summaryrefslogtreecommitdiffstats
path: root/third_party/rust/digest/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--third_party/rust/digest/src/core_api.rs119
-rw-r--r--third_party/rust/digest/src/core_api/ct_variable.rs204
-rw-r--r--third_party/rust/digest/src/core_api/rt_variable.rs166
-rw-r--r--third_party/rust/digest/src/core_api/wrapper.rs290
-rw-r--r--third_party/rust/digest/src/core_api/xof_reader.rs63
-rw-r--r--third_party/rust/digest/src/dev.rs78
-rw-r--r--third_party/rust/digest/src/dev/fixed.rs65
-rw-r--r--third_party/rust/digest/src/dev/mac.rs159
-rw-r--r--third_party/rust/digest/src/dev/rng.rs38
-rw-r--r--third_party/rust/digest/src/dev/variable.rs82
-rw-r--r--third_party/rust/digest/src/dev/xof.rs51
-rw-r--r--third_party/rust/digest/src/digest.rs236
-rw-r--r--third_party/rust/digest/src/lib.rs301
-rw-r--r--third_party/rust/digest/src/mac.rs305
14 files changed, 2157 insertions, 0 deletions
diff --git a/third_party/rust/digest/src/core_api.rs b/third_party/rust/digest/src/core_api.rs
new file mode 100644
index 0000000000..2cf384efe7
--- /dev/null
+++ b/third_party/rust/digest/src/core_api.rs
@@ -0,0 +1,119 @@
+//! Low-level traits operating on blocks and wrappers around them.
+//!
+//! Usage of traits in this module in user code is discouraged. Instead use
+//! core algorithm wrapped by the wrapper types, which implement the
+//! higher-level traits.
+use crate::InvalidOutputSize;
+
+pub use crypto_common::{AlgorithmName, Block, BlockSizeUser, OutputSizeUser, Reset};
+
+use block_buffer::{BlockBuffer, BufferKind};
+use crypto_common::{
+ typenum::{IsLess, Le, NonZero, U256},
+ Output,
+};
+
+mod ct_variable;
+mod rt_variable;
+mod wrapper;
+mod xof_reader;
+
+pub use ct_variable::CtVariableCoreWrapper;
+pub use rt_variable::RtVariableCoreWrapper;
+pub use wrapper::{CoreProxy, CoreWrapper};
+pub use xof_reader::XofReaderCoreWrapper;
+
+/// Buffer type used by type which implements [`BufferKindUser`].
+pub type Buffer<S> =
+ BlockBuffer<<S as BlockSizeUser>::BlockSize, <S as BufferKindUser>::BufferKind>;
+
+/// Types which consume data in blocks.
+pub trait UpdateCore: BlockSizeUser {
+ /// Update state using the provided data blocks.
+ fn update_blocks(&mut self, blocks: &[Block<Self>]);
+}
+
+/// Types which use [`BlockBuffer`] functionality.
+pub trait BufferKindUser: BlockSizeUser {
+ /// Block buffer kind over which type operates.
+ type BufferKind: BufferKind;
+}
+
+/// Core trait for hash functions with fixed output size.
+pub trait FixedOutputCore: UpdateCore + BufferKindUser + OutputSizeUser
+where
+ Self::BlockSize: IsLess<U256>,
+ Le<Self::BlockSize, U256>: NonZero,
+{
+ /// Finalize state using remaining data stored in the provided block buffer,
+ /// write result into provided array and leave `self` in a dirty state.
+ fn finalize_fixed_core(&mut self, buffer: &mut Buffer<Self>, out: &mut Output<Self>);
+}
+
+/// Core trait for hash functions with extendable (XOF) output size.
+pub trait ExtendableOutputCore: UpdateCore + BufferKindUser
+where
+ Self::BlockSize: IsLess<U256>,
+ Le<Self::BlockSize, U256>: NonZero,
+{
+ /// XOF reader core state.
+ type ReaderCore: XofReaderCore;
+
+ /// Retrieve XOF reader using remaining data stored in the block buffer
+ /// and leave hasher in a dirty state.
+ fn finalize_xof_core(&mut self, buffer: &mut Buffer<Self>) -> Self::ReaderCore;
+}
+
+/// Core reader trait for extendable-output function (XOF) result.
+pub trait XofReaderCore: BlockSizeUser {
+ /// Read next XOF block.
+ fn read_block(&mut self) -> Block<Self>;
+}
+
+/// Core trait for hash functions with variable output size.
+///
+/// Maximum output size is equal to [`OutputSizeUser::OutputSize`].
+/// Users are expected to truncate result returned by the
+/// [`finalize_variable_core`] to `output_size` passed to the [`new`] method
+/// during construction. Truncation side is defined by the [`TRUNC_SIDE`]
+/// associated constant.
+///
+/// [`finalize_variable_core`]: VariableOutputCore::finalize_variable_core
+/// [`new`]: VariableOutputCore::new
+/// [`TRUNC_SIDE`]: VariableOutputCore::TRUNC_SIDE
+pub trait VariableOutputCore: UpdateCore + OutputSizeUser + BufferKindUser + Sized
+where
+ Self::BlockSize: IsLess<U256>,
+ Le<Self::BlockSize, U256>: NonZero,
+{
+ /// Side which should be used in a truncated result.
+ const TRUNC_SIDE: TruncSide;
+
+ /// Initialize hasher state for given output size.
+ ///
+ /// Returns [`InvalidOutputSize`] if `output_size` is not valid for
+ /// the algorithm, e.g. if it's bigger than the [`OutputSize`]
+ /// associated type.
+ ///
+ /// [`OutputSize`]: OutputSizeUser::OutputSize
+ fn new(output_size: usize) -> Result<Self, InvalidOutputSize>;
+
+ /// Finalize hasher and write full hashing result into the `out` buffer.
+ ///
+ /// The result must be truncated to `output_size` used during hasher
+ /// construction. Truncation side is defined by the [`TRUNC_SIDE`]
+ /// associated constant.
+ ///
+ /// [`TRUNC_SIDE`]: VariableOutputCore::TRUNC_SIDE
+ fn finalize_variable_core(&mut self, buffer: &mut Buffer<Self>, out: &mut Output<Self>);
+}
+
+/// Type which used for defining truncation side in the [`VariableOutputCore`]
+/// trait.
+#[derive(Copy, Clone, Debug)]
+pub enum TruncSide {
+ /// Truncate left side, i.e. `&out[..n]`.
+ Left,
+ /// Truncate right side, i.e. `&out[m..]`.
+ Right,
+}
diff --git a/third_party/rust/digest/src/core_api/ct_variable.rs b/third_party/rust/digest/src/core_api/ct_variable.rs
new file mode 100644
index 0000000000..7ee1bed0af
--- /dev/null
+++ b/third_party/rust/digest/src/core_api/ct_variable.rs
@@ -0,0 +1,204 @@
+use super::{
+ AlgorithmName, Buffer, BufferKindUser, FixedOutputCore, Reset, TruncSide, UpdateCore,
+ VariableOutputCore,
+};
+use crate::HashMarker;
+#[cfg(feature = "mac")]
+use crate::MacMarker;
+#[cfg(feature = "oid")]
+use const_oid::{AssociatedOid, ObjectIdentifier};
+use core::{fmt, marker::PhantomData};
+use crypto_common::{
+ generic_array::{ArrayLength, GenericArray},
+ typenum::{IsLess, IsLessOrEqual, Le, LeEq, NonZero, U256},
+ Block, BlockSizeUser, OutputSizeUser,
+};
+
+/// Dummy type used with [`CtVariableCoreWrapper`] in cases when
+/// resulting hash does not have a known OID.
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+pub struct NoOid;
+
+/// Wrapper around [`VariableOutputCore`] which selects output size
+/// at compile time.
