[crypto] Refactor HMAC_SHA to eliminate code duplication #11760

pull ldm5180 wants to merge 1 commits into bitcoin:master from ldm5180:generic-hmac_sha changing 8 files +66 −116
  1. ldm5180 commented at 8:06 PM on November 23, 2017: contributor

    Problem:

    • HMAC_SHA256 and HMAC_SHA512 almost the same. Differences are:
      • OUTPUT_SIZE of the hash
      • magic number constants which can be derived from OUTPUT_SIZE
    • Code duplication is error prone and causes maintenance issues.

    Solution:

    • Eliminate magic numbers by making OUTPUT_SIZE a compile-time constant and deriving the other constants from it.
    • Compile-time constants permit container type creation, type-based bounds checking, and range-based iteration instead of run-time branching.
    • Elimination of run-time eval and magic numbers allows templatization to reduce code duplication.
    • Old type names and header files are preserved via using declarations to limit the scope of the change.

    Note:

    • This is a rethink which takes into account the comments from #11735
  2. [crypto] Refactor HMAC_SHA to eliminate code duplication
    Problem:
- HMAC_SHA256 and HMAC_SHA512 almost the same. Differences are:
  - `OUTPUT_SIZE` of the hash
  - magic number constants which can be derived from `OUTPUT_SIZE`
- Code duplication is error prone and causes maintenance issues.

Solution:
- Eliminate magic numbers by making `OUTPUT_SIZE` a compile-time
  constant and deriving the other constants from it.
- Compile-time constants permit container type creation, type-based
  bounds checking, and range-based iteration instead of run-time
  branching.
- Elimination of run-time eval and magic numbers allows templatization
  to reduce code duplication.
- Old type names and header files are preserved via `using`
  declarations to limit the scope of the change.
    4ea5d6a761
  3. laanwj added the label Refactoring on Nov 23, 2017
  4. laanwj commented at 9:32 PM on November 23, 2017: member

    I prefer not touching this code. Crypto code like this is hardly ever changed, so the maintenance argument doesn't really hold. Changing this pretty much just adds risk, and review load.

    I agree with what @sipa said here: #11735 (comment)

    I'm not convinced about the long term goal of eliminating code through templates. Cryptographic code like this is incredibly stable, so the usual reasons for doing refactoring like this (easier maintenance) don't really apply - it's likely possible to not ever touch it.

    So NACK from me, sorry.

    Thanks you that you're trying to contribute, but refactors make very bad initial contributions. If you want to contribute something useful it's better to find an open issue and fix a bug, or add a requested feature.

  5. ldm5180 commented at 9:46 PM on November 23, 2017: contributor

    @laanwj Code always has to be maintained. This is what good testing is for. It allows refactoring with the knowledge that the old behavior is still intact. If there was untested behavior, then we don't really know anyways.

    To address the concern raised by @sipa of eliminating code, this commit does eliminate about 50 lines of purely duplicated code.

  6. sipa commented at 9:48 PM on November 23, 2017: member

    @ldm5180 You misunderstood me. I was arguing that eliminating code is not useful for this specific case.

  7. practicalswift commented at 12:58 PM on November 24, 2017: contributor

    @ldm5180 Regardless of this ends up being merged or not (the crypto code has some special "stability requirements") - very nice cleanup! Great to have you on board and looking forward to seeing future contributions from you! :-)

  8. practicalswift commented at 1:14 PM on November 24, 2017: contributor

    @ldm5180 Saw that you've done some interesting fuzzing of Boost libraries! The Bitcoin fuzzer could be improved a lot so that might be an area where you could make very valuable contributions if you're interested! The problem with the current fuzzer is that it is very shallow – we need the fuzzer to reach deeper into the code base to uncover bugs beyond deserialization issues. Sounds interesting? If so take a look at test_bitcoin_fuzzy.cpp and perhaps @guidovranken's code discussed in #11045 :-)

  9. ldm5180 commented at 2:49 PM on November 24, 2017: contributor

    @practicalswift I will take a look.

  10. MarcoFalke commented at 10:52 PM on November 24, 2017: member

    The general mood seems to indicate that this might be controversial.

    Closing for now.

  11. MarcoFalke closed this on Nov 24, 2017
  12. MarcoFalke locked this on Sep 8, 2021
Contributors
ldm5180laanwjsipapracticalswiftMarcoFalke
Labels
Refactoring
Linked (view graph)
#11735 [refactor] Remove magic numbers from HMAC SHA256
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-22 06:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me