndi[ K5 ]rndi rndi[ K6 ]rndi rndi[ K7 ]rndi
rndi[ K8 ]rndi rndi[ K9 ]rndi rndi[ K10 ]rndi rndi[ K11 ]rndi
rndi[ K12 ]rndi rndi[ K13 ]rndi rndi[ K14 ]rndi rndi[ K15 ]rndi ~rndi
rndn[ K16 ]rndn rndn[ K17 ]rndn rndn[ K18 ]rndn rndn[ K19 ]rndn
rndn[ K20 ]rndn rndn[ K21 ]rndn rndn[ K22 ]rndn rndn[ K23 ]rndn
rndn[ K24 ]rndn rndn[ K25 ]rndn rndn[ K26 ]rndn rndn[ K27 ]rndn
rndn[ K28 ]rndn rndn[ K29 ]rndn rndn[ K30 ]rndn rndn[ K31 ]rndn
rndn[ K32 ]rndn rndn[ K33 ]rndn rndn[ K34 ]rndn rndn[ K35 ]rndn
rndn[ K36 ]rndn rndn[ K37 ]rndn rndn[ K38 ]rndn rndn[ K39 ]rndn
rndn[ K40 ]rndn rndn[ K41 ]rndn rndn[ K42 ]rndn rndn[ K43 ]rndn
rndn[ K44 ]rndn rndn[ K45 ]rndn rndn[ K46 ]rndn rndn[ K47 ]rndn
rndn[ K48 ]rndn rndn[ K49 ]rndn rndn[ K50 ]rndn rndn[ K51 ]rndn
rndn[ K52 ]rndn rndn[ K53 ]rndn rndn[ K54 ]rndn rndn[ K55 ]rndn
rndn[ K56 ]rndn rndn[ K57 ]rndn rndn[ K58 ]rndn rndn[ K59 ]rndn
rndn[ K60 ]rndn rndn[ K61 ]rndn rndn[ K62 ]rndn rndn[ K63 ]rndn
rndn[ K64 ]rndn rndn[ K65 ]rndn rndn[ K66 ]rndn rndn[ K67 ]rndn
rndn[ K68 ]rndn rndn[ K69 ]rndn rndn[ K70 ]rndn rndn[ K71 ]rndn
rndn[ K72 ]rndn rndn[ K73 ]rndn rndn[ K74 ]rndn rndn[ K75 ]rndn
rndn[ K76 ]rndn rndn[ K77 ]rndn rndn[ K78 ]rndn rndn[ K79 ]rndn ~rndn
EndMake
: storelen D2* D2* D2* ( bytes->bits) W #112 CHARS + ! W #120 CHARS + ! ; PRIVATE ( lo hi -- )
: setlen SHAlen storelen ; PRIVATE ( -- )
: cellsreverse 0 ?DO DUP @ BSWAP OVER ! CELL+ LOOP DROP ; PRIVATE ( addr n -- )
: endian16 DUP #16 cellsreverse ; PRIVATE ( addr1 -- addr2 )
: endian14 DUP #14 cellsreverse ; PRIVATE ( addr1 -- addr2 )
-- Do all 128 byte blocks leaving remainder block
: hashfullblocks ( addr1 dcount -- addr2 dcount ) \ dcount is double number: lo hi
SWAP DUP >R 7 RSHIFT ( addr1 hi lo* ) \ Store lo on return, lo*=lo/128
OVER CELLSIZE 7 - LSHIFT OR >R ( addr1 hi ) \ Return is now: :R lo lo'
( hi) 7 RSHIFT
0 ?DO ( addr1 ) \ Do if hi'= hi/128 > 0
0 0 DO DUP endian16 SHA512 #128 +
LOOP ( addr' ) \ Hash for 2^cellsize full blocks
LOOP ( addr' ) \ Hash for hi'*2^cellsize full blocks
R> 0 ?DO DUP endian16 SHA512 #128 + LOOP ( addr' ) \ Hash for lo' count full 128 byte blocks
R> ( lo) #127 AND ; PRIVATE ( addr2 cnt ) \ Leave address and count for partial block
: hashfinal ( addr count -- ) \ Hash partial and/or last block
DUP >R W SWAP CMOVE \ Move bytes into block W array
W R@ + #128 OVER C! ( addr ) \ Put 80h after last message byte
CHAR+ #111 R@ - ( addr # ) \ Compute tentative 0 byte FILL count
R> #111 > ( addr # ? ) \ Is partial block byte count > 111 ?
