ring-native 0.0.0

data/vendor/ring/src/exe_tests.rs

@@ -0,0 +1,46 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// These tests are ones that were written for OpenSSL or BoringSSL, each of
+// which is compiled into its own executable. The tests have been modified to
+// not print anything when they succeed.
+
+use std;
+
+macro_rules! exe_test {
+    ( $name:ident, $relative_path_to_exe:expr, $args:expr ) => {
+        #[test]
+        fn $name() {
+            let args: &[&'static str] = &$args;
+            const RELATIVE_PATH_TO_EXE: &'static str =
+                concat!(env!("OUT_DIR"), "/test/ring/", $relative_path_to_exe);
+            assert!(std::process::Command::new(RELATIVE_PATH_TO_EXE)
+                                              .args(args)
+                                              .status()
+                                              .unwrap()
+                                              .success());
+        }
+    }
+}
+
+exe_test!(aes_test, "crypto/aes/aes_test", []);
+exe_test!(bn_test, "crypto/bn/bn_test", []);
+exe_test!(bytestring_test, "crypto/bytestring/bytestring_test", []);
+exe_test!(constant_time_test, "crypto/constant_time_test", []);
+exe_test!(ecdsa_test, "crypto/ecdsa/ecdsa_test", []);
+exe_test!(gcm_test, "crypto/modes/gcm_test", []);
+exe_test!(poly1305_test, "crypto/poly1305/poly1305_test", ["crypto/poly1305/poly1305_test.txt"]);
+exe_test!(refcount_test, "crypto/refcount_test", []);
+exe_test!(rsa_test, "crypto/rsa/rsa_test", []);
+exe_test!(thread_test, "crypto/thread_test", []);

data/vendor/ring/src/ffi.rs

@@ -0,0 +1,29 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+use super::c;
+
+pub fn map_bssl_result(bssl_result: c::int) -> Result<(), ()> {
+    match bssl_result {
+        1 => Ok(()),
+        _ => Err(())
+    }
+}
+
+pub fn map_bssl_ptr_result<T>(bssl_result: *mut T) -> Result<*mut T, ()> {
+    if bssl_result.is_null() {
+        return Err(());
+    }
+    Ok(bssl_result)
+}

data/vendor/ring/src/file_test.rs

@@ -0,0 +1,187 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+use rustc_serialize::hex::FromHex;
+use std;
+use std::io::BufRead;
+use super::digest;
+
+pub struct TestCase {
+    attributes: std::collections::HashMap<String, String>,
+}
+
+impl TestCase {
+    pub fn consume_digest_alg(&mut self, key: &str)
+                              -> Option<&'static digest::Algorithm> {
+        let name = self.consume_string(key);
+        match name.as_ref() {
+            "SHA1" => Some(&digest::SHA1),
+            "SHA224" => None, // We actively skip SHA-224 support.
+            "SHA256" => Some(&digest::SHA256),
+            "SHA384" => Some(&digest::SHA384),
+            "SHA512" => Some(&digest::SHA512),
+            _ => panic!("Unsupported digest algorithm: {}", name)
+        }
+    }
+
+    pub fn consume_bytes(&mut self, key: &str) -> Vec<u8> {
+        let mut s = self.consume_string(key);
+        if s.starts_with("\"") {
+            // The value is a quoted strong.
+            // XXX: We don't deal with any inner quotes.
+            if !s.ends_with("\"") {
+                panic!("expected quoted string, found {}", s);
+            }
+            s.pop();
+            s.remove(0);
+            Vec::from(s.as_bytes())
+        } else {
+            // The value is hex encoded.
+            match s.from_hex() {
+                Ok(value) => value,
+                Err(..) => panic!("Invalid hex encoding of attribute: {}", s)
+            }
+        }
+    }
+
+    pub fn consume_usize(&mut self, key: &str) -> usize {
+        let s = self.consume_string(key);
+        s.parse::<usize>().unwrap()
+    }
+
+    pub fn consume_string(&mut self, key: &str) -> String {
+        self.consume_optional_string(key)
+            .unwrap_or_else(|| panic!("No attribute named \"{}\"", key))
+    }
+
+    pub fn consume_optional_string(&mut self, key: &str) -> Option<String> {
+        self.attributes.remove(key)
