Merge pull request #24 from brycx/v0.5.0

Version 0.5.0

Cargo.toml

@@ -1,10 +1,10 @@
 [package]
 name = "orion"
-version = "0.4.3"
+version = "0.5.0"
 authors = ["brycx <brycx@protonmail.com>"]
 description = "Easy and usable rust crypto"
 keywords = [ "cryptography", "hmac", "hkdf", "pbkdf2", "cshake" ]
-categories = [ "cryptography" ]
+categories = [ "cryptography", "no-std" ]
 readme = "README.md"
 repository = "https://github.com/brycx/orion"
 documentation = "https://docs.rs/orion"
@@ -14,15 +14,16 @@ exclude = [
     ".travis.yml",
     "benches/*",
     "fuzz/*",
+    "src/tests/*"
 ]
 
 [dependencies]
 rand = "0.5.5"
 sha2 = "0.7.1"
 tiny-keccak = "1.4.2"
-clear_on_drop = "0.2.3"
 byte-tools = "0.2.0"
-constant_time_eq = "0.1.3"
+subtle = "0.7.0"
+seckey = "0.9.1"
 
 [dev-dependencies]
 hex = "0.3.2"

README.md

@@ -19,10 +19,10 @@ professional. Look in the Alternatives section if this means orion is not for yo
 
 
 Currently contains:
-* HMAC with SHA256, SHA384, SHA512 and SHA512/256.
-* HKDF with the above HMAC options.
-* PBKDF2 with the above HMAC options.
-* cSHAKE128 and cSHAKE256.
+* HMAC-SHA512
+* HKDF-HMAC-SHA512.
+* PBKDF2-HMAC-SHA512.
+* cSHAKE256.
 
 ***Note on cSHAKE***:
 The cSHAKE implementation currently relies on the `tiny-keccak` crate. Currently this crate
@@ -31,35 +31,13 @@ will produce **incorrect results on big-endian based systems**. See [issue here]
 ### Usage
 ```rust
 extern crate orion;
-use orion::{default, core::util};
+use orion::default;
 
-// HMAC-SHA512/256
-let key = util::gen_rand_key(64).unwrap();
-let msg = "Some message".as_bytes();
+let password = "Password to be hashed".as_bytes();
 
-let expected_hmac = default::hmac(&key, msg).unwrap();
-assert!(default::hmac_verify(&expected_hmac, &key, &msg).unwrap());
+let password_hash = default::pbkdf2(password).unwrap();
 
-// HKDF-HMAC-SHA512/256
-let salt = util::gen_rand_key(64).unwrap();
-let data = "Some data".as_bytes();
-let info = "Some info".as_bytes();
-
-let dk = default::hkdf(&salt, data, info, 64).unwrap();
-assert!(default::hkdf_verify(&dk, &salt, data, info, 64).unwrap());
-
-// PBKDF2-HMAC-SHA512/256
-let password = "Secret password".as_bytes();
-
-let dk = default::pbkdf2(password).unwrap();
-assert!(default::pbkdf2_verify(&dk, password).unwrap());
-
-// cSHAKE256
-let data = "Not so random data".as_bytes();
-let custom = "Custom".as_bytes();
-
-let hash = default::cshake(data, custom).unwrap();
-assert!(default::cshake_verify(hash, data, custom).unwrap());
+assert!(default::pbkdf2_verify(&password_hash, password).unwrap());
 ```
 
 

benches/bench.rs

@@ -2,68 +2,48 @@
 extern crate orion;
 extern crate test;
 
-use orion::core::options::KeccakVariantOption;
-use orion::core::options::ShaVariantOption;
-use orion::hazardous::cshake::CShake;
-use orion::hazardous::hkdf::Hkdf;
-use orion::hazardous::hmac::Hmac;
-use orion::hazardous::pbkdf2::Pbkdf2;
+use orion::hazardous::cshake;
+use orion::hazardous::hkdf;
+use orion::hazardous::hmac;
+use orion::hazardous::pbkdf2;
 use test::Bencher;
 
 #[bench]
 fn bench_hmac(b: &mut Bencher) {
     b.iter(|| {
-        let hmac = Hmac {
-            secret_key: vec![0x01; 32],
-            data: vec![0x01; 32],
-            sha2: ShaVariantOption::SHA256,
-        };
-
-        hmac.finalize();
+        let mut mac = hmac::init(&vec![0x01; 64]);
+        mac.update(&vec![0x01; 64]);
+        mac.finalize();
     });
 }
 
 #[bench]
 fn bench_hkdf(b: &mut Bencher) {
     b.iter(|| {
-        let hkdf = Hkdf {
-            salt: vec![0x01; 32],
-            ikm: vec![0x01; 32],
-            info: vec![0x01; 32],
-            length: 32,
-            hmac: ShaVariantOption::SHA256,
-        };
-
-        hkdf.derive_key().unwrap();
+        let mut okm_out = [0u8; 64];
+        hkdf::derive_key(
+            &vec![0x01; 64],
+            &vec![0x01; 64],
+            &vec![0x01; 64],
+            &mut okm_out,
+        ).unwrap();
     });
 }
 
