diff --git a/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock b/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock index 9fe8a69681..098b575c0a 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock +++ b/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock @@ -8,7 +8,7 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" dependencies = [ - "blobby", + "blobby 0.3.1", "crypto-common 0.1.7", "generic-array", ] @@ -54,6 +54,21 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "847495c209977a90e8aad588b959d0ca9f5dc228096d29a6bd3defd53f35eaec" +[[package]] +name = "blobby" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89af0b093cc13baa4e51e64e65ec2422f7e73aea0e612e5ad3872986671622f1" + +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + [[package]] name = "cexpr" version = "0.6.0" @@ -110,6 +125,17 @@ dependencies = [ "hybrid-array", ] +[[package]] +name = "digest" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +dependencies = [ + "blobby 0.4.0", + "block-buffer", + "crypto-common 0.2.1", +] + [[package]] name = "either" version = "1.15.0" @@ -391,6 +417,7 @@ dependencies = [ "aead", "bindgen", "cipher", + "digest", "rand_core 0.10.0", "regex", "zeroize", diff --git a/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml b/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml index 08ee5ac62b..484a35f7c3 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml +++ b/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml @@ -15,16 +15,19 @@ std = [] rand_core = ["dep:rand_core"] aead = ["dep:aead"] cipher = ["dep:cipher"] +digest = ["dep:digest"] [dependencies] rand_core = { version = "0.10", optional = true, default-features = false } aead = { version = "0.5", optional = true, default-features = false } cipher = { version = "0.5", optional = true, default-features = false } +digest = { version = "0.11", optional = true, default-features = false, features = ["block-api"] } zeroize = { version = "1.3", default-features = false, features = ["derive"] } [dev-dependencies] aead = { version = "0.5", features = ["alloc", "dev"] } cipher = "0.5" +digest = { version = "0.11", features = ["dev"] } [build-dependencies] bindgen = "0.72.1" diff --git a/wrapper/rust/wolfssl-wolfcrypt/Makefile b/wrapper/rust/wolfssl-wolfcrypt/Makefile index 37dc9a8579..7a733f6481 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/Makefile +++ b/wrapper/rust/wolfssl-wolfcrypt/Makefile @@ -1,4 +1,4 @@ -FEATURES := rand_core,aead,cipher +FEATURES := rand_core,aead,cipher,digest CARGO_FEATURE_FLAGS := --features $(FEATURES) .PHONY: all diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs b/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs index 729c7cff96..f36bfdafe3 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs @@ -60,6 +60,8 @@ pub mod prf; pub mod random; pub mod rsa; pub mod sha; +#[cfg(feature = "digest")] +mod sha_digest; /// Convert a buffer length to `u32`, returning `BUFFER_E` if it overflows. pub(crate) fn buffer_len_to_u32(len: usize) -> Result { diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/sha_digest.rs b/wrapper/rust/wolfssl-wolfcrypt/src/sha_digest.rs new file mode 100644 index 0000000000..7a62666215 --- /dev/null +++ b/wrapper/rust/wolfssl-wolfcrypt/src/sha_digest.rs @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +RustCrypto `digest` trait implementations for the wolfCrypt SHA-family hash +types. + +This module provides implementations of the traits from the `digest` crate +(`HashMarker`, `OutputSizeUser`, `BlockSizeUser`, `Update`, `Reset`, +`FixedOutput`, and `FixedOutputReset`) for the fixed-output hash types +defined in [`crate::sha`]. With these implementations the `digest::Digest` +trait becomes available via its blanket implementation, allowing these +hashers to be used anywhere a RustCrypto `Digest` is accepted. + +Any failure returned by the underlying wolfCrypt call in a trait method will +result in a panic, matching the infallible signatures required by the +RustCrypto traits. +*/ + +use digest::consts::{ + U20, U28, U32, U48, U64, U72, U104, U128, U136, U144, +}; + +macro_rules! impl_digest_traits { + ( + $(#[$attr:meta])* + $ty:path, out = $output:ty, block = $block:ty + ) => { + $(#[$attr])* + impl Default for $ty { + fn default() -> Self { + <$ty>::new().expect("wolfCrypt hash init failed") + } + } + + $(#[$attr])* + impl digest::HashMarker for $ty {} + + $(#[$attr])* + impl digest::OutputSizeUser for $ty { + type OutputSize = $output; + } + + $(#[$attr])* + impl digest::block_api::BlockSizeUser for $ty { + type BlockSize = $block; + } + + $(#[$attr])* + impl digest::Update for $ty { + fn update(&mut self, data: &[u8]) { + <$ty>::update(self, data).expect("wolfCrypt hash update failed"); + } + } + + $(#[$attr])* + impl digest::Reset for $ty { + fn reset(&mut