diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 02:49:50 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 02:49:50 +0000 |
commit | 9835e2ae736235810b4ea1c162ca5e65c547e770 (patch) | |
tree | 3fcebf40ed70e581d776a8a4c65923e8ec20e026 /vendor/rfc6979 | |
parent | Releasing progress-linux version 1.70.0+dfsg2-1~progress7.99u1. (diff) | |
download | rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.tar.xz rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.zip |
Merging upstream version 1.71.1+dfsg1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'vendor/rfc6979')
-rw-r--r-- | vendor/rfc6979/.cargo-checksum.json | 2 | ||||
-rw-r--r-- | vendor/rfc6979/CHANGELOG.md | 8 | ||||
-rw-r--r-- | vendor/rfc6979/Cargo.toml | 26 | ||||
-rw-r--r-- | vendor/rfc6979/README.md | 4 | ||||
-rw-r--r-- | vendor/rfc6979/src/ct_cmp.rs | 87 | ||||
-rw-r--r-- | vendor/rfc6979/src/lib.rs | 72 |
6 files changed, 145 insertions, 54 deletions
diff --git a/vendor/rfc6979/.cargo-checksum.json b/vendor/rfc6979/.cargo-checksum.json index 6343ed90f..0a24f6331 100644 --- a/vendor/rfc6979/.cargo-checksum.json +++ b/vendor/rfc6979/.cargo-checksum.json @@ -1 +1 @@ -{"files":{"CHANGELOG.md":"f8ea1da44e3db690aeae24569faaca6a63f8a6912555316f8c0a62fdeacae113","Cargo.toml":"b4c943615d8ace03699ef2c142aeeb9da741cd70e867454b06b4a99fb351fed3","LICENSE-APACHE":"78779d420019e6b4630376af8e86b6b335ee8a2f89ede6e0411e0469a326aaa4","LICENSE-MIT":"bdebaf9156a298f8fdab56dd26cb5144673de522d80f4c0d88e0039145f147f9","README.md":"081eb58ccc4eef0e9ee2e614ee1597d9ed399b72d298096ec39a0c34f483dba3","src/lib.rs":"8efb6aadf3750b553e950222b296e287ca6820f7d0ab3f03244e1f17b0ce93c5","tests/lib.rs":"68922b3fb793f7f64a6fdf8aa59b6fb9432d4706d7ad1d82129a8337c5cf6568"},"package":"7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"}
\ No newline at end of file +{"files":{"CHANGELOG.md":"b125a8cdeeec71a6b1ddc137226634b3073b53715eb59ac914a531cb66dfbabc","Cargo.toml":"48f7844dac3a7959ce8ff71ac9cb65073abdcf3940cbb3fe38e36942fe10fbe1","LICENSE-APACHE":"78779d420019e6b4630376af8e86b6b335ee8a2f89ede6e0411e0469a326aaa4","LICENSE-MIT":"bdebaf9156a298f8fdab56dd26cb5144673de522d80f4c0d88e0039145f147f9","README.md":"f60a1275e4f5f04a5ab10611993489395adc32a2072dc75457a183312ff9f6ad","src/ct_cmp.rs":"b10bca722d370ce63f60456f0ff76e2af0a8a021a291a7f03e033ca1f5f9ece8","src/lib.rs":"1d84380071c054531c51a2ccd3b6b9d9e40dfc08b374df9113f964c1c5f00edb","tests/lib.rs":"68922b3fb793f7f64a6fdf8aa59b6fb9432d4706d7ad1d82129a8337c5cf6568"},"package":"f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"}
\ No newline at end of file diff --git a/vendor/rfc6979/CHANGELOG.md b/vendor/rfc6979/CHANGELOG.md index 06a24c1a8..8cc1a0d83 100644 --- a/vendor/rfc6979/CHANGELOG.md +++ b/vendor/rfc6979/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.4.0 (2023-02-28) +### Changed +- MSRV 1.60 ([#628]) +- Decouple from `crypto-bigint` ([#639]) + +[#628]: https://github.com/RustCrypto/signatures/pull/628 +[#639]: https://github.com/RustCrypto/signatures/pull/639 + ## 0.3.1 (2022-11-03) ### Added - Usage