123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454 |
- // Copyright (c) 2018-2019, The Tor Project, Inc.
- // Copyright (c) 2018, isis agora lovecruft
- // See LICENSE for licensing information
- //! Bindings to external digest and XOF functions which live within
- //! src/common/crypto_digest.[ch].
- //!
- //! We wrap our C implementations in src/common/crypto_digest.[ch] with more
- //! Rusty types and interfaces in src/rust/crypto/digest/.
- use std::process::abort;
- use libc::c_char;
- use libc::c_int;
- use libc::size_t;
- use libc::uint8_t;
- use smartlist::Stringlist;
- /// Length of the output of our message digest.
- pub const DIGEST_LEN: usize = 20;
- /// Length of the output of our second (improved) message digests. (For now
- /// this is just sha256, but it could be any other 256-bit digest.)
- pub const DIGEST256_LEN: usize = 32;
- /// Length of the output of our 64-bit optimized message digests (SHA512).
- pub const DIGEST512_LEN: usize = 64;
- /// Length of a sha1 message digest when encoded in base32 with trailing = signs
- /// removed.
- pub const BASE32_DIGEST_LEN: usize = 32;
- /// Length of a sha1 message digest when encoded in base64 with trailing = signs
- /// removed.
- pub const BASE64_DIGEST_LEN: usize = 27;
- /// Length of a sha256 message digest when encoded in base64 with trailing =
- /// signs removed.
- pub const BASE64_DIGEST256_LEN: usize = 43;
- /// Length of a sha512 message digest when encoded in base64 with trailing =
- /// signs removed.
- pub const BASE64_DIGEST512_LEN: usize = 86;
- /// Length of hex encoding of SHA1 digest, not including final NUL.
- pub const HEX_DIGEST_LEN: usize = 40;
- /// Length of hex encoding of SHA256 digest, not including final NUL.
- pub const HEX_DIGEST256_LEN: usize = 64;
- /// Length of hex encoding of SHA512 digest, not including final NUL.
- pub const HEX_DIGEST512_LEN: usize = 128;
- /// Our C code uses an enum to declare the digest algorithm types which we know
- /// about. However, because enums are implementation-defined in C, we can
- /// neither work with them directly nor translate them into Rust enums.
- /// Instead, we represent them as a u8 (under the assumption that we'll never
- /// support more than 256 hash functions).
- #[allow(non_camel_case_types)]
- type digest_algorithm_t = u8;
- const DIGEST_SHA1: digest_algorithm_t = 0;
- const DIGEST_SHA256: digest_algorithm_t = 1;
- const DIGEST_SHA512: digest_algorithm_t = 2;
- const DIGEST_SHA3_256: digest_algorithm_t = 3;
- const DIGEST_SHA3_512: digest_algorithm_t = 4;
- /// The number of hash digests we produce for a `common_digests_t`.
- ///
- /// We can't access these from Rust, because their definitions in C require
- /// introspecting the `digest_algorithm_t` typedef, which is an enum, so we have
- /// to redefine them here.
- const N_COMMON_DIGEST_ALGORITHMS: usize = DIGEST_SHA256 as usize + 1;
- /// A digest function.
- #[repr(C)]
- #[derive(Debug, Copy, Clone)]
- #[allow(non_camel_case_types)]
- struct crypto_digest_t {
- // This private, zero-length field forces the struct to be treated the same
- // as its opaque C couterpart.
- _unused: [u8; 0],
- }
- /// An eXtendible Output Function (XOF).
- #[repr(C)]
- #[derive(Debug, Copy, Clone)]
- #[allow(non_camel_case_types)]
- struct crypto_xof_t {
- // This private, zero-length field forces the struct to be treated the same
- // as its opaque C couterpart.
- _unused: [u8; 0],
- }
- /// A set of all the digests we commonly compute, taken on a single
- /// string. Any digests that are shorter than 512 bits are right-padded
- /// with 0 bits.
- ///
- /// Note that this representation wastes 44 bytes for the SHA1 case, so
- /// don't use it for anything where we need to allocate a whole bunch at
- /// once.
- #[repr(C)]
- #[derive(Debug, Copy, Clone)]
- #[allow(non_camel_case_types)]
- struct common_digests_t {
- pub d: [[c_char; N_COMMON_DIGEST_ALGORITHMS]; DIGEST256_LEN],
- }
- /// A `smartlist_t` is just an alias for the `#[repr(C)]` type `Stringlist`, to
- /// make it more clear that we're working with a smartlist which is owned by C.
