unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#42020] [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s
@ 2020-06-23 15:36 Ludovic Courtès
  2020-06-23 15:55 ` [bug#42020] [PATCH 1/4] daemon: Map directly to gcrypt hash functions Ludovic Courtès
  2020-06-27 21:44 ` bug#42020: [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Ludovic Courtès
  0 siblings, 2 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-06-23 15:36 UTC (permalink / raw)
  To: 42020; +Cc: Ludovic Courtès

Hello!

This is a followup to:

  https://issues.guix.gnu.org/41382

This patch series adds daemon support for a few more cryptographic
hash functions, for use by fixed-output derivations (origins) and
the likes.  We should wait for a year or so before using those
algorithms in package definitions so we can assume that the new
daemon is widespread.

Note that there are still places where SHA256 is hard-coded.
For instance, the ‘query-path-hash’ RPC always returns a SHA256
hash.  Internally, the ‘ValidPaths’ table of the database can
store any hash, but in practice it only ever contains a SHA256
hash (see ‘LocalStore::addValidPath’ and (guix store database)).

Feedback welcome!

Ludo’.

Ludovic Courtès (4):
  daemon: Map directly to gcrypt hash functions.
  daemon: Remove OpenSSL hash compatibility wrappers.
  daemon: Recognize SHA3 and BLAKE2s.
  packages: Recognize SHA3 and BLAKE2s for 'content-hash'.

 guix/packages.scm          |  5 ++-
 nix/libutil/gcrypt-hash.cc | 51 -----------------------------
 nix/libutil/gcrypt-hash.hh | 50 ----------------------------
 nix/libutil/hash.cc        | 67 +++++++++++++++++++-------------------
 nix/libutil/hash.hh        | 20 +++++++-----
 nix/libutil/md5.h          | 35 --------------------
 nix/libutil/sha1.h         | 35 --------------------
 nix/libutil/sha256.h       | 35 --------------------
 nix/libutil/sha512.h       | 35 --------------------
 nix/local.mk               | 12 ++-----
 tests/packages.scm         | 26 +++++++++++++++
 tests/store.scm            |  4 +--
 12 files changed, 80 insertions(+), 295 deletions(-)
 delete mode 100644 nix/libutil/gcrypt-hash.cc
 delete mode 100644 nix/libutil/gcrypt-hash.hh
 delete mode 100644 nix/libutil/md5.h
 delete mode 100644 nix/libutil/sha1.h
 delete mode 100644 nix/libutil/sha256.h
 delete mode 100644 nix/libutil/sha512.h

-- 
2.26.2





^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#42020] [PATCH 1/4] daemon: Map directly to gcrypt hash functions.
  2020-06-23 15:36 [bug#42020] [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Ludovic Courtès
@ 2020-06-23 15:55 ` Ludovic Courtès
  2020-06-23 15:55   ` [bug#42020] [PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers Ludovic Courtès
                     ` (2 more replies)
  2020-06-27 21:44 ` bug#42020: [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Ludovic Courtès
  1 sibling, 3 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-06-23 15:55 UTC (permalink / raw)
  To: 42020; +Cc: Ludovic Courtès

* nix/libutil/hash.hh (HashType): Map directly to GCRY_MD_ values.
(md5HashSize, sha1HashSize, sha256HashSize, sha512HashSize): Remove.
* nix/libutil/hash.cc (Hash::Hash): Use 'gcry_md_get_algo_dlen'.
---
 nix/libutil/hash.cc |  8 +++-----
 nix/libutil/hash.hh | 17 +++++++++--------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index ea69aa64f9..251f18f60e 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -38,11 +38,9 @@ Hash::Hash()
 Hash::Hash(HashType type)
 {
     this->type = type;
-    if (type == htMD5) hashSize = md5HashSize;
-    else if (type == htSHA1) hashSize = sha1HashSize;
-    else if (type == htSHA256) hashSize = sha256HashSize;
-    else if (type == htSHA512) hashSize = sha512HashSize;
-    else throw Error("unknown hash type");
+    hashSize = gcry_md_get_algo_dlen(type);
+
+    if (hashSize == 0) throw Error("unknown hash type");
     assert(hashSize <= maxHashSize);
     memset(hash, 0, maxHashSize);
 }
diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh
index 6b5e47cd8a..7357a34e1d 100644
--- a/nix/libutil/hash.hh
+++ b/nix/libutil/hash.hh
@@ -1,5 +1,7 @@
 #pragma once
 