+#[derive(Clone)]
+pub struct CtVariableCoreWrapper<T, OutSize, O = NoOid>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ inner: T,
+ _out: PhantomData<(OutSize, O)>,
+}
+
+impl<T, OutSize, O> HashMarker for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore + HashMarker,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+}
+
+#[cfg(feature = "mac")]
+impl<T, OutSize, O> MacMarker for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore + MacMarker,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+}
+
+impl<T, OutSize, O> BlockSizeUser for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ type BlockSize = T::BlockSize;
+}
+
+impl<T, OutSize, O> UpdateCore for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn update_blocks(&mut self, blocks: &[Block<Self>]) {
+ self.inner.update_blocks(blocks);
+ }
+}
+
+impl<T, OutSize, O> OutputSizeUser for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize> + 'static,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ type OutputSize = OutSize;
+}
+
+impl<T, OutSize, O> BufferKindUser for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ type BufferKind = T::BufferKind;
+}
+
+impl<T, OutSize, O> FixedOutputCore for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize> + 'static,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn finalize_fixed_core(
+ &mut self,
+ buffer: &mut Buffer<Self>,
+ out: &mut GenericArray<u8, Self::OutputSize>,
+ ) {
+ let mut full_res = Default::default();
+ self.inner.finalize_variable_core(buffer, &mut full_res);
+ let n = out.len();
+ let m = full_res.len() - n;
+ match T::TRUNC_SIDE {
+ TruncSide::Left => out.copy_from_slice(&full_res[..n]),
+ TruncSide::Right => out.copy_from_slice(&full_res[m..]),
+ }
+ }
+}
+
+impl<T, OutSize, O> Default for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn default() -> Self {
+ Self {
+ inner: T::new(OutSize::USIZE).unwrap(),
+ _out: PhantomData,
+ }
+ }
+}
+
+impl<T, OutSize, O> Reset for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn reset(&mut self) {
+ *self = Default::default();
+ }
+}
+
+impl<T, OutSize, O> AlgorithmName for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore + AlgorithmName,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ T::write_alg_name(f)?;
+ f.write_str("_")?;
+ write!(f, "{}", OutSize::USIZE)
+ }
+}
+
+#[cfg(feature = "oid")]
+#[cfg_attr(docsrs, doc(cfg(feature = "oid")))]
+impl<T, OutSize, O> AssociatedOid for CtVariableCoreWrapper<T, OutSize, O>
+where
+ T: VariableOutputCore,
+ O: AssociatedOid,
+ OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+ LeEq<OutSize, T::OutputSize>: NonZero,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ const OID: ObjectIdentifier = O::OID;
+}
+
+/// Implement dummy type with hidden docs which is used to "carry" hasher
+/// OID for [`CtVariableCoreWrapper`].
+#[macro_export]
+macro_rules! impl_oid_carrier {
+ ($name:ident, $oid:literal) => {
+ #[doc(hidden)]
+ #[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+ pub struct $name;
+
+ #[cfg(feature = "oid")]
+ impl AssociatedOid for $name {
+ const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap($oid);
+ }
+ };
+}
diff --git a/third_party/rust/digest/src/core_api/rt_variable.rs b/third_party/rust/digest/src/core_api/rt_variable.rs
new file mode 100644
index 0000000000..3dae748f5c
--- /dev/null
+++ b/third_party/rust/digest/src/core_api/rt_variable.rs
@@ -0,0 +1,166 @@
+use super::{AlgorithmName, TruncSide, UpdateCore, VariableOutputCore};
+#[cfg(feature = "mac")]
+use crate::MacMarker;
+use crate::{HashMarker, InvalidBufferSize};
+use crate::{InvalidOutputSize, Reset, Update, VariableOutput, VariableOutputReset};
+use block_buffer::BlockBuffer;
+use core::fmt;
+use crypto_common::typenum::{IsLess, Le, NonZero, Unsigned, U256};
+
+/// Wrapper around [`VariableOutputCore`] which selects output size
+/// at run time.
+#[derive(Clone)]
+pub struct RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + UpdateCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ core: T,
+ buffer: BlockBuffer<T::BlockSize, T::BufferKind>,
+ output_size: usize,
+}
+
+impl<T> RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn finalize_dirty(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize> {
+ let Self {
+ core,
+ buffer,
+ output_size,
+ } = self;
+ if out.len() != *output_size || out.len() > Self::MAX_OUTPUT_SIZE {
+ return Err(InvalidBufferSize);
+ }
+ let mut full_res = Default::default();
+ core.finalize_variable_core(buffer, &mut full_res);
+ let n = out.len();
+ let m = full_res.len() - n;
+ match T::TRUNC_SIDE {
+ TruncSide::Left => out.copy_from_slice(&full_res[..n]),
+ TruncSide::Right => out.copy_from_slice(&full_res[m..]),
+ }
+ Ok(())
+ }
+}
+
+impl<T> HashMarker for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + HashMarker,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+}
+
+#[cfg(feature = "mac")]
+#[cfg_attr(docsrs, doc(cfg(feature = "mac")))]
+impl<T> MacMarker for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + MacMarker,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+}
+
+impl<T> Reset for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + UpdateCore + Reset,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn reset(&mut self) {
+ self.buffer.reset();
+ self.core.reset();
+ }
+}
+
+impl<T> Update for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + UpdateCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn update(&mut self, input: &[u8]) {
+ let Self { core, buffer, .. } = self;
+ buffer.digest_blocks(input, |blocks| core.update_blocks(blocks));
+ }
+}
+
+impl<T> VariableOutput for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + UpdateCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ const MAX_OUTPUT_SIZE: usize = T::OutputSize::USIZE;
+
+ fn new(output_size: usize) -> Result<Self, InvalidOutputSize> {
+ let buffer = Default::default();
+ T::new(output_size).map(|core| Self {
+ core,
+ buffer,
+ output_size,
+ })
+ }
+
+ fn output_size(&self) -> usize {
+ self.output_size
+ }
+
+ fn finalize_variable(mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize> {
+ self.finalize_dirty(out)
+ }
+}
+
+impl<T> VariableOutputReset for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + UpdateCore + Reset,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ fn finalize_variable_reset(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize> {
+ self.finalize_dirty(out)?;
+ self.core.reset();
+ self.buffer.reset();
+ Ok(())
+ }
+}
+
+impl<T> fmt::Debug for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + UpdateCore + AlgorithmName,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
+ T::write_alg_name(f)?;
+ f.write_str(" { .. }")
+ }
+}
+
+#[cfg(feature = "std")]
+#[cfg_attr(docsrs, doc(cfg(feature = "std")))]
+impl<T> std::io::Write for RtVariableCoreWrapper<T>
+where
+ T: VariableOutputCore + UpdateCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
+ Update::update(self, buf);
+ Ok(buf.len())
+ }
+
+ #[inline]
+ fn flush(&mut self) -> std::io::Result<()> {
+ Ok(())
+ }
+}
diff --git a/third_party/rust/digest/src/core_api/wrapper.rs b/third_party/rust/digest/src/core_api/wrapper.rs
new file mode 100644
index 0000000000..ca977381e2
--- /dev/null
+++ b/third_party/rust/digest/src/core_api/wrapper.rs
@@ -0,0 +1,290 @@
+use super::{
+ AlgorithmName, Buffer, BufferKindUser, ExtendableOutputCore, FixedOutputCore, OutputSizeUser,
+ Reset, UpdateCore, XofReaderCoreWrapper,
+};
+use crate::{
+ ExtendableOutput, ExtendableOutputReset, FixedOutput, FixedOutputReset, HashMarker, Update,
+};
+use block_buffer::BlockBuffer;
+use core::fmt;
+use crypto_common::{
+ typenum::{IsLess, Le, NonZero, U256},
+ BlockSizeUser, InvalidLength, Key, KeyInit, KeySizeUser, Output,
+};
+
+#[cfg(feature = "mac")]
+use crate::MacMarker;
+#[cfg(feature = "oid")]
+use const_oid::{AssociatedOid, ObjectIdentifier};
+
+/// Wrapper around [`BufferKindUser`].
+///
+/// It handles data buffering and implements the slice-based traits.
+#[derive(Clone, Default)]
+pub struct CoreWrapper<T>
+where
+ T: BufferKindUser,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ core: T,
+ buffer: BlockBuffer<T::BlockSize, T::BufferKind>,
+}
+
+impl<T> HashMarker for CoreWrapper<T>
+where
+ T: BufferKindUser + HashMarker,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+}
+
+#[cfg(feature = "mac")]
+#[cfg_attr(docsrs, doc(cfg(feature = "mac")))]
+impl<T> MacMarker for CoreWrapper<T>
+where
+ T: BufferKindUser + MacMarker,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+}
+
+// this blanket impl is needed for HMAC
+impl<T> BlockSizeUser for CoreWrapper<T>
+where
+ T: BufferKindUser + HashMarker,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ type BlockSize = T::BlockSize;
+}
+
+impl<T> CoreWrapper<T>
+where
+ T: BufferKindUser,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ /// Create new wrapper from `core`.
+ #[inline]
+ pub fn from_core(core: T) -> Self {
+ let buffer = Default::default();
+ Self { core, buffer }
+ }
+
+ /// Decompose wrapper into inner parts.