- #[allow(non_camel_case_types)]
- // BINDGEN_GENERATED: This type isn't actually bindgen generated, but the code
- // below it which uses it is. As such, this comes up as "dead code" as well.
- #[allow(dead_code)]
- type smartlist_t = Stringlist;
- /// All of the external functions from `src/common/crypto_digest.h`.
- ///
- /// These are kept private because they should be wrapped with Rust to make their usage safer.
- //
- // BINDGEN_GENERATED: These definitions were generated with bindgen and cleaned
- // up manually. As such, there are more bindings than are likely necessary or
- // which are in use.
- #[allow(dead_code)]
- extern "C" {
- fn crypto_digest(digest: *mut c_char, m: *const c_char, len: size_t) -> c_int;
- fn crypto_digest256(
- digest: *mut c_char,
- m: *const c_char,
- len: size_t,
- algorithm: digest_algorithm_t,
- ) -> c_int;
- fn crypto_digest512(
- digest: *mut c_char,
- m: *const c_char,
- len: size_t,
- algorithm: digest_algorithm_t,
- ) -> c_int;
- fn crypto_common_digests(ds_out: *mut common_digests_t, m: *const c_char, len: size_t)
- -> c_int;
- fn crypto_digest_smartlist_prefix(
- digest_out: *mut c_char,
- len_out: size_t,
- prepend: *const c_char,
- lst: *const smartlist_t,
- append: *const c_char,
- alg: digest_algorithm_t,
- );
- fn crypto_digest_smartlist(
- digest_out: *mut c_char,
- len_out: size_t,
- lst: *const smartlist_t,
- append: *const c_char,
- alg: digest_algorithm_t,
- );
- fn crypto_digest_algorithm_get_name(alg: digest_algorithm_t) -> *const c_char;
- fn crypto_digest_algorithm_get_length(alg: digest_algorithm_t) -> size_t;
- fn crypto_digest_algorithm_parse_name(name: *const c_char) -> c_int;
- fn crypto_digest_new() -> *mut crypto_digest_t;
- fn crypto_digest256_new(algorithm: digest_algorithm_t) -> *mut crypto_digest_t;
- fn crypto_digest512_new(algorithm: digest_algorithm_t) -> *mut crypto_digest_t;
- fn crypto_digest_free_(digest: *mut crypto_digest_t);
- fn crypto_digest_add_bytes(digest: *mut crypto_digest_t, data: *const c_char, len: size_t);
- fn crypto_digest_get_digest(digest: *mut crypto_digest_t, out: *mut c_char, out_len: size_t);
- fn crypto_digest_dup(digest: *const crypto_digest_t) -> *mut crypto_digest_t;
- fn crypto_digest_assign(into: *mut crypto_digest_t, from: *const crypto_digest_t);
- fn crypto_hmac_sha256(
- hmac_out: *mut c_char,
- key: *const c_char,
- key_len: size_t,
- msg: *const c_char,
- msg_len: size_t,
- );
- fn crypto_mac_sha3_256(
- mac_out: *mut uint8_t,
- len_out: size_t,
- key: *const uint8_t,
- key_len: size_t,
- msg: *const uint8_t,
- msg_len: size_t,
- );
- fn crypto_xof_new() -> *mut crypto_xof_t;
- fn crypto_xof_add_bytes(xof: *mut crypto_xof_t, data: *const uint8_t, len: size_t);
- fn crypto_xof_squeeze_bytes(xof: *mut crypto_xof_t, out: *mut uint8_t, len: size_t);
- fn crypto_xof_free(xof: *mut crypto_xof_t);
- }
- /// A wrapper around a `digest_algorithm_t`.
- pub enum DigestAlgorithm {
- SHA2_256,
- SHA2_512,
- SHA3_256,
- SHA3_512,
- }
- impl From<DigestAlgorithm> for digest_algorithm_t {
- fn from(digest: DigestAlgorithm) -> digest_algorithm_t {
- match digest {
- DigestAlgorithm::SHA2_256 => DIGEST_SHA256,
- DigestAlgorithm::SHA2_512 => DIGEST_SHA512,
- DigestAlgorithm::SHA3_256 => DIGEST_SHA3_256,
- DigestAlgorithm::SHA3_512 => DIGEST_SHA3_512,
- }
- }
- }
- /// A wrapper around a mutable pointer to a `crypto_digest_t`.
