SHA256の実装を pythonで読むために

Transcript

1. SHA256ͷ࣮૷Λ pythonͰಡΉͨΊʹ ͸ΜͳΓpython#4(20180316) ΤΨϛ Ϣ΢εέ @egapool

2. SHA256ͷ͓͞Β͍

3. SHA256ͱ͸ ҉߸ֶతϋογϡؔ਺ͷSHA-2γϦʔζͷҰ ͭ SHA-224ɺSHA-256ɺSHA-384ɺSHA-512

4. ϋογϡؔ਺ͱ͸ ͋Δσʔλ͔Βཁ໿ʢࢦ໲ͷΑ͏ͳ΋ͷʣΛ ಘΔؔ਺

5. ҉߸ֶతϋογϡؔ਺ͱ͸ ϋογϡؔ਺ʹҎԼ͕௥Ճ͞Εͨ΋ͷ ɾҰํ޲ੑ ɹᵋϋογϡ஋Λ͔ΒݩͷϝοηʔδΛਪଌͰ͖ͳ͍ ɾিಥ଱ੑ ɹᵋ ಉ͡ϋογϡ஋Λੜ੒͢ΔϝοηʔδͷϖΞΛݟ͚ͭΔ͜ ͱ͕ࠔ೉

6. SHA256ͷ࣮૷ͷ঺հ

7. ࢓༷͸FIPS 180-2Ͱެ։ ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ (NIST) ͕ൃߦ https://csrc.nist.gov/csrc/media/ publications/fips/180/2/archive/ 2002-08-01/documents/fips180-2.pdf

8. hashlibϞδϡʔϧ hashlibͰ͸sha256ͷ࣮૷͸cpython࣮૷ͷϞδϡʔϧΛimport͍ͯ͠ Δ [hashlib] https://github.com/python/cpython/blob/3.6/Lib/hashlib.py#L89-L92 [_sha256] https://github.com/python/cpython/blob/3.6/Modules/ sha256module.c

9. nanvel/sha256.py https://gist.github.com/nanvel/ 9e606cb7271126b1cb2413b7415d560d

10. SHA256ͷΞϧΰϦζϜ

11. SHA256͸࠷ऴతʹ256bit(=32byte)ͷจࣈྻΛు ͖ग़͢ ࢓༷Ͱॳظ஋͕༩͑ΒΕ͍ͯΔ 6a09e667 bb67ae85 3c6ef372 a54ff53a 510e527f 9b05688c 1f83d9ab

    5be0cd19 (4byte x 8ݸ) ͜ͷॳظ஋ΛมԽ͍ͤͯ͘͞

12. ͓͓·͔ͳྲྀΕ 1. ϝοηʔδΛ64byte͝ͱͷϒϩοΫʹ෼ׂ 2. ύσΟϯάॲཧ 3. લஈͷϋογϡͱϒϩοΫʹରͯ͠64ճͷϥ΢ϯ υॲཧΛͯ͠32byteͷϋογϡΛಘΔ 4. 3

    ΛશϒϩοΫ෼ճ͢

13. ɾɾɾ ϥ΢ϯυ ϥ΢ϯυ ॳظ஋
    CZUF ϋογϡ
    CZUF ϋογϡ
    CZUF ࠷ऴతͳϋογϡ
    

    CZUF ͓͓·͔ͳྲྀΕ ϥ΢ϯυ

14. ύσΟϯάॲཧ w ϝοηʔδΛCZUFͰׂͬͨ࠷ޙͷϒϩοΫʹదԠ
    w CZUFʹ଍Βͳ͍෼͚ͩͰຒΊΔ
    w ͨͩ͠ɺ΋ͱϝοηʔδͷ࠷ޙʹCJUΛ௥Ճ
    w ͞ΒʹɺCZUFͷ຤ඌʹCZUFจͷ΋ͱϝοηʔδ௕ Λ͍ΕΔ
    

    w ݩʑ͖ͬͪΓCZUFͩͬͨ৔߹͸͞ΒʹϒϩοΫΛ ௥Ճͯ͠ɺͦΕʹରͯ͠ύσΟϯάॲཧΛࢪ͢

15. ύσΟϯάॲཧ CZUFͷϝοηʔδͷ৔߹ ˞ਐ਺Ͱ͸ਐ਺Ͱ
    ˞CZUF͸CJUɺਐ਺Ͱ͸ 
    
    BCBC
    DEDE
    FGFG
    
    
    
