Will need to add XofAlgorithm interface to SHAKEDigest

Specifically, I'm looking for a Winnowing implementation with configurable gram and window size. I could think of other fingerprinting algorithms as well, but first wanted to check if they're eligible to get added, as they're based on hashes, but they're not (cryptographic) hashes themselves.

Currently, caching for CI is hashing all **.gradle.kts files and using that hash as a key. This invalidates the GitHub Action cache whenever a new module is added. This should instead hash only the gradle/libs.versions.toml file such that the PR where a module was added, but other modules were not touched re-uses those unmodified modules' caches.

Add implementations of MD2 and MD4 to module :library:md

This will allow MACs to implement HmacMD2 and HmacMD4

Digest.compress API was modified in core PR #21. Need to update dependency and compress for all implementations once core is published.

Add support for SipHash https://en.wikipedia.org/wiki/SipHash

0.1.0-beta02 adds support for composite builds.

Current naming convention is Sha2IntDigest and Sha2LongDigest. This should be renamed to Bit32Digest and Bit64Digest, respectively. Module names should also be updated to sha2-digest-32 and sha2-digest-64, respectively.

There will be a refactor of these digests to use BigEdian when performing bitwise operations for performance purposes, so it makes sense now name them appropriately now while unrelease.

https://www.blake2.net

xxHash is very fast. Consider supporting it.

According to NIST.SP.800-185 , the extended functions should all have L (desired number of bits to output) as an input to produce variable length output when digest (or doFinal for Macs) is called. It specifies L as an input parameter for producing L / 8 bytes of output. The derived functions KMAC, TupleHash and ParallelHash are to rightEncode this value and then apply it before producing output. When the functions are being utilized as XOFs, this value will be 0 to indicate an arbitrary length.

After looking around at some different implementations (go, rust), I only see the option to utilize SHAKE, CSHAKE and functions derived from CSHAKE, as having the ability to be used as XOFs and skipping the customization of L all together.

As the publication specifies L as a function input, I believe the best course of action is to add the customization via an additional constructor which can be utilized when the default digest length is not wanted.

public class CSHAKE128: SHAKEDigest {
    public constructor(
        N: ByteArray?,
        S: ByteArray?,
        outputByteLength: Int,
        // ...
    )
}

I see in BouncyCastle that they simply have on their Xof interface the doFinal and doOutput functions which provides this functionality, but holy shit does it wreak havoc on the implementations. I am very happy that I went with the XofDelegate route for a clean separation of concerns.

KotlinCrypto/core#15

Will also need to update testing module to properly exercise the update(input, offset, len) method.

#23 refactored modules to combine all SHA2 functions. There's a problem here that I think could rear its head. If someone is already relying on module sha2-256 or sha2-512, it could cause a name clash if/when they import sha2.

To prevent this, sha2-256 and sha2-512 modules should be published, with api dependencies on sha2 to provide Sha256 and Sha512. In order to notify the library consumer that there was a module name change (and to bring the library more in line with other libs), Sha* classes should be renamed to SHA* (all uppercase) and Sha256 and Sha512 should be typealias to SHA256 and SHA512 respectively + deprecation notice on the typealias to let consumers know they should no longer import the sha2-256 and sha2-512 dependencies, but import sha2 instead.

Renaming + typealias should also occur with current Md5 and Sha1 classes.

Currently all modules have to express

kotlin {
    explicitApi()
}

This can be moved to the configureShared extension function in :build-logic

• SHA-224
• SHA-384

Implementations of Digest have copy(state: DigestState) visibility set to public. This should be protected. Not a big deal as there is no way to obtain DigestState outside of calling Digest.copy(), so.

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf

Add ParallelHash128, ParallelHash256, TupleHash128, TupleHash256 algorithms to module sha3

core version 0.3.0-SNAPSHOT is available containing API breaking changes.

See KotlinCrypto/core#48

This issue will require a few things:

• Update import package names for Digest and Xof
• Move MD5 to new module md
• Add md module as dependency for md5 and deprecate md5 module
  • The current md5 module contains a typealias that needs to be removed.
  • By subbing in the md module, it opens up the ability to add, in the future, things like MD2 w/o breakage.
• Remove the org.kotlincrypto.hash.Sha1 typealias

Current implementation has remaining variable subtracting offset from the passed len. This is incorrect and the remaining local variable should actually just be len.

Forgot to add sha2-224 and sha2-384 to :tools:check-publication in #12

This is a reminder to do so before next release.

For release 0.3.0, modules sha2-256 and sha2-512 will no longer be published. They were there for supporting backward compatibility with consumers of 0.1.X versions and will be going away as there has been ample time to heed the deprecation notice.

Instead of copy/pastaing, create abstraction modules:

• sha2-digest-int for SHA-224 and SHA-256
• sha2-digest-long for SHA-384 and SHA-512

Add constants to each algorithm with its traits, much like primitives, such as Byte.SIZE_BITS or Int.SIZE_BYTES

e.g.

public class MD5: Digest {

    // ...

    public companion object {
        public const val NAME: String = "MD5"
        public const val BLOCK_SIZE: Int = 64
        public const val LENGTH_BYTES: Int = 16
        public const val LENGTH_BITS: Int = LENGTH_BYTES * Byte.SIZE_BITS
    }
}

Current code is too modularized, highly regarded. The only thing changing are inputs/outputs.

Merge everything into sha2 module. Same for sha3.