self) { + <$ty>::init(self).expect("wolfCrypt hash init failed"); + } + } + + $(#[$attr])* + impl digest::FixedOutput for $ty { + fn finalize_into(mut self, out: &mut digest::Output) { + <$ty>::finalize(&mut self, out.as_mut_slice()) + .expect("wolfCrypt hash finalize failed"); + } + } + + $(#[$attr])* + impl digest::FixedOutputReset for $ty { + fn finalize_into_reset(&mut self, out: &mut digest::Output) { + <$ty>::finalize(self, out.as_mut_slice()) + .expect("wolfCrypt hash finalize failed"); + <$ty>::init(self).expect("wolfCrypt hash init failed"); + } + } + }; +} + +impl_digest_traits! { + #[cfg(sha)] + crate::sha::SHA, out = U20, block = U64 +} + +impl_digest_traits! { + #[cfg(sha224)] + crate::sha::SHA224, out = U28, block = U64 +} + +impl_digest_traits! { + #[cfg(sha256)] + crate::sha::SHA256, out = U32, block = U64 +} + +impl_digest_traits! { + #[cfg(sha384)] + crate::sha::SHA384, out = U48, block = U128 +} + +impl_digest_traits! { + #[cfg(sha512)] + crate::sha::SHA512, out = U64, block = U128 +} + +impl_digest_traits! { + #[cfg(sha3)] + crate::sha::SHA3_224, out = U28, block = U144 +} + +impl_digest_traits! { + #[cfg(sha3)] + crate::sha::SHA3_256, out = U32, block = U136 +} + +impl_digest_traits! { + #[cfg(sha3)] + crate::sha::SHA3_384, out = U48, block = U104 +} + +impl_digest_traits! { + #[cfg(sha3)] + crate::sha::SHA3_512, out = U64, block = U72 +} diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha_digest.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha_digest.rs new file mode 100644 index 0000000000..090cf1ac3d --- /dev/null +++ b/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha_digest.rs @@ -0,0 +1,150 @@ +#![cfg(feature = "digest")] + +use digest::{Digest, FixedOutputReset}; +use digest::block_api::BlockSizeUser; + +mod common; + +fn check_digest( + input: &[u8], + expected: &[u8], + expected_block_size: usize, +) { + assert_eq!(::output_size(), expected.len()); + assert_eq!(::block_size(), expected_block_size); + + /* One-shot digest via associated function. */ + let out = D::digest(input); + assert_eq!(out.as_slice(), expected); + + /* Streaming via Digest::update and finalize. */ + let mut hasher = D::new(); + Digest::update(&mut hasher, input); + let out = hasher.finalize(); + assert_eq!(out.as_slice(), expected); + + /* Split update, via Default + Update + FixedOutputReset::finalize_reset. */ + let mut hasher = D::default(); + if input.len() >= 2 { + let mid = input.len() / 2; + Digest::update(&mut hasher, &input[..mid]); + Digest::update(&mut hasher, &input[mid..]); + } else { + Digest::update(&mut hasher, input); + } + let out = hasher.finalize_reset(); + assert_eq!(out.as_slice(), expected); + + /* After reset, the same hasher should produce the same result. */ + Digest::update(&mut hasher, input); + let out = hasher.finalize(); + assert_eq!(out.as_slice(), expected); +} + +#[test] +#[cfg(sha)] +fn test_digest_sha() { + use wolfssl_wolfcrypt::sha::SHA; + common::setup(); + check_digest::( + b"abc", + b"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", + 64, + ); +} + +#[test] +#[cfg(sha224)] +fn test_digest_sha224() { + use wolfssl_wolfcrypt::sha::SHA224; + common::setup(); + check_digest::( + b"abc", + b"\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7", + 64, + ); +} + +#[test] +#[cfg(sha256)] +fn test_digest_sha256() { + use wolfssl_wolfcrypt::sha::SHA256; + common::setup(); + check_digest::( + b"abc", + b"\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00\x15\xAD", + 64, + ); +} + +#[test] +#[cfg(sha384)] +fn test_digest_sha384() { + use wolfssl_wolfcrypt::sha::SHA384; + common::setup(); + check_digest::( + b"abc", + b"\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7", + 128, + ); +} + +#[test] +#[cfg(sha512)] +fn test_digest_sha512() { + use wolfssl_wolfcrypt::sha::SHA512; + common::setup(); + check_digest::( + b"abc", + b"\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f", + 128, + ); +} + +#[test] +#[cfg(sha3)] +fn test_digest_sha3_224() { + use wolfssl_wolfcrypt::sha::SHA3_224; + common::setup(); + check_digest::( + b"abc", + b"\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf", + 144, + ); +} + +#[test] +#[cfg(sha3)] +fn test_digest_sha3_256() { + use wolfssl_wolfcrypt::sha::SHA3_256; + common::setup(); + check_digest::( + b"abc", + b"\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43\x15\x32", + 136, + ); +} + +#[test] +#[cfg(sha3)] +fn test_digest_sha3_384() { + use wolfssl_wolfcrypt::sha::SHA3_384; + common::setup(); + check_digest::( + b"abc", + b"\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28\x37\x6d\x25", + 104, + ); +} + +#[test] +#[cfg(sha3)] +fn test_digest_sha3_512() { + use wolfssl_wolfcrypt::sha::SHA3_512; + common::setup(); + check_digest::( + b"abc", + b"\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27\x4e\xec\x53\xf0", + 72, + ); +}