diff options
Diffstat (limited to 'third_party/rust/digest/src')
-rw-r--r-- | third_party/rust/digest/src/core_api.rs | 119 | ||||
-rw-r--r-- | third_party/rust/digest/src/core_api/ct_variable.rs | 204 | ||||
-rw-r--r-- | third_party/rust/digest/src/core_api/rt_variable.rs | 166 | ||||
-rw-r--r-- | third_party/rust/digest/src/core_api/wrapper.rs | 290 | ||||
-rw-r--r-- | third_party/rust/digest/src/core_api/xof_reader.rs | 63 | ||||
-rw-r--r-- | third_party/rust/digest/src/dev.rs | 78 | ||||
-rw-r--r-- | third_party/rust/digest/src/dev/fixed.rs | 65 | ||||
-rw-r--r-- | third_party/rust/digest/src/dev/mac.rs | 159 | ||||
-rw-r--r-- | third_party/rust/digest/src/dev/rng.rs | 38 | ||||
-rw-r--r-- | third_party/rust/digest/src/dev/variable.rs | 82 | ||||
-rw-r--r-- | third_party/rust/digest/src/dev/xof.rs | 51 | ||||
-rw-r--r-- | third_party/rust/digest/src/digest.rs | 236 | ||||
-rw-r--r-- | third_party/rust/digest/src/lib.rs | 301 | ||||
-rw-r--r-- | third_party/rust/digest/src/mac.rs | 305 |
14 files changed, 2157 insertions, 0 deletions
diff --git a/third_party/rust/digest/src/core_api.rs b/third_party/rust/digest/src/core_api.rs new file mode 100644 index 0000000000..2cf384efe7 --- /dev/null +++ b/third_party/rust/digest/src/core_api.rs @@ -0,0 +1,119 @@ +//! Low-level traits operating on blocks and wrappers around them. +//! +//! Usage of traits in this module in user code is discouraged. Instead use +//! core algorithm wrapped by the wrapper types, which implement the +//! higher-level traits. +use crate::InvalidOutputSize; + +pub use crypto_common::{AlgorithmName, Block, BlockSizeUser, OutputSizeUser, Reset}; + +use block_buffer::{BlockBuffer, BufferKind}; +use crypto_common::{ + typenum::{IsLess, Le, NonZero, U256}, + Output, +}; + +mod ct_variable; +mod rt_variable; +mod wrapper; +mod xof_reader; + +pub use ct_variable::CtVariableCoreWrapper; +pub use rt_variable::RtVariableCoreWrapper; +pub use wrapper::{CoreProxy, CoreWrapper}; +pub use xof_reader::XofReaderCoreWrapper; + +/// Buffer type used by type which implements [`BufferKindUser`]. +pub type Buffer<S> = + BlockBuffer<<S as BlockSizeUser>::BlockSize, <S as BufferKindUser>::BufferKind>; + +/// Types which consume data in blocks. +pub trait UpdateCore: BlockSizeUser { + /// Update state using the provided data blocks. + fn update_blocks(&mut self, blocks: &[Block<Self>]); +} + +/// Types which use [`BlockBuffer`] functionality. +pub trait BufferKindUser: BlockSizeUser { + /// Block buffer kind over which type operates. + type BufferKind: BufferKind; +} + +/// Core trait for hash functions with fixed output size. +pub trait FixedOutputCore: UpdateCore + BufferKindUser + OutputSizeUser +where + Self::BlockSize: IsLess<U256>, + Le<Self::BlockSize, U256>: NonZero, +{ + /// Finalize state using remaining data stored in the provided block buffer, + /// write result into provided array and leave `self` in a dirty state. + fn finalize_fixed_core(&mut self, buffer: &mut Buffer<Self>, out: &mut Output<Self>); +} + +/// Core trait for hash functions with extendable (XOF) output size. +pub trait ExtendableOutputCore: UpdateCore + BufferKindUser +where + Self::BlockSize: IsLess<U256>, + Le<Self::BlockSize, U256>: NonZero, +{ + /// XOF reader core state. + type ReaderCore: XofReaderCore; + + /// Retrieve XOF reader using remaining data stored in the block buffer + /// and leave hasher in a dirty state. + fn finalize_xof_core(&mut self, buffer: &mut Buffer<Self>) -> Self::ReaderCore; +} + +/// Core reader trait for extendable-output function (XOF) result. +pub trait XofReaderCore: BlockSizeUser { + /// Read next XOF block. + fn read_block(&mut self) -> Block<Self>; +} + +/// Core trait for hash functions with variable output size. +/// +/// Maximum output size is equal to [`OutputSizeUser::OutputSize`]. +/// Users are expected to truncate result returned by the +/// [`finalize_variable_core`] to `output_size` passed to the [`new`] method +/// during construction. Truncation side is defined by the [`TRUNC_SIDE`] +/// associated constant. +/// +/// [`finalize_variable_core`]: VariableOutputCore::finalize_variable_core +/// [`new`]: VariableOutputCore::new +/// [`TRUNC_SIDE`]: VariableOutputCore::TRUNC_SIDE +pub trait VariableOutputCore: UpdateCore + OutputSizeUser + BufferKindUser + Sized +where + Self::BlockSize: IsLess<U256>, + Le<Self::BlockSize, U256>: NonZero, +{ + /// Side which should be used in a truncated result. + const TRUNC_SIDE: TruncSide; + + /// Initialize hasher state for given output size. + /// + /// Returns [`InvalidOutputSize`] if `output_size` is not valid for + /// the algorithm, e.g. if it's bigger than the [`OutputSize`] + /// associated type. + /// + /// [`OutputSize`]: OutputSizeUser::OutputSize + fn new(output_size: usize) -> Result<Self, InvalidOutputSize>; + + /// Finalize hasher and write full hashing result into the `out` buffer. + /// + /// The result must be truncated to `output_size` used during hasher + /// construction. Truncation side is defined by the [`TRUNC_SIDE`] + /// associated constant. + /// + /// [`TRUNC_SIDE`]: VariableOutputCore::TRUNC_SIDE + fn finalize_variable_core(&mut self, buffer: &mut Buffer<Self>, out: &mut Output<Self>); +} + +/// Type which used for defining truncation side in the [`VariableOutputCore`] +/// trait. +#[derive(Copy, Clone, Debug)] +pub enum TruncSide { + /// Truncate left side, i.e. `&out[..n]`. + Left, + /// Truncate right side, i.e. `&out[m..]`. + Right, +} diff --git a/third_party/rust/digest/src/core_api/ct_variable.rs b/third_party/rust/digest/src/core_api/ct_variable.rs new file mode 100644 index 0000000000..7ee1bed0af --- /dev/null +++ b/third_party/rust/digest/src/core_api/ct_variable.rs @@ -0,0 +1,204 @@ +use super::{ + AlgorithmName, Buffer, BufferKindUser, FixedOutputCore, Reset, TruncSide, UpdateCore, + VariableOutputCore, +}; +use crate::HashMarker; +#[cfg(feature = "mac")] +use crate::MacMarker; +#[cfg(feature = "oid")] +use const_oid::{AssociatedOid, ObjectIdentifier}; +use core::{fmt, marker::PhantomData}; +use crypto_common::{ + generic_array::{ArrayLength, GenericArray}, + typenum::{IsLess, IsLessOrEqual, Le, LeEq, NonZero, U256}, + Block, BlockSizeUser, OutputSizeUser, +}; + +/// Dummy type used with [`CtVariableCoreWrapper`] in cases when +/// resulting hash does not have a known OID. +#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)] +pub struct NoOid; + +/// Wrapper around [`VariableOutputCore`] which selects output size +/// at compile time. +#[derive(Clone)] +pub struct CtVariableCoreWrapper<T, OutSize, O = NoOid> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + inner: T, + _out: PhantomData<(OutSize, O)>, +} + +impl<T, OutSize, O> HashMarker for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore + HashMarker, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ +} + +#[cfg(feature = "mac")] +impl<T, OutSize, O> MacMarker for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore + MacMarker, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ +} + +impl<T, OutSize, O> BlockSizeUser for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + type BlockSize = T::BlockSize; +} + +impl<T, OutSize, O> UpdateCore for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn update_blocks(&mut self, blocks: &[Block<Self>]) { + self.inner.update_blocks(blocks); + } +} + +impl<T, OutSize, O> OutputSizeUser