IF #16 + ERASE ( -- ) \ If yes, FILL rest of block w/zeroes
W endian16 SHA512 ( -- ) \ Endian adjust block if required, then hash
W #112 ( addr 112 ) \ Now setup last block containing bit count
ENDIF ( addr # )
ERASE setlen W endian14 SHA512 ; \ Zero FILL last block, set message bit count
PRIVATE \ Endian adjust, except bit count, then hash
-- Compute SHA512 from a counted buffer of text
: SHAbuffer ( addr dcount -- ) SHAinit 2DUP TO SHAlen hashfullblocks hashfinal ;
-- =============== Hash string display wordset ===============
-- Array of digits 0123456789abcdef
: digit$ ( -- addr ) S" 0123456789abcdef" DROP ; PRIVATE
: intdigits ( -- ) PAD 0! ; PRIVATE
: savedigit ( n -- ) PAD C@ 1+ DUP PAD C! PAD + C! ; PRIVATE
: bytedigits ( n -- ) DUP 4 RSHIFT digit$ + C@ savedigit #15 AND digit$ + C@ savedigit ; PRIVATE
: celldigits ( addr -- ) DUP 7 + DO I C@ bytedigits -1 +LOOP BL savedigit ; PRIVATE
: SHAstring ( -- addr u ) intdigits SHAval 7 CELLS + 8 0 DO DUP celldigits CELL- LOOP DROP PAD COUNT ;
: HASH. ( -- ) CR SHAstring TYPE SPACE ; -- Display SHA-512 hash value in hex
: QuoteString ( addr cnt -- ) CR CR &" EMIT TYPE &" EMIT ; PRIVATE
-- ==================== File hash wordset ====================
0 VALUE rfileid PRIVATE -- Holds fileid of input file
: bytes@ ( addr n -- ) rfileid READ-FILE 2DROP ; PRIVATE
: block@ ( -- ) W #128 bytes@ ; PRIVATE
: getpartial ( cnt -- W' cnt2 ? )
W 2DUP SWAP DUP >R bytes@ ( cnt1 addr1 )
+ #128 OVER C! CHAR+ #111 R@ - R> #111 > ; PRIVATE ( addr2 cnt2 ? )
: @SHAfile ( c-addr u -- )
R/O BIN OPEN-FILE SWAP TO rfileid ( ior) ?FILE
SHAinit
rfileid FILE-SIZE DROP ( ud ) \ Get bytesize of input file
0. D- \ Adjust to hash subset of file
CR ." Bytesize: " 2DUP D. \ Display hash size to screen
2DUP 2>R \ ( lo hi ) Save file byte cnt on RETURN
OVER 7 RSHIFT OVER \ ( lo hi lo* hi )
CELLSIZE 7 - LSHIFT OR SWAP 7 RSHIFT \ ( lo lo' hi') lo' hi' now full block count
0 ?DO 0 0 DO block@ W endian16 SHA512 LOOP LOOP \ Hash hi*2^cellsize full blocks
0 ?DO block@ W endian16 SHA512 LOOP \ Hash lo count full 128 byte blocks
( lo) #127 AND ( rembytes) getpartial ( addr cnt ? ) \ Read remaining bytes
IF #16 + ERASE W endian16 SHA512 W #112 ENDIF \ Do if rembytes > 111
ERASE 2R> storelen W endian14 SHA512 \ Do last block
CR ." SHA-512 : " CR SHAstring TYPE CR \ Show SHA-512 hash for file
rfileid CLOSE-FILE ?FILE ; \ Close the input file
NESTING @ 1 =
[IF]
-- ==================== SHA-512 Test Suite ================================================================================================================
-- Load W array with data on stack
: WLoad W #15 CELLS + ( d0..d15 W[15] ) #16 0 DO TUCK ! CELL- LOOP DROP ; PRIVATE ( d0..d15 -- )
-- ----------------------------------------------------------------------------------------------------------------------------------------------------------
-- EXAMPLE 0: from Wikipedia
: EX0 S" " 2DUP QuoteString
U>D ( addr dcount) SHAbuffer HASH.