+ #[inline]
+ pub fn decompose(self) -> (T, Buffer<T>) {
+ let Self { core, buffer } = self;
+ (core, buffer)
+ }
+}
+
+impl<T> KeySizeUser for CoreWrapper<T>
+where
+ T: BufferKindUser + KeySizeUser,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ type KeySize = T::KeySize;
+}
+
+impl<T> KeyInit for CoreWrapper<T>
+where
+ T: BufferKindUser + KeyInit,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn new(key: &Key<Self>) -> Self {
+ Self {
+ core: T::new(key),
+ buffer: Default::default(),
+ }
+ }
+
+ #[inline]
+ fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength> {
+ Ok(Self {
+ core: T::new_from_slice(key)?,
+ buffer: Default::default(),
+ })
+ }
+}
+
+impl<T> fmt::Debug for CoreWrapper<T>
+where
+ T: BufferKindUser + AlgorithmName,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
+ T::write_alg_name(f)?;
+ f.write_str(" { .. }")
+ }
+}
+
+impl<T> Reset for CoreWrapper<T>
+where
+ T: BufferKindUser + Reset,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn reset(&mut self) {
+ self.core.reset();
+ self.buffer.reset();
+ }
+}
+
+impl<T> Update for CoreWrapper<T>
+where
+ T: BufferKindUser + UpdateCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn update(&mut self, input: &[u8]) {
+ let Self { core, buffer } = self;
+ buffer.digest_blocks(input, |blocks| core.update_blocks(blocks));
+ }
+}
+
+impl<T> OutputSizeUser for CoreWrapper<T>
+where
+ T: BufferKindUser + OutputSizeUser,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ type OutputSize = T::OutputSize;
+}
+
+impl<T> FixedOutput for CoreWrapper<T>
+where
+ T: FixedOutputCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn finalize_into(mut self, out: &mut Output<Self>) {
+ let Self { core, buffer } = &mut self;
+ core.finalize_fixed_core(buffer, out);
+ }
+}
+
+impl<T> FixedOutputReset for CoreWrapper<T>
+where
+ T: FixedOutputCore + Reset,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn finalize_into_reset(&mut self, out: &mut Output<Self>) {
+ let Self { core, buffer } = self;
+ core.finalize_fixed_core(buffer, out);
+ core.reset();
+ buffer.reset();
+ }
+}
+
+impl<T> ExtendableOutput for CoreWrapper<T>
+where
+ T: ExtendableOutputCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+ <T::ReaderCore as BlockSizeUser>::BlockSize: IsLess<U256>,
+ Le<<T::ReaderCore as BlockSizeUser>::BlockSize, U256>: NonZero,
+{
+ type Reader = XofReaderCoreWrapper<T::ReaderCore>;
+
+ #[inline]
+ fn finalize_xof(self) -> Self::Reader {
+ let (mut core, mut buffer) = self.decompose();
+ let core = core.finalize_xof_core(&mut buffer);
+ let buffer = Default::default();
+ Self::Reader { core, buffer }
+ }
+}
+
+impl<T> ExtendableOutputReset for CoreWrapper<T>
+where
+ T: ExtendableOutputCore + Reset,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+ <T::ReaderCore as BlockSizeUser>::BlockSize: IsLess<U256>,
+ Le<<T::ReaderCore as BlockSizeUser>::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn finalize_xof_reset(&mut self) -> Self::Reader {
+ let Self { core, buffer } = self;
+ let reader_core = core.finalize_xof_core(buffer);
+ core.reset();
+ buffer.reset();
+ let buffer = Default::default();
+ Self::Reader {
+ core: reader_core,
+ buffer,
+ }
+ }
+}
+
+#[cfg(feature = "oid")]
+#[cfg_attr(docsrs, doc(cfg(feature = "oid")))]
+impl<T> AssociatedOid for CoreWrapper<T>
+where
+ T: BufferKindUser + AssociatedOid,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ const OID: ObjectIdentifier = T::OID;
+}
+
+#[cfg(feature = "std")]
+#[cfg_attr(docsrs, doc(cfg(feature = "std")))]
+impl<T> std::io::Write for CoreWrapper<T>
+where
+ T: BufferKindUser + UpdateCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
+ Update::update(self, buf);
+ Ok(buf.len())
+ }
+
+ #[inline]
+ fn flush(&mut self) -> std::io::Result<()> {
+ Ok(())
+ }
+}
+
+/// A proxy trait to a core type implemented by [`CoreWrapper`]
+// TODO: replace with an inherent associated type on stabilization:
+// https://github.com/rust-lang/rust/issues/8995
+pub trait CoreProxy: sealed::Sealed {
+ /// Type wrapped by [`CoreWrapper`].
+ type Core;
+}
+
+mod sealed {
+ pub trait Sealed {}
+}
+
+impl<T> sealed::Sealed for CoreWrapper<T>
+where
+ T: BufferKindUser,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+}
+
+impl<T> CoreProxy for CoreWrapper<T>
+where
+ T: BufferKindUser,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ type Core = T;
+}
diff --git a/third_party/rust/digest/src/core_api/xof_reader.rs b/third_party/rust/digest/src/core_api/xof_reader.rs
new file mode 100644
index 0000000000..e18ac133a6
--- /dev/null
+++ b/third_party/rust/digest/src/core_api/xof_reader.rs
@@ -0,0 +1,63 @@
+use super::{AlgorithmName, XofReaderCore};
+use crate::XofReader;
+use block_buffer::EagerBuffer;
+use core::fmt;
+use crypto_common::typenum::{IsLess, Le, NonZero, U256};
+
+/// Wrapper around [`XofReaderCore`] implementations.
+///
+/// It handles data buffering and implements the mid-level traits.
+#[derive(Clone, Default)]
+pub struct XofReaderCoreWrapper<T>
+where
+ T: XofReaderCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ pub(super) core: T,
+ pub(super) buffer: EagerBuffer<T::BlockSize>,
+}
+
+impl<T> fmt::Debug for XofReaderCoreWrapper<T>
+where
+ T: XofReaderCore + AlgorithmName,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
+ T::write_alg_name(f)?;
+ f.write_str(" { .. }")
+ }
+}
+
+impl<T> XofReader for XofReaderCoreWrapper<T>
+where
+ T: XofReaderCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn read(&mut self, buffer: &mut [u8]) {
+ let Self { core, buffer: buf } = self;
+ buf.set_data(buffer, |blocks| {
+ for block in blocks {
+ *block = core.read_block();
+ }
+ });
+ }
+}
+
+#[cfg(feature = "std")]
+#[cfg_attr(docsrs, doc(cfg(feature = "std")))]
+impl<T> std::io::Read for XofReaderCoreWrapper<T>
+where
+ T: XofReaderCore,
+ T::BlockSize: IsLess<U256>,
+ Le<T::BlockSize, U256>: NonZero,
+{
+ #[inline]
+ fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
+ XofReader::read(self, buf);
+ Ok(buf.len())
+ }
+}
diff --git a/third_party/rust/digest/src/dev.rs b/third_party/rust/digest/src/dev.rs
new file mode 100644
index 0000000000..4380895747
--- /dev/null
+++ b/third_party/rust/digest/src/dev.rs
@@ -0,0 +1,78 @@
+//! Development-related functionality
+
+pub use blobby;
+
+mod fixed;
+mod mac;
+mod rng;
+mod variable;
+mod xof;
+
+pub use fixed::*;
+pub use mac::*;
+pub use variable::*;
+pub use xof::*;
+
+/// Define hash function test
+#[macro_export]
+#[cfg_attr(docsrs, doc(cfg(feature = "dev")))]
+macro_rules! new_test {
+ ($name:ident, $test_name:expr, $hasher:ty, $test_func:ident $(,)?) => {
+ #[test]
+ fn $name() {
+ use digest::dev::blobby::Blob2Iterator;
+ let data = include_bytes!(concat!("data/", $test_name, ".blb"));
+
+ for (i, row) in Blob2Iterator::new(data).unwrap().enumerate() {
+ let [input, output] = row.unwrap();
+ if let Some(desc) = $test_func::<$hasher>(input, output) {
+ panic!(
+ "\n\
+ Failed test №{}: {}\n\
+ input:\t{:?}\n\
+ output:\t{:?}\n",
+ i, desc, input, output,
+ );
+ }
+ }
+ }
+ };
+}
+
+/// Define [`Update`][crate::Update] impl benchmark
+#[macro_export]
+#[cfg_attr(docsrs, doc(cfg(feature = "dev")))]
+macro_rules! bench_update {
+ (
+ $init:expr;
+ $($name:ident $bs:expr;)*
+ ) => {
+ $(
+ #[bench]
+ fn $name(b: &mut Bencher) {
+ let mut d = $init;
+ let data = [0; $bs];
+
+ b.iter(|| {
+ digest::Update::update(&mut d, &data[..]);
+ });
+
+ b.bytes = $bs;
+ }
+ )*
+ };
+}
+
+/// Feed ~1 MiB of pseudorandom data to an updatable state.
