Last week, I presented the five finalist candidates for the new SHA-3 standard. I this final article, I look at testing them on Mac OS X and compare their results.

For its source of secure hashes, MacOS X relies on the OpenSSL library. That open-source library supplies MD-5 and SHA-1, but not SHA-2. This is because Apple bundles version 0.98 of the library. Version 1.0 of the same library has the SHA-2 support.

But what if we want to use SHA-3 to process an NSString object? We could add the functions themselves to the Cocoa project, then convert and pass the NSString data as a byte stream. This can get tedious, especially when lots of NSString objects have to be processed. A more elegant way is to implement the SHA-3 functions as a category.

The category mechanism is a unique yet effective way to extend an Objective-C class. With categories, we can add new methods to the class, as well as override existing methods. The methods are built separately and are attached to the class at runtime. Unlike protocols, categories can be implemented without subclassing the target class. Unlike subclassing, categories do not need prior knowledge of the class' source code.

Listing One describes the header file for the category SHA3Category. It begins by importing the header files from each of the five SHA-3 candidates (lines 1-5). Then it declares the enum constant SHA3Type (lines 8-10), assigning a unique id to each candidate. Next, the @interface header sets the target class and the category name (line 13). And the @interface block declares the method prototype sha3hash: (line 16). The method is to accept an NSInteger as input and return an NSData as output.

Listing One: The header file for SHA3.

#import "blake_ref.h"
#import "Groestl-ref.h"
#import "jh_ref.h"
#import "KeccakNISTInterface.h"
#import "skein.h"

// -- CATEGORY:CONSTANTS
enum SHA3Type 
    {TypeBlake = 16, TypeGrostl = 32, TypeJH = 64, 
        TypeKeccak = 128, TypeSkein = 256};

// -- CATEGORY:INTERFACE
@interface NSString (SHA3Category)

// methods:declaration
- (NSData *)sha3Hash:(NSInteger)aTyp;

@end

Listing Two shows how the SHA3Category is implemented. Here, too, the @implementation header names the target class and category (line 4). As for the sha3hash: method, it starts by extracting the NSString data and converts it into a stream of character bytes (tMsg, lines 15-17). Then it allocates space for the local variable tDig, which will hold the hash value (line 23). For purposes of this article, sha3hash: only generates a 256-bit hash.

Listing Two: Implementing SHA3Category

#import "SHA3Category.h"

// -- CATEGORY:IMPLEMENTATION
@implementation NSString (SHA3Category)

// Generate an SHA-3 hash
- (NSData *)sha3Hash:(NSInteger)aTyp
{
    NSData *tHsh, *tDat;
    unsigned char *tMsg, *tDig;
	unsigned int tChk;
	unsigned tSiz;
    
    // prepare the message data for hashing
    tDat = [self dataUsingEncoding:NSUTF8StringEncoding];
 	tMsg = (unsigned char*)[tDat bytes];
	tSiz = [tDat length];
	
	// set the default return value
	tHsh = [NSData data];
	
	// create the hash buffer
	tDig = (unsigned char*)malloc(sizeof(unsigned char)*32);
	
    // identify the hash type
    switch (aTyp)
    {
        case TypeBlake:
            // -- sha-3:Blake
			tChk = HashBlake(256, tMsg, tSiz, tDig);
			if (tChk == BLAKE_SUCCESS)
			{
				tSiz = strlen((const char*)tDig);
				tHsh = [NSData dataWithBytes:tDig length:tSiz];
			}
            break;
			
        case TypeGrostl:
            // -- sha-3:Grostl
			tChk = HashGrostl(256, tMsg, tSiz, tDig);
			if (tChk == GROSTL_SUCCESS)
			{
				tSiz = strlen((const char*)tDig);
				tHsh = [NSData dataWithBytes:tDig length:tSiz];
			}
			break;
			
        case TypeJH:
            // -- sha-3:JH
			tChk = HashJH(256, tMsg, tSiz, tDig);
			if (tChk == JH_SUCCESS)
			{
				tSiz = strlen((const char*)tDig);
				tHsh = [NSData dataWithBytes:tDig length:tSiz];
			}
            break;
			
        case TypeKeccak:
            // -- sha-3:Keccak
			tChk = HashKeccak(256, tMsg, tSiz, tDig);
			if (tChk == KECCAK_SUCCESS)
			{
				tSiz = strlen((const char*)tDig);
				tHsh = [NSData dataWithBytes:tDig length:tSiz];
			}
            break;
        case TypeSkein:
            // -- sha-3:Skein
			tChk = HashSkein(256, tMsg, tSiz, tDig);
			if (tChk == SKEIN_SUCCESS)
			{
				tSiz = strlen((const char*)tDig);
				tHsh = [NSData dataWithBytes:tDig length:tSiz];
			}
            break;
        default:
            // -- sha-3:unknown
            // RESERVED
    }
    
	// dispose the buffer
	free(tDig);
	
    // return the hash results
    return (tHsh);
}

@end

Next, sha3hash: uses the argument aTyp to identify the chosen SHA-3 function. It then calls the function, passing for input the message stream, its size, and the tDig local (lines 26-79). If the function is successful, sha3hash: packages the hash value into an NSData object (tHsh). It frees the memory used by tDig and returns the NSData object as the result (lines 82-85).

Note sha3hash: returns a null NSData object if its aTyp argument has the wrong ID or if the chosen SHA-3 function fails to hash the message data.

Hash Versus Hash

So far, what we knew about each SHA-3 candidate was based on their official specs and on the analysis made by NIST. But how well do these five SHA-3 candidates perform in the real world? And how well do they compare against OpenSSL hash functions?

To find out, we subject the candidates to four basic tests. Our tests use the same message phrase and use the OpenSSL hash functions as points of references. Except for MD-5 and SHA-1, all tests involve 256-bit hash values. The SHA-3 candidates are based on code supplied by their respective authors. The code is not optimized, only altered to address name-space issues.

Tests were done on a MacBook running a 2.4 GHz Intel Core 2 Duo and MacOS X 10.6.4. The message used for the test is the phrase "The big brown fox jumps over the lazy dog."