+#include <gcrypt.h>
+
 #include "types.hh"
 #include "serialise.hh"
 
@@ -7,16 +9,15 @@
 namespace nix {
 
 
-typedef enum { htUnknown, htMD5, htSHA1, htSHA256, htSHA512 } HashType;
-
-
-const int md5HashSize = 16;
-const int sha1HashSize = 20;
-const int sha256HashSize = 32;
-const int sha512HashSize = 64;
-
 extern const string base32Chars;
 
+typedef enum {
+    htUnknown = 0,
+    htMD5 = GCRY_MD_MD5,
+    htSHA1 = GCRY_MD_SHA1,
+    htSHA256 = GCRY_MD_SHA256,
+    htSHA512 = GCRY_MD_SHA512
+} HashType;
 
 struct Hash
 {
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#42020] [PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers.
  2020-06-23 15:55 ` [bug#42020] [PATCH 1/4] daemon: Map directly to gcrypt hash functions Ludovic Courtès
@ 2020-06-23 15:55   ` Ludovic Courtès
  2020-06-23 15:55   ` [bug#42020] [PATCH 3/4] daemon: Recognize SHA3 and BLAKE2s Ludovic Courtès
  2020-06-23 15:55   ` [bug#42020] [PATCH 4/4] packages: Recognize SHA3 and BLAKE2s for 'content-hash' Ludovic Courtès
  2 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-06-23 15:55 UTC (permalink / raw)
  To: 42020; +Cc: Ludovic Courtès

* nix/libutil/hash.cc (struct Ctx): Copy from gcrypt-hash.hh.
(start, update, finish): Use gcrypt functions directly instead of
OpenSSL-like wrappers.
* nix/libutil/gcrypt-hash.cc, nix/libutil/gcrypt-hash.hh,
nix/libutil/md5.h, nix/libutil/sha1.h, nix/libutil/sha256.h,
nix/libutil/sha512.h: Remove.
* nix/local.mk (libutil_a_SOURCES, libutil_headers): Adjust
accordingly.
---
 nix/libutil/gcrypt-hash.cc | 51 ------------------------------------
 nix/libutil/gcrypt-hash.hh | 50 -----------------------------------
 nix/libutil/hash.cc        | 53 +++++++++++++++++---------------------
 nix/libutil/md5.h          | 35 -------------------------
 nix/libutil/sha1.h         | 35 -------------------------
 nix/libutil/sha256.h       | 35 -------------------------
 nix/libutil/sha512.h       | 35 -------------------------
 nix/local.mk               | 12 +++------
 8 files changed, 27 insertions(+), 279 deletions(-)
 delete mode 100644 nix/libutil/gcrypt-hash.cc
 delete mode 100644 nix/libutil/gcrypt-hash.hh
 delete mode 100644 nix/libutil/md5.h
 delete mode 100644 nix/libutil/sha1.h
 delete mode 100644 nix/libutil/sha256.h
 delete mode 100644 nix/libutil/sha512.h

