Back implementations of SHA2, HMAC-SHA1, HMAC-SHA2 and HKDF-SHA2 by hacl-rs #659
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
franziskuskiefer
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR replaces some use of hacl-c by hacl-rs.
The Rust files in the directories
libcrux-hacl-rsandlibcrux-hacl-rs-xxxare autogenerated, with two caveats:useitems to modules inside the same crate in some casesThe reason for the last two items is that upstream they define several crates, and here I wanted to keep the number crates low. So when e.g. they use
crate::bignum_basein theirbignumcrate, and I move that crate into a modulebignuminside ourlibcrux-hacl-rscrate, this becomescrate::bignum::bignum_base.Maybe we should ask if they can put everything in a single crate (except the proc-macro of course), or maybe we can split these into separate crates. Not sure what is better.
In some places it also changed the API a little:
Everywhere
Pass in &mut [u8; N] instead of returning [u8; N]
Seems like it’s the more general thing, even though the API is a bit more clunky. We can implement the returning API on top of the borrowing API, as well.
HKDF
Trait and Structs
Use structs and traits for the implementations rather than modules. Somehow doing it this way seemed cleaner to me, but I can understand if that is not how it should be. More of a conversation starter, the old structure is still around. Happy to hear feedback around this.
Renamed “tag length” (in comments, $tag_len, …) to “hash length”
That’s what the RFC calls it.
fixed some comments on panics
removed one of the two errors
Until now, we had (a) libcrux_hkdf::Error and (b) libcrux_hkdf::hacl_hkdf::Error. However, (a) did not contain all error conditions, but was the only that was exposed, so we returned “too long okm” when in fact the input buffer was too large. Now we just have a single error, with both error conditions, and that’s just used everywhere.
HMAC
Nothing besides the change from “return array” to “take &mut”.
SHA2
Removed the additional layering between the public facing types and the state types
Previously, it looked like the inner type would only hide the unsafe-ness of the hacl-c implementation, and then we would just forward most of the API to the used in a wrapper around that. Now that this is safe, the utility became even more questionable, so I got rid of it. The digest module now uses hacl-rs directly.
ed25519
Nothing besides the change from “return array” to “take &mut”.