wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 17:42:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9687 from holtrop-wolfssl/rust-hmac-blake2

Browse Source 
Rust wrapper: add HMAC-BLAKE2[bs] wrappers
This commit is contained in:
David Garske
2026-01-21 12:55:48 -08:00
committed by GitHub
parent 418a3bff32 4a92ee31bb
commit 758d74f51f
5 changed files with 407 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wolfcrypt/src/blake2b.c
View File

@@ -534,7 +534,9 @@ int wc_Blake2bHmacInit(Blake2b* b2b, const byte* key, size_t key_len)
ret = wc_Blake2bFinal(b2b, x_key, 0);
} else {
XMEMCPY(x_key, key, key_len);
XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len);
if (key_len < BLAKE2B_BLOCKBYTES) {
XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len);
}
}
if (ret == 0) {
@@ -581,7 +583,9 @@ int wc_Blake2bHmacFinal(Blake2b* b2b, const byte* key, size_t key_len,
ret = wc_Blake2bFinal(b2b, x_key, 0);
} else {
XMEMCPY(x_key, key, key_len);
XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len);
if (key_len < BLAKE2B_BLOCKBYTES) {
XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len);
}
}
if (ret == 0) {

8
wolfcrypt/src/blake2s.c
View File

@@ -528,7 +528,9 @@ int wc_Blake2sHmacInit(Blake2s* b2s, const byte* key, size_t key_len)
ret = wc_Blake2sFinal(b2s, x_key, 0);
} else {
XMEMCPY(x_key, key, key_len);
XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len);
if (key_len < BLAKE2S_BLOCKBYTES) {
XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len);
}
}
if (ret == 0) {
@@ -575,7 +577,9 @@ int wc_Blake2sHmacFinal(Blake2s* b2s, const byte* key, size_t key_len,
ret = wc_Blake2sFinal(b2s, x_key, 0);
} else {
XMEMCPY(x_key, key, key_len);
XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len);
if (key_len < BLAKE2S_BLOCKBYTES) {
XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len);
}
}
if (ret == 0) {

2
wrapper/rust/wolfssl-wolfcrypt/build.rs
View File

@@ -128,7 +128,9 @@ fn scan_cfg() -> Result<()> {
/* blake2 */
check_cfg(&binding, "wc_InitBlake2b", "blake2b");
check_cfg(&binding, "wc_Blake2bHmac", "blake2b_hmac");
check_cfg(&binding, "wc_InitBlake2s", "blake2s");
check_cfg(&binding, "wc_Blake2sHmac", "blake2s_hmac");
/* chacha20_poly1305 */
check_cfg(&binding, "wc_ChaCha20Poly1305_Encrypt", "chacha20_poly1305");