- pub struct CryptoDigest(*mut crypto_digest_t);
- /// Explicitly copy the state of a `CryptoDigest` hash digest context.
- ///
- /// # C_RUST_COUPLED
- ///
- /// * `crypto_digest_dup`
- impl Clone for CryptoDigest {
- fn clone(&self) -> CryptoDigest {
- let digest: *mut crypto_digest_t;
- unsafe {
- digest = crypto_digest_dup(self.0 as *const crypto_digest_t);
- }
- // See the note in the implementation of CryptoDigest for the
- // reasoning for `abort()` here.
- if digest.is_null() {
- abort();
- }
- CryptoDigest(digest)
- }
- }
- impl CryptoDigest {
- /// A wrapper to call one of the C functions `crypto_digest_new`,
- /// `crypto_digest256_new`, or `crypto_digest512_new`.
- ///
- /// # Warnings
- ///
- /// This function will `abort()` the entire process in an "abnormal" fashion,
- /// i.e. not unwinding this or any other thread's stack, running any
- /// destructors, or calling any panic/exit hooks) if `tor_malloc()` (called in
- /// `crypto_digest256_new()`) is unable to allocate memory.
- ///
- /// # Returns
- ///
- /// A new `CryptoDigest`, which is a wrapper around a opaque representation
- /// of a `crypto_digest_t`. The underlying `crypto_digest_t` _MUST_ only
- /// ever be handled via a raw pointer, and never introspected.
- ///
- /// # C_RUST_COUPLED
- ///
- /// * `crypto_digest_new`
- /// * `crypto_digest256_new`
- /// * `crypto_digest512_new`
- /// * `tor_malloc` (called by `crypto_digest256_new`, but we make
- /// assumptions about its behvaiour and return values here)
- pub fn new(algorithm: Option<DigestAlgorithm>) -> CryptoDigest {
- let digest: *mut crypto_digest_t;
- if algorithm.is_none() {
- unsafe {
- digest = crypto_digest_new();
- }
- } else {
- let algo: digest_algorithm_t = algorithm.unwrap().into(); // can't fail because it's Some
- unsafe {
- // XXX This is a pretty awkward API to use from Rust...
- digest = match algo {
- DIGEST_SHA1 => crypto_digest_new(),
- DIGEST_SHA256 => crypto_digest256_new(DIGEST_SHA256),
- DIGEST_SHA3_256 => crypto_digest256_new(DIGEST_SHA3_256),
- DIGEST_SHA512 => crypto_digest512_new(DIGEST_SHA512),
- DIGEST_SHA3_512 => crypto_digest512_new(DIGEST_SHA3_512),
- _ => abort(),
- }
- }
- }
- // In our C code, `crypto_digest*_new()` allocates memory with
- // `tor_malloc()`. In `tor_malloc()`, if the underlying malloc
- // implementation fails to allocate the requested memory and returns a
- // NULL pointer, we call `exit(1)`. In the case that this `exit(1)` is
- // called within a worker, be that a process or a thread, the inline
- // comments within `tor_malloc()` mention "that's ok, since the parent
- // will run out of memory soon anyway". However, if it takes long
- // enough for the worker to die, and it manages to return a NULL pointer
- // to our Rust code, our Rust is now in an irreparably broken state and
- // may exhibit undefined behaviour. An even worse scenario, if/when we
- // have parent/child processes/threads controlled by Rust, would be that
- // the UB contagion in Rust manages to spread to other children before
- // the entire process (hopefully terminates).
- //
- // However, following the assumptions made in `tor_malloc()` that
- // calling `exit(1)` in a child is okay because the parent will
- // eventually run into the same errors, and also to stymie any UB
- // contagion in the meantime, we call abort!() here to terminate the
- // entire program immediately.
- if digest.is_null() {
- abort();
- }
- CryptoDigest(digest)
- }
- /// A wrapper to call the C function `crypto_digest_add_bytes`.
- ///
- /// # Inputs
- ///
- /// * `bytes`: a byte slice of bytes to be added into this digest.
- ///
- /// # C_RUST_COUPLED
- ///
- /// * `crypto_digest_add_bytes`
- pub fn add_bytes(&self, bytes: &[u8]) {
- unsafe {
- crypto_digest_add_bytes(
- self.0 as *mut crypto_digest_t,
- bytes.as_ptr() as *const c_char,
- bytes.len() as size_t,
- )
- }
- }
- }
- impl Drop for CryptoDigest {
- fn drop(&mut self) {
- unsafe {
- crypto_digest_free_(self.0 as *mut crypto_digest_t);
- }
- }
- }
- /// Get the 256-bit digest output of a `crypto_digest_t`.
- ///
- /// # Inputs
- ///
- /// * `digest`: A `CryptoDigest` which wraps either a `DIGEST_SHA256` or a
- /// `DIGEST_SHA3_256`.
- ///
- /// # Warning
- ///
- /// Calling this function with a `CryptoDigest` which is neither SHA2-256 or
- /// SHA3-256 is a programming error. Since we cannot introspect the opaque
- /// struct from Rust, however, there is no way for us to check that the correct
- /// one is being passed in. That is up to you, dear programmer. If you mess
- /// up, you will get a incorrectly-sized hash digest in return, and it will be
- /// your fault. Don't do that.
- ///
- /// # Returns
- ///
- /// A 256-bit hash digest, as a `[u8; 32]`.
- ///
- /// # C_RUST_COUPLED
- ///
- /// * `crypto_digest_get_digest`
- /// * `DIGEST256_LEN`
- //
- // FIXME: Once const generics land in Rust, we should genericise calling
- // crypto_digest_get_digest w.r.t. output array size.
- pub fn get_256_bit_digest(digest: CryptoDigest) -> [u8; DIGEST256_LEN] {
- let mut buffer: [u8; DIGEST256_LEN] = [0u8; DIGEST256_LEN];
- unsafe {
- crypto_digest_get_digest(
- digest.0,
- buffer.as_mut_ptr() as *mut c_char,
- DIGEST256_LEN as size_t,
- );
- if buffer.as_ptr().is_null() {
- abort();
- }
- }
- buffer
- }
- /// Get the 512-bit digest output of a `crypto_digest_t`.
- ///
- /// # Inputs
- ///
- /// * `digest`: A `CryptoDigest` which wraps either a `DIGEST_SHA512` or a
- /// `DIGEST_SHA3_512`.
- ///
- /// # Warning
- ///
- /// Calling this function with a `CryptoDigest` which is neither SHA2-512 or
- /// SHA3-512 is a programming error. Since we cannot introspect the opaque
- /// struct from Rust, however, there is no way for us to check that the correct
- /// one is being passed in. That is up to you, dear programmer. If you mess
- /// up, you will get a incorrectly-sized hash digest in return, and it will be
- /// your fault. Don't do that.
- ///
- /// # Returns
- ///
- /// A 512-bit hash digest, as a `[u8; 64]`.
- ///
- /// # C_RUST_COUPLED
- ///
- /// * `crypto_digest_get_digest`
- /// * `DIGEST512_LEN`
- //
- // FIXME: Once const generics land in Rust, we should genericise calling
- // crypto_digest_get_digest w.r.t. output array size.
- pub fn get_512_bit_digest(digest: CryptoDigest) -> [u8; DIGEST512_LEN] {
- let mut buffer: [u8; DIGEST512_LEN] = [0u8; DIGEST512_LEN];
- unsafe {
- crypto_digest_get_digest(
- digest.0,
- buffer.as_mut_ptr() as *mut c_char,
- DIGEST512_LEN as size_t,
- );
- if buffer.as_ptr().is_null() {
- abort();
- }
- }
- buffer
- }
- #[cfg(test)]
- mod test {
- use super::*;
- #[test]
- fn test_layout_common_digests_t() {
- assert_eq!(
- ::std::mem::size_of::<common_digests_t>(),
- 64usize,
- concat!("Size of: ", stringify!(common_digests_t))
- );
- assert_eq!(
- ::std::mem::align_of::<common_digests_t>(),
- 1usize,
- concat!("Alignment of ", stringify!(common_digests_t))
- );
- }
- #[test]
- fn test_layout_crypto_digest_t() {
- assert_eq!(
- ::std::mem::size_of::<crypto_digest_t>(),
- 0usize,
- concat!("Size of: ", stringify!(crypto_digest_t))
- );
- assert_eq!(
- ::std::mem::align_of::<crypto_digest_t>(),
- 1usize,
- concat!("Alignment of ", stringify!(crypto_digest_t))
- );
- }
- }
|