+pub fn feed_rand_16mib<D: crate::Update>(d: &mut D) {
+ let buf = &mut [0u8; 1024];
+ let mut rng = rng::RNG;
+ let n = 16 * (1 << 20) / buf.len();
+ for _ in 0..n {
+ rng.fill(buf);
+ d.update(buf);
+ // additional byte, so size of fed data
+ // will not be multiple of block size
+ d.update(&[42]);
+ }
+}
diff --git a/third_party/rust/digest/src/dev/fixed.rs b/third_party/rust/digest/src/dev/fixed.rs
new file mode 100644
index 0000000000..24f380112d
--- /dev/null
+++ b/third_party/rust/digest/src/dev/fixed.rs
@@ -0,0 +1,65 @@
+use crate::{Digest, FixedOutput, FixedOutputReset, HashMarker, Update};
+use core::fmt::Debug;
+
+/// Fixed-output resettable digest test via the `Digest` trait
+pub fn fixed_reset_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str>
+where
+ D: FixedOutputReset + Debug + Clone + Default + Update + HashMarker,
+{
+ let mut hasher = D::new();
+ // Test that it works when accepting the message all at once
+ hasher.update(input);
+ let mut hasher2 = hasher.clone();
+ if hasher.finalize()[..] != output[..] {
+ return Some("whole message");
+ }
+
+ // Test if reset works correctly
+ hasher2.reset();
+ hasher2.update(input);
+ if hasher2.finalize_reset()[..] != output[..] {
+ return Some("whole message after reset");
+ }
+
+ // Test that it works when accepting the message in chunks
+ for n in 1..core::cmp::min(17, input.len()) {
+ let mut hasher = D::new();
+ for chunk in input.chunks(n) {
+ hasher.update(chunk);
+ hasher2.update(chunk);
+ }
+ if hasher.finalize()[..] != output[..] {
+ return Some("message in chunks");
+ }
+ if hasher2.finalize_reset()[..] != output[..] {
+ return Some("message in chunks");
+ }
+ }
+
+ None
+}
+
+/// Variable-output resettable digest test
+pub fn fixed_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str>
+where
+ D: FixedOutput + Default + Debug + Clone,
+{
+ let mut hasher = D::default();
+ // Test that it works when accepting the message all at once
+ hasher.update(input);
+ if hasher.finalize_fixed()[..] != output[..] {
+ return Some("whole message");
+ }
+
+ // Test that it works when accepting the message in chunks
+ for n in 1..core::cmp::min(17, input.len()) {
+ let mut hasher = D::default();
+ for chunk in input.chunks(n) {
+ hasher.update(chunk);
+ }
+ if hasher.finalize_fixed()[..] != output[..] {
+ return Some("message in chunks");
+ }
+ }
+ None
+}
diff --git a/third_party/rust/digest/src/dev/mac.rs b/third_party/rust/digest/src/dev/mac.rs
new file mode 100644
index 0000000000..0d4a37dfce
--- /dev/null
+++ b/third_party/rust/digest/src/dev/mac.rs
@@ -0,0 +1,159 @@
+/// Define MAC test
+#[macro_export]
+#[cfg(feature = "mac")]
+#[cfg_attr(docsrs, doc(cfg(all(feature = "dev", feature = "mac"))))]
+macro_rules! new_mac_test {
+ ($name:ident, $test_name:expr, $mac:ty $(,)?) => {
+ digest::new_mac_test!($name, $test_name, $mac, "");
+ };
+ ($name:ident, $test_name:expr, $mac:ty, trunc_left $(,)?) => {
+ digest::new_mac_test!($name, $test_name, $mac, "left");
+ };
+ ($name:ident, $test_name:expr, $mac:ty, trunc_right $(,)?) => {
+ digest::new_mac_test!($name, $test_name, $mac, "right");
+ };
+ ($name:ident, $test_name:expr, $mac:ty, $trunc:expr $(,)?) => {
+ #[test]
+ fn $name() {
+ use core::cmp::min;
+ use digest::dev::blobby::Blob3Iterator;
+ use digest::Mac;
+
+ fn run_test(key: &[u8], input: &[u8], tag: &[u8]) -> Option<&'static str> {
+ let mac0 = <$mac as Mac>::new_from_slice(key).unwrap();
+
+ let mut mac = mac0.clone();
+ mac.update(input);
+ let result = mac.finalize().into_bytes();
+ let n = tag.len();
+ let result_bytes = match $trunc {
+ "left" => &result[..n],
+ "right" => &result[result.len() - n..],
+ _ => &result[..],
+ };
+ if result_bytes != tag {
+ return Some("whole message");
+ }
+
+ // test reading different chunk sizes
+ for chunk_size in 1..min(64, input.len()) {
+ let mut mac = mac0.clone();
+ for chunk in input.chunks(chunk_size) {
+ mac.update(chunk);
+ }
+ let res = match $trunc {
+ "left" => mac.verify_truncated_left(tag),
+ "right" => mac.verify_truncated_right(tag),
+ _ => mac.verify_slice(tag),
+ };
+ if res.is_err() {
+ return Some("chunked message");
+ }
+ }
+
+ None
+ }
+
+ let data = include_bytes!(concat!("data/", $test_name, ".blb"));
+
+ for (i, row) in Blob3Iterator::new(data).unwrap().enumerate() {
+ let [key, input, tag] = row.unwrap();
+ if let Some(desc) = run_test(key, input, tag) {
+ panic!(
+ "\n\
+ Failed test №{}: {}\n\
+ key:\t{:?}\n\
+ input:\t{:?}\n\
+ tag:\t{:?}\n",
+ i, desc, key, input, tag,
+ );
+ }
+ }
+ }
+ };
+}
+
+/// Define resettable MAC test
+#[macro_export]
+#[cfg(feature = "mac")]
+#[cfg_attr(docsrs, doc(cfg(all(feature = "dev", feature = "mac"))))]
+macro_rules! new_resettable_mac_test {
+ ($name:ident, $test_name:expr, $mac:ty $(,)?) => {
+ digest::new_resettable_mac_test!($name, $test_name, $mac, "");
+ };
+ ($name:ident, $test_name:expr, $mac:ty, trunc_left $(,)?) => {
+ digest::new_resettable_mac_test!($name, $test_name, $mac, "left");
+ };
+ ($name:ident, $test_name:expr, $mac:ty, trunc_right $(,)?) => {
+ digest::new_resettable_mac_test!($name, $test_name, $mac, "right");
+ };
+ ($name:ident, $test_name:expr, $mac:ty, $trunc:expr $(,)?) => {
+ #[test]
+ fn $name() {
+ use core::cmp::min;
+ use digest::dev::blobby::Blob3Iterator;
+ use digest::Mac;
+
+ fn run_test(key: &[u8], input: &[u8], tag: &[u8]) -> Option<&'static str> {
+ let mac0 = <$mac as Mac>::new_from_slice(key).unwrap();
+
+ let mut mac = mac0.clone();
+ mac.update(input);
+ let result = mac.finalize_reset().into_bytes();
+ let n = tag.len();
+ let result_bytes = match $trunc {
+ "left" => &result[..n],
+ "right" => &result[result.len() - n..],
+ _ => &result[..],
+ };
+ if result_bytes != tag {
+ return Some("whole message");
+ }
+
+ // test if reset worked correctly
+ mac.update(input);
+ let res = match $trunc {
+ "left" => mac.verify_truncated_left(tag),
+ "right" => mac.verify_truncated_right(tag),
+ _ => mac.verify_slice(tag),
+ };
+ if res.is_err() {
+ return Some("after reset");
+ }
+
+ // test reading different chunk sizes
+ for chunk_size in 1..min(64, input.len()) {
+ let mut mac = mac0.clone();
+ for chunk in input.chunks(chunk_size) {
+ mac.update(chunk);
+ }
+ let res = match $trunc {
+ "left" => mac.verify_truncated_left(tag),
+ "right" => mac.verify_truncated_right(tag),
+ _ => mac.verify_slice(tag),
+ };
+ if res.is_err() {
+ return Some("chunked message");
+ }
+ }
+ None
+ }
+
+ let data = include_bytes!(concat!("data/", $test_name, ".blb"));
+
+ for (i, row) in Blob3Iterator::new(data).unwrap().enumerate() {
+ let [key, input, tag] = row.unwrap();
+ if let Some(desc) = run_test(key, input, tag) {
+ panic!(
+ "\n\
+ Failed test №{}: {}\n\
+ key:\t{:?}\n\
+ input:\t{:?}\n\
+ tag:\t{:?}\n",
+ i, desc, key, input, tag,
+ );
+ }
+ }
+ }
+ };
+}
diff --git a/third_party/rust/digest/src/dev/rng.rs b/third_party/rust/digest/src/dev/rng.rs
new file mode 100644
index 0000000000..d34a1cf31f
--- /dev/null
+++ b/third_party/rust/digest/src/dev/rng.rs
@@ -0,0 +1,38 @@
+//! Xorshift RNG used for tests. Based on the `rand_xorshift` crate.