diff --git a/nix/libutil/gcrypt-hash.cc b/nix/libutil/gcrypt-hash.cc
deleted file mode 100644
index c4ae7bfcc2..0000000000
--- a/nix/libutil/gcrypt-hash.cc
+++ /dev/null
@@ -1,51 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
-   Copyright (C) 2012, 2013  Ludovic Courtès <ludo@gnu.org>
-
-   This file is part of GNU Guix.
-
-   GNU Guix is free software; you can redistribute it and/or modify it
-   under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or (at
-   your option) any later version.
-
-   GNU Guix is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.  */
-
-#include <config.h>
-
-#include <gcrypt-hash.hh>
-#include <assert.h>
-
-extern "C" {
-
-void
-guix_hash_init (struct guix_hash_context *ctx, int algo)
-{
-  gcry_error_t err;
-
-  err = gcry_md_open (&ctx->md_handle, algo, 0);
-  assert (err == GPG_ERR_NO_ERROR);
-}
-
-void
-guix_hash_update (struct guix_hash_context *ctx, const void *buffer, size_t len)
-{
-  gcry_md_write (ctx->md_handle, buffer, len);
-}
-
-void
-guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
-		 int algo)
-{
-  memcpy (resbuf, gcry_md_read (ctx->md_handle, algo),
-	  gcry_md_get_algo_dlen (algo));
-  gcry_md_close (ctx->md_handle);
-  ctx->md_handle = NULL;
-}
-
-}
diff --git a/nix/libutil/gcrypt-hash.hh b/nix/libutil/gcrypt-hash.hh
deleted file mode 100644
index 11f061159f..0000000000
--- a/nix/libutil/gcrypt-hash.hh
+++ /dev/null
@@ -1,50 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
-   Copyright (C) 2012, 2013  Ludovic Courtès <ludo@gnu.org>
-
-   This file is part of GNU Guix.
-
-   GNU Guix is free software; you can redistribute it and/or modify it
-   under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or (at
-   your option) any later version.
-
-   GNU Guix is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.  */
-
-/* An OpenSSL-like interface to GNU libgcrypt cryptographic hash
-   functions.  */
-
-#pragma once
-#include <gcrypt.h>
-#include <unistd.h>
-
-struct guix_hash_context
-{
-  /* This copy constructor is needed in 'HashSink::currentHash()' where we
-     expect the copy of a 'Ctx' object to yield a truly different context.  */
-  guix_hash_context (guix_hash_context &ref)
-  {
-    if (ref.md_handle == NULL)
-      md_handle = NULL;
-    else
-      gcry_md_copy (&md_handle, ref.md_handle);
-  }
-
-  /* Make sure 'md_handle' is always initialized.  */
-  guix_hash_context (): md_handle (NULL) { };
-
-  gcry_md_hd_t md_handle;
-};
-
-extern "C" {
-extern void guix_hash_init (struct guix_hash_context *ctx, int algo);
-extern void guix_hash_update (struct guix_hash_context *ctx, const void *buffer,
-			      size_t len);
-extern void guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
-			     int algo);
-}
diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index 251f18f60e..20d2e4b724 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -3,18 +3,6 @@
 #include <iostream>
 #include <cstring>
 
-#ifdef HAVE_OPENSSL
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#else
-extern "C" {
-#include "md5.h"
-#include "sha1.h"
-#include "sha256.h"
-#include "sha512.h"
-}
-#endif
-
 #include "hash.hh"
 #include "archive.hh"
 #include "util.hh"
@@ -193,41 +181,48 @@ bool isHash(const string & s)
     return true;
 }
 
-
+/* The "hash context".  */
 struct Ctx
 {
-    MD5_CTX md5;
-    SHA_CTX sha1;
-    SHA256_CTX sha256;
-    SHA512_CTX sha512;
+  /* This copy constructor is needed in 'HashSink::currentHash()' where we
+     expect the copy of a 'Ctx' object to yield a truly different context.  */
+  Ctx(Ctx &ref)
+  {
+    if (ref.md_handle == NULL)
+      md_handle = NULL;
+    else
+      gcry_md_copy (&md_handle, ref.md_handle);
+  }
+
+  /* Make sure 'md_handle' is always initialized.  */
+  Ctx(): md_handle (NULL) { };
+
+  gcry_md_hd_t md_handle;
 };
 