example ([#577]) diff --git a/vendor/rfc6979/Cargo.toml b/vendor/rfc6979/Cargo.toml index 7ff912e2f..3a81265ee 100644 --- a/vendor/rfc6979/Cargo.toml +++ b/vendor/rfc6979/Cargo.toml @@ -11,9 +11,9 @@ [package] edition = "2021" -rust-version = "1.57" +rust-version = "1.61" name = "rfc6979" -version = "0.3.1" +version = "0.4.0" authors = ["RustCrypto Developers"] description = """ Pure Rust implementation of RFC6979: Deterministic Usage of the @@ -32,29 +32,17 @@ categories = [ license = "Apache-2.0 OR MIT" repository = "https://github.com/RustCrypto/signatures/tree/master/rfc6979" -[package.metadata.docs.rs] -all-features = true -rustdoc-args = [ - "--cfg", - "docsrs", -] - -[dependencies.crypto-bigint] -version = "0.4" -features = [ - "generic-array", - "zeroize", -] -default-features = false - [dependencies.hmac] version = "0.12" features = ["reset"] default-features = false -[dependencies.zeroize] -version = "1" +[dependencies.subtle] +version = "2" default-features = false +[dev-dependencies.hex-literal] +version = "0.3" + [dev-dependencies.sha2] version = "0.10" diff --git a/vendor/rfc6979/README.md b/vendor/rfc6979/README.md index e19b54e83..de70e3d57 100644 --- a/vendor/rfc6979/README.md +++ b/vendor/rfc6979/README.md @@ -17,7 +17,7 @@ Algorithm described in RFC 6979 ยง 3.2: ## Minimum Supported Rust Version -This crate requires **Rust 1.57** at a minimum. +This crate requires **Rust 1.61** at a minimum. We may change the MSRV in the future, but it will be accompanied by a minor version bump. @@ -46,7 +46,7 @@ dual licensed as above, without any additional terms or conditions. [build-image]: https://github.com/RustCrypto/signatures/actions/workflows/rfc6979.yml/badge.svg [build-link]: https://github.com/RustCrypto/signatures/actions/workflows/rfc6979.yml [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.57+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.61+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures diff --git a/vendor/rfc6979/src/ct_cmp.rs b/vendor/rfc6979/src/ct_cmp.rs new file mode 100644 index 000000000..8b216e6ff --- /dev/null +++ b/vendor/rfc6979/src/ct_cmp.rs @@ -0,0 +1,87 @@ +//! Constant-time comparison helpers for [`ByteArray`]. + +use crate::{ArrayLength, ByteArray}; +use subtle::{Choice, ConditionallySelectable, ConstantTimeEq}; + +/// Constant-time equals. +pub(crate) fn ct_eq<N: ArrayLength<u8>>(a: &ByteArray<N>, b: &ByteArray<N>) -> Choice { + let mut ret = Choice::from(1); + + for (a, b) in a.iter().zip(b.iter()) { + ret.conditional_assign(&Choice::from(0), !a.ct_eq(b)); + } + + ret +} + +/// Constant-time less than. +/// +/// Inputs are interpreted as big endian integers. +pub(crate) fn ct_lt<N: ArrayLength<u8>>(a: &ByteArray<N>, b: &ByteArray<N>) -> Choice { + let mut borrow = 0; + + // Perform subtraction with borrow a byte-at-a-time, interpreting a + // no-borrow condition as the less-than case + for (&a, &b) in a.iter().zip(b.iter()).rev() { + let c = (b as u16).wrapping_add(borrow >> (u8::BITS - 1)); + borrow = (a as u16).wrapping_sub(c) >> u8::BITS as u8; + } + + !borrow.ct_eq(&0) +} + +#[cfg(test)] +mod tests { + const A: [u8; 4] = [0, 0, 0, 0]; + const B: [u8; 4] = [0, 0, 0, 1]; + const C: [u8; 4] = [0xFF, 0, 0, 0]; + const D: [u8; 4] = [0xFF, 0, 0, 1]; + const E: [u8; 4] = [0xFF, 0xFF, 0xFF, 0xFE]; + const F: [u8; 4] = [0xFF, 0xFF, 0xFF, 0xFF]; + + #[test] + fn ct_eq() { + use super::ct_eq; + + assert_eq!