+use core::num::Wrapping;
+
+/// Initial RNG state used in tests.
+// chosen by fair dice roll. guaranteed to be random.
+pub(crate) const RNG: XorShiftRng = XorShiftRng {
+ x: Wrapping(0x0787_3B4A),
+ y: Wrapping(0xFAAB_8FFE),
+ z: Wrapping(0x1745_980F),
+ w: Wrapping(0xB0AD_B4F3),
+};
+
+/// Xorshift RNG instance/
+pub(crate) struct XorShiftRng {
+ x: Wrapping<u32>,
+ y: Wrapping<u32>,
+ z: Wrapping<u32>,
+ w: Wrapping<u32>,
+}
+
+impl XorShiftRng {
+ pub(crate) fn fill(&mut self, buf: &mut [u8; 1024]) {
+ for chunk in buf.chunks_exact_mut(4) {
+ chunk.copy_from_slice(&self.next_u32().to_le_bytes());
+ }
+ }
+
+ fn next_u32(&mut self) -> u32 {
+ let x = self.x;
+ let t = x ^ (x << 11);
+ self.x = self.y;
+ self.y = self.z;
+ self.z = self.w;
+ let w = self.w;
+ self.w = w ^ (w >> 19) ^ (t ^ (t >> 8));
+ self.w.0
+ }
+}
diff --git a/third_party/rust/digest/src/dev/variable.rs b/third_party/rust/digest/src/dev/variable.rs
new file mode 100644
index 0000000000..ed8ff88280
--- /dev/null
+++ b/third_party/rust/digest/src/dev/variable.rs
@@ -0,0 +1,82 @@
+use crate::{VariableOutput, VariableOutputReset};
+use core::fmt::Debug;
+
+/// Variable-output resettable digest test
+pub fn variable_reset_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str>
+where
+ D: VariableOutputReset + Debug + Clone,
+{
+ let mut hasher = D::new(output.len()).unwrap();
+ let mut buf = [0u8; 128];
+ let buf = &mut buf[..output.len()];
+ // Test that it works when accepting the message all at once
+ hasher.update(input);
+ let mut hasher2 = hasher.clone();
+ hasher.finalize_variable(buf).unwrap();
+ if buf != output {
+ return Some("whole message");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+
+ // Test if reset works correctly
+ hasher2.reset();
+ hasher2.update(input);
+ hasher2.finalize_variable_reset(buf).unwrap();
+ if buf != output {
+ return Some("whole message after reset");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+
+ // Test that it works when accepting the message in chunks
+ for n in 1..core::cmp::min(17, input.len()) {
+ let mut hasher = D::new(output.len()).unwrap();
+ for chunk in input.chunks(n) {
+ hasher.update(chunk);
+ hasher2.update(chunk);
+ }
+ hasher.finalize_variable(buf).unwrap();
+ if buf != output {
+ return Some("message in chunks");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+
+ hasher2.finalize_variable_reset(buf).unwrap();
+ if buf != output {
+ return Some("message in chunks");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+ }
+
+ None
+}
+
+/// Variable-output resettable digest test
+pub fn variable_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str>
+where
+ D: VariableOutput + Debug + Clone,
+{
+ let mut hasher = D::new(output.len()).unwrap();
+ let mut buf = [0u8; 128];
+ let buf = &mut buf[..output.len()];
+ // Test that it works when accepting the message all at once
+ hasher.update(input);
+ hasher.finalize_variable(buf).unwrap();
+ if buf != output {
+ return Some("whole message");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+
+ // Test that it works when accepting the message in chunks
+ for n in 1..core::cmp::min(17, input.len()) {
+ let mut hasher = D::new(output.len()).unwrap();
+ for chunk in input.chunks(n) {
+ hasher.update(chunk);
+ }
+ hasher.finalize_variable(buf).unwrap();
+ if buf != output {
+ return Some("message in chunks");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+ }
+ None
+}
diff --git a/third_party/rust/digest/src/dev/xof.rs b/third_party/rust/digest/src/dev/xof.rs
new file mode 100644
index 0000000000..9e5d07a09b
--- /dev/null
+++ b/third_party/rust/digest/src/dev/xof.rs
@@ -0,0 +1,51 @@
+use crate::ExtendableOutputReset;
+use core::fmt::Debug;
+
+/// Resettable XOF test
+pub fn xof_reset_test<D>(input: &[u8], output: &[u8]) -> Option<&'static str>
+where
+ D: ExtendableOutputReset + Default + Debug + Clone,
+{
+ let mut hasher = D::default();
+ let mut buf = [0u8; 1024];
+ let buf = &mut buf[..output.len()];
+ // Test that it works when accepting the message all at once
+ hasher.update(input);
+ let mut hasher2 = hasher.clone();
+ hasher.finalize_xof_into(buf);
+ if buf != output {
+ return Some("whole message");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+
+ // Test if reset works correctly
+ hasher2.reset();
+ hasher2.update(input);
+ hasher2.finalize_xof_reset_into(buf);
+ if buf != output {
+ return Some("whole message after reset");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+
+ // Test that it works when accepting the message in chunks
+ for n in 1..core::cmp::min(17, input.len()) {
+ let mut hasher = D::default();
+ for chunk in input.chunks(n) {
+ hasher.update(chunk);
+ hasher2.update(chunk);
+ }
+ hasher.finalize_xof_into(buf);
+ if buf != output {
+ return Some("message in chunks");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+
+ hasher2.finalize_xof_reset_into(buf);
+ if buf != output {
+ return Some("message in chunks");
+ }
+ buf.iter_mut().for_each(|b| *b = 0);
+ }
+
+ None
+}
diff --git a/third_party/rust/digest/src/digest.rs b/third_party/rust/digest/src/digest.rs
new file mode 100644
index 0000000000..9373550ca0
--- /dev/null
+++ b/third_party/rust/digest/src/digest.rs
@@ -0,0 +1,236 @@
+use super::{FixedOutput, FixedOutputReset, InvalidBufferSize, Reset, Update};
+use crypto_common::{typenum::Unsigned, Output, OutputSizeUser};
+
+#[cfg(feature = "alloc")]
+use alloc::boxed::Box;
+
+/// Marker trait for cryptographic hash functions.
+pub trait HashMarker {}
+
+/// Convenience wrapper trait covering functionality of cryptographic hash
+/// functions with fixed output size.
+///
+/// This trait wraps [`Update`], [`FixedOutput`], [`Default`], and
+/// [`HashMarker`] traits and provides additional convenience methods.
+pub trait Digest: OutputSizeUser {
+ /// Create new hasher instance.
+ fn new() -> Self;
+
+ /// Create new hasher instance which has processed the provided data.
+ fn new_with_prefix(data: impl AsRef<[u8]>) -> Self;
+
+ /// Process data, updating the internal state.
+ fn update(&mut self, data: impl AsRef<[u8]>);
+
+ /// Process input data in a chained manner.
+ #[must_use]
+ fn chain_update(self, data: impl AsRef<[u8]>) -> Self;
+
+ /// Retrieve result and consume hasher instance.
+ fn finalize(self) -> Output<Self>;
+
+ /// Write result into provided array and consume the hasher instance.
+ fn finalize_into(self, out: &mut Output<Self>);
+
+ /// Retrieve result and reset hasher instance.
+ fn finalize_reset(&mut self) -> Output<Self>
+ where
+ Self: FixedOutputReset;
+
+ /// Write result into provided array and reset the hasher instance.
+ fn finalize_into_reset(&mut self, out: &mut Output<Self>)
+ where
+ Self: FixedOutputReset;
+
+ /// Reset hasher instance to its initial state.
+ fn reset(&mut self)
+ where
+ Self: Reset;
+
+ /// Get output size of the hasher
+ fn output_size() -> usize;
+
+ /// Compute hash of `data`.