CR S" cf83e1357eefb8bd f1542850d66d8007 d620e4050b5715dc 83f4a921d36ce9ce 47d0d13c5d85f2b0 ff8318d2877eec2f 63b931bd47417a81 a538327af927da3e" TYPE ;
-- ----------------------------------------------------------------------------------------------------------------------------------------------------------
-- EXAMPLE 1: from FIPS PUB
: EX1 S" abc" 2DUP QuoteString
U>D ( addr dcount) SHAbuffer HASH.
CR S" ddaf35a193617aba cc417349ae204131 12e6fa4e89a97ea2 0a9eeee64b55d39a 2192992a274fc1a8 36ba3c23a3feebbd 454d4423643ce80e 2a9ac94fa54ca49f" TYPE ;
-- ----------------------------------------------------------------------------------------------------------------------------------------------------------
-- EXAMPLE 2: from FIPS PUB
: EX2a S" abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" ;
: EX2 EX2a 2DUP QuoteString
U>D ( addr dcount) SHAbuffer HASH.
CR S" 8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909" TYPE ;
: EX5 S" The quick brown fox jumps over the lazy dog" 2DUP QuoteString
U>D ( addr dcount) SHAbuffer HASH.
CR S" 07e547d9586f6a73 f73fbac0435ed769 51218fb7d0c8d788 a309d785436bbb64 2e93a252a954f239 12547d1e8a3b5ed6 e1bfd7097821233f a0538f3db854fee6" TYPE ;
-- ----------------------------------------------------------------------------------------------------------------------------------------------------------
-- EXAMPLE 3:
-- Message: 1 million copies of 'a' (61h), (8 million bits)
-- Hash = ?
-- Load block of all 'a's (61h), must hash 15,625 times
: EX3a W #128 'a' FILL ;
-- Last message block: 1st bit a '1', bit-count = 16 million
: EX3b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #16000000 WLoad ;
-- Do hash for message of 2 million copies of ASCII 'a' (61h)
: EX3 SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 HASH. ;
-- -------------------------------------------------------------
-- EXAMPLE 4:
-- Message: 400,000 SPACES 'BL' (20h), (3,200,000 bits)
-- Hash = ?
-- Load block of all "BL' (20h), hash 156 full blocks + 16 bytes
: EX4a W #128 BLANK ;
-- Last message block: 1st bit a '1', bit-count = 3,200,000
: EX4b $8000000000000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 #3200000 WLoad ;
-- Do hash for message of 400,000 SPACES 'BL' (20h)
: EX4 SHAinit EX4a #3125 0 DO W SHA512 LOOP EX4b W SHA512 HASH. ;
: SHATest ( -- )
CR ." SHA-512 test suite:"
EX0 EX1 EX2 EX5
CR CR S" 2 million copies of ASCII 'a' (61h)" TYPE EX3
CR CR S" 400,000 copies of ASCII BL (20h)" TYPE EX4 CR ;
: [EX1] S" abc" U>D ( addr dcount) SHAbuffer ; PRIVATE
: [EX2] EX2a U>D SHAbuffer ; PRIVATE
: [EX3] SHAinit EX3a #15625 0 DO W SHA512 LOOP EX3b W SHA512 ; PRIVATE
: test1 CR ." SHA-512 test for EX1, 1000 loops: " TIMER-RESET #1000 0 DO [EX1] LOOP .ELAPSED ;
: test2 CR ." SHA-512 test for EX2, 1000 loops: " TIMER-RESET #1000 0 DO [EX2] LOOP .ELAPSED ;
: test3 CR ." SHA-512 test for EX3, 1000 loops: " TIMER-RESET #1000 0 DO [EX3] LOOP .ELAPSED ;
: SHAbm ( -- ) test1 test2 test3 ;
:ABOUT CR ." Try: SHAtest -- test SHA-512 (roughly)"
CR ." SHAbm -- speed benchmark"
CR ." ( c-addr ud -- ) SHAbuffer HASH. -- print hash value of string"
CR ." ( c-addr u -- ) @SHAfile -- print hash value of file." ;
[ELSE]
:ABOUT CR ." Try: ( c-addr ud -- ) SHAbuffer HASH. -- print hash value of string"
CR ." ( c-addr u -- ) @SHAfile -- print hash value of file." ;
[THEN]
NESTING @ 1 = [IF] .ABOUT -sha-512 CR [THEN]
DEPRIVE
(* End of Source *)
[toc] | [prev] | [next] | [standalone]
Page 1 of 2 [1] 2 Next page →
Back to top | Article view | comp.lang.forth
csiph-web