+    }
+}
+
+pub fn run<F>(test_data_relative_file_path: &str, f: F)
+              where F: Fn(&str, &mut TestCase) {
+    let path = std::path::PathBuf::from(test_data_relative_file_path);
+    let file = std::fs::File::open(path).unwrap();
+    let mut lines = std::io::BufReader::new(&file).lines();
+
+    let mut current_section = String::from("");
+
+    loop {
+        match parse_test_case(&mut current_section, &mut lines) {
+            Some(ref mut test_case) => {
+                f(&current_section, test_case);
+
+                // Make sure all the attributes in the test case were consumed.
+                assert!(test_case.attributes.is_empty());
+            },
+
+            None => {
+                break;
+            }
+        }
+    }
+}
+
+pub fn run_mut<F>(test_data_relative_file_path: &str, f: &mut F)
+                  where F: FnMut(&str, &mut TestCase) {
+    let path = std::path::PathBuf::from(test_data_relative_file_path);
+    let file = std::fs::File::open(path).unwrap();
+    let mut lines = std::io::BufReader::new(&file).lines();
+
+    let mut current_section = String::from("");
+
+    loop {
+        match parse_test_case(&mut current_section, &mut lines) {
+            Some(ref mut test_case) => {
+                f(&current_section, test_case);
+
+                // Make sure all the attributes in the test case were consumed.
+                assert!(test_case.attributes.is_empty());
+            },
+
+            None => {
+                break;
+            }
+        }
+    }
+}
+
+type FileLines<'a> = std::io::Lines<std::io::BufReader<&'a std::fs::File>>;
+
+fn parse_test_case(current_section: &mut String,
+                   lines: &mut FileLines) -> Option<TestCase> {
+    let mut attributes = std::collections::HashMap::new();
+
+    let mut is_first_line = true;
+    loop {
+        let line = match lines.next() {
+            None => None,
+            Some(result) => Some(result.unwrap()),
+        };
+
+        if let Some(ref text) = line {
+            println!("Line: {}", text);
+        }
+
+        match line {
+            // If we get to EOF when we're not in the middle of a test case,
+            // then we're done.
+            None if is_first_line => {
+                return None;
+            },
+
+            // End of the file on a non-empty test cases ends the test case.
+            None => {
+                return Some(TestCase { attributes: attributes });
+            },
+
+            // A blank line ends a test case if the test case isn't empty.
+            Some(ref line) if line.len() == 0 => {
+                if !is_first_line {
+                    return Some(TestCase { attributes: attributes });
+                }
+                // Ignore leading blank lines.
+            },
+
+            // Comments start with '#'; ignore them.
+            Some(ref line) if line.starts_with("#") => { },
+
+            Some(ref line) if line.starts_with("[") => {
+                assert!(is_first_line);
+                assert!(line.ends_with("]"));
+                current_section.truncate(0);
+                current_section.push_str(line);
+                current_section.pop();
+                current_section.remove(0);
+            },
+
+            Some(ref line) => {
+                is_first_line = false;
+
+                let parts: Vec<&str> = line.splitn(2, " = ").collect();
+                let key = parts[0].trim();
+                let value = parts[1].trim();
+
+                // Don't allow the value to be ommitted. An empty value can be
+                // represented as an empty quoted string.
+                assert!(value.len() != 0);
+
+                // Checking is_none() ensures we don't accept duplicate keys.
+                assert!(attributes.insert(String::from(key),
+                                          String::from(value)).is_none());
+            }
+        }
+    }
+}

