diff --git a/.github/workflows/bash-prg-hash.yml b/.github/workflows/bash-prg-hash.yml new file mode 100644 index 00000000..10736e8c --- /dev/null +++ b/.github/workflows/bash-prg-hash.yml @@ -0,0 +1,72 @@ +name: bash-prg-hash + +on: + pull_request: + paths: + - ".github/workflows/bash-prg-hash.yml" + - "bash-prg-hash/**" + - "Cargo.*" + push: + branches: master + +defaults: + run: + working-directory: bash-prg-hash + +env: + CARGO_INCREMENTAL: 0 + RUSTFLAGS: "-Dwarnings" + +# Cancels CI jobs when new commits are pushed to a PR branch +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + set-msrv: + uses: RustCrypto/actions/.github/workflows/set-msrv.yml@master + with: + msrv: 1.85.0 + + build: + needs: set-msrv + runs-on: ubuntu-latest + strategy: + matrix: + rust: + - ${{needs.set-msrv.outputs.msrv}} + - stable + target: + - thumbv7em-none-eabi + - wasm32-unknown-unknown + steps: + - uses: actions/checkout@v5 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.rust }} + targets: ${{ matrix.target }} + - uses: RustCrypto/actions/cargo-hack-install@master + - run: cargo hack build --target ${{ matrix.target }} --each-feature --exclude-features default,std + + test: + needs: set-msrv + runs-on: ubuntu-latest + strategy: + matrix: + rust: + - ${{needs.set-msrv.outputs.msrv}} + - stable + steps: + - uses: actions/checkout@v5 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.rust }} + - uses: RustCrypto/actions/cargo-hack-install@master + - run: cargo hack test --feature-powerset + + minimal-versions: + uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master + with: + working-directory: ${{ github.workflow }} diff --git a/Cargo.lock b/Cargo.lock index b0098149..5098fc03 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -45,6 +45,16 @@ dependencies = [ "hex-literal", ] +[[package]] +name = "bash-prg-hash" +version = "0.1.0" +dependencies = [ + "base16ct", + "bash-f", + "digest", + "hex-literal", +] + [[package]] name = "belt-block" version = "0.1.2" diff --git a/Cargo.toml b/Cargo.toml index bf29f817..77aa508c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,6 +3,7 @@ resolver = "3" members = [ "ascon-hash", "bash-hash", + "bash-prg-hash", "belt-hash", "blake2", "fsb", diff --git a/bash-prg-hash/CHANGELOG.md b/bash-prg-hash/CHANGELOG.md new file mode 100644 index 00000000..f09fc589 --- /dev/null +++ b/bash-prg-hash/CHANGELOG.md @@ -0,0 +1,12 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + + +## 0.1.0 (UNRELEASED) +- Initial release ([#751]) + +[#745]: https://github.com/RustCrypto/hashes/pull/751 \ No newline at end of file diff --git a/bash-prg-hash/Cargo.toml b/bash-prg-hash/Cargo.toml new file mode 100644 index 00000000..55ff76ce --- /dev/null +++ b/bash-prg-hash/Cargo.toml @@ -0,0 +1,31 @@ +[package] +name = "bash-prg-hash" +version = "0.1.0" +description = "bash hash prg function (STB 34.101.77-2020)" +authors = ["RustCrypto Developers"] +license = "MIT OR Apache-2.0" +readme = "README.md" +edition = "2024" +rust-version = "1.85" +documentation = "https://docs.rs/belt-hash-prg" +repository = "https://github.com/RustCrypto/hashes" +keywords = ["belt", "stb", "hash", "digest"] +categories = ["cryptography", "no-std"] + +[dependencies] +digest = "0.11.0-rc.3" +bash-f = "0.1" + +[dev-dependencies] +digest = { version = "0.11.0-rc.3", features = ["dev"] } +hex-literal = "1" +base16ct = { version = "0.3", features = ["alloc"] } + +[features] +default = ["alloc", "oid"] +alloc = ["digest/alloc"] +oid = ["digest/oid"] +zeroize = ["digest/zeroize"] + +[package.metadata.docs.rs] +all-features = true diff --git a/bash-prg-hash/LICENSE-APACHE b/bash-prg-hash/LICENSE-APACHE new file mode 100644 index 00000000..78173fa2 --- /dev/null +++ b/bash-prg-hash/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bash-prg-hash/LICENSE-MIT b/bash-prg-hash/LICENSE-MIT new file mode 100644 index 00000000..82a58781 --- /dev/null +++ b/bash-prg-hash/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2025 The RustCrypto Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/bash-prg-hash/README.md b/bash-prg-hash/README.md new file mode 100644 index 00000000..02d8ee03 --- /dev/null +++ b/bash-prg-hash/README.md @@ -0,0 +1,63 @@ +# RustCrypto: bash prg hash + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +[![Build Status][build-image]][build-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] + +Pure Rust implementation of the bash prg hash function specified in [STB 34.101.77-2020]. + +## Examples +```rust +use hex_literal::hex; +use bash_prg_hash::{BashPrgHash2561, Digest}; +use digest::{Update, ExtendableOutput}; +let mut hasher = BashPrgHash2561::default(); +hasher.update(b"hello world!"); + +let mut hash = [0u8; 32]; +hasher.finalize_xof_into(&mut hash); + +assert_eq!(hash, hex!("0C6B82907AE77386DDF0BA2D7CFDDD99F79A9B0094E545AEF8968A99440F5185")); + +// Hex-encode hash using https://docs.rs/base16ct +let hex_hash = base16ct::upper::encode_string(&hash); +assert_eq!(hex_hash, "0C6B82907AE77386DDF0BA2D7CFDDD99F79A9B0094E545AEF8968A99440F5185"); +``` + +Also, see the [examples section] in the RustCrypto/hashes readme. + +## License + +The crate is licensed under either of: + +* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) +* [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://img.shields.io/crates/v/belt-hash.svg +[crate-link]: https://crates.io/crates/belt-hash +[docs-image]: https://docs.rs/belt-hash/badge.svg +[docs-link]: https://docs.rs/belt-hash +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260041-hashes +[build-image]: https://github.com/RustCrypto/hashes/actions/workflows/belt-hash.yml/badge.svg?branch=master +[build-link]: https://github.com/RustCrypto/hashes/actions/workflows/belt-hash.yml?query=branch:master + +[//]: # (general links) + +[STB 34.101.77-2020]: http://apmi.bsu.by/assets/files/std/bash-spec241.pdf +[examples section]: https://github.com/RustCrypto/hashes#Examples diff --git a/bash-prg-hash/benches/mod.rs b/bash-prg-hash/benches/mod.rs new file mode 100644 index 00000000..4659e417 --- /dev/null +++ b/bash-prg-hash/benches/mod.rs @@ -0,0 +1,30 @@ +#![feature(test)] +extern crate test; + +use bash_prg_hash::{BashPrgHash1282, BashPrgHash1921, BashPrgHash2562}; +use digest::bench_update; +use test::Bencher; + +bench_update!( + BashPrgHash1282::default(); + bash_prg_hash1282_10 10; + bash_prg_hash1282_100 100; + bash_prg_hash1282_1000 1000; + bash_prg_hash1282_10000 10000; +); + +bench_update!( + BashPrgHash1921::default(); + bash_prg_hash1921_10 10; + bash_prg_hash1921_100 100; + bash_prg_hash1921_1000 1000; + bash_prg_hash1921_10000 10000; +); + +bench_update!( + BashPrgHash2562::default(); + bash_prg_hash2562_10 10; + bash_prg_hash2562_100 100; + bash_prg_hash2562_1000 1000; + bash_prg_hash2562_10000 10000; +); diff --git a/bash-prg-hash/src/block_api.rs b/bash-prg-hash/src/block_api.rs new file mode 100644 index 00000000..73774ce8 --- /dev/null +++ b/bash-prg-hash/src/block_api.rs @@ -0,0 +1,260 @@ +use bash_f::{STATE_WORDS, bash_f}; +use core::{fmt, marker::PhantomData}; +use digest::block_api::BlockSizeUser; +use digest::core_api::AlgorithmName; + +use crate::variants::{Cap1, Cap2, Capacity, Level128, Level192, Level256, SecurityLevel}; + +/// A constant representing the maximum size of a header in bytes. +pub const MAX_HEADER_LEN: usize = 60; + +/// Data type codes from Table 3 of STB 34.101.77-2020 +const DATA: u8 = 0b000010; +/// Data type codes from Table 3 of STB 34.101.77-2020 +const OUT: u8 = 0b000100; + +/// Core bash-prg-hash hasher state generic over security level and capacity. +/// +/// Specified in Section 8.12 of STB 34.101.77-2020. +pub struct BashPrgHashCore { + state: [u64; STATE_WORDS], + rate_bytes: usize, // r/8 - buffer size in bytes + offset: usize, // current offset in bytes + header: [u8; MAX_HEADER_LEN], // max header size (480 bits = 60 bytes) + header_len: usize, // header length in bytes + data_committed: bool, // whether commit(DATA) was called in + _level: PhantomData, + _capacity: PhantomData, +} + +macro_rules! impl_block_sizes { + ($($level:ty, $cap:ty),* $(,)?) => { + $( + impl BlockSizeUser for BashPrgHashCore<$level, $cap> { + type BlockSize = digest::typenum::U<{ + (1536 - 2 * <$cap as Capacity>::CAPACITY * <$level as SecurityLevel>::LEVEL) / 8 + }>; + } + )* + }; +} + +impl_block_sizes! { + Level128, Cap1, + Level192, Cap1, + Level256, Cap1, + Level128, Cap2, + Level192, Cap2, + Level256, Cap2, +} + +impl BashPrgHashCore { + /// Calculate buffer size r = 1536 - 2dℓ (in bytes) + const fn calculate_rate_bytes() -> usize { + (1536 - 2 * D::CAPACITY * L::LEVEL) / 8 + } + + /// Create a new hasher with an announcement (header). + pub fn new(header: &[u8]) -> Self { + assert!( + header.len() <= MAX_HEADER_LEN, + "Header length must not exceed 480 bits (60 bytes)" + ); + assert_eq!( + header.len() % 4, + 0, + "Header length must be multiple of 32 bits (4 bytes)" + ); + + let mut header_buf = [0u8; 60]; + header_buf[..header.len()].copy_from_slice(header); + + Self { + state: [0u64; STATE_WORDS], + rate_bytes: Self::calculate_rate_bytes(), + offset: 0, + header: header_buf, + header_len: header.len(), + data_committed: false, + _level: PhantomData, + _capacity: PhantomData, + } + } + + /// Helper: modify byte at position in state + fn modify_byte(&mut self, pos: usize, f: F) { + let word_idx = pos / 8; + let byte_in_word = pos % 8; + let mut bytes = self.state[word_idx].to_le_bytes(); + f(&mut bytes[byte_in_word]); + self.state[word_idx] = u64::from_le_bytes(bytes); + } + + /// Helper: get byte at position in state + fn get_byte(&self, pos: usize) -> u8 { + let word_idx = pos / 8; + let byte_in_word = pos % 8; + self.state[word_idx].to_le_bytes()[byte_in_word] + } + + /// XOR input bytes into state at current offset + fn xor_in(&mut self, input: &[u8]) { + for (i, &byte) in input.iter().enumerate() { + self.modify_byte(self.offset + i, |b| *b ^= byte); + } + self.offset += input.len(); + } + + /// Extract bytes from state at current offset + fn extract_bytes(&mut self, output: &mut [u8]) { + for (i, out_byte) in output.iter_mut().enumerate() { + *out_byte = self.get_byte(self.offset + i); + } + self.offset += output.len(); + } + + /// Execute start command (Section 8.3) + fn start(&mut self) { + // Step 3: pos ← 8 + |A| + |K| (in bits) = 1 + header_len (in bytes) + let header_len = self.header_len; + self.offset = 1 + header_len; + + // Step 4: S[...pos) ← ⟨|A|/2 + |K|/32⟩_8 || A || K + // First byte: |A|/2 where |A| is in bits + let first_byte = ((header_len * 8) / 2) as u8; + self.modify_byte(0, |b| *b = first_byte); + + // Copy header bytes + for i in 0..header_len { + let byte = self.header[i]; + self.modify_byte(1 + i, |b| *b = byte); + } + + // Step 6: S[1472...) ← ⟨ℓ/4 + d⟩_64 + self.state[23] = (L::LEVEL / 4 + D::CAPACITY) as u64; + } + + /// Execute commit command (Section 8.4) + fn commit(&mut self, t: u8) { + // Step 1: S[pos...pos+8) ← S[pos...pos+8) ⊕ (t||01) + let tag = (t << 2) | 0x01; + self.modify_byte(self.offset, |b| *b ^= tag); + + // Step 2: S[r] ← S[r] ⊕ 1 (flip bit at position r in bits) + let r_bit_in_byte = (self.rate_bytes * 8) % 8; + // MSB-first within a byte: bit index i maps to (7 - i) + self.modify_byte(self.rate_bytes, |b| *b ^= 1u8 << (7 - r_bit_in_byte)); + + // Step 3: S ← bash-f(S) + bash_f(&mut self.state); + + // Step 4: pos ← 0 + self.offset = 0; + } + + /// Execute absorb command (Section 8.6) + pub(crate) fn absorb(&mut self, data: &[u8]) { + // Check if initialized: state[23] == 0 means not initialized + if self.state[23] == 0 { + self.start(); + } + + // Step 1: commit(DATA) - only once per absorption session + // We need data_committed because offset == 0 can happen multiple times: + // - After finalize() (need commit(DATA)) + // - After commit(DATA) but before absorbing (already did commit) + // - After full block during absorption (offset resets to 0) + // - After empty data calls (offset stays 0) + if !self.data_committed { + self.commit(DATA); + self.data_committed = true; + } + + // Steps 2-3: Process blocks + let mut input = data; + + while !input.is_empty() { + let to_absorb = input.len().min(self.rate_bytes - self.offset); + + self.xor_in(&input[..to_absorb]); + input = &input[to_absorb..]; + + if self.offset == self.rate_bytes { + bash_f(&mut self.state); + self.offset = 0; + } + } + } + + /// Prepare for reading output (squeeze) + pub(crate) fn finalize(&mut self) { + if self.state[23] == 0 { + self.start(); + } + + self.commit(OUT); + self.data_committed = false; // Reset for next absorption session + } + + /// Execute squeeze command (Section 8.7) + pub(crate) fn squeeze(&mut self, output: &mut [u8]) { + let mut remaining = output; + + while !remaining.is_empty() { + if self.offset == self.rate_bytes { + bash_f(&mut self.state); + self.offset = 0; + } + + let to_squeeze = remaining.len().min(self.rate_bytes - self.offset); + self.extract_bytes(&mut remaining[..to_squeeze]); + remaining = &mut remaining[to_squeeze..]; + } + } +} + +impl Clone for BashPrgHashCore { + fn clone(&self) -> Self { + Self { + state: self.state, + rate_bytes: self.rate_bytes, + offset: self.offset, + header: self.header, + header_len: self.header_len, + data_committed: self.data_committed, + _level: PhantomData, + _capacity: PhantomData, + } + } +} + +impl Default for BashPrgHashCore { + fn default() -> Self { + Self::new(&[]) + } +} + +impl AlgorithmName for BashPrgHashCore { + fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "BashPrgHash{}-{}", L::LEVEL, D::CAPACITY) + } +} + +impl fmt::Debug for BashPrgHashCore { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("BashPrgHashCore { ... }") + } +} + +impl Drop for BashPrgHashCore { + fn drop(&mut self) { + #[cfg(feature = "zeroize")] + { + use digest::zeroize::Zeroize; + self.state.zeroize(); + } + } +} + +#[cfg(feature = "zeroize")] +impl digest::zeroize::ZeroizeOnDrop for BashPrgHashCore {} diff --git a/bash-prg-hash/src/lib.rs b/bash-prg-hash/src/lib.rs new file mode 100644 index 00000000..e65788e3 --- /dev/null +++ b/bash-prg-hash/src/lib.rs @@ -0,0 +1,138 @@ +#![no_std] +#![doc = include_str!("../README.md")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![cfg_attr(docsrs, feature(doc_cfg))] +#![warn(missing_docs, rust_2018_idioms)] +#![forbid(unsafe_code)] + +pub use digest::{self, Digest}; + +/// Block-level types +pub mod block_api; +#[cfg(feature = "oid")] +mod oids; +mod variants; + +use core::fmt; +use digest::{ExtendableOutput, ExtendableOutputReset, Reset, Update, XofReader}; + +pub use block_api::BashPrgHashCore; +pub use variants::{Cap1, Cap2, Capacity, Level128, Level192, Level256, SecurityLevel}; + +/// bash-prg-hash hasher generic over security level and capacity. +#[derive(Clone)] +pub struct BashPrgHash { + core: BashPrgHashCore, + finalized: bool, +} + +/// Helper trait to extract security level from hash type +pub trait HashLevel { + /// Security level from specification + type Level: SecurityLevel; +} + +impl HashLevel for BashPrgHash { + type Level = L; +} + +impl BashPrgHash { + /// Create a new hasher with an announcement (header). + pub fn new(header: &[u8]) -> Self { + Self { + core: BashPrgHashCore::new(header), + finalized: false, + } + } + + /// Create a new hasher with an empty announcement. + pub fn new_with_empty_header() -> Self { + Self::new(&[]) + } +} + +impl Default for BashPrgHash { + fn default() -> Self { + Self::new_with_empty_header() + } +} + +impl Update for BashPrgHash { + fn update(&mut self, data: &[u8]) { + assert!(!self.finalized, "Cannot update after finalization"); + self.core.absorb(data); + } +} + +impl ExtendableOutput for BashPrgHash { + type Reader = BashPrgHashReader; + + fn finalize_xof(mut self) -> Self::Reader { + self.core.finalize(); + self.finalized = true; + BashPrgHashReader { core: self.core } + } +} + +impl ExtendableOutputReset for BashPrgHash { + fn finalize_xof_reset(&mut self) -> Self::Reader { + let mut core_clone = self.core.clone(); + core_clone.finalize(); + self.reset(); + BashPrgHashReader { core: core_clone } + } +} + +impl Reset for BashPrgHash { + fn reset(&mut self) { + self.core = BashPrgHashCore::default(); + self.finalized = false; + } +} + +impl fmt::Debug for BashPrgHash { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("BashPrgHash { ... }") + } +} + +#[cfg(feature = "zeroize")] +impl digest::zeroize::ZeroizeOnDrop for BashPrgHash {} + +/// Reader for bash-prg-hash XOF output. +pub struct BashPrgHashReader { + core: BashPrgHashCore, +} + +impl XofReader for BashPrgHashReader { + fn read(&mut self, buffer: &mut [u8]) { + self.core.squeeze(buffer); + } +} + +impl Clone for BashPrgHashReader { + fn clone(&self) -> Self { + Self { + core: self.core.clone(), + } + } +} + +#[cfg(feature = "zeroize")] +impl digest::zeroize::ZeroizeOnDrop for BashPrgHashReader {} + +/// bash-prg-hash with ℓ = 128 and 𝑑 = 1 +pub type BashPrgHash1281 = BashPrgHash; +/// bash-prg-hash with ℓ = 128 and 𝑑 = 2 +pub type BashPrgHash1282 = BashPrgHash; +/// bash-prg-hash with ℓ = 192 and 𝑑 = 1 +pub type BashPrgHash1921 = BashPrgHash; +/// bash-prg-hash with ℓ = 192 and 𝑑 = 2 +pub type BashPrgHash1922 = BashPrgHash; +/// bash-prg-hash with ℓ = 256 and 𝑑 = 1 +pub type BashPrgHash2561 = BashPrgHash; +/// bash-prg-hash with ℓ = 256 and 𝑑 = 2 +pub type BashPrgHash2562 = BashPrgHash; diff --git a/bash-prg-hash/src/oids.rs b/bash-prg-hash/src/oids.rs new file mode 100644 index 00000000..69f95b79 --- /dev/null +++ b/bash-prg-hash/src/oids.rs @@ -0,0 +1,30 @@ +use digest::const_oid::{AssociatedOid, ObjectIdentifier}; + +use crate::{ + block_api::BashPrgHashCore, + variants::{Cap1, Cap2, Level128, Level192, Level256}, +}; + +impl AssociatedOid for BashPrgHashCore { + const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.77.21"); +} + +impl AssociatedOid for BashPrgHashCore { + const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.77.22"); +} + +impl AssociatedOid for BashPrgHashCore { + const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.77.23"); +} + +impl AssociatedOid for BashPrgHashCore { + const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.77.24"); +} + +impl AssociatedOid for BashPrgHashCore { + const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.77.25"); +} + +impl AssociatedOid for BashPrgHashCore { + const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.77.26"); +} diff --git a/bash-prg-hash/src/variants.rs b/bash-prg-hash/src/variants.rs new file mode 100644 index 00000000..f8db25e3 --- /dev/null +++ b/bash-prg-hash/src/variants.rs @@ -0,0 +1,72 @@ +use digest::typenum::{U1, U2, U128, U192, U256, Unsigned}; + +/// Sealed trait to prevent external implementations. +pub