lib-q-hash 0.0.2

Post-quantum Hash Functions for lib-Q
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

//! lib-Q Hash Provider Implementation
//!
//! This module provides the LibQHashProvider that implements the HashOperations
//! trait and routes hash operations to the appropriate algorithm implementations
//! with proper security validation.

#[cfg(feature = "alloc")]
extern crate alloc;
#[cfg(feature = "alloc")]
use alloc::{
    format,
    string::ToString,
    vec::Vec,
};

use lib_q_core::api::{
    Algorithm,
    CryptoProvider,
    HashOperations,
};
use lib_q_core::error::{
    Error,
    Result,
};
use lib_q_core::security::SecurityValidator;

use crate::{
    algorithm_to_hash_algorithm,
    create_hash,
};

/// lib-Q hash provider implementation
///
/// This provider implements hash operations for lib-Q, including hash computation
/// with proper security validation and algorithm routing.
#[cfg(feature = "alloc")]
#[derive(Clone)]
pub struct LibQHashProvider {
    security_validator: SecurityValidator,
}

#[cfg(feature = "alloc")]
impl core::fmt::Debug for LibQHashProvider {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_struct("LibQHashProvider")
            .field("security_validator", &"<SecurityValidator>")
            .finish()
    }
}

#[cfg(feature = "alloc")]
impl LibQHashProvider {
    /// Create a new hash provider
    ///
    /// # Returns
    ///
    /// A new instance of LibQHashProvider with security validation initialized.
    ///
    /// # Errors
    ///
    /// Returns an error if the security validator fails to initialize.
    pub fn new() -> Result<Self> {
        Ok(Self {
            security_validator: SecurityValidator::new()?,
        })
    }

    /// Get the security validator
    pub fn security_validator(&self) -> &SecurityValidator {
        &self.security_validator
    }
}

#[cfg(feature = "alloc")]
impl HashOperations for LibQHashProvider {
    fn hash(&self, algorithm: Algorithm, data: &[u8]) -> Result<Vec<u8>> {
        // Validate algorithm category
        self.security_validator
            .validate_algorithm_category(algorithm, lib_q_core::api::AlgorithmCategory::Hash)?;

        // Validate input data
        self.security_validator.validate_hash_input(data)?;

        // Map Algorithm to HashAlgorithm and create hash instance
        let hash_algorithm = algorithm_to_hash_algorithm(algorithm)?;
        let hasher = create_hash(hash_algorithm).map_err(|e| Error::InternalError {
            operation: "hash instance creation".to_string(),
            details: format!(
                "Failed to create hash instance for algorithm {:?}: {}",
                algorithm, e
            ),
        })?;

        // Use the hash method from the lib-q-core Hash trait
        lib_q_core::Hash::hash(&*hasher, data).map_err(|e| Error::InternalError {
            operation: "hash computation".to_string(),
            details: format!(
                "Failed to compute hash for algorithm {:?}: {}",
                algorithm, e
            ),
        })
    }
}

#[cfg(feature = "alloc")]
impl CryptoProvider for LibQHashProvider {
    fn kem(&self) -> Option<&dyn lib_q_core::api::KemOperations> {
        None
    }

    fn signature(&self) -> Option<&dyn lib_q_core::api::SignatureOperations> {
        None
    }

    fn hash(&self) -> Option<&dyn HashOperations> {
        Some(self)
    }

    fn aead(&self) -> Option<&dyn lib_q_core::api::AeadOperations> {
        None
    }
}

#[cfg(test)]
mod tests {
    use alloc::vec::Vec;

    use super::*;

    #[test]
    fn test_provider_creation() {
        let provider = LibQHashProvider::new();
        assert!(provider.is_ok(), "Provider should be created successfully");
    }

    #[test]
    fn test_provider_security_validator() {
        let provider = LibQHashProvider::new().unwrap();
        let _validator = provider.security_validator();
        // Security validator should be accessible
    }

    #[test]
    fn test_provider_unsupported_algorithm() {
        let provider = LibQHashProvider::new().unwrap();
        let result = HashOperations::hash(&provider, Algorithm::MlDsa65, b"test data");
        assert!(
            result.is_err(),
            "Should return error for unsupported algorithm"
        );

        if let Err(Error::InvalidAlgorithm { .. }) = result {
            // Expected error type
        } else {
            panic!("Expected InvalidAlgorithm error");
        }
    }

    #[test]
    fn test_provider_algorithm_routing() {
        let provider = LibQHashProvider::new().unwrap();

        // Test SHA-3 algorithms
        let test_data = b"Hello, lib-Q!";

        let result = HashOperations::hash(&provider, Algorithm::Sha3_256, test_data);
        assert!(result.is_ok(), "SHA3-256 should work");
        if let Ok(hash) = result {
            assert_eq!(hash.len(), 32, "SHA3-256 should produce 32-byte hash");
        }

        let result = HashOperations::hash(&provider, Algorithm::Sha3_512, test_data);
        assert!(result.is_ok(), "SHA3-512 should work");
        if let Ok(hash) = result {
            assert_eq!(hash.len(), 64, "SHA3-512 should produce 64-byte hash");
        }

        // Test SHAKE algorithms
        let result = HashOperations::hash(&provider, Algorithm::Shake128, test_data);
        assert!(result.is_ok(), "SHAKE128 should work");
        if let Ok(hash) = result {
            assert_eq!(hash.len(), 16, "SHAKE128 should produce 16-byte hash");
        }

        let result = HashOperations::hash(&provider, Algorithm::Shake256, test_data);
        assert!(result.is_ok(), "SHAKE256 should work");
        if let Ok(hash) = result {
            assert_eq!(hash.len(), 32, "SHAKE256 should produce 32-byte hash");
        }

        let result = HashOperations::hash(&provider, Algorithm::Sha256, test_data);
        assert!(result.is_ok(), "SHA-256 should work");
        if let Ok(hash) = result {
            assert_eq!(hash.len(), 32, "SHA-256 should produce 32-byte hash");
        }
    }

    /// Hash inputs are not subject to the AEAD default binding cap (formerly 1 MiB for all payloads).
    #[test]
    fn hash_accepts_input_above_legacy_one_mib_policy() {
        let provider = LibQHashProvider::new().unwrap();
        let mut data = Vec::with_capacity(1024 * 1024 + 1);
        data.resize(1024 * 1024 + 1, 0x5Au8);
        let result = HashOperations::hash(&provider, Algorithm::Sha3_256, &data);
        assert!(
            result.is_ok(),
            "expected SHA3-256 over >1 MiB input to succeed, got {:?}",
            result.as_ref().err()
        );
        assert_eq!(result.unwrap().len(), 32);
    }
}