for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize> + 'static, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + type OutputSize = OutSize; +} + +impl<T, OutSize, O> BufferKindUser for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + type BufferKind = T::BufferKind; +} + +impl<T, OutSize, O> FixedOutputCore for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize> + 'static, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn finalize_fixed_core( + &mut self, + buffer: &mut Buffer<Self>, + out: &mut GenericArray<u8, Self::OutputSize>, + ) { + let mut full_res = Default::default(); + self.inner.finalize_variable_core(buffer, &mut full_res); + let n = out.len(); + let m = full_res.len() - n; + match T::TRUNC_SIDE { + TruncSide::Left => out.copy_from_slice(&full_res[..n]), + TruncSide::Right => out.copy_from_slice(&full_res[m..]), + } + } +} + +impl<T, OutSize, O> Default for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn default() -> Self { + Self { + inner: T::new(OutSize::USIZE).unwrap(), + _out: PhantomData, + } + } +} + +impl<T, OutSize, O> Reset for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn reset(&mut self) { + *self = Default::default(); + } +} + +impl<T, OutSize, O> AlgorithmName for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore + AlgorithmName, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result { + T::write_alg_name(f)?; + f.write_str("_")?; + write!(f, "{}", OutSize::USIZE) + } +} + +#[cfg(feature = "oid")] +#[cfg_attr(docsrs, doc(cfg(feature = "oid")))] +impl<T, OutSize, O> AssociatedOid for CtVariableCoreWrapper<T, OutSize, O> +where + T: VariableOutputCore, + O: AssociatedOid, + OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>, + LeEq<OutSize, T::OutputSize>: NonZero, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + const OID: ObjectIdentifier = O::OID; +} + +/// Implement dummy type with hidden docs which is used to "carry" hasher +/// OID for [`CtVariableCoreWrapper`]. +#[macro_export] +macro_rules! impl_oid_carrier { + ($name:ident, $oid:literal) => { + #[doc(hidden)] + #[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)] + pub struct $name; + + #[cfg(feature = "oid")] + impl AssociatedOid for $name { + const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap($oid); + } + }; +} diff --git a/third_party/rust/digest/src/core_api/rt_variable.rs b/third_party/rust/digest/src/core_api/rt_variable.rs new file mode 100644 index 0000000000..3dae748f5c --- /dev/null +++ b/third_party/rust/digest/src/core_api/rt_variable.rs @@ -0,0 +1,166 @@ +use super::{AlgorithmName, TruncSide, UpdateCore, VariableOutputCore}; +#[cfg(feature = "mac")] +use crate::MacMarker; +use crate::{HashMarker, InvalidBufferSize}; +use crate::{InvalidOutputSize, Reset, Update, VariableOutput, VariableOutputReset}; +use block_buffer::BlockBuffer; +use core::fmt; +use crypto_common::typenum::{IsLess, Le, NonZero, Unsigned, U256}; + +/// Wrapper around [`VariableOutputCore`] which selects output size +/// at run time. +#[derive(Clone)] +pub struct RtVariableCoreWrapper<T> +where + T: VariableOutputCore + UpdateCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + core: T, + buffer: BlockBuffer<T::BlockSize, T::BufferKind>, + output_size: usize, +} + +impl<T> RtVariableCoreWrapper<T> +where + T: VariableOutputCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn finalize_dirty(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize> { + let Self { + core, + buffer, + output_size, + } = self; + if out.len() != *output_size || out.len() > Self::MAX_OUTPUT_SIZE { + return Err(InvalidBufferSize); + } + let mut full_res = Default::default(); + core.finalize_variable_core(buffer, &mut full_res); + let n = out.len(); + let m = full_res.len() - n; + match T::TRUNC_SIDE { + TruncSide::Left => out.copy_from_slice(&full_res[..n]), + TruncSide::Right => out.copy_from_slice(&full_res[m..]), + } + Ok(()) + } +} + +impl<T> HashMarker for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + HashMarker, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ +} + +#[cfg(feature = "mac")] +#[cfg_attr(docsrs, doc(cfg(feature = "mac")))] +impl<T> MacMarker for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + MacMarker, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ +} + +impl<T> Reset for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + UpdateCore + Reset, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn reset(&mut self) { + self.buffer.reset(); + self.core.reset(); + } +} + +impl<T> Update for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + UpdateCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn update(&mut self, input: &[u8]) { + let Self { core, buffer, .. } = self; + buffer.digest_blocks(input, |blocks| core.update_blocks(blocks)); + } +} + +impl<T> VariableOutput for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + UpdateCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + const MAX_OUTPUT_SIZE: usize = T::OutputSize::USIZE; + + fn new(output_size: usize) -> Result<Self, InvalidOutputSize> { + let buffer = Default::default(); + T::new(output_size).map(|core| Self { + core, + buffer, + output_size, + }) + } + + fn output_size(&self) -> usize { + self.output_size + } + + fn finalize_variable(mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize> { + self.finalize_dirty(out) + } +} + +impl<T> VariableOutputReset for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + UpdateCore + Reset, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + fn finalize_variable_reset(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize> { + self.finalize_dirty(out)?; + self.core.reset(); + self.buffer.reset(); + Ok(()) + } +} + +impl<T> fmt::Debug for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + UpdateCore + AlgorithmName, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + T::write_alg_name(f)?; + f.write_str(" { .. }") + } +} + +#[cfg(feature = "std")] +#[cfg_attr(docsrs, doc(cfg(feature = "std")))] +impl<T> std::io::Write for RtVariableCoreWrapper<T> +where + T: VariableOutputCore + UpdateCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> { + Update::update(self, buf); + Ok(buf.len()) + } + + #[inline] + fn flush(&mut self) -> std::io::Result<()> { + Ok(()) + } +} diff --git a/third_party/rust/digest/src/core_api/wrapper.rs b/third_party/rust/digest/src/core_api/wrapper.rs new file mode 100644 index 0000000000..ca977381e2 --- /dev/null +++ b/third_party/rust/digest/src/core_api/wrapper.rs @@ -0,0 +1,290 @@ +use super::{ + AlgorithmName, Buffer, BufferKindUser, ExtendableOutputCore, FixedOutputCore, OutputSizeUser, + Reset, UpdateCore, XofReaderCoreWrapper, +}; +use crate::{ + ExtendableOutput, ExtendableOutputReset, FixedOutput, FixedOutputReset, HashMarker, Update, +}; +use block_buffer::BlockBuffer; +use core::fmt; +use crypto_common::{ + typenum::{IsLess, Le, NonZero, U256}, + BlockSizeUser, InvalidLength, Key, KeyInit, KeySizeUser, Output, +}; + +#[cfg(feature = "mac")] +use crate::MacMarker; +#[cfg(feature = "oid")] +use const_oid::{AssociatedOid, ObjectIdentifier}; + +/// Wrapper around [`BufferKindUser`]. +/// +/// It handles data buffering and implements the slice-based traits. +#[derive(Clone, Default)] +pub struct CoreWrapper<T> +where + T: BufferKindUser, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + core: T, + buffer: BlockBuffer<T::BlockSize, T::BufferKind>, +} + +impl<T> HashMarker for CoreWrapper<T> +where + T: BufferKindUser + HashMarker, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ +} + +#[cfg(feature = "mac")] +#[cfg_attr(docsrs, doc(cfg(feature = "mac")))] +impl<T> MacMarker for CoreWrapper<T> +where + T: BufferKindUser + MacMarker, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ +} + +// this blanket impl is needed for HMAC +impl<T> BlockSizeUser for CoreWrapper<T> +where + T: BufferKindUser + HashMarker, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + type BlockSize = T::BlockSize; +} + +impl<T> CoreWrapper<T> +where + T: BufferKindUser, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + /// Create new wrapper from `core`. + #[inline] + pub fn from_core(core: T) -> Self { + let buffer = Default::default(); + Self { core, buffer } + } + + /// Decompose wrapper into inner parts. + #[inline] + pub fn decompose(self) -> (T, Buffer<T>) { + let Self { core, buffer } = self; + (core, buffer) + } +} + +impl<T> KeySizeUser for CoreWrapper<T> +where + T: BufferKindUser + KeySizeUser, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + type KeySize = T::KeySize; +} + +impl<T> KeyInit for CoreWrapper<T> +where + T: BufferKindUser + KeyInit, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn new(key: &Key<Self>) -> Self { + Self { + core: T::new(key), + buffer: Default::default(), + } + } + + #[inline] + fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength> { + Ok(Self { + core: T::new_from_slice(key)?, + buffer: Default::default(), + }) + } +} + +impl<T> fmt::Debug for CoreWrapper<T> +where + T: BufferKindUser + AlgorithmName, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + T::write_alg_name(f)?; + f.write_str(" { .. }") + } +} + +impl<T> Reset for CoreWrapper<T> +where + T: BufferKindUser + Reset, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn reset(&mut self) { + self.core.reset(); + self.buffer.reset(); + } +} + +impl<T> Update for CoreWrapper<T> +where + T: BufferKindUser + UpdateCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn update(&mut self, input: &[u8]) { + let Self { core, buffer } = self; + buffer.digest_blocks(input, |blocks| core.update_blocks(blocks)); + } +} + +impl<T> OutputSizeUser for CoreWrapper<T> +where + T: BufferKindUser + OutputSizeUser, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + type OutputSize = T::OutputSize; +} + +impl<T> FixedOutput for CoreWrapper<T> +where + T: FixedOutputCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn finalize_into(mut self, out: &mut Output<Self>) { + let Self { core, buffer } = &mut self; + core.finalize_fixed_core(buffer, out); + } +} + +impl<T> FixedOutputReset for CoreWrapper<T> +where + T: FixedOutputCore + Reset, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn finalize_into_reset(&mut self, out: &mut Output<Self>) { + let Self { core, buffer } = self; + core.finalize_fixed_core(buffer, out); + core.reset(); + buffer.reset(); + } +} + +impl<T> ExtendableOutput for CoreWrapper<T> +where + T: ExtendableOutputCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, + <T::ReaderCore as BlockSizeUser>::BlockSize: IsLess<U256>, + Le<<T::ReaderCore as BlockSizeUser>::BlockSize, U256>: NonZero, +{ + type Reader = XofReaderCoreWrapper<T::ReaderCore>; + + #[inline] + fn finalize_xof(self) -> Self::Reader { + let (mut core, mut buffer) = self.decompose(); + let core = core.finalize_xof_core(&mut buffer); + let buffer = Default::default(); + Self::Reader { core, buffer } + } +} + +impl<T> ExtendableOutputReset for CoreWrapper<T> +where + T: ExtendableOutputCore + Reset, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, + <T::ReaderCore as BlockSizeUser>::BlockSize: IsLess<U256>, + Le<<T::ReaderCore as BlockSizeUser>::BlockSize, U256>: NonZero, +{ + #[inline] + fn finalize_xof_reset(&mut self) -> Self::Reader { + let Self { core, buffer } = self; + let reader_core = core.finalize_xof_core(buffer); + core.reset(); + buffer.reset(); + let buffer = Default::default(); + Self::Reader { + core: reader_core, + buffer, + } + } +} + +#[cfg(feature = "oid")] +#[cfg_attr(docsrs, doc(cfg(feature = "oid")))] +impl<T> AssociatedOid for CoreWrapper<T> +where + T: BufferKindUser + AssociatedOid, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + const OID: ObjectIdentifier = T::OID; +} + +#[cfg(feature = "std")] +#[cfg_attr(docsrs, doc(cfg(feature = "std")))] +impl<T> std::io::Write for CoreWrapper<T> +where + T: BufferKindUser + UpdateCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> { + Update::update(self, buf); + Ok(buf.len()) + } + + #[inline] + fn flush(&mut self) -> std::io::Result<()> { + Ok(()) + } +} + +/// A proxy trait to a core type implemented by [`CoreWrapper`] +// TODO: replace with an inherent associated type on stabilization: +// https://github.com/rust-lang/rust/issues/8995 +pub trait CoreProxy: sealed::Sealed { + /// Type wrapped by [`CoreWrapper`]. + type Core; +} + +mod sealed { + pub trait Sealed {} +} + +impl<T> sealed::Sealed for CoreWrapper<T> +where + T: BufferKindUser, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ +} + +impl<T> CoreProxy for CoreWrapper<T> +where + T: BufferKindUser, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + type Core = T; +} diff --git a/third_party/rust/digest/src/core_api/xof_reader.rs b/third_party/rust/digest/src/core_api/xof_reader.rs new file mode 100644 index 0000000000..e18ac133a6 --- /dev/null +++ b/third_party/rust/digest/src/core_api/xof_reader.rs @@ -0,0 +1,63 @@ +use super::{AlgorithmName, XofReaderCore}; +use crate::XofReader; +use block_buffer::EagerBuffer; +use core::fmt; +use crypto_common::typenum::{IsLess, Le, NonZero, U256}; + +/// Wrapper around [`XofReaderCore`] implementations. +/// +/// It handles data buffering and implements the mid-level traits. +#[derive(Clone, Default)] +pub struct XofReaderCoreWrapper<T> +where + T: XofReaderCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + pub(super) core: T, + pub(super) buffer: EagerBuffer<T::BlockSize>, +} + +impl<T> fmt::Debug for XofReaderCoreWrapper<T> +where + T: XofReaderCore + AlgorithmName, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + T::write_alg_name(f)?; + f.write_str(" { .. }") + } +} + +impl<T> XofReader for XofReaderCoreWrapper<T> +where + T: XofReaderCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn read(&mut self, buffer: &mut [u8]) { + let Self { core, buffer: buf } = self; + buf.set_data(buffer, |blocks| { + for block in blocks { + *block = core.read_block(); + } + }); + } +} + +#[cfg(feature = "std")] +#[cfg_attr(docsrs, doc(cfg(feature = "std")))] +impl<T> std::io::Read for XofReaderCoreWrapper<T> +where + T: XofReaderCore, + T::BlockSize: IsLess<U256>, + Le<T::BlockSize, U256>: NonZero, +{ + #[inline] + fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> { + XofReader::read(self, buf); + Ok(buf.len()) + } +} diff --git a/third_party/rust/digest/src/dev.rs b/third_party/rust/digest/src/dev.rs new file mode 100644 index 0000000000..4380895747 --- /dev/null +++ b/third_party/rust/digest/src/dev.rs @@ -0,0 +1,78 @@ +//! Development-related functionality + +pub use blobby; + +mod fixed; +mod mac; +mod rng; +mod variable; +mod xof; + +pub use fixed::*; +pub use mac::*; +pub use variable::*; +pub use xof::*; + +/// Define hash function test +#[macro_export] +#[cfg_attr(docsrs, doc(cfg(feature = "dev")))] +macro_rules! new_test { + ($name:ident, $test_name:expr, $hasher:ty, $test_func:ident $(,)?) => { + #[test] + fn $name() { + use digest::dev::blobby::Blob2Iterator; + let data = include_bytes!