oxicrypto-adapter-aws-lc 0.1.0

OxiCrypto adapter for aws-lc-rs: FIPS-validated AEAD, signatures, and hashes
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

//! Hash implementations backed by `aws-lc-rs`.
//!
//! Supported algorithms: SHA-256, SHA-384, SHA-512.

use aws_lc_rs::digest::{self, SHA256, SHA384, SHA512};
use oxicrypto_core::{CryptoError, Hash};

/// SHA-256 hash backed by `aws-lc-rs` (32-byte output).
#[derive(Debug, Default, Clone, Copy)]
pub struct AwsLcSha256;

/// SHA-384 hash backed by `aws-lc-rs` (48-byte output).
#[derive(Debug, Default, Clone, Copy)]
pub struct AwsLcSha384;

/// SHA-512 hash backed by `aws-lc-rs` (64-byte output).
#[derive(Debug, Default, Clone, Copy)]
pub struct AwsLcSha512;

fn hash_with_algo(
    algorithm: &'static digest::Algorithm,
    msg: &[u8],
    out: &mut [u8],
    expected_len: usize,
) -> Result<(), CryptoError> {
    if out.len() < expected_len {
        return Err(CryptoError::BufferTooSmall);
    }
    let d = digest::digest(algorithm, msg);
    out[..expected_len].copy_from_slice(d.as_ref());
    Ok(())
}

impl Hash for AwsLcSha256 {
    fn name(&self) -> &'static str {
        "SHA-256 (aws-lc-rs)"
    }
    fn output_len(&self) -> usize {
        32
    }
    fn hash(&self, msg: &[u8], out: &mut [u8]) -> Result<(), CryptoError> {
        hash_with_algo(&SHA256, msg, out, 32)
    }
}

impl Hash for AwsLcSha384 {
    fn name(&self) -> &'static str {
        "SHA-384 (aws-lc-rs)"
    }
    fn output_len(&self) -> usize {
        48
    }
    fn hash(&self, msg: &[u8], out: &mut [u8]) -> Result<(), CryptoError> {
        hash_with_algo(&SHA384, msg, out, 48)
    }
}

impl Hash for AwsLcSha512 {
    fn name(&self) -> &'static str {
        "SHA-512 (aws-lc-rs)"
    }
    fn output_len(&self) -> usize {
        64
    }
    fn hash(&self, msg: &[u8], out: &mut [u8]) -> Result<(), CryptoError> {
        hash_with_algo(&SHA512, msg, out, 64)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use oxicrypto_core::Hash;

    #[test]
    fn sha256_known_length() {
        let h = AwsLcSha256;
        let out = h.hash_to_vec(b"hello").expect("hash");
        assert_eq!(out.len(), 32);
    }

    #[test]
    fn sha384_known_length() {
        let h = AwsLcSha384;
        let out = h.hash_to_vec(b"hello").expect("hash");
        assert_eq!(out.len(), 48);
    }

    #[test]
    fn sha512_known_length() {
        let h = AwsLcSha512;
        let out = h.hash_to_vec(b"hello").expect("hash");
        assert_eq!(out.len(), 64);
    }
}