 
 static void start(HashType ht, Ctx & ctx)
 {
-    if (ht == htMD5) MD5_Init(&ctx.md5);
-    else if (ht == htSHA1) SHA1_Init(&ctx.sha1);
-    else if (ht == htSHA256) SHA256_Init(&ctx.sha256);
-    else if (ht == htSHA512) SHA512_Init(&ctx.sha512);
+    gcry_error_t err;
+
+    err = gcry_md_open (&ctx.md_handle, ht, 0);
+    assert (err == GPG_ERR_NO_ERROR);
 }
 
 
 static void update(HashType ht, Ctx & ctx,
     const unsigned char * bytes, unsigned int len)
 {
-    if (ht == htMD5) MD5_Update(&ctx.md5, bytes, len);
-    else if (ht == htSHA1) SHA1_Update(&ctx.sha1, bytes, len);
-    else if (ht == htSHA256) SHA256_Update(&ctx.sha256, bytes, len);
-    else if (ht == htSHA512) SHA512_Update(&ctx.sha512, bytes, len);
+    gcry_md_write (ctx.md_handle, bytes, len);
 }
 
 
 static void finish(HashType ht, Ctx & ctx, unsigned char * hash)
 {
-    if (ht == htMD5) MD5_Final(hash, &ctx.md5);
-    else if (ht == htSHA1) SHA1_Final(hash, &ctx.sha1);
-    else if (ht == htSHA256) SHA256_Final(hash, &ctx.sha256);
-    else if (ht == htSHA512) SHA512_Final(hash, &ctx.sha512);
+    memcpy (hash, gcry_md_read (ctx.md_handle, ht),
+	    gcry_md_get_algo_dlen (ht));
+    gcry_md_close (ctx.md_handle);
+    ctx.md_handle = NULL;
 }
 