(concat!("data/", $test_name, ".blb")); + + for (i, row) in Blob2Iterator::new(data).unwrap().enumerate() { + let [input, output] = row.unwrap(); + if let Some(desc) = $test_func::<$hasher>(input, output) { + panic!( + "\n\ + Failed test №{}: {}\n\ + input:\t{:?}\n\ + output:\t{:?}\n", + i, desc, input, output, + ); + } + } + } + }; +} + +/// Define [`Update`][crate::Update] impl benchmark +#[macro_export] +#[cfg_attr(docsrs, doc(cfg(feature = "dev")))] +macro_rules! bench_update { + ( + $init:expr; + $($name:ident $bs:expr;)* + ) => { + $( + #[bench] + fn $name(b: &mut Bencher) { + let mut d = $init; + let data = [0; $bs]; + + b.iter(|| { + digest::Update::update(&mut d, &data[..]); + }); + + b.bytes = $bs; + } + )* + }; +} + +/// Feed ~1 MiB of pseudorandom data to an updatable state. +pub fn feed_rand_16mib<D: crate::Update>(d: &mut D) { + let buf = &mut [0u8; 1024]; + let mut rng = rng::RNG; + let n = 16 * (1 << 20) / buf.len(); + for _ in 0..n { + rng.fill(buf); + d.update(buf); + // additional byte, so size of fed data + // will not be multiple of block size + d.update(&[42]); + } +} diff --git a/third_party/rust/digest/src/dev/fixed.rs b/third_party/rust/digest/src/dev/fixed.rs new file mode 100644 index 0000000000..24f380112d --- /dev/null +++ b/third_party/rust/digest/src/dev/fixed.rs @@ -0,0 +1,65 @@ +use crate::{Digest, FixedOutput, FixedOutputReset, HashMarker, Update}; +use core::fmt::Debug; + +/// Fixed-output resettable digest test via the `Digest` trait +pub fn fixed_reset_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str> +where + D: FixedOutputReset + Debug + Clone + Default + Update + HashMarker, +{ + let mut hasher = D::new(); + // Test that it works when accepting the message all at once + hasher.update(input); + let mut hasher2 = hasher.clone(); + if hasher.finalize()[..] != output[..] { + return Some("whole message"); + } + + // Test if reset works correctly + hasher2.reset(); + hasher2.update(input); + if hasher2.finalize_reset()[..] != output[..] { + return Some("whole message after reset"); + } + + // Test that it works when accepting the message in chunks + for n in 1..core::cmp::min(17, input.len()) { + let mut hasher = D::new(); + for chunk in input.chunks(n) { + hasher.update(chunk); + hasher2.update(chunk); + } + if hasher.finalize()[..] != output[..] { + return Some("message in chunks"); + } + if hasher2.finalize_reset()[..] != output[..] { + return Some("message in chunks"); + } + } + + None +} + +/// Variable-output resettable digest test +pub fn fixed_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str> +where + D: FixedOutput + Default + Debug + Clone, +{ + let mut hasher = D::default(); + // Test that it works when accepting the message all at once + hasher.update(input); + if hasher.finalize_fixed()[..] != output[..] { + return Some("whole message"); + } + + // Test that it works when accepting the message in chunks + for n in 1..core::cmp::min(17, input.len()) { + let mut hasher = D::default(); + for chunk in input.chunks(n) { + hasher.update(chunk); + } + if hasher.finalize_fixed()[..] != output[..] { + return Some("message in chunks"); + } + } + None +} diff --git a/third_party/rust/digest/src/dev/mac.rs b/third_party/rust/digest/src/dev/mac.rs new file mode 100644 index 0000000000..0d4a37dfce --- /dev/null +++ b/third_party/rust/digest/src/dev/mac.rs @@ -0,0 +1,159 @@ +/// Define MAC test +#[macro_export] +#[cfg(feature = "mac")] +#[cfg_attr(docsrs, doc(cfg(all(feature = "dev", feature = "mac"))))] +macro_rules! new_mac_test { + ($name:ident, $test_name:expr, $mac:ty $(,)?) => { + digest::new_mac_test!($name, $test_name, $mac, ""); + }; + ($name:ident, $test_name:expr, $mac:ty, trunc_left $(,)?) => { + digest::new_mac_test!($name, $test_name, $mac, "left"); + }; + ($name:ident, $test_name:expr, $mac:ty, trunc_right $(,)?) => { + digest::new_mac_test!($name, $test_name, $mac, "right"); + }; + ($name:ident, $test_name:expr, $mac:ty, $trunc:expr $(,)?) => { + #[test] + fn $name() { + use core::cmp::min; + use digest::dev::blobby::Blob3Iterator; + use digest::Mac; + + fn run_test(key: &[u8], input: &[u8], tag: &[u8]) -> Option<&'static str> { + let mac0 = <$mac as Mac>::new_from_slice(key).unwrap(); + + let mut mac = mac0.clone(); + mac.update(input); + let result = mac.finalize().into_bytes(); + let n = tag.len(); + let result_bytes = match $trunc { + "left" => &result[..n], + "right" => &result[result.len() - n..], + _ => &result[..], + }; + if result_bytes != tag { + return Some("whole message"); + } + + // test reading different chunk sizes + for chunk_size in 1..min(64, input.len()) { + let mut mac = mac0.clone(); + for chunk in input.chunks(chunk_size) { + mac.update(chunk); + } + let res = match $trunc { + "left" => mac.verify_truncated_left(tag), + "right" => mac.verify_truncated_right(tag), + _ => mac.verify_slice(tag), + }; + if res.is_err() { + return Some("chunked message"); + } + } + + None + } + + let data = include_bytes!(concat!("data/", $test_name, ".blb")); + + for (i, row) in Blob3Iterator::new(data).unwrap().enumerate() { + let [key, input, tag] = row.unwrap(); + if let Some(desc) = run_test(key, input, tag) { + panic!( + "\n\ + Failed test №{}: {}\n\ + key:\t{:?}\n\ + input:\t{:?}\n\ + tag:\t{:?}\n", + i, desc, key, input, tag, + ); + } + } + } + }; +} + +/// Define resettable MAC test +#[macro_export] +#[cfg(feature = "mac")] +#[cfg_attr(docsrs, doc(cfg(all(feature = "dev", feature = "mac"))))] +macro_rules! new_resettable_mac_test { + ($name:ident, $test_name:expr, $mac:ty $(,)?) => { + digest::new_resettable_mac_test!($name, $test_name, $mac, ""); + }; + ($name:ident, $test_name:expr, $mac:ty, trunc_left $(,)?) => { + digest::new_resettable_mac_test!($name, $test_name, $mac, "left"); + }; + ($name:ident, $test_name:expr, $mac:ty, trunc_right $(,)?) => { + digest::new_resettable_mac_test!($name, $test_name, $mac, "right"); + }; + ($name:ident, $test_name:expr, $mac:ty, $trunc:expr $(,)?) => { + #[test] + fn $name() { + use core::cmp::min; + use digest::dev::blobby::Blob3Iterator; + use digest::Mac; + + fn run_test(key: &[u8], input: &[u8], tag: &[u8]) -> Option<&'static str> { + let mac0 = <$mac as Mac>::new_from_slice(key).unwrap(); + + let mut mac = mac0.clone(); + mac.update(input); + let result = mac.finalize_reset().into_bytes(); + let n = tag.len(); + let result_bytes = match $trunc { + "left" => &result[..n], + "right" => &result[result.len() - n..], + _ => &result[..], + }; + if result_bytes != tag { + return Some("whole message"); + } + + // test if reset worked correctly + mac.update(input); + let res = match $trunc { + "left" => mac.verify_truncated_left(tag), + "right" => mac.verify_truncated_right(tag), + _ => mac.verify_slice(tag), + }; + if res.is_err() { + return Some("after reset"); + } + + // test reading different chunk sizes + for chunk_size in 1..min(64, input.len()) { + let mut mac = mac0.clone(); + for chunk in input.chunks(chunk_size) { + mac.update(chunk); + } + let res = match $trunc { + "left" => mac.verify_truncated_left(tag), + "right" => mac.verify_truncated_right(tag), + _ => mac.verify_slice(tag), + }; + if res.is_err() { + return Some("chunked message"); + } + } + None + } + + let data = include_bytes!(concat!