From 05133a65d7ebe3a59b93103ed5cf1c94ca5fec3b Mon Sep 17 00:00:00 2001 From: "Chayim I. Kirshen" Date: Tue, 3 Aug 2021 09:16:11 +0300 Subject: [PATCH] adding blake2* series of hashes --- Dockerfile | 4 ++-- README.md | 12 +++++++----- src/redicrypt/cryptlib.go | 18 ++++++++++++++++++ src/redicrypt/cryptlib_test.go | 28 ++++++++++++++++++++++++++++ 4 files changed, 55 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0db61fc..6ffe975 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM redis:6.2 as builder +FROM redis:6.2.4 as builder ARG GO_VER=1.16.3 @@ -14,7 +14,7 @@ RUN make all # -------------------------------------------------------- # -FROM redis:6.2 as runner +FROM redis:6.2.4 as runner ARG REDICRYPT_KEY=default ENV REDICRYPT_KEY ${REDICRYPT_KEY} COPY --from=builder /build/dist/redicrypt.so /usr/local/lib/redicrypt.so diff --git a/README.md b/README.md index fe4a886..8dc40bb 100644 --- a/README.md +++ b/README.md @@ -24,15 +24,12 @@ It does this by introducing two new redis commands, one for storing an encrypted * RC.SETHASH - Sets a key to a hashed value. The first argument is the hash type. - eg: RC.SETHASH *sha224* *somekey* *myvalue* -* RC.SETB64 - Set a key to the bsae64 encoded value of the specified string. +* RC.SETB64 - Set a key to the base64 encoded value of the specified string. - eg: RC.SETB64 *somekey* *myvalue* * RC.GETB64 - Get the plaintext value of a base64 encoded redis key. - eg: RC.GETB64 *somekey* -* RC.SETHASH - Sets a key to a hashed value. The first argument is the hash type. - - eg: RC.SETHASH *sha224* *somekey* *myvalue* - ### Supported Hashtypes The following are the supported hashtypes to use with SETHASH. An unsupported type will return a blank string. @@ -43,7 +40,10 @@ The following are the supported hashtypes to use with SETHASH. An unsupported ty 1. sha3-224 1. sha3-256 1. sha3-384 -1. sha3-512 +1. blake2b-256 +1. blake2s-256 +1. blake2s-384 +1. blake2s-512 1. whirlpool ## Usage @@ -62,6 +62,8 @@ REDICRYPT_KEY=12345678901234567890123456789012 redis-server OLD_REDICRYPT_KEY=00000000000000000000000000000000 REDICRYPT_KEY=12345678901234567890123456789012 redis-server ``` +You can also use the [python client](https://github.com/chayim/redicrypt-py). + ---------------------- ## Why it works this way diff --git a/src/redicrypt/cryptlib.go b/src/redicrypt/cryptlib.go index f07a8c4..db509d6 100644 --- a/src/redicrypt/cryptlib.go +++ b/src/redicrypt/cryptlib.go @@ -8,6 +8,8 @@ import ( "crypto/sha256" "encoding/base64" "github.com/jzelinskie/whirlpool" + "golang.org/x/crypto/blake2b" + "golang.org/x/crypto/blake2s" "golang.org/x/crypto/sha3" "io" ) @@ -44,6 +46,22 @@ func Hash(hashName string, hashVal []byte) string { hv := sha3.Sum512(hashVal) return B64Encode(hv[:]) + case hashName == "blake2s-256": + hv := blake2s.Sum256(hashVal) + return B64Encode(hv[:]) + + case hashName == "blake2b-256": + hv := blake2b.Sum256(hashVal) + return B64Encode(hv[:]) + + case hashName == "blake2b-384": + hv := blake2b.Sum384(hashVal) + return B64Encode(hv[:]) + + case hashName == "blake2b-512": + hv := blake2b.Sum512(hashVal) + return B64Encode(hv[:]) + case hashName == "whirlpool": h := whirlpool.New() io.WriteString(h, string(hashVal)) diff --git a/src/redicrypt/cryptlib_test.go b/src/redicrypt/cryptlib_test.go index 222b52d..d05a46f 100644 --- a/src/redicrypt/cryptlib_test.go +++ b/src/redicrypt/cryptlib_test.go @@ -73,6 +73,34 @@ func TestHashing(t *testing.T) { t.Errorf("received %s instead of %s", sha3512, expected) } + // blake3s-256 + blake3s256 := Hash("blake2s-256", phrase) + expected = "rP1TU5-14M6TC1WSE9uHpCfLJpM_GlS-Xevwl0WZYtI=" + if expected != blake3s256 { + t.Errorf("received %s instead of %s", blake3s256, expected) + } + + // blake3b-256 + blake3b256 := Hash("blake2b-256", phrase) + expected = "bmmce1rHuCyz_aqTPuIpLMfe0LV0DAwPYGkExSugKHQ=" + if expected != blake3b256 { + t.Errorf("received %s instead of %s", blake3b256, expected) + } + + // blake3b-384 + blake3b384 := Hash("blake2b-384", phrase) + expected = "LhT_TcaGAXgCVPUMzjoCKuUYXhz9r3SUYS5VNIT_Dmiqcaq7yKJgN7D0WllzbGYq" + if expected != blake3b384 { + t.Errorf("received %s instead of %s", blake3b384, expected) + } + + // blake3b-512 + blake3b512 := Hash("blake2b-512", phrase) + expected = "6lvBMu_bOviGDzOGZWv1_yWaWJsEItvEpS9hOoROkd0-EAmZu00_N6cEOsRfxhkjRCzfRboRLRYZVLz9rokx2w==" + if expected != blake3b512 { + t.Errorf("received %s instead of %s", blake3b512, expected) + } + // whirlpool wp := Hash("whirlpool", phrase) expected = "deuZC3eAkN0lsktV94r_FP0VBdb6ZW_Y5q2qr6g0KGGMuUdDW3zYAOlSWtoW4-DEfbZSkLxHg-iJZl0dV_vZpw=="