+ fn digest(data: impl AsRef<[u8]>) -> Output<Self>;
+}
+
+impl<D: FixedOutput + Default + Update + HashMarker> Digest for D {
+ #[inline]
+ fn new() -> Self {
+ Self::default()
+ }
+
+ #[inline]
+ fn new_with_prefix(data: impl AsRef<[u8]>) -> Self
+ where
+ Self: Default + Sized,
+ {
+ let mut h = Self::default();
+ h.update(data.as_ref());
+ h
+ }
+
+ #[inline]
+ fn update(&mut self, data: impl AsRef<[u8]>) {
+ Update::update(self, data.as_ref());
+ }
+
+ #[inline]
+ fn chain_update(mut self, data: impl AsRef<[u8]>) -> Self {
+ Update::update(&mut self, data.as_ref());
+ self
+ }
+
+ #[inline]
+ fn finalize(self) -> Output<Self> {
+ FixedOutput::finalize_fixed(self)
+ }
+
+ #[inline]
+ fn finalize_into(self, out: &mut Output<Self>) {
+ FixedOutput::finalize_into(self, out);
+ }
+
+ #[inline]
+ fn finalize_reset(&mut self) -> Output<Self>
+ where
+ Self: FixedOutputReset,
+ {
+ FixedOutputReset::finalize_fixed_reset(self)
+ }
+
+ #[inline]
+ fn finalize_into_reset(&mut self, out: &mut Output<Self>)
+ where
+ Self: FixedOutputReset,
+ {
+ FixedOutputReset::finalize_into_reset(self, out);
+ }
+
+ #[inline]
+ fn reset(&mut self)
+ where
+ Self: Reset,
+ {
+ Reset::reset(self)
+ }
+
+ #[inline]
+ fn output_size() -> usize {
+ Self::OutputSize::to_usize()
+ }
+
+ #[inline]
+ fn digest(data: impl AsRef<[u8]>) -> Output<Self> {
+ let mut hasher = Self::default();
+ hasher.update(data.as_ref());
+ hasher.finalize()
+ }
+}
+
+/// Modification of the [`Digest`] trait suitable for trait objects.
+pub trait DynDigest {
+ /// Digest input data.
+ ///
+ /// This method can be called repeatedly for use with streaming messages.
+ fn update(&mut self, data: &[u8]);
+
+ /// Retrieve result and reset hasher instance
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ fn finalize_reset(&mut self) -> Box<[u8]> {
+ let mut result = vec![0; self.output_size()];
+ self.finalize_into_reset(&mut result).unwrap();
+ result.into_boxed_slice()
+ }
+
+ /// Retrieve result and consume boxed hasher instance
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ #[allow(clippy::boxed_local)]
+ fn finalize(mut self: Box<Self>) -> Box<[u8]> {
+ let mut result = vec![0; self.output_size()];
+ self.finalize_into_reset(&mut result).unwrap();
+ result.into_boxed_slice()
+ }
+
+ /// Write result into provided array and consume the hasher instance.
+ ///
+ /// Returns error if buffer length is not equal to `output_size`.
+ fn finalize_into(self, buf: &mut [u8]) -> Result<(), InvalidBufferSize>;
+
+ /// Write result into provided array and reset the hasher instance.
+ ///
+ /// Returns error if buffer length is not equal to `output_size`.
+ fn finalize_into_reset(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize>;
+
+ /// Reset hasher instance to its initial state.
+ fn reset(&mut self);
+
+ /// Get output size of the hasher
+ fn output_size(&self) -> usize;
+
+ /// Clone hasher state into a boxed trait object
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ fn box_clone(&self) -> Box<dyn DynDigest>;
+}
+
+impl<D: Update + FixedOutputReset + Reset + Clone + 'static> DynDigest for D {
+ fn update(&mut self, data: &[u8]) {
+ Update::update(self, data);
+ }
+
+ #[cfg(feature = "alloc")]
+ fn finalize_reset(&mut self) -> Box<[u8]> {
+ FixedOutputReset::finalize_fixed_reset(self)
+ .to_vec()
+ .into_boxed_slice()
+ }
+
+ #[cfg(feature = "alloc")]
+ fn finalize(self: Box<Self>) -> Box<[u8]> {
+ FixedOutput::finalize_fixed(*self)
+ .to_vec()
+ .into_boxed_slice()
+ }
+
+ fn finalize_into(self, buf: &mut [u8]) -> Result<(), InvalidBufferSize> {
+ if buf.len() == self.output_size() {
+ FixedOutput::finalize_into(self, Output::<Self>::from_mut_slice(buf));
+ Ok(())
+ } else {
+ Err(InvalidBufferSize)
+ }
+ }
+
+ fn finalize_into_reset(&mut self, buf: &mut [u8]) -> Result<(), InvalidBufferSize> {
+ if buf.len() == self.output_size() {
+ FixedOutputReset::finalize_into_reset(self, Output::<Self>::from_mut_slice(buf));
+ Ok(())
+ } else {
+ Err(InvalidBufferSize)
+ }
+ }
+
+ fn reset(&mut self) {
+ Reset::reset(self);
+ }
+
+ fn output_size(&self) -> usize {
+ <Self as OutputSizeUser>::OutputSize::to_usize()
+ }
+
+ #[cfg(feature = "alloc")]
+ fn box_clone(&self) -> Box<dyn DynDigest> {
+ Box::new(self.clone())
+ }
+}
+
+#[cfg(feature = "alloc")]
+#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+impl Clone for Box<dyn DynDigest> {
+ fn clone(&self) -> Self {
+ self.box_clone()
+ }
+}
diff --git a/third_party/rust/digest/src/lib.rs b/third_party/rust/digest/src/lib.rs
new file mode 100644
index 0000000000..fc82e2e3ad
--- /dev/null
+++ b/third_party/rust/digest/src/lib.rs
@@ -0,0 +1,301 @@
+//! This crate provides traits which describe functionality of cryptographic hash
+//! functions and Message Authentication algorithms.
+//!
+//! Traits in this repository are organized into the following levels:
+//!
+//! - **High-level convenience traits**: [`Digest`], [`DynDigest`], [`Mac`].
+//! Wrappers around lower-level traits for most common use-cases. Users should
+//! usually prefer using these traits.
+//! - **Mid-level traits**: [`Update`], [`FixedOutput`], [`FixedOutputReset`],
+//! [`ExtendableOutput`], [`ExtendableOutputReset`], [`XofReader`],
+//! [`VariableOutput`], [`Reset`], [`KeyInit`], and [`InnerInit`]. These
+//! traits atomically describe available functionality of an algorithm.
+//! - **Marker traits**: [`HashMarker`], [`MacMarker`]. Used to distinguish
+//! different algorithm classes.
+//! - **Low-level traits** defined in the [`core_api`] module. These traits
+//! operate at a block-level and do not contain any built-in buffering.
+//! They are intended to be implemented by low-level algorithm providers only.
+//! Usually they should not be used in application-level code.
+//!
+//! Additionally hash functions implement traits from the standard library:
+//! [`Default`], [`Clone`], [`Write`][std::io::Write]. The latter is
+//! feature-gated behind `std` feature, which is usually enabled by default
+//! by hash implementation crates.
+
+#![no_std]
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![forbid(unsafe_code)]
+#![doc(
+ html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
+ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
+)]
+#![warn(missing_docs, rust_2018_idioms)]
+
+#[cfg(feature = "alloc")]
+#[macro_use]
+extern crate alloc;
+
+#[cfg(feature = "std")]
+extern crate std;
+
+#[cfg(feature = "rand_core")]
+#[cfg_attr(docsrs, doc(cfg(feature = "rand_core")))]
+pub use crypto_common::rand_core;
+
+#[cfg(feature = "alloc")]
+use alloc::boxed::Box;
+
+#[cfg(feature = "dev")]
+#[cfg_attr(docsrs, doc(cfg(feature = "dev")))]
+pub mod dev;
+
+#[cfg(feature = "core-api")]
+#[cfg_attr(docsrs, doc(cfg(feature = "core-api")))]
+pub mod core_api;
+mod digest;
+#[cfg(feature = "mac")]
+mod mac;
+
+#[cfg(feature = "core-api")]
+#[cfg_attr(docsrs, doc(cfg(feature = "core-api")))]
+pub use block_buffer;
+#[cfg(feature = "oid")]
+#[cfg_attr(docsrs, doc(cfg(feature = "oid")))]
+pub use const_oid;
+pub use crypto_common;
+
+pub use crate::digest::{Digest, DynDigest, HashMarker};
+pub use crypto_common::{generic_array, typenum, typenum::consts, Output, OutputSizeUser, Reset};
+#[cfg(feature = "mac")]
+pub use crypto_common::{InnerInit, InvalidLength, Key, KeyInit};
+#[cfg(feature = "mac")]
+pub use mac::{CtOutput, Mac, MacError, MacMarker};
+
+use core::fmt;
+
+/// Types which consume data with byte granularity.
+pub trait Update {
+ /// Update state using the provided data.
+ fn update(&mut self, data: &[u8]);
+
+ /// Digest input data in a chained manner.