277
wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs
View File

@@ -167,6 +167,144 @@ impl BLAKE2b {
}
}
/// Context for HMAC-BLAKE2b computation.
#[cfg(blake2b_hmac)]
pub struct BLAKE2bHmac {
wc_blake2b: sys::Blake2b,
}
#[cfg(blake2b_hmac)]
impl BLAKE2bHmac {
/// HMAC-BLAKE2b digest size.
pub const DIGEST_SIZE: usize = sys::WC_BLAKE2B_DIGEST_SIZE as usize;
/// Build a new BLAKE2bHmac instance.
///
/// # Parameters
///
/// * `key`: Key to use for HMAC-BLAKE2b computation.
///
/// # Returns
///
/// Returns either Ok(hmac_blake2b) or Err(e) containing the wolfSSL
/// library error code value.
///
/// # Example
///
/// ```rust
/// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac;
/// let key = [42u8, 43, 44];
/// let hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()");
/// ```
pub fn new(key: &[u8]) -> Result<Self, i32> {
let mut wc_blake2b: MaybeUninit<sys::Blake2b> = MaybeUninit::uninit();
let rc = unsafe {
sys::wc_Blake2bHmacInit(wc_blake2b.as_mut_ptr(), key.as_ptr(), key.len())
};
if rc != 0 {
return Err(rc);
}
let wc_blake2b = unsafe { wc_blake2b.assume_init() };
let hmac_blake2b = BLAKE2bHmac { wc_blake2b };
Ok(hmac_blake2b)
}
/// Update the HMAC-BLAKE2b computation with the input data.
///
/// This method may be called several times and then the finalize()
/// method should be called to retrieve the final MAC.
///
/// # Parameters
///
/// * `data`: Input data to hash.
///
/// # Returns
///
/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
/// library error code value.
///
/// # Example
///
/// ```rust
/// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac;
/// let key = [42u8, 43, 44];
/// let mut hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()");
/// let data = [33u8, 34, 35];
/// hmac_blake2b.update(&data).expect("Error with update()");
/// ```
pub fn update(&mut self, data: &[u8]) -> Result<(), i32> {
let rc = unsafe {
sys::wc_Blake2bHmacUpdate(&mut self.wc_blake2b, data.as_ptr(), data.len())
};
if rc != 0 {
return Err(rc);
}
Ok(())
}
/// Compute and retrieve the final HMAC-BLAKE2b MAC.
///
/// # Parameters
///
/// * `key`: Key to use for HMAC-BLAKE2b computation.
/// * `mac`: Output buffer in which to store the computed HMAC-BLAKE2b MAC.
/// It must be 64 bytes long.
///
/// # Returns
///
/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
/// library error code value.
///
/// # Example
///
/// ```rust
/// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac;
/// let key = [42u8, 43, 44];
/// let mut hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()");
/// let data = [33u8, 34, 35];
/// hmac_blake2b.update(&data).expect("Error with update()");
/// let mut mac = [0u8; 64];
/// hmac_blake2b.finalize(&key, &mut mac).expect("Error with finalize()");
/// ```
pub fn finalize(&mut self, key: &[u8], mac: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> {
let rc = unsafe {
sys::wc_Blake2bHmacFinal(&mut self.wc_blake2b,
key.as_ptr(), key.len(), mac.as_mut_ptr(), mac.len())
};
if rc != 0 {
return Err(rc);
}
Ok(())
}
/// Compute the HMAC-BLAKE2b message authentication code of the given
/// input data using the given key (one-shot API).
///
/// # Parameters
///
/// * `data`: Input data to create MAC from.
/// * `key`: Key to use for MAC creation.
/// * `out`: Buffer in which to store the computed MAC. It must be 64 bytes
/// long.
///
/// # Returns
///
/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
/// library error code value.
pub fn hmac(data: &[u8], key: &[u8], out: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> {
let rc = unsafe {
sys::wc_Blake2bHmac(data.as_ptr(), data.len(), key.as_ptr(),
key.len(), out.as_mut_ptr(), out.len())
};
if rc != 0 {
return Err(rc);
}
Ok(())
}
}
/// Context for BLAKE2s computation.
#[cfg(blake2s)]
pub struct BLAKE2s {
@@ -291,7 +429,7 @@ impl BLAKE2s {
/// use wolfssl_wolfcrypt::blake2::BLAKE2s;
/// let mut blake2s = BLAKE2s::new(32).expect("Error with new()");