trait Sealed {} + +/// Security level trait for programmable algorithms. +/// +/// Specified in Section 5.3 of STB 34.101.77-2020. +/// +/// Standard levels: ℓ ∈ {128, 192, 256}. +pub trait SecurityLevel: Sealed { + /// Type-level representation of ℓ + type TypeLevel: Unsigned; + /// Security level ℓ in bits + const LEVEL: usize = ::USIZE; +} + +/// Capacity parameter for programmable algorithms. +/// +/// Specified in Section 5.4 of STB 34.101.77-2020. +/// +/// Capacity d ∈ {1, 2}. +pub trait Capacity: Sealed { + /// Type-level representation of d + type TypeCapacity: Unsigned; + /// Capacity d + const CAPACITY: usize = ::USIZE; +} + +macro_rules! impl_type_with_sealed { + ( + $(#[$meta:meta])* + $name:ident: $trait:ident { + $assoc_type:ident = $type_val:ty + } + ) => { + $(#[$meta])* + #[derive(Clone, Copy, Debug)] + pub struct $name; + + impl Sealed for $name {} + + impl $trait for $name { + type $assoc_type = $type_val; + } + }; +} + +impl_type_with_sealed! { + /// Security level ℓ = 128 + Level128: SecurityLevel { TypeLevel = U128 } +} + +impl_type_with_sealed! { + /// Security level ℓ = 192 + Level192: SecurityLevel { TypeLevel = U192 } +} + +impl_type_with_sealed! { + /// Security level ℓ = 256 + Level256: SecurityLevel { TypeLevel = U256 } +} + +impl_type_with_sealed! { + /// Capacity d = 1 + Cap1: Capacity { TypeCapacity = U1 } +} + +impl_type_with_sealed! { + /// Capacity d = 2 + Cap2: Capacity { TypeCapacity = U2 } +} diff --git a/bash-prg-hash/tests/data/bashprg1282.blb b/bash-prg-hash/tests/data/bashprg1282.blb new file mode 100644 index 00000000..c1cf972a Binary files /dev/null and b/bash-prg-hash/tests/data/bashprg1282.blb differ diff --git a/bash-prg-hash/tests/data/bashprg1921.blb b/bash-prg-hash/tests/data/bashprg1921.blb new file mode 100644 index 00000000..9f377535 Binary files /dev/null and b/bash-prg-hash/tests/data/bashprg1921.blb differ diff --git a/bash-prg-hash/tests/data/bashprg2562.blb b/bash-prg-hash/tests/data/bashprg2562.blb new file mode 100644 index 00000000..6c2765aa Binary files /dev/null and b/bash-prg-hash/tests/data/bashprg2562.blb differ diff --git a/bash-prg-hash/tests/mod.rs b/bash-prg-hash/tests/mod.rs new file mode 100644 index 00000000..101ed001 --- /dev/null +++ b/bash-prg-hash/tests/mod.rs @@ -0,0 +1,48 @@ +use bash_prg_hash::{BashPrgHash1282, BashPrgHash1921, BashPrgHash2562}; +use digest::ExtendableOutput; +use digest::dev::xof_reset_test; +use hex_literal::hex; + +// Test vectors from STB 34.101.77-2020 (Appendix A, Table A.5) +digest::new_test!(bashprg1282, BashPrgHash1282, xof_reset_test); +digest::new_test!(bashprg1921, BashPrgHash1921, xof_reset_test); +// Not in STB 34.101.77-2020, but included for completeness +digest::new_test!(bashprg2562, BashPrgHash2562, xof_reset_test); + +macro_rules! test_bash_prg_rand { + ($name:ident, $hasher:ty, $expected:expr) => { + #[test] + fn $name() { + use bash_prg_hash::{HashLevel, SecurityLevel}; + let mut h = <$hasher>::default(); + digest::dev::feed_rand_16mib(&mut h); + let mut output = vec![0u8; <<$hasher as HashLevel>::Level as SecurityLevel>::LEVEL / 4]; + h.finalize_xof_into(&mut output); + assert_eq!(&output[..], $expected); + } + }; +} + +test_bash_prg_rand!( + bashprg1282_rand, + BashPrgHash1282, + hex!("BF15805CDEAE220A9DD50C325A4A0BDF326C6ED853CFA89592A9E2BEB4D0585C") +); + +test_bash_prg_rand!( + bashprg1921_rand, + BashPrgHash1921, + hex!( + "82176D6DAF4F631E251CA41A7688FEB643B954383186C7902AB09D80EB5AB17C + BA286D16912EBBACEC3D8143966107F6" + ) +); + +test_bash_prg_rand!( + bashprg2562_rand, + BashPrgHash2562, + hex!( + "AD07A8D61928296F4115F9E51AAA5FA986899BFDA8443F139D969600064EBCE2 + D591F583FA27F6B0F7E73DA2B29AF382AC2374C04463B91A27F1C48FEE8AAB2C" + ) +);