 
diff --git a/nix/libutil/md5.h b/nix/libutil/md5.h
deleted file mode 100644
index 4583a458b3..0000000000
--- a/nix/libutil/md5.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
-   Copyright (C) 2012  Ludovic Courtès <ludo@gnu.org>
-
-   This file is part of GNU Guix.
-
-   GNU Guix is free software; you can redistribute it and/or modify it
-   under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or (at
-   your option) any later version.
-
-   GNU Guix is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.  */
-
-#include <gcrypt-hash.hh>
-
-#define MD5_CTX guix_hash_context
-
-static inline void
-MD5_Init (struct MD5_CTX *ctx)
-{
-  guix_hash_init (ctx, GCRY_MD_MD5);
-}
-
-#define MD5_Update guix_hash_update
-
-static inline void
-MD5_Final (void *resbuf, struct MD5_CTX *ctx)
-{
-  guix_hash_final (resbuf, ctx, GCRY_MD_MD5);
-}
diff --git a/nix/libutil/sha1.h b/nix/libutil/sha1.h
deleted file mode 100644
index d2d071e058..0000000000
--- a/nix/libutil/sha1.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
-   Copyright (C) 2012  Ludovic Courtès <ludo@gnu.org>
-
-   This file is part of GNU Guix.
-
-   GNU Guix is free software; you can redistribute it and/or modify it
-   under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or (at
-   your option) any later version.
-
-   GNU Guix is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.  */
-
-#include <gcrypt-hash.hh>
-
-#define SHA_CTX guix_hash_context
-
-static inline void
-SHA1_Init (struct SHA_CTX *ctx)
-{
-  guix_hash_init (ctx, GCRY_MD_SHA1);
-}
-
-#define SHA1_Update guix_hash_update
-
-static inline void
-SHA1_Final (void *resbuf, struct SHA_CTX *ctx)
-{
-  guix_hash_final (resbuf, ctx, GCRY_MD_SHA1);
-}
diff --git a/nix/libutil/sha256.h b/nix/libutil/sha256.h
deleted file mode 100644
index ca95d7fea8..0000000000
--- a/nix/libutil/sha256.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
-   Copyright (C) 2012  Ludovic Courtès <ludo@gnu.org>
-
-   This file is part of GNU Guix.
-
-   GNU Guix is free software; you can redistribute it and/or modify it
-   under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or (at
-   your option) any later version.
-
-   GNU Guix is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.  */
-
-#include <gcrypt-hash.hh>
-
-#define SHA256_CTX guix_hash_context
-
-static inline void
-SHA256_Init (struct SHA256_CTX *ctx)
-{
-  guix_hash_init (ctx, GCRY_MD_SHA256);
-}
-
-#define SHA256_Update guix_hash_update
-
-static inline void
-SHA256_Final (void *resbuf, struct SHA256_CTX *ctx)
-{
-  guix_hash_final (resbuf, ctx, GCRY_MD_SHA256);
-}
diff --git a/nix/libutil/sha512.h b/nix/libutil/sha512.h
deleted file mode 100644
index d2abab4c5f..0000000000
--- a/nix/libutil/sha512.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
-   Copyright (C) 2012, 2015 Ludovic Courtès <ludo@gnu.org>
-
-   This file is part of GNU Guix.
-
-   GNU Guix is free software; you can redistribute it and/or modify it
-   under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or (at
-   your option) any later version.
-
-   GNU Guix is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.  */
-
-#include <gcrypt-hash.hh>
-
-#define SHA512_CTX guix_hash_context
-
-static inline void
-SHA512_Init (struct SHA512_CTX *ctx)
-{
-  guix_hash_init (ctx, GCRY_MD_SHA512);
-}
-
-#define SHA512_Update guix_hash_update
-
-static inline void
-SHA512_Final (void *resbuf, struct SHA512_CTX *ctx)
-{
-  guix_hash_final (resbuf, ctx, GCRY_MD_SHA512);
-}
diff --git a/nix/local.mk b/nix/local.mk
index c136fb7202..005cde5563 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 # Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 #
@@ -56,8 +56,7 @@ libutil_a_SOURCES =				\
   %D%/libutil/affinity.cc			\
   %D%/libutil/serialise.cc			\
   %D%/libutil/util.cc				\
-  %D%/libutil/hash.cc				\
-  %D%/libutil/gcrypt-hash.cc
+  %D%/libutil/hash.cc
 
 libutil_headers =				\
   %D%/libutil/affinity.hh			\
@@ -65,12 +64,7 @@ libutil_headers =				\
   %D%/libutil/serialise.hh			\
   %D%/libutil/util.hh				\
   %D%/libutil/archive.hh			\
-  %D%/libutil/types.hh				\
-  %D%/libutil/gcrypt-hash.hh			\
-  %D%/libutil/md5.h				\
-  %D%/libutil/sha1.h				\
-  %D%/libutil/sha256.h				\
-  %D%/libutil/sha512.h
+  %D%/libutil/types.hh
 
 libutil_a_CPPFLAGS =				\
   -I$(top_builddir)/nix				\
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#42020] [PATCH 3/4] daemon: Recognize SHA3 and BLAKE2s.
  2020-06-23 15:55 ` [bug#42020] [PATCH 1/4] daemon: Map directly to gcrypt hash functions Ludovic Courtès
  2020-06-23 15:55   ` [bug#42020] [PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers Ludovic Courtès
@ 2020-06-23 15:55   ` Ludovic Courtès
  2020-06-23 15:55   ` [bug#42020] [PATCH 4/4] packages: Recognize SHA3 and BLAKE2s for 'content-hash' Ludovic Courtès
  2 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-06-23 15:55 UTC (permalink / raw)
  To: 42020; +Cc: Ludovic Courtès

* nix/libutil/hash.hh (HashType): Add htSHA3_256, htSHA3_512, and
htBLAKE2s_256.
* nix/libutil/hash.cc (parseHashType, printHashType): Recognize them.
* tests/store.scm ("add-to-store"): Test these algorithms.
---
 nix/libutil/hash.cc | 6 ++++++
 nix/libutil/hash.hh | 5 ++++-
 tests/store.scm     | 4 ++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index 20d2e4b724..7853acdd49 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -321,6 +321,9 @@ HashType parseHashType(const string & s)
     else if (s == "sha1") return htSHA1;
     else if (s == "sha256") return htSHA256;
     else if (s == "sha512") return htSHA512;
+    else if (s == "sha3-256") return htSHA3_256;
+    else if (s == "sha3-512") return htSHA3_512;
+    else if (s == "blake2s-256") return htBLAKE2s_256;
     else return htUnknown;
 }
 
@@ -331,6 +334,9 @@ string printHashType(HashType ht)
     else if (ht == htSHA1) return "sha1";
     else if (ht == htSHA256) return "sha256";
     else if (ht == htSHA512) return "sha512";
+    else if (ht == htSHA3_256) return "sha3-256";
+    else if (ht == htSHA3_512) return "sha3-512";
+    else if (ht == htBLAKE2s_256) return "blake2s-256";
     else throw Error("cannot print unknown hash type");
 }
 
diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh
index 7357a34e1d..ac58651a02 100644
--- a/nix/libutil/hash.hh
+++ b/nix/libutil/hash.hh
@@ -16,7 +16,10 @@ typedef enum {
     htMD5 = GCRY_MD_MD5,
     htSHA1 = GCRY_MD_SHA1,
     htSHA256 = GCRY_MD_SHA256,
-    htSHA512 = GCRY_MD_SHA512
+    htSHA512 = GCRY_MD_SHA512,
+    htSHA3_256 = GCRY_MD_SHA3_256,
+    htSHA3_512 = GCRY_MD_SHA3_512,
+    htBLAKE2s_256 = GCRY_MD_BLAKE2S_256
 } HashType;
 
 struct Hash
diff --git a/tests/store.scm b/tests/store.scm
index 06f7939657..ee3e01f33b 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -116,7 +116,7 @@
     (list (stat:uid s) (stat:perms s))))
 
 (test-equal "add-to-store"
-  '("sha1" "sha256" "sha512")
+  '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256")
   (let* ((file    (search-path %load-path "guix.scm"))
          (content (call-with-input-file file get-bytevector-all)))
     (map (lambda (hash-algo)
@@ -125,7 +125,7 @@
                   (bytevector=? (call-with-input-file file get-bytevector-all)
                                 content)
                   hash-algo)))
-         '("sha1" "sha256" "sha512"))))
+         '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256"))))
 
 (test-equal "add-data-to-store"
   #vu8(1 2 3 4 5)
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#42020] [PATCH 4/4] packages: Recognize SHA3 and BLAKE2s for 'content-hash'.
  2020-06-23 15:55 ` [bug#42020] [PATCH 1/4] daemon: Map directly to gcrypt hash functions Ludovic Courtès
  2020-06-23 15:55   ` [bug#42020] [PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers Ludovic Courtès
  2020-06-23 15:55   ` [bug#42020] [PATCH 3/4] daemon: Recognize SHA3 and BLAKE2s Ludovic Courtès
@ 2020-06-23 15:55   ` Ludovic Courtès
  2 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-06-23 15:55 UTC (permalink / raw)
  To: 42020; +Cc: Ludovic Courtès

* guix/packages.scm (build-content-hash): Add 'sha3-256', 'sha3-512',
and 'blake2s-256'.
* tests/packages.scm ("package-source-derivation, origin, sha3-512"):
New test.
---
 guix/packages.scm  |  5 ++++-
 tests/packages.scm | 26 ++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/guix/packages.scm b/guix/packages.scm
index 1e0ec41b76..68ef718872 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -191,7 +191,10 @@ its first argument has the right size for the chosen algorithm."
 