/// blake2s.update(&[0u8; 16]).expect("Error with update()");
/// let mut hash = [0u8; 64];
/// let mut hash = [0u8; 32];
/// blake2s.finalize(&mut hash).expect("Error with finalize()");
/// ```
pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> {
@@ -305,3 +443,140 @@ impl BLAKE2s {
Ok(())
}
}
/// Context for HMAC-BLAKE2s computation.
#[cfg(blake2s_hmac)]
pub struct BLAKE2sHmac {
wc_blake2s: sys::Blake2s,
}
#[cfg(blake2s_hmac)]
impl BLAKE2sHmac {
/// HMAC-BLAKE2s digest size.
pub const DIGEST_SIZE: usize = sys::WC_BLAKE2S_DIGEST_SIZE as usize;
/// Build a new BLAKE2sHmac instance.
///
/// # Parameters
///
/// * `key`: Key to use for HMAC-BLAKE2s computation.
///
/// # Returns
///
/// Returns either Ok(hmac_blake2s) or Err(e) containing the wolfSSL
/// library error code value.
///
/// # Example
///
/// ```rust
/// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac;
/// let key = [42u8, 43, 44];
/// let hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()");
/// ```
pub fn new(key: &[u8]) -> Result<Self, i32> {
let mut wc_blake2s: MaybeUninit<sys::Blake2s> = MaybeUninit::uninit();
let rc = unsafe {
sys::wc_Blake2sHmacInit(wc_blake2s.as_mut_ptr(), key.as_ptr(), key.len())
};
if rc != 0 {
return Err(rc);
}
let wc_blake2s = unsafe { wc_blake2s.assume_init() };
let hmac_blake2s = BLAKE2sHmac { wc_blake2s };
Ok(hmac_blake2s)
}
/// Update the HMAC-BLAKE2s computation with the input data.
///
/// This method may be called several times and then the finalize()
/// method should be called to retrieve the final MAC.
///
/// # Parameters
///
/// * `data`: Input data to hash.
///
/// # Returns
///
/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
/// library error code value.
///
/// # Example
///
/// ```rust
/// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac;
/// let key = [42u8, 43, 44];
/// let mut hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()");
/// let data = [33u8, 34, 35];
/// hmac_blake2s.update(&data).expect("Error with update()");
/// ```
pub fn update(&mut self, data: &[u8]) -> Result<(), i32> {
let rc = unsafe {
sys::wc_Blake2sHmacUpdate(&mut self.wc_blake2s, data.as_ptr(), data.len())
};
if rc != 0 {
return Err(rc);
}
Ok(())
}
/// Compute and retrieve the final HMAC-BLAKE2s MAC.
///
/// # Parameters
///
/// * `key`: Key to use for HMAC-BLAKE2s computation.
/// * `mac`: Output buffer in which to store the computed HMAC-BLAKE2s MAC.
/// It must be 32 bytes long.
///
/// # Returns
///
/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
/// library error code value.
///
/// # Example
///
/// ```rust
/// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac;
/// let key = [42u8, 43, 44];
/// let mut hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()");
/// let data = [33u8, 34, 35];
/// hmac_blake2s.update(&data).expect("Error with update()");
/// let mut mac = [0u8; 32];
/// hmac_blake2s.finalize(&key, &mut mac).expect("Error with finalize()");
/// ```
pub fn finalize(&mut self, key: &[u8], mac: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> {
let rc = unsafe {
sys::wc_Blake2sHmacFinal(&mut self.wc_blake2s,
key.as_ptr(), key.len(), mac.as_mut_ptr(), mac.len())
};
if rc != 0 {
return Err(rc);
}
Ok(())
}
/// Compute the HMAC-BLAKE2s message authentication code of the given
/// input data using the given key (one-shot API).
///
/// # Parameters
///
/// * `data`: Input data to create MAC from.
/// * `key`: Key to use for MAC creation.
/// * `out`: Buffer in which to store the computed MAC. It must be 32 bytes
/// long.
///
/// # Returns
///
/// Returns either Ok(()) on success or Err(e) containing the wolfSSL
/// library error code value.
pub fn hmac(data: &[u8], key: &[u8], out: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> {
let rc = unsafe {
sys::wc_Blake2sHmac(data.as_ptr(), data.len(), key.as_ptr(),
key.len(), out.as_mut_ptr(), out.len())
};
if rc != 0 {
return Err(rc);
}
Ok(())
}
}