data/vendor/ring/src/hkdf.rs

@@ -0,0 +1,153 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+//! HMAC-based Extract-and-Expand Key Derivation Function.
+//!
+//! HKDF is specified in [RFC 5869](https://tools.ietf.org/html/rfc5869).
+//!
+//! In most situations, it is best to use `extract_and_expand` to do both the
+//! HKDF-Extract and HKDF-Expand as one atomic operation. It is only necessary
+//! to use the separate `expand` and `extract` functions if a single derived
+//! `PRK` (defined in RFC 5869) is used more than once.
+//!
+//! Salts have type `hmac::SigningKey` instead of `&[u8]` because they are
+//! frequently used for multiple HKDF operations, and it is more efficient to
+//! construct the `SigningKey` once and reuse it. Given a digest algorithm
+//! `digest_alg` and a salt `salt: &[u8]`, the `SigningKey` should be
+//! constructed as `hmac::SigningKey::new(digest_alg, salt)`.
+
+
+use super::hmac;
+
+/// Fills `out` with the output of the HKDF Extract-and-Expand operation for
+/// the given inputs.
+///
+/// `extract_and_expand` is exactly equivalent to:
+///
+/// ```ignore
+/// let prk = extract(salt, secret);
+/// expand(&prk, info, out)
+/// ```
+///
+/// See the documentation for `extract` and `expand` for details.
+///
+/// # Panics
+///
+/// `extract_and_expand` panics if `expand` panics.
+pub fn extract_and_expand(salt: &hmac::SigningKey, secret: &[u8], info: &[u8],
+                          out: &mut [u8]) {
+    let prk = extract(salt, secret);
+    expand(&prk, info, out)
+}
+
+/// The HKDF-Extract operation.
+///
+/// | Parameter               | RFC 5869 Term
+/// |-------------------------|--------------
+/// | salt.digest_algorithm() | Hash
+/// | secret                  | IKM (Input Keying Material)
+/// | [return value]          | PRK
+pub fn extract(salt: &hmac::SigningKey, secret: &[u8]) -> hmac::SigningKey {
+    // The spec says that if no salt is provided then a key of
+    // `digest_alg.output_len` bytes of zeros is used. But, HMAC keys are
+    // already zero-padded to the block length, which is larger than the output
+    // length of the extract step (the length of the digest). Consequently, the
+    // `SigningKey` constructor will automatically do the right thing for a
+    // zero-length string.
+    let prk = hmac::sign(&salt, secret);
+    hmac::SigningKey::new(salt.digest_algorithm(), prk.as_ref())
+}
+
+/// Fills `out` with the output of the HKDF-Expand operation for the given
+/// inputs.
+///
+/// `prk` should be the return value of an earlier call to `extract`.
+///
+/// | Parameter  | RFC 5869 Term
+/// |------------|--------------
+/// | prk        | PRK
+/// | info       | info
+/// | out        | OKM (Output Keying Material)
+/// | out.len()  | L (Length of output keying material in bytes)
+///
+/// # Panics
+///
+/// `expand` panics if the requested output length is larger than 255 times the
+/// size of the digest algorithm, i.e. if
+/// `out.len() > 255 * salt.digest_algorithm().output_len`. This is the limit
+/// imposed by the HKDF specification, and is necessary to prevent overflow of
+/// the 8-bit iteration counter in the expansion step.
+pub fn expand(prk: &hmac::SigningKey, info: &[u8], out: &mut [u8]) {
+    let digest_alg = prk.digest_algorithm();
+    assert!(out.len() <= 255 * digest_alg.output_len);
+    assert!(digest_alg.block_len >= digest_alg.output_len);
+
+    let mut ctx = hmac::SigningContext::with_key(&prk);
+
+    let mut n = 1u8;
+    let mut pos = 0;
+    loop {
+        ctx.update(info);
+        ctx.update(&[n]);
+
+        let t = ctx.sign();
+
+        // Append `t` to the output.
+        let to_copy = if out.len() - pos < digest_alg.output_len {
+            out.len() - pos
+        } else {
+            digest_alg.output_len
+        };
+        let t_bytes = t.as_ref();
+        for i in 0..to_copy {
+            out[pos + i] = t_bytes[i];
+        }
+        if to_copy < digest_alg.output_len {
+            break;
+        }
+        pos += digest_alg.output_len;
+
+        ctx = hmac::SigningContext::with_key(&prk);
+        ctx.update(t_bytes);
+        n += 1;
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::super::{file_test, hkdf, hmac};
+
+    #[test]
+    pub fn hkdf_tests() {
+        file_test::run("src/hkdf_tests.txt", |section, test_case| {
+            assert_eq!(section, "");
+            let digest_alg = test_case.consume_digest_alg("Hash").unwrap();
+            let secret = test_case.consume_bytes("IKM");
+            let salt = test_case.consume_bytes("salt");
+            let info = test_case.consume_bytes("info");
+
+            // The PRK is an intermediate value that we can't test, but we
+            // have to consume it to make file_test::run happy.
+            let _ = test_case.consume_bytes("PRK");
+
+            let out = test_case.consume_bytes("OKM");
+
+            let salt = hmac::SigningKey::new(digest_alg, &salt);
+
+            let mut out = vec![0u8; out.len()];
+            hkdf::extract_and_expand(&salt, &secret, &info, &mut out);
+            assert_eq!(out, out);
+        });
+    }
+}

data/vendor/ring/src/hkdf_tests.txt

@@ -0,0 +1,59 @@
+# Test Cases from RFC 5869. Note that the parameter L is implied by the length
+# of |OKM| and so it was omitted.
+
+# A.1. Test Case 1 = Basic test case with SHA-256
+Hash = SHA256
+IKM = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+salt = 000102030405060708090a0b0c
+info = f0f1f2f3f4f5f6f7f8f9
+PRK = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5
+OKM = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
+
+# A.2. Test Case 2 = Test with SHA-256 and longer inputs/outputs
+Hash = SHA256
+IKM = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
+salt = 606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
+info = b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+PRK = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244
+OKM = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
+
+# A.3. Test Case 3 = Test with SHA-256 and zero-length salt/info
+Hash = SHA256
+IKM = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+salt = ""
+info = ""
+PRK = 19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04
+OKM = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
+
+# A.4. Test Case 4 = Basic test case with SHA-1
+Hash = SHA1
+IKM = 0b0b0b0b0b0b0b0b0b0b0b
+salt = 000102030405060708090a0b0c
+info = f0f1f2f3f4f5f6f7f8f9
+PRK = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243
+OKM = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
+
+# A.5. Test Case 5 = Test with SHA-1 and longer inputs/outputs
+Hash = SHA1
+IKM = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
+salt = 606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
+info = b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+PRK = 8adae09a2a307059478d309b26c4115a224cfaf6
+OKM = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
+
+# A.6. Test Case 6 = Test with SHA-1 and zero-length salt/info
+Hash = SHA1
+IKM = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+salt = ""
+info = ""
+PRK = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01
+OKM = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
+
+# A.7. Test Case 7 = Test with SHA-1, salt not provided (defaults to HashLen
+# zero octets), zero-length info
+Hash = SHA1
+IKM = 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
+salt = ""
+info = ""
+PRK = 2adccada18779e7c2077ad2eb19d3f3e731385dd
+OKM = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48