("data/", $test_name, ".blb")); + + for (i, row) in Blob3Iterator::new(data).unwrap().enumerate() { + let [key, input, tag] = row.unwrap(); + if let Some(desc) = run_test(key, input, tag) { + panic!( + "\n\ + Failed test №{}: {}\n\ + key:\t{:?}\n\ + input:\t{:?}\n\ + tag:\t{:?}\n", + i, desc, key, input, tag, + ); + } + } + } + }; +} diff --git a/third_party/rust/digest/src/dev/rng.rs b/third_party/rust/digest/src/dev/rng.rs new file mode 100644 index 0000000000..d34a1cf31f --- /dev/null +++ b/third_party/rust/digest/src/dev/rng.rs @@ -0,0 +1,38 @@ +//! Xorshift RNG used for tests. Based on the `rand_xorshift` crate. +use core::num::Wrapping; + +/// Initial RNG state used in tests. +// chosen by fair dice roll. guaranteed to be random. +pub(crate) const RNG: XorShiftRng = XorShiftRng { + x: Wrapping(0x0787_3B4A), + y: Wrapping(0xFAAB_8FFE), + z: Wrapping(0x1745_980F), + w: Wrapping(0xB0AD_B4F3), +}; + +/// Xorshift RNG instance/ +pub(crate) struct XorShiftRng { + x: Wrapping<u32>, + y: Wrapping<u32>, + z: Wrapping<u32>, + w: Wrapping<u32>, +} + +impl XorShiftRng { + pub(crate) fn fill(&mut self, buf: &mut [u8; 1024]) { + for chunk in buf.chunks_exact_mut(4) { + chunk.copy_from_slice(&self.next_u32().to_le_bytes()); + } + } + + fn next_u32(&mut self) -> u32 { + let x = self.x; + let t = x ^ (x << 11); + self.x = self.y; + self.y = self.z; + self.z = self.w; + let w = self.w; + self.w = w ^ (w >> 19) ^ (t ^ (t >> 8)); + self.w.0 + } +} diff --git a/third_party/rust/digest/src/dev/variable.rs b/third_party/rust/digest/src/dev/variable.rs new file mode 100644 index 0000000000..ed8ff88280 --- /dev/null +++ b/third_party/rust/digest/src/dev/variable.rs @@ -0,0 +1,82 @@ +use crate::{VariableOutput, VariableOutputReset}; +use core::fmt::Debug; + +/// Variable-output resettable digest test +pub fn variable_reset_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str> +where + D: VariableOutputReset + Debug + Clone, +{ + let mut hasher = D::new(output.len()).unwrap(); + let mut buf = [0u8; 128]; + let buf = &mut buf[..output.len()]; + // Test that it works when accepting the message all at once + hasher.update(input); + let mut hasher2 = hasher.clone(); + hasher.finalize_variable(buf).unwrap(); + if buf != output { + return Some("whole message"); + } + buf.iter_mut().for_each(|b| *b = 0); + + // Test if reset works correctly + hasher2.reset(); + hasher2.update(input); + hasher2.finalize_variable_reset(buf).unwrap(); + if buf != output { + return Some("whole message after reset"); + } + buf.iter_mut().for_each(|b| *b = 0); + + // Test that it works when accepting the message in chunks + for n in 1..core::cmp::min(17, input.len()) { + let mut hasher = D::new(output.len()).unwrap(); + for chunk in input.chunks(n) { + hasher.update(chunk); + hasher2.update(chunk); + } + hasher.finalize_variable(buf).unwrap(); + if buf != output { + return Some("message in chunks"); + } + buf.iter_mut().for_each(|b| *b = 0); + + hasher2.finalize_variable_reset(buf).unwrap(); + if buf != output { + return Some("message in chunks"); + } + buf.iter_mut().for_each(|b| *b = 0); + } + + None +} + +/// Variable-output resettable digest test +pub fn variable_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str> +where + D: VariableOutput + Debug + Clone, +{ + let mut hasher = D::new(output.len()).unwrap(); + let mut buf = [0u8; 128]; + let buf = &mut buf[..output.len()]; + // Test that it works when accepting the message all at once + hasher.update(input); + hasher.finalize_variable(buf).unwrap(); + if buf != output { + return Some("whole message"); + } + buf.iter_mut().for_each(|b| *b = 0); + + // Test that it works when accepting the message in chunks + for n in 1..core::cmp::min(17, input.len()) { + let mut hasher = D::new(output.len()).unwrap(); + for chunk in input.chunks(n) { + hasher.update(chunk); + } + hasher.finalize_variable(buf).unwrap(); + if buf != output { + return Some("message in chunks"); + } + buf.iter_mut().for_each(|b| *b = 0); + } + None +} diff --git a/third_party/rust/digest/src/dev/xof.rs b/third_party/rust/digest/src/dev/xof.rs new file mode 100644 index 0000000000..9e5d07a09b --- /dev/null +++ b/third_party/rust/digest/src/dev/xof.rs @@ -0,0 +1,51 @@ +use crate::ExtendableOutputReset; +use core::fmt::Debug; + +/// Resettable XOF test +pub fn xof_reset_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str> +where + D: ExtendableOutputReset + Default + Debug + Clone, +{ + let mut hasher = D::default(); + let mut buf = [0u8; 1024]; + let buf = &mut buf[..output.len()]; + // Test that it works when accepting the message all at once + hasher.update(input); + let mut hasher2 = hasher.clone(); + hasher.finalize_xof_into(buf); + if buf != output { + return Some("whole message"); + } + buf.iter_mut().for_each(|b| *b = 0); + + // Test if reset works correctly + hasher2.reset(); + hasher2.update(input); + hasher2.finalize_xof_reset_into(buf); + if buf != output { + return Some("whole message after reset"); + } + buf.iter_mut().for_each(|b| *b = 0); + + // Test that it works when accepting the message in chunks + for n in 1..core::cmp::min(17, input.len()) { + let mut hasher = D::default(); + for chunk in input.chunks(n) { + hasher.update(chunk); + hasher2.update(chunk); + } + hasher.finalize_xof_into(buf); + if buf != output { + return Some("message in chunks"); + } + buf.iter_mut().for_each(|b| *b = 0); + + hasher2.finalize_xof_reset_into(buf); + if buf != output { + return Some("message in chunks"); + } + buf.iter_mut().for_each(|b| *b = 0); + } + + None +} diff --git a/third_party/rust/digest/src/digest.rs b/third_party/rust/digest/src/digest.rs new file mode 100644 index 0000000000..9373550ca0 --- /dev/null +++ b/third_party/rust/digest/src/digest.rs @@ -0,0 +1,236 @@ +use super::{FixedOutput, FixedOutputReset, InvalidBufferSize, Reset, Update}; +use crypto_common::{typenum::Unsigned, Output, OutputSizeUser}; + +#[cfg(feature = "alloc")] +use alloc::boxed::Box; + +/// Marker trait for cryptographic hash functions. +pub trait HashMarker {} + +/// Convenience wrapper trait covering functionality of cryptographic hash +/// functions with fixed output size. +/// +/// This trait wraps [`Update`], [`FixedOutput`], [`Default`], and +/// [`HashMarker`] traits and provides additional convenience methods. +pub trait Digest: OutputSizeUser { + /// Create new hasher instance. + fn new() -> Self; + + /// Create new hasher instance which has processed the provided data. + fn new_with_prefix(data: impl AsRef<[u8]>) -> Self; + + /// Process data, updating the internal state. + fn update(&mut self, data: impl AsRef<[u8]>); + + /// Process input data in a chained manner. + #[must_use] + fn chain_update(self, data: impl AsRef<[u8]>) -> Self; + + /// Retrieve result and consume hasher instance. + fn finalize(self) -> Output<Self>; + + /// Write result into provided array and consume the hasher instance. + fn finalize_into(self, out: &mut Output<Self>); + + /// Retrieve result and reset hasher instance. + fn finalize_reset(&mut self) -> Output<Self> + where + Self: FixedOutputReset; + + /// Write result into provided array and reset the hasher instance. + fn finalize_into_reset(&mut self, out: &mut Output<Self>) + where + Self: FixedOutputReset; + + /// Reset hasher instance to its initial state. + fn reset(&mut self) + where + Self: Reset; + + /// Get output size of the hasher + fn output_size() -> usize; + + /// Compute hash of `data`. + fn digest(data: impl AsRef<[u8]>) -> Output<Self>; +} + +impl<D: FixedOutput + Default + Update + HashMarker> Digest for D { + #[inline] + fn new() -> Self { + Self::default() + } + + #[inline] + fn new_with_prefix(data: impl AsRef<[u8]>) -> Self + where + Self: Default + Sized, + { + let mut h = Self::default(); + h.update(data.as_ref()); + h + } + + #[inline] + fn update(&mut self, data: impl AsRef<[u8]>) { + Update::update(self, data.as_ref()); + } + + #[inline] + fn chain_update(mut self, data: impl AsRef<[u8]>) -> Self { + Update::update(&mut self, data.as_ref()); + self + } + + #[inline] + fn finalize(self) -> Output<Self> { + FixedOutput::finalize_fixed(self) + } + + #[inline] + fn finalize_into(self, out: &mut Output<Self>) { + FixedOutput::finalize_into(self, out); + } + + #[inline] + fn finalize_reset(&mut self) -> Output<Self> + where + Self: FixedOutputReset, + { + FixedOutputReset::finalize_fixed_reset(self) + } + + #[inline] + fn finalize_into_reset(&mut self, out: &mut Output<Self>) + where + Self: FixedOutputReset, + { + FixedOutputReset::finalize_into_reset(self, out); + } + + #[inline] + fn reset(&mut self) + where + Self: Reset, + { + Reset::reset(self) + } + + #[inline] + fn output_size() -> usize { + Self::OutputSize::to_usize() + } + + #[inline] + fn digest(data: impl AsRef<[u8]>) -> Output<Self> { + let mut hasher = Self::default(); + hasher.update(data.as_ref()); + hasher.finalize() + } +} + +/// Modification of the [`Digest`] trait suitable for trait objects. +pub trait DynDigest { + /// Digest input data. + /// + /// This method can be called repeatedly for use with streaming messages. + fn update(&mut self, data: &[u8]); + + /// Retrieve result and reset hasher instance + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + fn finalize_reset(&mut self) -> Box<[u8]> { + let mut result = vec![0; self.output_size()]; + self.finalize_into_reset(&mut result).unwrap(); + result.into_boxed_slice() + } + + /// Retrieve result and consume boxed hasher instance + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + #[allow(clippy::boxed_local)] + fn finalize(mut self: Box<Self>) -> Box<[u8]> { + let mut result = vec![0; self.output_size()]; + self.finalize_into_reset(&mut result).unwrap(); + result.into_boxed_slice() + } + + /// Write result into provided array and consume the hasher instance. + /// + /// Returns error if buffer length is not equal to `output_size`. + fn finalize_into(self, buf: &mut [u8]) -> Result<(), InvalidBufferSize>; + + /// Write result into provided array and reset the hasher instance. + /// + /// Returns error if buffer length is not equal to `output_size`. + fn finalize_into_reset(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize>; + + /// Reset hasher instance to its initial state. + fn reset(&mut self); + + /// Get output size of the hasher + fn output_size(&self) -> usize; + + /// Clone hasher state into a boxed trait object + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + fn box_clone(&self) -> Box<dyn DynDigest>; +} + +impl<D: Update + FixedOutputReset + Reset + Clone + 'static> DynDigest for D { + fn update(&mut self, data: &[u8]) { + Update::update(self, data); + } + + #[cfg(feature = "alloc")] + fn finalize_reset(&mut self) -> Box<[u8]> { + FixedOutputReset::finalize_fixed_reset(self) + .to_vec() + .into_boxed_slice() + } + + #[cfg(feature = "alloc")] + fn finalize(self: Box<Self>) -> Box<[u8]> { + FixedOutput::finalize_fixed(*self) + .to_vec() + .into_boxed_slice() + } + + fn finalize_into(self, buf: &mut [u8]) -> Result<(), InvalidBufferSize> { + if buf.len() == self.output_size() { + FixedOutput::finalize_into(self, Output::<Self>::from_mut_slice(buf)); + Ok(()) + } else { + Err(InvalidBufferSize) + } + } + + fn finalize_into_reset(&mut self, buf: &mut [u8]) -> Result<(), InvalidBufferSize> { + if buf.len() == self.output_size() { + FixedOutputReset::finalize_into_reset(self, Output::<Self>::from_mut_slice(buf)); + Ok(()) + } else { + Err(InvalidBufferSize) + } + } + + fn reset(&mut self) { + Reset::reset(self); + } + + fn output_size(&self) -> usize { + <Self as OutputSizeUser>::OutputSize::to_usize() + } + + #[cfg(feature = "alloc")] + fn box_clone(&self) -> Box<dyn DynDigest> { + Box::new(self.clone()) + } +} + +#[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] +impl Clone for Box<dyn DynDigest> { + fn clone(&self) -> Self { + self.box_clone() + } +} diff --git a/third_party/rust/digest/src/lib.rs b/third_party/rust/digest/src/lib.rs new file mode 100644 index 0000000000..fc82e2e3ad --- /dev/null +++ b/third_party/rust/digest/src/lib.rs @@ -0,0 +1,301 @@ +//! This crate provides traits which describe functionality of cryptographic hash +//! functions and Message Authentication algorithms. +//! +//! Traits in this repository are organized into the following levels: +//! +//! - **High-level convenience traits**: [`Digest`], [`DynDigest`], [`Mac`]. +//! Wrappers around lower-level traits for most common use-cases. Users should +//! usually prefer using these traits. +//! - **Mid-level traits**: [`Update`], [`FixedOutput`], [`FixedOutputReset`], +//! [`ExtendableOutput`], [`ExtendableOutputReset`], [`XofReader`], +//! [`VariableOutput`], [`Reset`], [`KeyInit`], and [`InnerInit`]. These +//! traits atomically describe available functionality of an algorithm. +//! - **Marker traits**: [`HashMarker`], [`MacMarker`]. Used to distinguish +//! different algorithm classes. +//! - **Low-level traits** defined in the [`core_api`] module. These traits +//! operate at a block-level and do not contain any built-in buffering. +//! They are intended to be implemented by low-level algorithm providers only. +//! Usually they should not be used in application-level code. +//! +//! Additionally hash functions implement traits from the standard library: +//! [`Default`], [`Clone`], [`Write`][std::io::Write]. The latter is +//! feature-gated behind `std` feature, which is usually enabled by default +//! by hash implementation crates. + +#![no_std] +#![cfg_attr(docsrs, feature(doc_cfg))] +#![forbid(unsafe_code)] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![warn(missing_docs, rust_2018_idioms)] + +#[cfg(feature = "alloc")] +#[macro_use] +extern crate alloc; + +#[cfg(feature = "std")] +extern crate std; + +#[cfg(feature = "rand_core")] +#[cfg_attr(docsrs, doc(cfg(feature = "rand_core")))] +pub use crypto_common::rand_core; + +#[cfg(feature = "alloc")] +use alloc::boxed::Box; + +#[cfg(feature = "dev")] +#[cfg_attr(docsrs, doc(cfg(feature = "dev")))] +pub mod dev; + +#[cfg(feature = "core-api")] +#[cfg_attr(docsrs, doc(cfg(feature = "core-api")))] +pub mod core_api; +mod digest; +#[cfg(feature = "mac")] +mod mac; + +#[cfg(feature = "core-api")] +#[cfg_attr(docsrs, doc(cfg(feature = "core-api")))] +pub use block_buffer; +#[cfg(feature = "oid")] +#[cfg_attr(docsrs, doc(cfg(feature = "oid")))] +pub use const_oid; +pub use crypto_common; + +pub use crate::digest::{Digest, DynDigest, HashMarker}; +pub use crypto_common::{generic_array, typenum, typenum::consts, Output, OutputSizeUser, Reset}; +#[cfg(feature = "mac")] +pub use crypto_common::{InnerInit, InvalidLength, Key, KeyInit}; +#[cfg(feature = "mac")] +pub use mac::{CtOutput, Mac, MacError, MacMarker}; + +use core::fmt; + +/// Types which consume data with byte granularity. +pub trait Update { + /// Update state using the provided data. + fn update(&mut self, data: &[u8]); + + /// Digest input data in a chained