 (define-content-hash-constructor build-content-hash
   (sha256 32)
-  (sha512 64))
+  (sha512 64)
+  (sha3-256 32)
+  (sha3-512 64)
+  (blake2s-256 64))
 
 (define-syntax content-hash
   (lambda (s)
diff --git a/tests/packages.scm b/tests/packages.scm
index c7b6f669b5..26377b269b 100644
--- a/tests/packages.scm
+++ b/tests/packages.scm
@@ -524,6 +524,32 @@
     (build-derivations %store (list drv))
     (call-with-input-file output get-string-all)))
 
+(test-equal "package-source-derivation, origin, sha3-512"
+  "hello, sha3"
+  (let* ((bash    (search-bootstrap-binary "bash" (%current-system)))
+         (builder (add-text-to-store %store "my-fixed-builder.sh"
+                                     "echo -n hello, sha3 > $out" '()))
+         (method  (lambda* (url hash-algo hash #:optional name
+                                #:rest rest)
+                    (and (eq? hash-algo 'sha3-512)
+                         (raw-derivation name bash (list builder)
+                                         #:sources (list builder)
+                                         #:hash hash
+                                         #:hash-algo hash-algo))))
+         (source  (origin
+                    (method method)
+                    (uri "unused://")
+                    (file-name "origin-sha3")
+                    (hash (content-hash
+                           (gcrypt:bytevector-hash (string->utf8 "hello, sha3")
+                                                   (gcrypt:lookup-hash-algorithm
+                                                    'sha3-512))
+                           sha3-512))))
+         (drv    (package-source-derivation %store source))
+         (output (derivation->output-path drv)))
+    (build-derivations %store (list drv))
+    (call-with-input-file output get-string-all)))
+
 (unless (network-reachable?) (test-skip 1))
 (test-equal "package-source-derivation, snippet"
   "OK"
-- 
2.26.2





^ permalink raw reply related	[flat|nested] 6+ messages in thread

* bug#42020: [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s
  2020-06-23 15:36 [bug#42020] [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Ludovic Courtès
  2020-06-23 15:55 ` [bug#42020] [PATCH 1/4] daemon: Map directly to gcrypt hash functions Ludovic Courtès
@ 2020-06-27 21:44 ` Ludovic Courtès
  1 sibling, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-06-27 21:44 UTC (permalink / raw)
  To: 42020-done

Ludovic Courtès <ludo@gnu.org> skribis:

> This patch series adds daemon support for a few more cryptographic
> hash functions, for use by fixed-output derivations (origins) and
> the likes.  We should wait for a year or so before using those
> algorithms in package definitions so we can assume that the new
> daemon is widespread.

Pushed!

  0505eda9c7 packages: Recognize SHA3 and BLAKE2s for 'content-hash'.
  8e6c1415d8 daemon: Recognize SHA3 and BLAKE2s.
  8dc6c38785 daemon: Remove OpenSSL hash compatibility wrappers.
  3fb6b8f304 daemon: Map directly to gcrypt hash functions.

Ludo’.




^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-06-27 21:45 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-23 15:36 [bug#42020] [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Ludovic Courtès
2020-06-23 15:55 ` [bug#42020] [PATCH 1/4] daemon: Map directly to gcrypt hash functions Ludovic Courtès
2020-06-23 15:55   ` [bug#42020] [PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers Ludovic Courtès
2020-06-23 15:55   ` [bug#42020] [PATCH 3/4] daemon: Recognize SHA3 and BLAKE2s Ludovic Courtès
2020-06-23 15:55   ` [bug#42020] [PATCH 4/4] packages: Recognize SHA3 and BLAKE2s for 'content-hash' Ludovic Courtès
2020-06-27 21:44 ` bug#42020: [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).