[Cryptech Tech] Padding in hash cores?

Joachim Strömbergson joachim at secworks.se
Thu Feb 6 08:59:42 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

The current HW implementation of SHA-256 (and SHA-1) do not pad the
message, but expects that the caller pads the message. Basically the
core supports an initial message block followed by zero or more message
blocks. For each block the core calculates and returns the digest. The
caller therefore needs to pad the last block according to FIPS 180-4 if
the result are going to be compatible with the standard.

I've seen the padding as a low complexity operation done at the end of a
message that SW can handle, SW that probably anyway needs to keep track
of the message length. This separation removes some complexity in the HW
by being message length agnostic.

But is this what SW would expect from a HSM providing hashing? I would
assume that a HSM containing both HW and SW parts would do this
separation of duties. When you (SW developers) in the project think
about the architecture, what are your expectations?

Do you want to handle the padding or just divide the messsage into
blocks and for the final block just inform the core that it is the last
block and how much data that block contains?

Adding padding functionality is not a very big thing. I basically need
to add "final" and "length" ports to allow the caller to inform the core
that the current block loaded is the final block and should be padded
with a variable number of zeros and the length information. Basicallly
an extra MUX and some gates in between the input to the block word
scheduler.

We could add this later to the cores, but getting these kinds of
partitioning decisions done early is imho good.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJS807+AAoJEF3cfFQkIuyN2pMP/2TcgWXNCB7I5seQjVwdcbnG
KaF10ICX6Nw2b58k+KvV20660bXufWqAQGQQNLRoMXfJqgcKhemrI+8pr24AAqzl
kwDxdcaYn+nvhc1fJAw86TGxi9MCOUWxnuf4Kom6Nu2yYMgtcxi33mgsBJMg8i4Y
2zdlO3gCRcGh2ipHVdSrVre+45eUQ/mfCRydBEbLswgRMuPgfDoY0j9fm7yWKhsx
GqDLtVxD1dsh/GGD+MOuZDm22pUquB0Eap6Uo5VVyWP3nbmJxr+xXHlfzwLy6O8M
v855G9ptNToOR8bpRop1y9NxG5nRWOysK+tWX5sLUUfH4TwHf1jopa0McswIj2Wh
lu4AqulnrMS4Ms6CG/2qaO6sVmmf/6SZLcdyjlR1pkkuMI9D6TFdnhG84MWM38Ej
WQ5GSoB/T0L+03yNaN0Eehb+2CIWyWI24IEr3dRoA18OomvQvaD6IK9SpCFTnxmm
uAdRl+ldyf8llHyDgpML0YSC6ZdewLu0yecw2PqJRLbkcqztOppqLRGr+sKO7SZM
KlTMasA6RhmrFFdt//2hHASFuItCnu1LNobGKGNQ5Z7/IHYaeAHRw2aUOLpZ48mg
oD0efAufGQoyhBFImjq2dkw6KrEgJr77IJMxQJQdIc3/wpAo00MJlafRN2ypUaf1
l5XF2yrjXk5GkiJJ0OR/
=643Y
-----END PGP SIGNATURE-----



More information about the Tech mailing list