Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create generic interface for hash functions #178

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Create generic interface for hash functions #178

wants to merge 2 commits into from

Conversation

vqhuy
Copy link
Member

@vqhuy vqhuy commented Jun 19, 2017

Create PADHasher & TreeHasher interface to allow developers to use their own hash function.

  • Change the default hash function to SHA512/256

Part of #50 and #177

In favor of google/trillian#694, I implemented 29aa6a2.
Please let me know what you think.

@vqhuy vqhuy requested review from liamsi, arlolra and masomel June 19, 2017 17:10
@vqhuy vqhuy mentioned this pull request Jun 19, 2017
@vqhuy vqhuy force-pushed the gh06 branch 3 times, most recently from 332faf0 to 9d040e8 Compare June 20, 2017 06:44
@gdbelvin
Copy link

Would there be any interest in trying to syncronize this interface with the one in google/trillian#670 ?

leaf []byte
want Hash
}{
{treeNonce: [32]byte{0}, index: []byte("foo"), depth: 128, leaf: []byte("leaf"), want: h2h("65e7f29787a6168affd016656bb1f4f03af91cf7416270f5015005f8594d3eb6")},

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question about the index since I ran into this too.
Should indexes be required to be the full length of the hash function? This would change the test vectors.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For HashLeaf, I think yes. But the length of the index of empty nodes vary.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a note that in trillian we're using int64 for treeID.

@liamsi
Copy link
Member

liamsi commented Jun 21, 2017

I like @gdbelvin's idea. It makes it easier to sync up and might increase compatibility. Be aware that the interface described in google/trillian#670 isn't fully implemented yet (but will be soon).

@vqhuy
Copy link
Member Author

vqhuy commented Jun 21, 2017

Would there be any interest in trying to syncronize this interface with the one in google/trillian#670 ?

Definitely.

return h.Sum(nil)
}

// ID returns the name of the cryptographic hash function in string.
Copy link
Member

@liamsi liamsi Jun 21, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/in string/as a string/ or simply "ID returns the name of the cryptographic hash function"

liamsi
liamsi previously approved these changes Jun 22, 2017
Copy link
Member

@liamsi liamsi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@@ -5,6 +5,7 @@ import (
"errors"

"github.com/coniks-sys/coniks-go/crypto"
conikshasher "github.com/coniks-sys/coniks-go/crypto/hasher/coniks"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather prefer a shorter import alias. What do you think about hasher? As this whole project is called 'coniks', I feel hasher would be enough.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally, this package should be imported using a blank import name. I used conikshasher for now because we import both hasher and hasher/coniks sometimes.

Copy link
Member

@liamsi liamsi Jun 23, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense! I would still prefer a shorter import. It would saves some typing when using it and it seems more consistent with the generally shorter package names in golang. But it isn't that important. What about chasher for example?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM. Done.

Copy link
Member

@liamsi liamsi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for this pull! Sorry for the late review.
This is a first quick review of the updated code with a few nits/comments.

leafIdentifier = 'L'
)

type coniksHasher struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the package is called coniks, it's a bit inelegant to call the struct coniksHasher. hasher would be optimal but would collide with github.com/coniks-sys/coniks-go/crypto/hasher. I still wonder if we could come up with a better name here?

}

// treeHasher provides hash functions for tree implementations.
type treeHasher interface {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On first sight, it's a bit confusing that the treeHasher is unexported but embedded in the exported PADHasher interface. Maybe there is a good reason which I don't see yet? OK, the 'tree-hashing logic' is separate from the rest (ID, Size, ...) but if one wants to implement a different PADHasher, one needs to find the private interface treeHasher. I think it makes sense to collapse both and a public interface should be self-contained (or embed other public interfaces if there are really good reasons). LMK what you think.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't remember why I didn't publish treeHasher interface but I can't find any reasons for not doing that.

I think it makes sense to collapse both and a public interface should be self-contained (or embed other public interfaces if there are really good reasons).

Can you elaborate?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be one interface instead of two. At least both should be public if there is a good reason for having two ifaces (which I don't see).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

}

// Hasher returns a PADHasher.
func Hasher(h string) (PADHasher, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe rename to NewHasher or GetHasher?

hashers[h] = f()
}

// Hasher returns a PADHasher.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

returns a registered PADHasher identified by the given string. If no such PADHasher exists, it returns an error.

const (
// CONIKSHasher is the identity of the hashing algorithm
// specified in the CONIKSHasher paper.
CONIKSHasher = "CONIKS Hasher"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder, if there will be different hashers, shouldn't be a central place of identifiers? I always thought we are only swapping the underlying hash function, but all these hashers will be "CONIKS Hashers".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea is each hasher implementation should have its own ID declared in its own package. But you're right, we should have a central place of identifiers which includes our "standard" hash schemes, and "CONIKS Hasher" should be replaced by something like "SHA256-xxxx".

@vqhuy vqhuy force-pushed the gh06 branch 2 times, most recently from 34ac0a9 to b7b8da6 Compare October 26, 2017 16:49
vqhuy added 2 commits October 26, 2017 18:50
…eir own hash function.

* Convert the default hash function to SHA-512/256

* Part of #50

Credit to KT's team
@gdbelvin
Copy link

Glad to see this PR moving forward! Thanks @liamsi and @c633.
I'll ask the Trillian team if we can use a [32]byte under the hood for consistency. Perhaps we can get some test vectors for cross verification?

@vqhuy
Copy link
Member Author

vqhuy commented Oct 26, 2017

Perhaps we can get some test vectors for cross verification?

We would love to do that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants