diff --git a/.github/workflows/bash-hash.yml b/.github/workflows/bash-hash.yml new file mode 100644 index 00000000..d7eca54a --- /dev/null +++ b/.github/workflows/bash-hash.yml @@ -0,0 +1,72 @@ +name: bash-hash + +on: + pull_request: + paths: + - ".github/workflows/bash-hash.yml" + - "bash-hash/**" + - "Cargo.*" + push: + branches: master + +defaults: + run: + working-directory: bash-hash + +env: + CARGO_INCREMENTAL: 0 + RUSTFLAGS: "-Dwarnings" + +# Cancels CI jobs when new commits are pushed to a PR branch +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + set-msrv: + uses: RustCrypto/actions/.github/workflows/set-msrv.yml@master + with: + msrv: 1.85.0 + + build: + needs: set-msrv + runs-on: ubuntu-latest + strategy: + matrix: + rust: + - ${{needs.set-msrv.outputs.msrv}} + - stable + target: + - thumbv7em-none-eabi + - wasm32-unknown-unknown + steps: + - uses: actions/checkout@v5 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.rust }} + targets: ${{ matrix.target }} + - uses: RustCrypto/actions/cargo-hack-install@master + - run: cargo hack build --target ${{ matrix.target }} --each-feature --exclude-features default,std + + test: + needs: set-msrv + runs-on: ubuntu-latest + strategy: + matrix: + rust: + - ${{needs.set-msrv.outputs.msrv}} + - stable + steps: + - uses: actions/checkout@v5 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.rust }} + - uses: RustCrypto/actions/cargo-hack-install@master + - run: cargo hack test --feature-powerset + + minimal-versions: + uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master + with: + working-directory: ${{ github.workflow }} diff --git a/Cargo.lock b/Cargo.lock index 59b1ea3d..4ff03c7b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -29,6 +29,22 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b" +[[package]] +name = "bash-f" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfed5cd32720841afa8cd58c89a317e9efb0c8083e1b349dae4098f022620353" + +[[package]] +name = "bash-hash" +version = "0.1.0" +dependencies = [ + "base16ct", + "bash-f", + "digest", + "hex-literal", +] + [[package]] name = "belt-block" version = "0.1.2" diff --git a/Cargo.toml b/Cargo.toml index 5ad5baf6..1afe63c4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,6 +2,7 @@ resolver = "3" members = [ "ascon-hash", + "bash-hash", "belt-hash", "blake2", "fsb", diff --git a/bash-hash/CHANGELOG.md b/bash-hash/CHANGELOG.md new file mode 100644 index 00000000..a3a56b13 --- /dev/null +++ b/bash-hash/CHANGELOG.md @@ -0,0 +1,12 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + + +## 0.1.0 (UNRELEASED) +- Initial release ([#745]) + +[#745]: https://github.com/RustCrypto/hashes/pull/745 diff --git a/bash-hash/Cargo.toml b/bash-hash/Cargo.toml new file mode 100644 index 00000000..edfe02b6 --- /dev/null +++ b/bash-hash/Cargo.toml @@ -0,0 +1,31 @@ +[package] +name = "bash-hash" +version = "0.1.0" +description = "bash hash function (STB 34.101.77-2020)" +authors = ["RustCrypto Developers"] +license = "MIT OR Apache-2.0" +readme = "README.md" +edition = "2024" +rust-version = "1.85" +documentation = "https://docs.rs/belt-hash" +repository = "https://github.com/RustCrypto/hashes" +keywords = ["belt", "stb", "hash", "digest"] +categories = ["cryptography", "no-std"] + +[dependencies] +digest = "0.11.0-rc.3" +bash-f = { version = "0.1.0" } + +[dev-dependencies] +digest = { version = "0.11.0-rc.3", features = ["dev"] } +hex-literal = "1" +base16ct = { version = "0.3", features = ["alloc"] } + +[features] +default = ["alloc", "oid"] +alloc = ["digest/alloc"] +oid = ["digest/oid"] +zeroize = ["digest/zeroize"] + +[package.metadata.docs.rs] +all-features = true diff --git a/bash-hash/LICENSE-APACHE b/bash-hash/LICENSE-APACHE new file mode 100644 index 00000000..78173fa2 --- /dev/null +++ b/bash-hash/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/bash-hash/LICENSE-MIT b/bash-hash/LICENSE-MIT new file mode 100644 index 00000000..82a58781 --- /dev/null +++ b/bash-hash/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2025 The RustCrypto Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/bash-hash/README.md b/bash-hash/README.md new file mode 100644 index 00000000..3fd56ed6 --- /dev/null +++ b/bash-hash/README.md @@ -0,0 +1,61 @@ +# RustCrypto: bash hash + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +[![Build Status][build-image]][build-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] + +Pure Rust implementation of the bash hash function specified in [STB 34.101.31-2020]. + +## Examples +```rust +use bash_hash::{BashHash256, Digest}; +use hex_literal::hex; + +let mut hasher = BashHash256::new(); +hasher.update(b"hello world"); +let hash = hasher.finalize(); + +assert_eq!(hash, hex!("2FC08EEC942378C0F8A6E5F1890D907B706BE393B0386E20A73D4D17A46BBD10")); + +// Hex-encode hash using https://docs.rs/base16ct +let hex_hash = base16ct::upper::encode_string(&hash); +assert_eq!(hex_hash, "2FC08EEC942378C0F8A6E5F1890D907B706BE393B0386E20A73D4D17A46BBD10"); +``` + +Also, see the [examples section] in the RustCrypto/hashes readme. + +## License + +The crate is licensed under either of: + +* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) +* [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://img.shields.io/crates/v/belt-hash.svg +[crate-link]: https://crates.io/crates/belt-hash +[docs-image]: https://docs.rs/belt-hash/badge.svg +[docs-link]: https://docs.rs/belt-hash +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260041-hashes +[build-image]: https://github.com/RustCrypto/hashes/actions/workflows/belt-hash.yml/badge.svg?branch=master +[build-link]: https://github.com/RustCrypto/hashes/actions/workflows/belt-hash.yml?query=branch:master + +[//]: # (general links) + +[STB 34.101.77-2020]: http://apmi.bsu.by/assets/files/std/bash-spec241.pdf +[examples section]: https://github.com/RustCrypto/hashes#Examples diff --git a/bash-hash/benches/mod.rs b/bash-hash/benches/mod.rs new file mode 100644 index 00000000..525edfb7 --- /dev/null +++ b/bash-hash/benches/mod.rs @@ -0,0 +1,30 @@ +#![feature(test)] +extern crate test; + +use bash_hash::{BashHash256, BashHash384, BashHash512}; +use digest::bench_update; +use test::Bencher; + +bench_update!( + BashHash256::default(); + bash_hash256_10 10; + bash_hash256_100 100; + bash_hash256_1000 1000; + bash_hash256_10000 10000; +); + +bench_update!( + BashHash384::default(); + bash_hash384_10 10; + bash_hash384_100 100; + bash_hash384_1000 1000; + bash_hash384_10000 10000; +); + +bench_update!( + BashHash512::default(); + bash_hash512_10 10; + bash_hash512_100 100; + bash_hash512_1000 1000; + bash_hash512_10000 10000; +); diff --git a/bash-hash/src/block_api.rs b/bash-hash/src/block_api.rs new file mode 100644 index 00000000..68e96d2a --- /dev/null +++ b/bash-hash/src/block_api.rs @@ -0,0 +1,232 @@ +use core::fmt; +use digest::{ + HashMarker, Output, + array::Array, + block_api::{ + AlgorithmName, Block, BlockSizeUser, Buffer, BufferKindUser, Eager, FixedOutputCore, + OutputSizeUser, Reset, UpdateCore, + }, + crypto_common::hazmat::{DeserializeStateError, SerializableState, SerializedState}, + typenum::U192, +}; + +use crate::variants::{Bash256, Bash384, Bash512, Variant}; +use bash_f::{STATE_WORDS, bash_f}; +use digest::typenum::Unsigned; + +/// Core Bash hasher state with generic security level. +/// +/// Implements bash-hash[ℓ] algorithm according to section 7 of STB 34.101.77-2020. +/// Parameters: +/// - BlockSize: block size r = (1536 - 4ℓ) / 8 bytes +/// - OutputSize: output size 2ℓ / 8 bytes +#[derive(Clone)] +pub struct BashHashCore { + state: [u64; STATE_WORDS], + _variant: core::marker::PhantomData, +} + +impl BashHashCore +where + V: Variant, +{ + /// Calculate security level ℓ + /// + /// According to section 5.3: ℓ = OutputSize * 8 / 2 = OutputSize * 4 + #[inline] + const fn get_level() -> usize { + // 3. ℓ ← OutSize * 8 / 2 + V::OutputSize::USIZE * 4 + } + + /// Calculate buffer size r in bytes + #[inline] + const fn get_r_bytes() -> usize { + V::BlockSize::USIZE + } + + /// Compress one data block + fn compress_block(&mut self, block: &Block) { + let r_bytes = Self::get_r_bytes(); + debug_assert_eq!(r_bytes % 8, 0); + + // 4.1: S[...1536 - 4ℓ) ← Xi + for (dst, chunk) in self.state.iter_mut().zip(block[..r_bytes].chunks_exact(8)) { + // `chunk` is guaranteed to be 8 bytes long due to `r_bytes` being a multiple of 8 + *dst = u64::from_le_bytes(chunk.try_into().unwrap()); + } + + // 4.2: S ← bash-f(S) + bash_f(&mut self.state); + } +} + +impl HashMarker for BashHashCore where V: Variant {} + +impl BlockSizeUser for BashHashCore +where + V: Variant, +{ + type BlockSize = V::BlockSize; +} + +impl BufferKindUser for BashHashCore +where + V: Variant, +{ + type BufferKind = Eager; +} + +impl OutputSizeUser for BashHashCore +where + V: Variant, +{ + type OutputSize = V::OutputSize; +} + +impl UpdateCore for BashHashCore +where + V: Variant, +{ + #[inline] + fn update_blocks(&mut self, blocks: &[Block]) { + for block in blocks { + self.compress_block(block); + } + } +} + +impl FixedOutputCore for BashHashCore +where + V: Variant, +{ + fn finalize_fixed_core(&mut self, buffer: &mut Buffer, out: &mut Output) { + let pos = buffer.get_pos(); + + // 1. Split(X || 01, r) - split message with appended 01 + // 2: Xn ← Xn || 0^(1536-4ℓ-|Xn|) - pad last block with zeros + let mut padding_block = Array::::default(); + let block = buffer.pad_with_zeros(); + padding_block.copy_from_slice(&block); + padding_block[pos] = 0x40; + + // 4. for i = 1, 2, ..., n, do: + self.compress_block(&padding_block); + + //5. Y ← S[...2ℓ) + self.state + .iter() + .flat_map(|w| w.to_le_bytes()) + .take(V::OutputSize::USIZE) + .zip(out.iter_mut()) + .for_each(|(src, dst)| *dst = src); + } +} + +impl Default for BashHashCore +where + V: Variant, +{ + #[inline] + fn default() -> Self { + let mut state = [0u64; STATE_WORDS]; + + // 3. S ← 0^1472 || ⟨ℓ/4⟩_64 + let level = Self::get_level(); + state[23] = (level / 4) as u64; + + Self { + state, + _variant: core::marker::PhantomData, + } + } +} + +impl Reset for BashHashCore +where + V: Variant, +{ + #[inline] + fn reset(&mut self) { + *self = Default::default(); + } +} + +impl AlgorithmName for BashHashCore +where + V: Variant, +{ + fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result { + let level = Self::get_level(); + write!(f, "Bash{}", level * 2) + } +} + +impl fmt::Debug for BashHashCore +where + V: Variant, +{ + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("BashHashCore { ... }") + } +} + +impl Drop for BashHashCore +where + V: Variant, +{ + fn drop(&mut self) { + #[cfg(feature = "zeroize")] + { + use digest::zeroize::Zeroize; + self.state.zeroize(); + } + } +} + +#[cfg(feature = "zeroize")] +impl digest::zeroize::ZeroizeOnDrop for BashHashCore where V: Variant {} + +impl SerializableState for BashHashCore +where + V: Variant, +{ + type SerializedStateSize = U192; + + fn serialize(&self) -> SerializedState { + let mut dst = SerializedState::::default(); + + for (word, chunk) in self.state.iter().zip(dst.chunks_exact_mut(8)) { + // `word` is guaranteed to be 8 bytes long due to `STATE_WORDS` being a multiple of 8 + // and `chunk` being a slice of 8 bytes + chunk.copy_from_slice(&word.to_le_bytes()); + } + + dst + } + + fn deserialize( + serialized_state: &SerializedState, + ) -> Result { + let mut state = [0u64; STATE_WORDS]; + + for (dst, chunk) in state.iter_mut().zip(serialized_state.chunks_exact(8)) { + // `chunk` is guaranteed to be 8 bytes long due to `STATE_WORDS` being a multiple of 8 + // and `dst` being a slice of 8 bytes + *dst = u64::from_le_bytes(chunk.try_into().map_err(|_| DeserializeStateError)?); + } + + Ok(Self { + state, + _variant: core::marker::PhantomData, + }) + } +} + +// Standard Bash hash variants according to section 5.3 and 7.1 +// Bash256: ℓ = 128, output = 2ℓ = 256 bits, block = (1536 - 4×128)/8 = 128 bytes +// Bash384: ℓ = 192, output = 2ℓ = 384 bits, block = (1536 - 4×192)/8 = 96 bytes +// Bash512: ℓ = 256, output = 2ℓ = 512 bits, block = (1536 - 4×256)/8 = 64 bytes +pub(crate) type Bash256Core = BashHashCore; +pub(crate) type Bash384Core = BashHashCore; +pub(crate) type Bash512Core = BashHashCore; diff --git a/bash-hash/src/lib.rs b/bash-hash/src/lib.rs new file mode 100644 index 00000000..88aa243f --- /dev/null +++ b/bash-hash/src/lib.rs @@ -0,0 +1,36 @@ +#![no_std] +#![doc = include_str!("../README.md")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![cfg_attr(docsrs, feature(doc_cfg))] +#![warn(missing_docs, unreachable_pub)] +#![forbid(unsafe_code)] + +pub use digest::{self, Digest}; + +/// Block-level types +pub mod block_api; +mod variants; + +digest::buffer_fixed!( + /// BASH256 hasher state. + pub struct BashHash256(block_api::Bash256Core); + oid: "1.2.112.0.2.0.34.101.77.11"; + impl: FixedHashTraits; +); + +digest::buffer_fixed!( + /// BASH384 hasher state. + pub struct BashHash384(block_api::Bash384Core); + oid: "1.2.112.0.2.0.34.101.77.12"; + impl: FixedHashTraits; +); + +digest::buffer_fixed!( + /// BASH512 hasher state. + pub struct BashHash512(block_api::Bash512Core); + oid: "1.2.112.0.2.0.34.101.77.13"; + impl: FixedHashTraits; +); diff --git a/bash-hash/src/variants.rs b/bash-hash/src/variants.rs new file mode 100644 index 00000000..53a68912 --- /dev/null +++ b/bash-hash/src/variants.rs @@ -0,0 +1,43 @@ +use digest::{ + array::ArraySize, + crypto_common::BlockSizes, + typenum::{U32, U48, U64, U96, U128}, +}; + +/// Sealed trait to prevent external implementations. +pub trait Sealed: Clone {} + +/// Trait for Bash hash variants. +pub trait Variant: Sealed { + type BlockSize: ArraySize + BlockSizes; + type OutputSize: ArraySize; +} + +#[derive(Clone)] +/// `Bash256` variant