+ #[must_use]
+ fn chain(mut self, data: impl AsRef<[u8]>) -> Self
+ where
+ Self: Sized,
+ {
+ self.update(data.as_ref());
+ self
+ }
+}
+
+/// Trait for hash functions with fixed-size output.
+pub trait FixedOutput: Update + OutputSizeUser + Sized {
+ /// Consume value and write result into provided array.
+ fn finalize_into(self, out: &mut Output<Self>);
+
+ /// Retrieve result and consume the hasher instance.
+ #[inline]
+ fn finalize_fixed(self) -> Output<Self> {
+ let mut out = Default::default();
+ self.finalize_into(&mut out);
+ out
+ }
+}
+
+/// Trait for hash functions with fixed-size output able to reset themselves.
+pub trait FixedOutputReset: FixedOutput + Reset {
+ /// Write result into provided array and reset the hasher state.
+ fn finalize_into_reset(&mut self, out: &mut Output<Self>);
+
+ /// Retrieve result and reset the hasher state.
+ #[inline]
+ fn finalize_fixed_reset(&mut self) -> Output<Self> {
+ let mut out = Default::default();
+ self.finalize_into_reset(&mut out);
+ out
+ }
+}
+
+/// Trait for reader types which are used to extract extendable output
+/// from a XOF (extendable-output function) result.
+pub trait XofReader {
+ /// Read output into the `buffer`. Can be called an unlimited number of times.
+ fn read(&mut self, buffer: &mut [u8]);
+
+ /// Read output into a boxed slice of the specified size.
+ ///
+ /// Can be called an unlimited number of times in combination with `read`.
+ ///
+ /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since
+ /// they have size of 2 and 3 words respectively.
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ fn read_boxed(&mut self, n: usize) -> Box<[u8]> {
+ let mut buf = vec![0u8; n].into_boxed_slice();
+ self.read(&mut buf);
+ buf
+ }
+}
+
+/// Trait for hash functions with extendable-output (XOF).
+pub trait ExtendableOutput: Sized + Update {
+ /// Reader
+ type Reader: XofReader;
+
+ /// Retrieve XOF reader and consume hasher instance.
+ fn finalize_xof(self) -> Self::Reader;
+
+ /// Finalize XOF and write result into `out`.
+ fn finalize_xof_into(self, out: &mut [u8]) {
+ self.finalize_xof().read(out);
+ }
+
+ /// Compute hash of `data` and write it into `output`.
+ fn digest_xof(input: impl AsRef<[u8]>, output: &mut [u8])
+ where
+ Self: Default,
+ {
+ let mut hasher = Self::default();
+ hasher.update(input.as_ref());
+ hasher.finalize_xof().read(output);
+ }
+
+ /// Retrieve result into a boxed slice of the specified size and consume
+ /// the hasher.
+ ///
+ /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since
+ /// they have size of 2 and 3 words respectively.
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ fn finalize_boxed(self, output_size: usize) -> Box<[u8]> {
+ let mut buf = vec![0u8; output_size].into_boxed_slice();
+ self.finalize_xof().read(&mut buf);
+ buf
+ }
+}
+
+/// Trait for hash functions with extendable-output (XOF) able to reset themselves.
+pub trait ExtendableOutputReset: ExtendableOutput + Reset {
+ /// Retrieve XOF reader and reset hasher instance state.
+ fn finalize_xof_reset(&mut self) -> Self::Reader;
+
+ /// Finalize XOF, write result into `out`, and reset the hasher state.
+ fn finalize_xof_reset_into(&mut self, out: &mut [u8]) {
+ self.finalize_xof_reset().read(out);
+ }
+
+ /// Retrieve result into a boxed slice of the specified size and reset
+ /// the hasher state.
+ ///
+ /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since
+ /// they have size of 2 and 3 words respectively.
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ fn finalize_boxed_reset(&mut self, output_size: usize) -> Box<[u8]> {
+ let mut buf = vec![0u8; output_size].into_boxed_slice();
+ self.finalize_xof_reset().read(&mut buf);
+ buf
+ }
+}
+
+/// Trait for hash functions with variable-size output.
+pub trait VariableOutput: Sized + Update {
+ /// Maximum size of output hash.
+ const MAX_OUTPUT_SIZE: usize;
+
+ /// Create new hasher instance with the given output size.
+ ///
+ /// It will return `Err(InvalidOutputSize)` in case if hasher can not return
+ /// hash of the specified output size.
+ fn new(output_size: usize) -> Result<Self, InvalidOutputSize>;
+
+ /// Get output size of the hasher instance provided to the `new` method
+ fn output_size(&self) -> usize;
+
+ /// Write result into the output buffer.
+ ///
+ /// Returns `Err(InvalidOutputSize)` if `out` size is not equal to
+ /// `self.output_size()`.
+ fn finalize_variable(self, out: &mut [u8]) -> Result<(), InvalidBufferSize>;
+
+ /// Compute hash of `data` and write it to `output`.
+ ///
+ /// Length of the output hash is determined by `output`. If `output` is
+ /// bigger than `Self::MAX_OUTPUT_SIZE`, this method returns
+ /// `InvalidOutputSize`.
+ fn digest_variable(
+ input: impl AsRef<[u8]>,
+ output: &mut [u8],
+ ) -> Result<(), InvalidOutputSize> {
+ let mut hasher = Self::new(output.len())?;
+ hasher.update(input.as_ref());
+ hasher
+ .finalize_variable(output)
+ .map_err(|_| InvalidOutputSize)
+ }
+
+ /// Retrieve result into a boxed slice and consume hasher.
+ ///
+ /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since
+ /// they have size of 2 and 3 words respectively.
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ fn finalize_boxed(self) -> Box<[u8]> {
+ let n = self.output_size();
+ let mut buf = vec![0u8; n].into_boxed_slice();
+ self.finalize_variable(&mut buf)
+ .expect("buf length is equal to output_size");
+ buf
+ }
+}
+
+/// Trait for hash functions with variable-size output able to reset themselves.
+pub trait VariableOutputReset: VariableOutput + Reset {
+ /// Write result into the output buffer and reset the hasher state.
+ ///
+ /// Returns `Err(InvalidOutputSize)` if `out` size is not equal to
+ /// `self.output_size()`.
+ fn finalize_variable_reset(&mut self, out: &mut [u8]) -> Result<(), InvalidBufferSize>;
+
+ /// Retrieve result into a boxed slice and reset the hasher state.
+ ///
+ /// `Box<[u8]>` is used instead of `Vec<u8>` to save stack space, since
+ /// they have size of 2 and 3 words respectively.
+ #[cfg(feature = "alloc")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
+ fn finalize_boxed_reset(&mut self) -> Box<[u8]> {
+ let n = self.output_size();
+ let mut buf = vec![0u8; n].into_boxed_slice();
+ self.finalize_variable_reset(&mut buf)
+ .expect("buf length is equal to output_size");
+ buf
+ }
+}
+
+/// The error type used in variable hash traits.
+#[derive(Clone, Copy, Debug, Default)]
+pub struct InvalidOutputSize;
+
+impl fmt::Display for InvalidOutputSize {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ f.write_str("invalid output size")
+ }
+}
+
+#[cfg(feature = "std")]
+#[cfg_attr(docsrs, doc(cfg(feature = "std")))]
+impl std::error::Error for InvalidOutputSize {}
+
+/// Buffer length is not equal to hash output size.
+#[derive(Default, Debug, Copy, Clone, Eq, PartialEq)]
+pub struct InvalidBufferSize;
+
+impl fmt::Display for InvalidBufferSize {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ f.write_str("invalid buffer length")
+ }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for InvalidBufferSize {}
diff --git a/third_party/rust/digest/src/mac.rs b/third_party/rust/digest/src/mac.rs
new file mode 100644
index 0000000000..1c31359ea3
--- /dev/null
+++ b/third_party/rust/digest/src/mac.rs
@@ -0,0 +1,305 @@
+use crate::{FixedOutput, FixedOutputReset, Update};
+use crypto_common::{InvalidLength, Key, KeyInit, Output, OutputSizeUser, Reset};
+
+#[cfg(feature = "rand_core")]
+use crate::rand_core::{CryptoRng, RngCore};
+use core::fmt;
+use crypto_common::typenum::Unsigned;
+use subtle::{Choice, ConstantTimeEq};
+
+/// Marker trait for Message Authentication algorithms.
+#[cfg_attr(docsrs, doc(cfg(feature = "mac")))]
+pub trait MacMarker {}
+
+/// Convenience wrapper trait covering functionality of Message Authentication algorithms.
+///
+/// This trait wraps [`KeyInit`], [`Update`], [`FixedOutput`], and [`MacMarker`]
+/// traits and provides additional convenience methods.
