gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-27 22:13:12 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix formatting

Browse Source
This commit is contained in:
David Niehues
2024-12-10 11:28:21 +01:00
parent be06f8adec
commit a789f801ab
7 changed files with 25 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ciphers/src/hash_domain.rs
View File

@@ -11,7 +11,7 @@ pub use hash::KEY_LEN;
/// # use rosenpass_ciphers::hash_domain::{HashDomain, HashDomainNamespace, SecretHashDomain, SecretHashDomainNamespace}; /// # use rosenpass_ciphers::hash_domain::{HashDomain, HashDomainNamespace, SecretHashDomain, SecretHashDomainNamespace};
/// use rosenpass_secret_memory::Secret; /// use rosenpass_secret_memory::Secret;
/// # rosenpass_secret_memory::secret_policy_use_only_malloc_secrets(); /// # rosenpass_secret_memory::secret_policy_use_only_malloc_secrets();
/// ///
/// const PROTOCOL_IDENTIFIER: &str = "MY_PROTOCOL:IDENTIFIER"; /// const PROTOCOL_IDENTIFIER: &str = "MY_PROTOCOL:IDENTIFIER";
/// # fn do_doc_test() -> Result<(), Box<dyn std::error::Error>> { /// # fn do_doc_test() -> Result<(), Box<dyn std::error::Error>> {
/// // create use once hash domain for the protocol identifier /// // create use once hash domain for the protocol identifier
@@ -30,11 +30,11 @@ pub use hash::KEY_LEN;
/// // derive a new key based on the secret key /// // derive a new key based on the secret key
/// let new_key_identifier = "my_new_key_identifier".as_bytes(); /// let new_key_identifier = "my_new_key_identifier".as_bytes();
/// let new_key = secret_hash_domain.mix(new_key_identifier)?.into_secret(); /// let new_key = secret_hash_domain.mix(new_key_identifier)?.into_secret();
/// ///
/// # Ok(()) /// # Ok(())
/// # } /// # }
/// # do_doc_test().unwrap(); /// # do_doc_test().unwrap();
/// ///
///``` ///```
/// ///
@@ -49,7 +49,7 @@ pub struct HashDomain([u8; KEY_LEN]);
/// use [SecretHashDomainNamespace] instead. /// use [SecretHashDomainNamespace] instead.
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct HashDomainNamespace([u8; KEY_LEN]); pub struct HashDomainNamespace([u8; KEY_LEN]);
/// A use-once hash domain for a specified key that can be used directly /// A use-once hash domain for a specified key that can be used directly
/// by wrapping it in [Secret]. The key must consist of [KEY_LEN] many bytes. /// by wrapping it in [Secret]. The key must consist of [KEY_LEN] many bytes.
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct SecretHashDomain(Secret<KEY_LEN>); pub struct SecretHashDomain(Secret<KEY_LEN>);
@@ -59,7 +59,7 @@ pub struct SecretHashDomain(Secret<KEY_LEN>);
pub struct SecretHashDomainNamespace(Secret<KEY_LEN>); pub struct SecretHashDomainNamespace(Secret<KEY_LEN>);
impl HashDomain { impl HashDomain {
/// Creates a nw [HashDomain] initialized with a all-zeros key. /// Creates a nw [HashDomain] initialized with a all-zeros key.
pub fn zero() -> Self { pub fn zero() -> Self {
Self([0u8; KEY_LEN]) Self([0u8; KEY_LEN])
} }
@@ -74,7 +74,7 @@ impl HashDomain {
pub fn turn_secret(self) -> SecretHashDomain { pub fn turn_secret(self) -> SecretHashDomain {
SecretHashDomain(Secret::from_slice(&self.0)) SecretHashDomain(Secret::from_slice(&self.0))
} }