(ct_eq(&A.into(), &A.into()).unwrap_u8(), 1); + assert_eq!(ct_eq(&B.into(), &B.into()).unwrap_u8(), 1); + assert_eq!(ct_eq(&C.into(), &C.into()).unwrap_u8(), 1); + assert_eq!(ct_eq(&D.into(), &D.into()).unwrap_u8(), 1); + assert_eq!(ct_eq(&E.into(), &E.into()).unwrap_u8(), 1); + assert_eq!(ct_eq(&F.into(), &F.into()).unwrap_u8(), 1); + + assert_eq!(ct_eq(&A.into(), &B.into()).unwrap_u8(), 0); + assert_eq!(ct_eq(&C.into(), &D.into()).unwrap_u8(), 0); + assert_eq!(ct_eq(&E.into(), &F.into()).unwrap_u8(), 0); + } + + #[test] + fn ct_lt() { + use super::ct_lt; + + assert_eq!(ct_lt(&A.into(), &A.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&B.into(), &B.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&C.into(), &C.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&D.into(), &D.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&E.into(), &E.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&F.into(), &F.into()).unwrap_u8(), 0); + + assert_eq!(ct_lt(&A.into(), &B.into()).unwrap_u8(), 1); + assert_eq!(ct_lt(&A.into(), &C.into()).unwrap_u8(), 1); + assert_eq!(ct_lt(&B.into(), &A.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&C.into(), &A.into()).unwrap_u8(), 0); + + assert_eq!(ct_lt(&B.into(), &C.into()).unwrap_u8(), 1); + assert_eq!(ct_lt(&B.into(), &D.into()).unwrap_u8(), 1); + assert_eq!(ct_lt(&C.into(), &B.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&D.into(), &B.into()).unwrap_u8(), 0); + + assert_eq!(ct_lt(&C.into(), &D.into()).unwrap_u8(), 1); + assert_eq!(ct_lt(&C.into(), &E.into()).unwrap_u8(), 1); + assert_eq!(ct_lt(&D.into(), &C.into()).unwrap_u8(), 0); + assert_eq!(ct_lt(&E.into(), &C.into()).unwrap_u8(), 0); + + assert_eq!(ct_lt(&E.into(), &F.into()).unwrap_u8(), 1); + assert_eq!(ct_lt(&F.into(), &E.into()).unwrap_u8(), 0); + } +} diff --git a/vendor/rfc6979/src/lib.rs b/vendor/rfc6979/src/lib.rs index 32df1e652..817dda12d 100644 --- a/vendor/rfc6979/src/lib.rs +++ b/vendor/rfc6979/src/lib.rs @@ -1,52 +1,57 @@ +#![no_std] #![doc = include_str!("../README.md")] +#![forbid(unsafe_code, clippy::unwrap_used)] +#![warn(missing_docs, rust_2018_idioms)] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg" +)] //! ## Usage //! //! See also: the documentation for the [`generate_k`] function. //! //! ``` -//! use crypto_bigint::{ArrayEncoding, U256}; +//! use hex_literal::hex; +//! use rfc6979::consts::U32; //! use sha2::{Digest, Sha256}; //! //! // NIST P-256 field modulus -//! const NIST_P256_MODULUS: U256 = -//! U256::from_be_hex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); +//! const NIST_P256_MODULUS: [u8; 32] = +//! hex!