 #[bench]
 fn bench_pbkdf2(b: &mut Bencher) {
     b.iter(|| {
-        let pbkdf = Pbkdf2 {
-            salt: vec![0x01; 32],
-            password: vec![0x01; 32],
-            iterations: 10000,
-            dklen: 32,
-            hmac: ShaVariantOption::SHA256,
-        };
-
-        pbkdf.derive_key().unwrap();
+        let mut dk_out = [0u8; 64];
+        pbkdf2::derive_key(&vec![0x01; 64], &vec![0x01; 64], 10000, &mut dk_out).unwrap();
     });
 }
 
 #[bench]
 fn bench_cshake(b: &mut Bencher) {
     b.iter(|| {
-        let cshake = CShake {
-            input: vec![0x01; 32],
-            name: vec![0x00; 0],
-            custom: vec![0x01; 32],
-            length: 64,
-            keccak: KeccakVariantOption::KECCAK256,
-        };
-
-        cshake.finalize().unwrap();
+        let mut hash_out = [0u8; 64];
+        let mut cshake = cshake::init(&vec![0x01; 64], None).unwrap();
+        cshake.update(&vec![0x01; 64]);
+        cshake.finalize(&mut hash_out).unwrap();
     });
 }

fuzz/fuzz_targets/cshake.rs

@@ -4,81 +4,26 @@ extern crate libfuzzer_sys;
 extern crate orion;
 extern crate rand;
 
-use orion::core::options::KeccakVariantOption;
-use orion::hazardous::cshake::CShake;
+use orion::hazardous::cshake;
 use rand::prelude::*;
 
-fn fuzz_cshake(
-    input: &[u8],
-    name: &[u8],
-    custom: &[u8],
-    len_max: usize,
-    keccak: KeccakVariantOption,
-) {
+fn fuzz_cshake(input: &[u8], name: &[u8], custom: &[u8], len_max: usize) {
     let mut rng = rand::thread_rng();
     let len_rand = rng.gen_range(1, len_max + 1);
 
     // They can't both be empty
     let mut mod_custom = custom.to_vec();
     mod_custom.push(0u8);
 
-    let cshake = CShake {
-        input: input.to_vec(),
-        name: name.to_vec(),
-        custom: mod_custom,
-        length: len_rand,
-        keccak,
-    };
-
-    let hash = cshake.finalize().unwrap();
-
-    assert_eq!(cshake.verify(&hash).unwrap(), true);
+    let mut hash_out = vec![0u8; len_rand];
+    let mut cshake = cshake::init(&mod_custom, Some(name)).unwrap();
+    cshake.update(input);
+    cshake.finalize(&mut hash_out).unwrap();
 }
 
 fuzz_target!(|data: &[u8]| {
-    fuzz_cshake(data, data, data, 65536, KeccakVariantOption::KECCAK256);
-    fuzz_cshake(
-        data,
-        &Vec::new(),
-        data,
-        65536,
-        KeccakVariantOption::KECCAK256,
-    );
-    fuzz_cshake(
-        data,
-        data,
-        &Vec::new(),
-        65536,
-        KeccakVariantOption::KECCAK256,
-    );
-    fuzz_cshake(
-        &Vec::new(),
-        data,
-        data,
-        65536,
-        KeccakVariantOption::KECCAK256,
-    );
-
-    fuzz_cshake(data, data, data, 65536, KeccakVariantOption::KECCAK512);
-    fuzz_cshake(
-        data,
-        &Vec::new(),
-        data,
-        65536,
-        KeccakVariantOption::KECCAK512,
-    );
-    fuzz_cshake(
-        data,
-        data,
-        &Vec::new(),
-        65536,
-        KeccakVariantOption::KECCAK512,
-    );
-    fuzz_cshake(
-        &Vec::new(),
-        data,
-        data,
-        65536,
-        KeccakVariantOption::KECCAK512,
-    );
+    fuzz_cshake(data, data, data, 65536);
+    fuzz_cshake(data, &Vec::new(), data, 65536);
+    fuzz_cshake(data, data, &Vec::new(), 65536);
+    fuzz_cshake(&Vec::new(), data, data, 65536);
 });

fuzz/fuzz_targets/default.rs

@@ -4,27 +4,25 @@ extern crate libfuzzer_sys;
 extern crate orion;
 extern crate rand;
 
-use orion::core::util;
 use orion::default;
+use orion::utilities::util;
 use rand::Rng;
 
 fn fuzz_default(data: &[u8]) -> () {
-    let rand_salt = util::gen_rand_key(64).unwrap();
+    let mut rand_salt = [0u8; 64];
+    util::gen_rand_key(&mut rand_salt).unwrap();
     let mut rng = rand::thread_rng();
 