// TODO: Protocol! Use domain separation to ensure that // TODO: Protocol! Use domain separation to ensure that
/// Creates a new [HashDomain] by mixing in a new key `v`. Specifically, /// Creates a new [HashDomain] by mixing in a new key `v`. Specifically,
/// it evaluates [hash::hash] with this HashDomain's key as the key and `v` /// it evaluates [hash::hash] with this HashDomain's key as the key and `v`
@@ -97,9 +97,7 @@ impl HashDomain {
} }
} }
impl HashDomainNamespace { impl HashDomainNamespace {
/// Creates a new [HashDomain] by mixing in a new key `v`. Specifically, /// Creates a new [HashDomain] by mixing in a new key `v`. Specifically,
/// it evaluates [hash::hash] with the key of this HashDomainNamespace key as the key and `v` /// it evaluates [hash::hash] with the key of this HashDomainNamespace key as the key and `v`
/// as the `data` and uses the result as the key for the new [HashDomain]. /// as the `data` and uses the result as the key for the new [HashDomain].
@@ -120,10 +118,9 @@ impl HashDomainNamespace {
} }
impl SecretHashDomain { impl SecretHashDomain {
/// Create a new [SecretHashDomain] with the given key `k` and data `d` by calling /// Create a new [SecretHashDomain] with the given key `k` and data `d` by calling
/// [hash::hash] with `k` as the `key` and `d` s the `data`, and using the result /// [hash::hash] with `k` as the `key` and `d` s the `data`, and using the result
/// as the content for the new [SecretHashDomain]. /// as the content for the new [SecretHashDomain].
/// Both `k` and `d` have to be exactly [KEY_LEN] bytes in length. /// Both `k` and `d` have to be exactly [KEY_LEN] bytes in length.
pub fn invoke_primitive(k: &[u8], d: &[u8]) -> Result<SecretHashDomain> { pub fn invoke_primitive(k: &[u8], d: &[u8]) -> Result<SecretHashDomain> {
let mut r = SecretHashDomain(Secret::zero()); let mut r = SecretHashDomain(Secret::zero());
@@ -173,7 +170,7 @@ impl SecretHashDomain {
/// Evaluate [hash::hash] with this [SecretHashDomain]'s data as the `key` and /// Evaluate [hash::hash] with this [SecretHashDomain]'s data as the `key` and
/// `dst` as the `data` and stores the result as the new data for this [SecretHashDomain]. /// `dst` as the `data` and stores the result as the new data for this [SecretHashDomain].
/// ///
/// It requires that both `v` and `d` consist of exactly [KEY_LEN] many bytes. /// It requires that both `v` and `d` consist of exactly [KEY_LEN] many bytes.
pub fn into_secret_slice(mut self, v: &[u8], dst: &[u8]) -> Result<()> { pub fn into_secret_slice(mut self, v: &[u8], dst: &[u8]) -> Result<()> {
hash::hash(v, dst).to(self.0.secret_mut()) hash::hash(v, dst).to(self.0.secret_mut())
@@ -181,7 +178,6 @@ impl SecretHashDomain {
} }
impl SecretHashDomainNamespace { impl SecretHashDomainNamespace {
/// Creates a new [SecretHashDomain] by mixing in a new key `v`. Specifically, /// Creates a new [SecretHashDomain] by mixing in a new key `v`. Specifically,
/// it evaluates [hash::hash] with the key of this HashDomainNamespace key as the key and `v` /// it evaluates [hash::hash] with the key of this HashDomainNamespace key as the key and `v`
/// as the `data` and uses the result as the key for the new [HashDomain]. /// as the `data` and uses the result as the key for the new [HashDomain].