with 256-bit output and 128-byte block size. +pub struct Bash256; +#[derive(Clone)] +/// `Bash384` variant with 384-bit output and 96-byte block size. +pub struct Bash384; +#[derive(Clone)] +/// `Bash512` variant with 512-bit output and 64-byte block size. +pub struct Bash512; + +impl Sealed for Bash256 {} +impl Sealed for Bash384 {} +impl Sealed for Bash512 {} + +impl Variant for Bash256 { + type BlockSize = U128; + type OutputSize = U32; +} + +impl Variant for Bash384 { + type BlockSize = U96; + type OutputSize = U48; +} + +impl Variant for Bash512 { + type BlockSize = U64; + type OutputSize = U64; +} diff --git a/bash-hash/tests/data/bash256.blb b/bash-hash/tests/data/bash256.blb new file mode 100644 index 00000000..d3cf4d13 Binary files /dev/null and b/bash-hash/tests/data/bash256.blb differ diff --git a/bash-hash/tests/data/bash256_serialization.bin b/bash-hash/tests/data/bash256_serialization.bin new file mode 100644 index 00000000..21e6dead Binary files /dev/null and b/bash-hash/tests/data/bash256_serialization.bin differ diff --git a/bash-hash/tests/data/bash384.blb b/bash-hash/tests/data/bash384.blb new file mode 100644 index 00000000..4c6c8ad1 Binary files /dev/null and b/bash-hash/tests/data/bash384.blb differ diff --git a/bash-hash/tests/data/bash384_serialization.bin b/bash-hash/tests/data/bash384_serialization.bin new file mode 100644 index 00000000..3910629f Binary files /dev/null and b/bash-hash/tests/data/bash384_serialization.bin differ diff --git a/bash-hash/tests/data/bash512.blb b/bash-hash/tests/data/bash512.blb new file mode 100644 index 00000000..a030b066 Binary files /dev/null and b/bash-hash/tests/data/bash512.blb differ diff --git a/bash-hash/tests/data/bash512_serialization.bin b/bash-hash/tests/data/bash512_serialization.bin new file mode 100644 index 00000000..3211131c Binary files /dev/null and b/bash-hash/tests/data/bash512_serialization.bin differ diff --git a/bash-hash/tests/mod.rs b/bash-hash/tests/mod.rs new file mode 100644 index 00000000..50126fee --- /dev/null +++ b/bash-hash/tests/mod.rs @@ -0,0 +1,48 @@ +use bash_hash::{BashHash256, BashHash384, BashHash512}; +use digest::Digest; +use digest::dev::fixed_reset_test; +use hex_literal::hex; + +// Test vectors from STB 34.101.77-2020 (Appendix A, Table A.3) +digest::new_test!(bash256, BashHash256, fixed_reset_test); +digest::new_test!(bash384, BashHash384, fixed_reset_test); +digest::new_test!(bash512, BashHash512, fixed_reset_test); + +macro_rules! test_bash_rand { + ($name:ident, $hasher:ty, $expected:expr) => { + #[test] + fn $name() { + let mut h = <$hasher>::new(); + digest::dev::feed_rand_16mib(&mut h); + assert_eq!(h.finalize(), $expected); + } + }; +} + +test_bash_rand!( + bash256_rand, + BashHash256, + hex!("03f23e09f2ab9ce3f228c21ab1861d2495fcaf81aae2d6bbefd525b95d0925d5") +); + +test_bash_rand!( + bash384_rand, + BashHash384, + hex!( + "3a2932e47780b88aab04c33e0df3c9f53035e4e47daa89e5f8dddf43f4b21c20" + "73d36887684245b87042661c0a3bb8ce" + ) +); + +test_bash_rand!( + bash512_rand, + BashHash512, + hex!( + "f85aacf9fb6fe864d86604fb8d93485b533f29d874b49cd5521ad8afb1c11e8b" + "710f8469b95c6af39147a132787801d194473d1bd7ce24fc23e97dc182bf8a9f" + ) +); + +digest::hash_serialization_test!(bash256_serialization, BashHash256); +digest::hash_serialization_test!(bash384_serialization, BashHash384); +digest::hash_serialization_test!(bash512_serialization, BashHash512);