+#[cfg_attr(docsrs, doc(cfg(feature = "mac")))]
+pub trait Mac: OutputSizeUser + Sized {
+ /// Create new value from fixed size key.
+ fn new(key: &Key<Self>) -> Self
+ where
+ Self: KeyInit;
+
+ /// Generate random key using the provided [`CryptoRng`].
+ #[cfg(feature = "rand_core")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "rand_core")))]
+ fn generate_key(rng: impl CryptoRng + RngCore) -> Key<Self>
+ where
+ Self: KeyInit;
+
+ /// Create new value from variable size key.
+ fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength>
+ where
+ Self: KeyInit;
+
+ /// Update state using the provided data.
+ fn update(&mut self, data: &[u8]);
+
+ /// Process input data in a chained manner.
+ #[must_use]
+ fn chain_update(self, data: impl AsRef<[u8]>) -> Self;
+
+ /// Obtain the result of a [`Mac`] computation as a [`CtOutput`] and consume
+ /// [`Mac`] instance.
+ fn finalize(self) -> CtOutput<Self>;
+
+ /// Obtain the result of a [`Mac`] computation as a [`CtOutput`] and reset
+ /// [`Mac`] instance.
+ fn finalize_reset(&mut self) -> CtOutput<Self>
+ where
+ Self: FixedOutputReset;
+
+ /// Reset MAC instance to its initial state.
+ fn reset(&mut self)
+ where
+ Self: Reset;
+
+ /// Check if tag/code value is correct for the processed input.
+ fn verify(self, tag: &Output<Self>) -> Result<(), MacError>;
+
+ /// Check if tag/code value is correct for the processed input and reset
+ /// [`Mac`] instance.
+ fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError>
+ where
+ Self: FixedOutputReset;
+
+ /// Check truncated tag correctness using all bytes
+ /// of calculated tag.
+ ///
+ /// Returns `Error` if `tag` is not valid or not equal in length
+ /// to MAC's output.
+ fn verify_slice(self, tag: &[u8]) -> Result<(), MacError>;
+
+ /// Check truncated tag correctness using all bytes
+ /// of calculated tag and reset [`Mac`] instance.
+ ///
+ /// Returns `Error` if `tag` is not valid or not equal in length
+ /// to MAC's output.
+ fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError>
+ where
+ Self: FixedOutputReset;
+
+ /// Check truncated tag correctness using left side bytes
+ /// (i.e. `tag[..n]`) of calculated tag.
+ ///
+ /// Returns `Error` if `tag` is not valid or empty.
+ fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError>;
+
+ /// Check truncated tag correctness using right side bytes
+ /// (i.e. `tag[n..]`) of calculated tag.
+ ///
+ /// Returns `Error` if `tag` is not valid or empty.
+ fn verify_truncated_right(self, tag: &[u8]) -> Result<(), MacError>;
+}
+
+impl<T: Update + FixedOutput + MacMarker> Mac for T {
+ #[inline(always)]
+ fn new(key: &Key<Self>) -> Self
+ where
+ Self: KeyInit,
+ {
+ KeyInit::new(key)
+ }
+
+ #[inline(always)]
+ fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength>
+ where
+ Self: KeyInit,
+ {
+ KeyInit::new_from_slice(key)
+ }
+
+ #[inline]
+ fn update(&mut self, data: &[u8]) {
+ Update::update(self, data);
+ }
+
+ #[inline]
+ fn chain_update(mut self, data: impl AsRef<[u8]>) -> Self {
+ Update::update(&mut self, data.as_ref());
+ self
+ }
+
+ #[inline]
+ fn finalize(self) -> CtOutput<Self> {
+ CtOutput::new(self.finalize_fixed())
+ }
+
+ #[inline(always)]
+ fn finalize_reset(&mut self) -> CtOutput<Self>
+ where
+ Self: FixedOutputReset,
+ {
+ CtOutput::new(self.finalize_fixed_reset())
+ }
+
+ #[inline]
+ fn reset(&mut self)
+ where
+ Self: Reset,
+ {
+ Reset::reset(self)
+ }
+
+ #[inline]
+ fn verify(self, tag: &Output<Self>) -> Result<(), MacError> {
+ if self.finalize() == tag.into() {
+ Ok(())
+ } else {
+ Err(MacError)
+ }
+ }
+
+ #[inline]
+ fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError>
+ where
+ Self: FixedOutputReset,
+ {
+ if self.finalize_reset() == tag.into() {
+ Ok(())
+ } else {
+ Err(MacError)
+ }
+ }
+
+ #[inline]
+ fn verify_slice(self, tag: &[u8]) -> Result<(), MacError> {
+ let n = tag.len();
+ if n != Self::OutputSize::USIZE {
+ return Err(MacError);
+ }
+ let choice = self.finalize_fixed().ct_eq(tag);
+ if choice.into() {
+ Ok(())
+ } else {
+ Err(MacError)
+ }
+ }
+
+ #[inline]
+ fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError>
+ where
+ Self: FixedOutputReset,
+ {
+ let n = tag.len();
+ if n != Self::OutputSize::USIZE {
+ return Err(MacError);
+ }
+ let choice = self.finalize_fixed_reset().ct_eq(tag);
+ if choice.into() {
+ Ok(())
+ } else {
+ Err(MacError)
+ }
+ }
+
+ fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError> {
+ let n = tag.len();
+ if n == 0 || n > Self::OutputSize::USIZE {
+ return Err(MacError);
+ }
+ let choice = self.finalize_fixed()[..n].ct_eq(tag);
+
+ if choice.into() {
+ Ok(())
+ } else {
+ Err(MacError)
+ }
+ }
+
+ fn verify_truncated_right(self, tag: &[u8]) -> Result<(), MacError> {
+ let n = tag.len();
+ if n == 0 || n > Self::OutputSize::USIZE {
+ return Err(MacError);
+ }
+ let m = Self::OutputSize::USIZE - n;
+ let choice = self.finalize_fixed()[m..].ct_eq(tag);
+
+ if choice.into() {
+ Ok(())
+ } else {
+ Err(MacError)
+ }
+ }
+
+ #[cfg(feature = "rand_core")]
+ #[cfg_attr(docsrs, doc(cfg(feature = "rand_core")))]
+ #[inline]
+ fn generate_key(rng: impl CryptoRng + RngCore) -> Key<Self>
+ where
+ Self: KeyInit,
+ {
+ <T as KeyInit>::generate_key(rng)
+ }
+}
+
+/// Fixed size output value which provides a safe [`Eq`] implementation that
+/// runs in constant time.
+///
+/// It is useful for implementing Message Authentication Codes (MACs).
+#[derive(Clone)]
+#[cfg_attr(docsrs, doc(cfg(feature = "mac")))]
+pub struct CtOutput<T: OutputSizeUser> {
+ bytes: Output<T>,
+}
+
+impl<T: OutputSizeUser> CtOutput<T> {
+ /// Create a new [`CtOutput`] value.
+ #[inline(always)]
+ pub fn new(bytes: Output<T>) -> Self {
+ Self { bytes }
+ }
+
+ /// Get the inner [`Output`] array this type wraps.
+ #[inline(always)]
+ pub fn into_bytes(self) -> Output<T> {
+ self.bytes
+ }
+}
+
+impl<T: OutputSizeUser> From<Output<T>> for CtOutput<T> {
+ #[inline(always)]
+ fn from(bytes: Output<T>) -> Self {
+ Self { bytes }
+ }
+}
+
+impl<'a, T: OutputSizeUser> From<&'a Output<T>> for CtOutput<T> {
+ #[inline(always)]
+ fn from(bytes: &'a Output<T>) -> Self {
+ bytes.clone().into()
+ }
+}
+
+impl<T: OutputSizeUser> ConstantTimeEq for CtOutput<T> {
+ #[inline(always)]
+ fn ct_eq(&self, other: &Self) -> Choice {
+ self.bytes.ct_eq(&other.bytes)
+ }
+}
+
+impl<T: OutputSizeUser> PartialEq for CtOutput<T> {
+ #[inline(always)]
+ fn eq(&self, x: &CtOutput<T>) -> bool {
+ self.ct_eq(x).into()
+ }
+}
+
+impl<T: OutputSizeUser> Eq for CtOutput<T> {}
+
+/// Error type for when the [`Output`] of a [`Mac`]
+/// is not equal to the expected value.
+#[derive(Default, Debug, Copy, Clone, Eq, PartialEq)]
+#[cfg_attr(docsrs, doc(cfg(feature = "mac")))]
+pub struct MacError;
+
+impl fmt::Display for MacError {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ f.write_str("MAC tag mismatch")
+ }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for MacError {}