     // cSHAKE `custom` can't be empty
     let mut mod_custom = data.to_vec();
     mod_custom.push(0u8);
 
     if rng.gen() {
-        let len_hkdf: usize = rng.gen_range(1, 8161);
-
         default::hkdf_verify(
-            &default::hkdf(&rand_salt, data, data, len_hkdf).unwrap(),
+            &default::hkdf(&rand_salt, data, data).unwrap(),
             &rand_salt,
             &data,
             data,
-            len_hkdf,
         ).unwrap();
 
         default::hmac_verify(&default::hmac(&rand_salt, data).unwrap(), &rand_salt, data).unwrap();
@@ -34,7 +32,11 @@ fn fuzz_default(data: &[u8]) -> () {
 
         default::pbkdf2_verify(&default::pbkdf2(&password).unwrap(), &password).unwrap();
 
-        default::cshake_verify(&default::cshake(&data, &mod_custom).unwrap(), &data, &mod_custom).unwrap();
+        default::cshake_verify(
+            &default::cshake(&data, &mod_custom).unwrap(),
+            &data,
+            &mod_custom,
+        ).unwrap();
         default::cshake_verify(
             &default::cshake("".as_bytes(), &mod_custom).unwrap(),
             "".as_bytes(),

fuzz/fuzz_targets/hkdf.rs

@@ -4,35 +4,27 @@ extern crate libfuzzer_sys;
 extern crate orion;
 extern crate rand;
 
-use orion::core::options::ShaVariantOption;
-use orion::hazardous::hkdf::Hkdf;
+use orion::hazardous::hkdf;
 use rand::prelude::*;
 
-fn fuzz_hkdf(salt: &[u8], ikm: &[u8], info: &[u8], len_max: usize, hmac: ShaVariantOption) {
+fn fuzz_hkdf(salt: &[u8], ikm: &[u8], info: &[u8], len_max: usize) {
     let mut rng = rand::thread_rng();
     let okm_len_rand = rng.gen_range(1, len_max + 1);
 
-    let dk = Hkdf {
-        salt: salt.to_vec(),
-        ikm: ikm.to_vec(),
-        info: info.to_vec(),
-        length: okm_len_rand,
-        hmac,
-    };
+    let prk = hkdf::extract(ikm, salt);
+    let mut dk_out = vec![0u8; okm_len_rand];
+    hkdf::expand(&prk, info, &mut dk_out).unwrap();
 
-    let prk = dk.extract(ikm, salt);
-    let dk_fin = dk.expand(&prk).unwrap();
-
-    assert_eq!(dk_fin, dk.derive_key().unwrap());
-    assert_eq!(dk.verify(&dk_fin).unwrap(), true);
+    let exp_okm = dk_out.clone();
+    assert!(hkdf::verify(&exp_okm, salt, ikm, info, &mut dk_out).unwrap());
 }
 
 fuzz_target!(|data: &[u8]| {
-    fuzz_hkdf(data, data, data, 8160, ShaVariantOption::SHA256);
+    fuzz_hkdf(data, data, data, 8160);
 
-    fuzz_hkdf(data, data, data, 12240, ShaVariantOption::SHA384);
+    fuzz_hkdf(data, data, data, 12240);
 
-    fuzz_hkdf(data, data, data, 16320, ShaVariantOption::SHA512);
+    fuzz_hkdf(data, data, data, 16320);
 
-    fuzz_hkdf(data, data, data, 8160, ShaVariantOption::SHA512Trunc256);
+    fuzz_hkdf(data, data, data, 8160);
 });

fuzz/fuzz_targets/hmac.rs

@@ -2,31 +2,16 @@
 #[macro_use]
 extern crate libfuzzer_sys;
 extern crate orion;
-use orion::core::options::ShaVariantOption;
-use orion::hazardous::hmac::*;
+use orion::hazardous::hmac;
 
-fn fuzz_hmac(secret_key: &[u8], data: &[u8], sha2: ShaVariantOption) {
-    let mac = Hmac {
-        secret_key: secret_key.to_vec(),
-        data: data.to_vec(),
-        sha2,
-    };
+fn fuzz_hmac(secret_key: &[u8], data: &[u8]) {
+    let mut mac = hmac::init(secret_key);
+    mac.update(data);
 
-    let (ipad, opad) = mac.pad_key(secret_key);
     let mac_def = mac.finalize();
-    let mac_pbkdf2 = pbkdf2_hmac(&ipad, &opad, &mac.data, mac.sha2);
-
-    assert_eq!(mac_def, mac_pbkdf2);
-    assert_eq!(mac.verify(&mac_def).unwrap(), true);
-    assert_eq!(mac.verify(&mac_pbkdf2).unwrap(), true);
+    assert_eq!(hmac::verify(&mac_def, secret_key, data).unwrap(), true);
 }
 
 fuzz_target!(|data: &[u8]| {
-    fuzz_hmac(data, data, ShaVariantOption::SHA256);
-
-    fuzz_hmac(data, data, ShaVariantOption::SHA384);
-
-    fuzz_hmac(data, data, ShaVariantOption::SHA512);
-
-    fuzz_hmac(data, data, ShaVariantOption::SHA512Trunc256);
+    fuzz_hmac(data, data);
 });