add blake2 from libcrux

2026-02-27 22:13:12 -08:00 · 2025-02-27 17:01:30 +01:00
parent 253243a8c8
commit 185e92108e
5 changed files with 56 additions and 2 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4

 [[package]]
 name = "addr2line"
@@ -1225,6 +1225,16 @@ dependencies = [
 "rand 0.8.5",
 ]

+[[package]]
+name = "libcrux-blake2"
+version = "0.0.2-beta.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ce649c4eb25a6cae0f59d758052ffe9285e4eb5f3de36e67a584c04845fa92a"
+dependencies = [
+ "libcrux-hacl-rs",
+ "libcrux-macros",
+]
+
 [[package]]
 name = "libcrux-chacha20poly1305"
 version = "0.0.2-beta.3"
@@ -2025,6 +2035,7 @@ dependencies = [
 "blake2",
 "chacha20poly1305",
 "libcrux",
+ "libcrux-blake2",
 "libcrux-chacha20poly1305",
 "libcrux-ml-kem",
 "rand 0.8.5",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -72,6 +72,7 @@ postcard = { version = "1.1.1", features = ["alloc"] }
 libcrux = { version = "0.0.2-pre.2" }
 libcrux-chacha20poly1305 = { version = "0.0.2-beta.3" }
 libcrux-ml-kem = { version = "0.0.2-beta.3" }
+libcrux-blake2 = { version = "0.0.2-beta.3" }
 hex-literal = { version = "0.4.1" }
 hex = { version = "0.4.3" }
 heck = { version = "0.5.0" }
--- a/ciphers/Cargo.toml
+++ b/ciphers/Cargo.toml
@@ -12,6 +12,7 @@ readme = "readme.md"
 [features]
 experiment_libcrux = [
    "dep:libcrux",
+    "dep:libcrux-blake2",
    "dep:libcrux-chacha20poly1305",
    "dep:libcrux-ml-kem",
 ]
@@ -30,9 +31,10 @@ chacha20poly1305 = { workspace = true }
 blake2 = { workspace = true }
 libcrux = { workspace = true, optional = true }
 libcrux-chacha20poly1305 = { workspace = true, optional = true }
+rand = { workspace = true }
+libcrux-blake2 = { workspace = true, optional = true }
 libcrux-ml-kem = { workspace = true, optional = true, features = ["kyber"] }
 sha3 = { workspace = true }
-rand = { workspace = true }

 [dev-dependencies]
 rand = { workspace = true }
--- a/ciphers/src/subtle/libcrux/blake2b.rs
+++ b/ciphers/src/subtle/libcrux/blake2b.rs
@@ -0,0 +1,39 @@
+use rosenpass_cipher_traits::algorithms::KeyedHashBlake2b;
+use rosenpass_cipher_traits::primitives::KeyedHash;
+
+use libcrux_blake2::Blake2bBuilder;
+
+pub enum Error {
+    InternalError,
+    DataTooLong,
+}
+
+pub struct Blake2b;
+
+pub const KEY_LEN: usize = 32;
+pub const HASH_LEN: usize = 32;
+
+impl KeyedHash<KEY_LEN, HASH_LEN> for Blake2b {
+    type Error = Error;
+
+    fn keyed_hash(
+        key: &[u8; KEY_LEN],
+        data: &[u8],
+        out: &mut [u8; HASH_LEN],
+    ) -> Result<(), Self::Error> {
+        let mut h = Blake2bBuilder::new_keyed_const(key)
+            // this may fail if the key length is invalid, but 32 is fine
+            .map_err(|_| Error::InternalError)?
+            .build_const_digest_len()
+            .map_err(|_|
+            // this can only fail if the output length is invalid, but 32 is fine.
+            Error::InternalError)?;
+
+        h.update(data).map_err(|_| Error::DataTooLong)?;
+        h.finalize(out);
+
+        Ok(())
+    }
+}
+
+impl KeyedHashBlake2b for Blake2b {}
--- a/ciphers/src/subtle/libcrux/mod.rs
+++ b/ciphers/src/subtle/libcrux/mod.rs
@@ -1,4 +1,5 @@
 //! Implementations backed by libcrux, a verified crypto library

+pub mod blake2b;
 pub mod chacha20poly1305_ietf;
 pub mod kyber512;