    
    
    BCBC
    DEDE
    FGFG
    
    
    
    
    
    BCBC
    DEDE
    FGFG
    
    
    
     
    
    BCBC
    DEDE
    FGFG
    
    
    
    
    
    BCBC
    DEDE
    FGFG
    
    
    
    
    
    BCBC
    DEDE
    FGFG
    
    
    
    
    
    
    
    
    
    
    

16. ϥ΢ϯυ w CZUFͷϒϩοΫΛCZUFʹ֦ுͯ͠ݸºCZUF Λੜ੒
    w ˢͱఆ਺Λ࢖ͬͯճͷϩʔςʔγϣϯॲཧతͳ΋ͷ Λࢪ͢

17. ϥ΢ϯυ CZUFͷϒϩοΫΛCZUFʹ֦ுͯ͠ݸºCZUF Λੜ੒   ɾɾ    

     ɾɾ         

18. w = [0] * 64 w[0:16] = to_chunks(chunk, n=32) for

    i in range(16, 64): s0 = bin_xor(bin_rrot(w[i-15], 7), bin_rrot(w[i-15], 18), bin_rshift(w[i-15], 3)) s1 = bin_xor(bin_rrot(w[i-2], 17), bin_rrot(w[i-2], 19), bin_rshift(w[i-2], 10)) w[i] = bin_sum( w[i-16], s0, w[i-7], s1 ) IUUQTHJTUHJUIVCDPNOBOWFMFDCCDCCEEpMFTIBQZ-- ϥ΢ϯυ CZUFͷϒϩοΫΛCZUFʹ֦ுͯ͠ݸºCZUF Λੜ੒

19. ϥ΢ϯυ ˠͱˠͰมԽ ϥ΢ϯυॲཧ

20. GPS
    J
    JO
    SBOHF 
     
    
    
    
    
    TVN
    
    CJO@TVN
    
    
    
    
    
    
    
    
    X<J>
    
    
    
    
    
    
    
    
    JOU@UP@MJTU @L<J>

    
    
    
    
    
    
    
    
    
    I
    
    
    
    
    
    
    
    
    CJO@DI F
    G
    H
    
    
    
    
    
    
    
    
    CJO@YPS CJO@SSPU F
    
    CJO@SSPU F
    
    CJO@SSPU F
    
    
    
    
    
    
    
    
    
    
    TVN
    
    CJO@TVN
    
    
    
    
    
    
    
    
    CJO@YPS CJO@SSPU B
    
    CJO@SSPU B
    
    CJO@SSPU B
    
    
    
    
    
    
    
    
    
    CJO@NBK B
    C
    D
    
    
    
    
    
    
    
    
    TVN
    
    
    
    
    
    
    
    
    
    B
    C
    D
    E
    F
    G
    H
    I
    
    TVN
    B
    C
    D
    CJO@TVN E
    TVN <>
    F
    G
    H ॳظఆ਺

21. IUUQTDTSDOJTUHPWDTSDNFEJBQVCMJDBUJPOTpQTBSDIJWFEPDVNFOUTpQTQEG ϥ΢ϯυΛܦΔ౓ʹมԽ͍ͯ͘͠ ϥ΢ϯυ '*14
    ͷ෇࿥ʹʮBCDʯͱ͍͏จࣈΛ4)"ͰϋογϡԽ͢ Δ༷ࢠ͕঺հ͞Ε͍ͯΔ

22. ӈγϑτԋࢉ
    
    ᵋࢉज़ՃࢉͰͷ্͚͕ͨΓʢ"EEJUJPOʣ
    ८ճӈγϑτԋࢉ
    ᵋ८ճϏοτγϑτԋࢉʢ3PUBUJPOʣ
    ഉଞత࿦ཧ࿨
    ᵋഉଞత࿦ཧ࿨ʢ903ʣ
    ARXܕ ೖྗ஋ʹରͯ͠ඇઢܗͳ݁ՌΛಘΔͨΊͷউͪύλʔϯ

23. ͓͠·͍