("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); //! //! // Public key for RFC6979 NIST P256/SHA256 test case -//! const RFC6979_KEY: U256 = -//! U256::from_be_hex("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721"); +//! const RFC6979_KEY: [u8; 32] = +//! hex!("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721"); //! //! // Test message for RFC6979 NIST P256/SHA256 test case //! const RFC6979_MSG: &[u8; 6] = b"sample"; //! //! // Expected K for RFC6979 NIST P256/SHA256 test case -//! const RFC6979_EXPECTED_K: U256 = -//! U256::from_be_hex("A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60"); +//! const RFC6979_EXPECTED_K: [u8; 32] = +//! hex!("A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60"); //! //! let h = Sha256::digest(RFC6979_MSG); //! let aad = b""; -//! let k = rfc6979::generate_k::<Sha256, U256>(&RFC6979_KEY, &NIST_P256_MODULUS, &h, aad); -//! assert_eq!(&k.to_be_byte_array(), &RFC6979_EXPECTED_K.to_be_byte_array()); +//! let k = rfc6979::generate_k::<Sha256, U32>(&RFC6979_KEY.into(), &NIST_P256_MODULUS.into(), &h, aad); +//! assert_eq!(k.as_slice(), &RFC6979_EXPECTED_K); //! ``` -#![no_std] -#![cfg_attr(docsrs, feature(doc_cfg))] -#![forbid(unsafe_code, clippy::unwrap_used)] -#![warn(missing_docs, rust_2018_idioms)] -#![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg" -)] +mod ct_cmp; + +pub use hmac::digest::generic_array::typenum::consts; -use crypto_bigint::{ArrayEncoding, ByteArray, Integer}; use hmac::{ digest::{ - core_api::BlockSizeUser, generic_array::GenericArray, Digest, FixedOutput, - FixedOutputReset, Mac, + core_api::BlockSizeUser, + generic_array::{ArrayLength, GenericArray}, + Digest, FixedOutput, FixedOutputReset, Mac, }, SimpleHmac, }; -use zeroize::{Zeroize, Zeroizing}; + +/// Array of bytes representing a scalar serialized as a big endian integer. +pub type ByteArray<Size> = GenericArray<u8, Size>; /// Deterministically generate ephemeral scalar `k`. /// @@ -57,22 +62,25 @@ use zeroize::{Zeroize, Zeroizing}; /// - `h`: hash/digest of input message: must be reduced modulo `n` in advance /// - `data`: additional associated data, e.g. CSRNG output used as added entropy #[inline] -pub fn generate_k<D, I>(x: &I, n: &I, h: &ByteArray<I>, data: &[u8]) -> Zeroizing<I> +pub fn generate_k<D, N>( + x: &ByteArray<N>, + n: &ByteArray<N>, + h: &ByteArray<N>, + data: &[u8], +) -> ByteArray<N> where - D: Digest + BlockSizeUser + FixedOutput<OutputSize = I::ByteSize> + FixedOutputReset, - I: ArrayEncoding + Integer + Zeroize, + D: Digest + BlockSizeUser + FixedOutput<OutputSize = N> + FixedOutputReset, + N: ArrayLength<u8>, { - let mut x = x.to_be_byte_array(); - let mut hmac_drbg = HmacDrbg::<D>::new(&x, h, data); - x.zeroize(); + let mut hmac_drbg = HmacDrbg::<D>::new(x, h, data); loop { - let mut bytes = ByteArray::<I>::default(); - hmac_drbg.fill_bytes(&mut bytes); - let k = I::from_be_byte_array(bytes); + let mut k = ByteArray::<N>::default(); + hmac_drbg.fill_bytes(&mut k); - if (!k.is_zero() & k.ct_lt(n)).into() { - return Zeroizing::new(k); + let k_is_zero = ct_cmp::ct_eq(&k, &ByteArray::default()); + if (!k_is_zero & ct_cmp::ct_lt(&k, n)).into() { + return k; } } } |