4
ciphers/src/lib.rs
View File

@@ -42,10 +42,10 @@ pub mod hash_domain;
/// This crate includes two key encapsulation mechanisms. /// This crate includes two key encapsulation mechanisms.
/// Namely ClassicMceliece460896 (as [StaticKem]) and Kyber512 (as [EphemeralKem]). /// Namely ClassicMceliece460896 (as [StaticKem]) and Kyber512 (as [EphemeralKem]).
/// ///
/// See [rosenpass_oqs::ClassicMceliece460896](rosenpass_oqs::ClassicMceliece460896) /// See [rosenpass_oqs::ClassicMceliece460896](rosenpass_oqs::ClassicMceliece460896)
/// and [rosenpass_oqs::Kyber512](rosenpass_oqs::Kyber512) for more details on the specific KEMS. /// and [rosenpass_oqs::Kyber512](rosenpass_oqs::Kyber512) for more details on the specific KEMS.
/// ///
pub mod kem { pub mod kem {
pub use rosenpass_oqs::ClassicMceliece460896 as StaticKem; pub use rosenpass_oqs::ClassicMceliece460896 as StaticKem;
pub use rosenpass_oqs::Kyber512 as EphemeralKem; pub use rosenpass_oqs::Kyber512 as EphemeralKem;

10
ciphers/src/subtle/blake2b.rs
View File

@@ -9,7 +9,7 @@ use blake2::Blake2bMac;
use rosenpass_to::{ops::copy_slice, with_destination, To}; use rosenpass_to::{ops::copy_slice, with_destination, To};
use rosenpass_util::typenum2const; use rosenpass_util::typenum2const;
/// Specify that the used implementation of BLAKE2b is the MAC version of BLAKE2b /// Specify that the used implementation of BLAKE2b is the MAC version of BLAKE2b
/// with output and key length of 32 bytes (see [Blake2bMac<U32>]). /// with output and key length of 32 bytes (see [Blake2bMac<U32>]).
type Impl = Blake2bMac<U32>; type Impl = Blake2bMac<U32>;
@@ -32,20 +32,20 @@ pub const OUT_MAX: usize = OUT_LEN;
/// Hashes the given `data` with the [Blake2bMac<U32>] hash function under the given `key`. /// Hashes the given `data` with the [Blake2bMac<U32>] hash function under the given `key`.
/// The [KEY_LEN] and [OUT_LEN] are both set to 32 bytes (or 256 bits). /// The [KEY_LEN] and [OUT_LEN] are both set to 32 bytes (or 256 bits).
/// ///
/// # Examples /// # Examples
/// ///
///```rust ///```rust
/// # use rosenpass_ciphers::subtle::blake2b::hash; /// # use rosenpass_ciphers::subtle::blake2b::hash;
/// use rosenpass_to::To; /// use rosenpass_to::To;
/// let zero_key: [u8; 32] = [0; 32]; /// let zero_key: [u8; 32] = [0; 32];
/// let data: [u8; 32] = [255; 32]; /// let data: [u8; 32] = [255; 32];
/// // buffer for the hash output /// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; 32]; /// let mut hash_data: [u8; 32] = [0u8; 32];
/// ///
/// assert!(hash(&zero_key, &data).to(&mut hash_data).is_ok(), "Hashing has to return OK result"); /// assert!(hash(&zero_key, &data).to(&mut hash_data).is_ok(), "Hashing has to return OK result");
///``` ///```
/// ///
#[inline] #[inline]
pub fn hash<'a>(key: &'a [u8], data: &'a [u8]) -> impl To<[u8], anyhow::Result<()>> + 'a { pub fn hash<'a>(key: &'a [u8], data: &'a [u8]) -> impl To<[u8], anyhow::Result<()>> + 'a {
with_destination(|out: &mut [u8]| { with_destination(|out: &mut [u8]| {

6
ciphers/src/subtle/chacha20poly1305_ietf.rs
View File

@@ -18,7 +18,7 @@ pub const NONCE_LEN: usize = typenum2const! { <AeadImpl as AeadCore>::NonceSize
/// a length of [KEY_LEN]. The `nonce` slice MUST have a length of [NONCE_LEN]. The last [TAG_LEN] bytes /// a length of [KEY_LEN]. The `nonce` slice MUST have a length of [NONCE_LEN]. The last [TAG_LEN] bytes
/// written in `ciphertext` are the tag guaranteeing integrity. `ciphertext` MUST have a capacity of /// written in `ciphertext` are the tag guaranteeing integrity. `ciphertext` MUST have a capacity of
/// `plaintext.len()` + [TAG_LEN]. /// `plaintext.len()` + [TAG_LEN].
/// ///
/// # Examples /// # Examples
///```rust ///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN}; /// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
@@ -57,10 +57,10 @@ pub fn encrypt(
/// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data /// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data
/// `ad`. using ChaCha20Poly1305 as implemented in [RustCrypto](https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305). /// `ad`. using ChaCha20Poly1305 as implemented in [RustCrypto](https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305).
/// ///
/// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of /// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of
/// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN]. /// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN].
/// ///
/// # Examples /// # Examples
///```rust ///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN}; /// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN};