manner. + #[must_use] + fn chain(mut self, data: impl AsRef<[u8]>) -> Self + where + Self: Sized, + { + self.update(data.as_ref()); + self + } +} + +/// Trait for hash functions with fixed-size output. +pub trait FixedOutput: Update + OutputSizeUser + Sized { + /// Consume value and write result into provided array. + fn finalize_into(self, out: &mut Output<Self>); + + /// Retrieve result and consume the hasher instance. + #[inline] + fn finalize_fixed(self) -> Output<Self> { + let mut out = Default::default(); + self.finalize_into(&mut out); + out + } +} + +/// Trait for hash functions with fixed-size output able to reset themselves. +pub trait FixedOutputReset: FixedOutput + Reset { + /// Write result into provided array and reset the hasher state. + fn finalize_into_reset(&mut self, out: &mut Output<Self>); + + /// Retrieve result and reset the hasher state. + #[inline] + fn finalize_fixed_reset(&mut self) -> Output<Self> { + let mut out = Default::default(); + self.finalize_into_reset(&mut out); + out + } +} + +/// Trait for reader types which are used to extract extendable output +/// from a XOF (extendable-output function) result. +pub trait XofReader { + /// Read output into the `buffer`. Can be called an unlimited number of times. + fn read(&mut self, buffer: &mut [u8]); + + /// Read output into a boxed slice of the specified size. + /// + /// Can be called an unlimited number of times in combination with `read`. + /// + /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since + /// they have size of 2 and 3 words respectively. + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + fn read_boxed(&mut self, n: usize) -> Box<[u8]> { + let mut buf = vec![0u8; n].into_boxed_slice(); + self.read(&mut buf); + buf + } +} + +/// Trait for hash functions with extendable-output (XOF). +pub trait ExtendableOutput: Sized + Update { + /// Reader + type Reader: XofReader; + + /// Retrieve XOF reader and consume hasher instance. + fn finalize_xof(self) -> Self::Reader; + + /// Finalize XOF and write result into `out`. + fn finalize_xof_into(self, out: &mut [u8]) { + self.finalize_xof().read(out); + } + + /// Compute hash of `data` and write it into `output`. + fn digest_xof(input: impl AsRef<[u8]>, output: &mut [u8]) + where + Self: Default, + { + let mut hasher = Self::default(); + hasher.update(input.as_ref()); + hasher.finalize_xof().read(output); + } + + /// Retrieve result into a boxed slice of the specified size and consume + /// the hasher. + /// + /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since + /// they have size of 2 and 3 words respectively. + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + fn finalize_boxed(self, output_size: usize) -> Box<[u8]> { + let mut buf = vec![0u8; output_size].into_boxed_slice(); + self.finalize_xof().read(&mut buf); + buf + } +} + +/// Trait for hash functions with extendable-output (XOF) able to reset themselves. +pub trait ExtendableOutputReset: ExtendableOutput + Reset { + /// Retrieve XOF reader and reset hasher instance state. + fn finalize_xof_reset(&mut self) -> Self::Reader; + + /// Finalize XOF, write result into `out`, and reset the hasher state. + fn finalize_xof_reset_into(&mut self, out: &mut [u8]) { + self.finalize_xof_reset().read(out); + } + + /// Retrieve result into a boxed slice of the specified size and reset + /// the hasher state. + /// + /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since + /// they have size of 2 and 3 words respectively. + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + fn finalize_boxed_reset(&mut self, output_size: usize) -> Box<[u8]> { + let mut buf = vec![0u8; output_size].into_boxed_slice(); + self.finalize_xof_reset().read(&mut buf); + buf + } +} + +/// Trait for hash functions with variable-size output. +pub trait VariableOutput: Sized + Update { + /// Maximum size of output hash. + const MAX_OUTPUT_SIZE: usize; + + /// Create new hasher instance with the given output size. + /// + /// It will return `Err(InvalidOutputSize)` in case if hasher can not return + /// hash of the specified output size. + fn new(output_size: usize) -> Result<Self, InvalidOutputSize>; + + /// Get output size of the hasher instance provided to the `new` method + fn output_size(&self) -> usize; + + /// Write result into the output buffer. + /// + /// Returns `Err(InvalidOutputSize)` if `out` size is not equal to + /// `self.output_size()`. + fn finalize_variable(self, out: &mut [u8]) -> Result<(), InvalidBufferSize>; + + /// Compute hash of `data` and write it to `output`. + /// + /// Length of the output hash is determined by `output`. If `output` is + /// bigger than `Self::MAX_OUTPUT_SIZE`, this method returns + /// `InvalidOutputSize`. + fn digest_variable( + input: impl AsRef<[u8]>, + output: &mut [u8], + ) -> Result<(), InvalidOutputSize> { + let mut hasher = Self::new(output.len())?; + hasher.update(input.as_ref()); + hasher + .finalize_variable(output) + .map_err(|_| InvalidOutputSize) + } + + /// Retrieve result into a boxed slice and consume hasher. + /// + /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since + /// they have size of 2 and 3 words respectively. + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + fn finalize_boxed(self) -> Box<[u8]> { + let n = self.output_size(); + let mut buf = vec![0u8; n].into_boxed_slice(); + self.finalize_variable(&mut buf) + .expect("buf length is equal to output_size"); + buf + } +} + +/// Trait for hash functions with variable-size output able to reset themselves. +pub trait VariableOutputReset: VariableOutput + Reset { + /// Write result into the output buffer and reset the hasher state. + /// + /// Returns `Err(InvalidOutputSize)` if `out` size is not equal to + /// `self.output_size()`. + fn finalize_variable_reset(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize>; + + /// Retrieve result into a boxed slice and reset the hasher state. + /// + /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since + /// they have size of 2 and 3 words respectively. + #[cfg(feature = "alloc")] + #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] + fn finalize_boxed_reset(&mut self) -> Box<[u8]> { + let n = self.output_size(); + let mut buf = vec![0u8; n].into_boxed_slice(); + self.finalize_variable_reset(&mut buf) + .expect("buf length is equal to output_size"); + buf + } +} + +/// The error type used in variable hash traits. +#[derive(Clone, Copy, Debug, Default)] +pub struct InvalidOutputSize; + +impl fmt::Display for InvalidOutputSize { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("invalid output size") + } +} + +#[cfg(feature = "std")] +#[cfg_attr(docsrs, doc(cfg(feature = "std")))] +impl std::error::Error for InvalidOutputSize {} + +/// Buffer length is not equal to hash output size. +#[derive(Default, Debug, Copy, Clone, Eq, PartialEq)] +pub struct InvalidBufferSize; + +impl fmt::Display for InvalidBufferSize { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("invalid buffer length") + } +} + +#[cfg(feature = "std")] +impl std::error::Error for InvalidBufferSize {} diff --git a/third_party/rust/digest/src/mac.rs b/third_party/rust/digest/src/mac.rs new file mode 100644 index 0000000000..1c31359ea3 --- /dev/null +++ b/third_party/rust/digest/src/mac.rs @@ -0,0 +1,305 @@ +use crate::{FixedOutput, FixedOutputReset, Update}; +use crypto_common::{InvalidLength, Key, KeyInit, Output, OutputSizeUser, Reset}; + +#[cfg(feature = "rand_core")] +use crate::rand_core::{CryptoRng, RngCore}; +use core::fmt; +use crypto_common::typenum::Unsigned; +use subtle::{Choice, ConstantTimeEq}; + +/// Marker trait for Message Authentication algorithms. +#[cfg_attr(docsrs, doc(cfg(feature = "mac")))] +pub trait MacMarker {} + +/// Convenience wrapper trait covering functionality of Message Authentication algorithms. +/// +/// This trait wraps [`KeyInit`], [`Update`], [`FixedOutput`], and [`MacMarker`] +/// traits and provides additional convenience methods. +#[cfg_attr(docsrs, doc(cfg(feature = "mac")))] +pub trait Mac: OutputSizeUser + Sized { + /// Create new value from fixed size key. + fn new(key: &Key<Self>) -> Self + where + Self: KeyInit; + + /// Generate random key using the provided [`CryptoRng`]. + #[cfg(feature = "rand_core")] + #[cfg_attr(docsrs, doc(cfg(feature = "rand_core")))] + fn generate_key(rng: impl CryptoRng + RngCore) -> Key<Self> + where + Self: KeyInit; + + /// Create new value from variable size key. + fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength> + where + Self: KeyInit; + + /// Update state using the provided data. + fn update(&mut self, data: &[u8]); + + /// Process input data in a chained manner. + #[must_use] + fn chain_update(self, data: impl AsRef<[u8]>) -> Self; + + /// Obtain the result of a [`Mac`] computation as a [`CtOutput`] and consume + /// [`Mac`] instance. + fn finalize(self) -> CtOutput<Self>; + + /// Obtain the result of a [`Mac`] computation as a [`CtOutput`] and reset + /// [`Mac`] instance. + fn finalize_reset(&mut self) -> CtOutput<Self> + where + Self: FixedOutputReset; + + /// Reset MAC instance to its initial state. + fn reset(&mut self) + where + Self: Reset; + + /// Check if tag/code value is correct for the processed input. + fn verify(self, tag: &Output<Self>) -> Result<(), MacError>; + + /// Check if tag/code value is correct for the processed input and reset + /// [`Mac`] instance. + fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError> + where + Self: FixedOutputReset; + + /// Check truncated tag correctness using all bytes + /// of calculated tag. + /// + /// Returns `Error` if `tag` is not valid or not equal in length + /// to MAC's output. + fn verify_slice(self, tag: &[u8]) -> Result<(), MacError>; + + /// Check truncated tag correctness using all bytes + /// of calculated tag and reset [`Mac`] instance. + /// + /// Returns `Error` if `tag` is not valid or not equal in length + /// to MAC's output. + fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError> + where + Self: FixedOutputReset; + + /// Check truncated tag correctness using left side bytes + /// (i.e. `tag[..n]`) of calculated tag. + /// + /// Returns `Error` if `tag` is not valid or empty. + fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError>; + + /// Check truncated tag correctness using right side bytes + /// (i.e. `tag[n..]`) of calculated tag. + /// + /// Returns `Error` if `tag` is not valid or empty. + fn verify_truncated_right(self, tag: &[u8]) -> Result<(), MacError>; +} + +impl<T: Update + FixedOutput + MacMarker> Mac for T { + #[inline(always)] + fn new(key: &Key<Self>) -> Self + where + Self: KeyInit, + { + KeyInit::new(key) + } + + #[inline(always)] + fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength> + where + Self: KeyInit, + { + KeyInit::new_from_slice(key) + } + + #[inline] + fn update(&mut self, data: &[u8]) { + Update::update(self, data); + } + + #[inline] + fn chain_update(mut self, data: impl AsRef<[u8]>) -> Self { + Update::update(&mut self, data.as_ref()); + self + } + + #[inline] + fn finalize(self) -> CtOutput<Self> { + CtOutput::new(self.finalize_fixed()) + } + + #[inline(always)] + fn finalize_reset(&mut self) -> CtOutput<Self> + where + Self: FixedOutputReset, + { + CtOutput::new(self.finalize_fixed_reset()) + } + + #[inline] + fn reset(&mut self) + where + Self: Reset, + { + Reset::reset(self) + } + + #[inline] + fn verify(self, tag: &Output<Self>) -> Result<(), MacError> { + if self.finalize() == tag.into() { + Ok(()) + } else { + Err(MacError) + } + } + + #[inline] + fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError> + where + Self: FixedOutputReset, + { + if self.finalize_reset() == tag.into() { + Ok(()) + } else { + Err(MacError) + } + } + + #[inline] + fn verify_slice(self, tag: &[u8]) -> Result<(), MacError> { + let n = tag.len(); + if n != Self::OutputSize::USIZE { + return Err(MacError); + } + let choice = self.finalize_fixed().ct_eq(tag); + if choice.into() { + Ok(()) + } else { + Err(MacError) + } + } + + #[inline] + fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError> + where + Self: FixedOutputReset, + { + let n = tag.len(); + if n != Self::OutputSize::USIZE { + return Err(MacError); + } + let choice = self.finalize_fixed_reset().ct_eq(tag); + if choice.into() { + Ok(()) + } else { + Err(MacError) + } + } + + fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError> { + let n = tag.len(); + if n == 0 || n > Self::OutputSize::USIZE { + return Err(MacError); + } + let choice = self.finalize_fixed()[..n].ct_eq(tag); + + if choice.into() { + Ok(()) + } else { + Err(MacError) + } + } + + fn verify_truncated_right(self, tag: &[u8]) -> Result<(), MacError> { + let n = tag.len(); + if n == 0 || n > Self::OutputSize::USIZE { + return Err(MacError); + } + let m = Self::OutputSize::USIZE - n; + let choice = self.finalize_fixed()[m..].ct_eq(tag); + + if choice.into() { + Ok(()) + } else { + Err(MacError) + } + } + + #[cfg(feature = "rand_core")] + #[cfg_attr(docsrs, doc(cfg(feature = "rand_core")))] + #[inline] + fn generate_key(rng: impl CryptoRng + RngCore) -> Key<Self> + where + Self: KeyInit, + { + <T as KeyInit>::generate_key(rng) + } +} + +/// Fixed size output value which provides a safe [`Eq`] implementation that +/// runs in constant time. +/// +/// It is useful for implementing Message Authentication Codes (MACs). +#[derive(Clone)] +#[cfg_attr(docsrs, doc(cfg(feature = "mac")))] +pub struct CtOutput<T: OutputSizeUser> { + bytes: Output<T>, +} + +impl<T: OutputSizeUser> CtOutput<T> { + /// Create a new [`CtOutput`] value. + #[inline(always)] + pub fn new(bytes: Output<T>) -> Self { + Self { bytes } + } + + /// Get the inner [`Output`] array this type wraps. + #[inline(always)] + pub fn into_bytes(self) -> Output<T> { + self.bytes + } +} + +impl<T: OutputSizeUser> From<Output<T>> for CtOutput<T> { + #[inline(always)] + fn from(bytes: Output<T>) -> Self { + Self { bytes } + } +} + +impl<'a, T: OutputSizeUser> From<&'a Output<T>> for CtOutput<T> { + #[inline(always)] + fn from(bytes: &'a Output<T>) -> Self { + bytes.clone().into() + } +} + +impl<T: OutputSizeUser> ConstantTimeEq for CtOutput<T> { + #[inline(always)] + fn ct_eq(&self, other: &Self) -> Choice { + self.bytes.ct_eq(&other.bytes) + } +} + +impl<T: OutputSizeUser> PartialEq for CtOutput<T> { + #[inline(always)] + fn eq(&self, x: &CtOutput<T>) -> bool { + self.ct_eq(x).into() + } +} + +impl<T: OutputSizeUser> Eq for CtOutput<T> {} + +/// Error type for when the [`Output`] of a [`Mac`] +/// is not equal to the expected value. +#[derive(Default, Debug, Copy, Clone, Eq, PartialEq)] +#[cfg_attr(docsrs, doc(cfg(feature = "mac")))] +pub struct MacError; + +impl fmt::Display for MacError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("MAC tag mismatch") + } +} + +#[cfg(feature = "std")] +impl std::error::Error for MacError {} |