117
wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs
View File

@@ -50,6 +50,70 @@ fn test_blake2b() {
}
}
#[test]
#[cfg(blake2b_hmac)]
fn test_blake2b_hmac() {
let key1 = [0x41u8, 0x42, 0x43, 0x44];
let message1 = [0x48u8, 0x65, 0x6c, 0x6c, 0x6f];
let expected1 = [
0x46u8, 0x76, 0xbb, 0x0e, 0xf8, 0xa1, 0x56, 0x33,
0xde, 0xdc, 0x44, 0xe3, 0x2b, 0xf3, 0xee, 0x5b,
0x5f, 0x7f, 0x04, 0x00, 0x2c, 0xaa, 0xd4, 0x93,
0xc6, 0xa6, 0xb4, 0xf3, 0x14, 0x8d, 0x6d, 0x9c,
0x6a, 0x12, 0x02, 0x85, 0x66, 0xed, 0x9b, 0x5d,
0x8d, 0x0e, 0x3d, 0xf4, 0x78, 0xee, 0x5a, 0xf6,
0x2f, 0x97, 0xa5, 0x77, 0x88, 0x8c, 0xc4, 0x66,
0x46, 0xb1, 0xba, 0x51, 0x29, 0x19, 0xd7, 0xaa,
];
let key2 = [
0x30u8, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42,
0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33,
0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42,
0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33
];
let message2 = [
0x61u8, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66,
0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69,
0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c,
0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f,
0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71
];
let expected2 = [
0x2au8, 0xda, 0xf6, 0x94, 0x79, 0xce, 0xe2, 0xd2,
0x5d, 0x89, 0x8b, 0xd7, 0x0d, 0xbc, 0x11, 0x1f,
0x98, 0x99, 0xe0, 0x17, 0x7c, 0x5b, 0x8f, 0x94,
0xf5, 0x95, 0xbc, 0x1b, 0xb1, 0x95, 0xe8, 0x60,
0xbb, 0x29, 0xa4, 0xd9, 0x27, 0x2e, 0x00, 0xea,
0xba, 0xc3, 0x3e, 0xe6, 0x9c, 0xc7, 0xd7, 0x8d,
0x69, 0xc7, 0xb4, 0xf7, 0x31, 0x4a, 0xb1, 0xf0,
0x3c, 0xed, 0x06, 0x49, 0x6f, 0x46, 0x99, 0xea,
];
let mut out1 = [0u8; 64];
BLAKE2bHmac::hmac(&message1, &key1, &mut out1).expect("Error with hmac()");
assert_eq!(out1, expected1);
let mut out2 = [0u8; 64];
BLAKE2bHmac::hmac(&message2, &key2, &mut out2).expect("Error with hmac()");
assert_eq!(out2, expected2);
let mut hmac_blake2b = BLAKE2bHmac::new(&key1).expect("Error with new()");
hmac_blake2b.update(&message1[0..4]).expect("Error with update()");
hmac_blake2b.update(&message1[4..]).expect("Error with update()");
let mut out1 = [0u8; 64];
hmac_blake2b.finalize(&key1, &mut out1).expect("Error with finalize()");
assert_eq!(out1, expected1);
let mut hmac_blake2b = BLAKE2bHmac::new(&key2).expect("Error with new()");
hmac_blake2b.update(&message2[0..48]).expect("Error with update()");
hmac_blake2b.update(&message2[48..]).expect("Error with update()");
let mut out2 = [0u8; 64];
hmac_blake2b.finalize(&key2, &mut out2).expect("Error with finalize()");
assert_eq!(out2, expected2);
}
#[test]
#[cfg(blake2s)]
fn test_blake2s() {
@@ -86,3 +150,56 @@ fn test_blake2s() {
assert_eq!(hash, *expected_hash);
}
}
#[test]
#[cfg(blake2s_hmac)]
fn test_blake2s_hmac() {
let key1 = [0x41u8, 0x42, 0x43, 0x44];
let message1 = [0x48u8, 0x65, 0x6c, 0x6c, 0x6f];
let expected1 = [
0x96u8, 0xca, 0x1d, 0xaa, 0x9a, 0x33, 0x97, 0x3d,
0xc5, 0x95, 0x3e, 0xce, 0x49, 0x93, 0x75, 0xc1,
0x2a, 0x7c, 0x8f, 0x5b, 0xf0, 0x28, 0xef, 0xc3,
0xfb, 0xc5, 0x97, 0xcd, 0xcc, 0x74, 0x44, 0x68,
];
let key2 = [
0x30u8, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42,
0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33,
];
let message2 = [
0x61u8, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66,
0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69,
0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c,
0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f,
0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71
];
let expected2 = [
0xc4u8, 0x63, 0xdb, 0x28, 0x97, 0x60, 0x6a, 0xa7,
0x1e, 0xe6, 0xcf, 0x93, 0x85, 0x3c, 0x90, 0x71,
0xea, 0x76, 0x7f, 0x6a, 0xa7, 0x20, 0x80, 0x35,
0xe1, 0x68, 0x95, 0xfe, 0x65, 0x65, 0x43, 0x76,
];
let mut out1 = [0u8; 32];
BLAKE2sHmac::hmac(&message1, &key1, &mut out1).expect("Error with hmac()");
assert_eq!(out1, expected1);
let mut out2 = [0u8; 32];
BLAKE2sHmac::hmac(&message2, &key2, &mut out2).expect("Error with hmac()");
assert_eq!(out2, expected2);
let mut hmac_blake2s = BLAKE2sHmac::new(&key1).expect("Error with new()");
hmac_blake2s.update(&message1[0..4]).expect("Error with update()");
hmac_blake2s.update(&message1[4..]).expect("Error with update()");
let mut out1 = [0u8; 32];
hmac_blake2s.finalize(&key1, &mut out1).expect("Error with finalize()");
assert_eq!(out1, expected1);
let mut hmac_blake2s = BLAKE2sHmac::new(&key2).expect("Error with new()");
hmac_blake2s.update(&message2[0..48]).expect("Error with update()");
hmac_blake2s.update(&message2[48..]).expect("Error with update()");
let mut out2 = [0u8; 32];
hmac_blake2s.finalize(&key2, &mut out2).expect("Error with finalize()");
assert_eq!(out2, expected2);
}