4
ciphers/src/subtle/chacha20poly1305_ietf_libcrux.rs
View File

@@ -65,10 +65,10 @@ pub fn encrypt(
/// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data /// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data
/// `ad`. using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux). /// `ad`. using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux).
/// ///
/// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of /// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of
/// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN]. /// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN].
/// ///
/// # Examples /// # Examples
///```rust ///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN}; /// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN};

8
ciphers/src/subtle/incorrect_hmac_blake2b.rs
View File

@@ -24,22 +24,22 @@ pub const OUT_MAX: usize = blake2b::OUT_MAX;
/// ///
/// This will be replaced, likely by Kekkac at some point soon. /// This will be replaced, likely by Kekkac at some point soon.
/// <https://github.com/rosenpass/rosenpass/pull/145> /// <https://github.com/rosenpass/rosenpass/pull/145>
/// ///
/// # Examples /// # Examples
///```rust ///```rust
/// # use rosenpass_ciphers::subtle::incorrect_hmac_blake2b::hash; /// # use rosenpass_ciphers::subtle::incorrect_hmac_blake2b::hash;
/// use rosenpass_to::To; /// use rosenpass_to::To;
/// let key: [u8; 32] = [0; 32]; /// let key: [u8; 32] = [0; 32];
/// let data: [u8; 32] = [255; 32]; /// let data: [u8; 32] = [255; 32];
/// // buffer for the hash output /// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; 32]; /// let mut hash_data: [u8; 32] = [0u8; 32];
/// ///
/// assert!(hash(&key, &data).to(&mut hash_data).is_ok(), "Hashing has to return OK result"); /// assert!(hash(&key, &data).to(&mut hash_data).is_ok(), "Hashing has to return OK result");
/// # let expected_hash: &[u8] = &[5, 152, 135, 141, 151, 106, 147, 8, 220, 95, 38, 66, 29, 33, 3, /// # let expected_hash: &[u8] = &[5, 152, 135, 141, 151, 106, 147, 8, 220, 95, 38, 66, 29, 33, 3,
/// 104, 250, 114, 131, 119, 27, 56, 59, 44, 11, 67, 230, 113, 112, 20, 80, 103]; /// 104, 250, 114, 131, 119, 27, 56, 59, 44, 11, 67, 230, 113, 112, 20, 80, 103];
/// # assert_eq!(hash_data, expected_hash); /// # assert_eq!(hash_data, expected_hash);
///``` ///```
/// ///
#[inline] #[inline]
pub fn hash<'a>(key: &'a [u8], data: &'a [u8]) -> impl To<[u8], anyhow::Result<()>> + 'a { pub fn hash<'a>(key: &'a [u8], data: &'a [u8]) -> impl To<[u8], anyhow::Result<()>> + 'a {
const IPAD: [u8; KEY_LEN] = [0x36u8; KEY_LEN]; const IPAD: [u8; KEY_LEN] = [0x36u8; KEY_LEN];

2
ciphers/src/subtle/mod.rs
View File

@@ -10,4 +10,4 @@ pub mod chacha20poly1305_ietf;
#[cfg(feature = "experiment_libcrux")] #[cfg(feature = "experiment_libcrux")]
pub mod chacha20poly1305_ietf_libcrux; pub mod chacha20poly1305_ietf_libcrux;
pub mod incorrect_hmac_blake2b; pub mod incorrect_hmac_blake2b;
pub mod xchacha20poly1305_ietf; pub mod xchacha20poly1305_ietf;