ring-native 0.0.0

data/vendor/ring/src/pbkdf2_tests.txt

@@ -0,0 +1,113 @@
+# The|dkLen| parameter is given implicitly as the length of |DK|.
+
+# RFC 6070 Section 2. PBKDF2 HMAC-SHA1 Test Vectors
+
+Hash = SHA1
+P = "password"
+S = "salt"
+c = 1
+DK = 0c60c80f961f0e71f3a9b524af6012062fe037a6
+
+Hash = SHA1
+P = "password"
+S = "salt"
+c = 2
+DK = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957
+
+Hash = SHA1
+P = "password"
+S = "salt"
+c = 4096
+DK = 4b007901b765489abead49d926f721d065a429c1
+
+Hash = SHA1
+P = "password"
+S = "salt"
+c = 16777216
+DK = eefe3d61cd4da4e4e9945b3d6ba2158c2634e984
+
+# Skipped because we panic if the output length requested is larger than the
+# digest block size.
+# Hash = SHA1
+# P = "passwordPASSWORDpassword"
+# S = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+# c = 4096
+# DK = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038
+
+# P is "pass\0word" S is "sa\0lt"
+Hash = SHA1
+P = 7061737300776f7264
+S = 7361006c74
+c = 4096
+DK = 56fa6aa75548099dcc37d7f03425e0c3
+
+# PBKDF2 HMAC-SHA256 Test Vectors from
+# https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
+
+Hash = SHA256
+P = "password"
+S = "salt"
+c = 1
+DK = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b
+
+Hash = SHA256
+P = "password"
+S = "salt"
+c = 2
+DK = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43
+
+Hash = SHA256
+P = "password"
+S = "salt"
+c = 4096
+DK = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a
+
+# Skipped because we panic if the output length requested is larger than the
+# digest block size.
+# Hash = SHA256
+# P = "password"
+# S = "salt"
+# c = 16777216
+# DK = cf81c66fe8cfc04d1f31ecb65dab4089f7f179e89b3b0bcb17ad10e3ac6eba46
+
+# Skipped because we panic if the output length requested is larger than the
+# digest block size.
+# Hash = SHA256
+# P = "passwordPASSWORDpassword"
+# S = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+# c = 4096
+# DK = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9
+
+# P is "pass\0word" S is "sa\0lt"
+Hash = SHA256
+P = 7061737300776f7264
+S = 7361006c74
+c = 4096
+DK = 89b69d0516f829893c696226650a8687
+
+# PBKDF2 HMAC-SHA512 Test Vectors from
+# https://stackoverflow.com/questions/15593184/pbkdf2-hmac-sha-512-test-vectors
+
+Hash = SHA512
+P = "password"
+S = "salt"
+c = 1
+DK = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce
+
+Hash = SHA512
+P = "password"
+S = "salt"
+c = 2
+DK = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e
+
+Hash = SHA512
+P = "password"
+S = "salt"
+c = 4096
+DK = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5
+
+Hash = SHA512
+P = "passwordPASSWORDpassword"
+S = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+c = 4096
+DK = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8

data/vendor/ring/src/polyfill.rs

@@ -0,0 +1,57 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+//! Polyfills for functionality that will (hopefully) be added to Rust's
+//! standard library soon.
+
+pub mod slice {
+    // https://github.com/rust-lang/rust/issues/27750
+    // https://internals.rust-lang.org/t/stabilizing-basic-functions-on-arrays-and-slices/2868
+    #[inline(always)]
+    pub fn fill(dest: &mut [u8], value: u8) {
+        for d in dest {
+            *d = value;
+        }
+    }
+
+    // https://github.com/rust-lang/rust/issues/27750
+    // https://internals.rust-lang.org/t/stabilizing-basic-functions-on-arrays-and-slices/2868
+    #[inline(always)]
+    pub fn fill_from_slice(dest: &mut [u8], src: &[u8]) {
+        use std;
+        assert_eq!(dest.len(), src.len());
+        unsafe {
+            std::ptr::copy_nonoverlapping(src.as_ptr(), dest.as_mut_ptr(),
+                                          src.len())
+        }
+    }
+
+    // https://internals.rust-lang.org/t/safe-trasnsmute-for-slices-e-g-u64-u32-particularly-simd-types/2871
+    #[inline(always)]
+    pub fn u64_as_u8<'a>(src: &'a [u64]) -> &'a [u8] {
+        use std;
+        unsafe {
+            std::slice::from_raw_parts(src.as_ptr() as *const u8, src.len() * 8)
+        }
+    }
+
+    // https://internals.rust-lang.org/t/safe-trasnsmute-for-slices-e-g-u64-u32-particularly-simd-types/2871
+    #[inline(always)]
+    pub fn u64_as_u32<'a>(src: &'a [u64]) -> &'a [u32] {
+        use std;
+        unsafe {
+            std::slice::from_raw_parts(src.as_ptr() as *const u32, src.len() * 2)
+        }
+    }
+}

data/vendor/ring/src/rand.rs

@@ -0,0 +1,28 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+//! Cryptographic psuedo-random number generation.
+
+use super::{c, ffi};
+
+/// Fills the given slice with random bytes generated from a PRNG.
+pub fn fill_secure_random(out: &mut [u8]) -> Result<(), ()> {
+    ffi::map_bssl_result(unsafe {
+        RAND_bytes(out.as_mut_ptr(), out.len())
+    })
+}
+
+extern {
+    fn RAND_bytes(buf: *mut u8, len: c::size_t) -> c::int;
+}

data/vendor/ring/src/signature.rs

@@ -0,0 +1,314 @@
+// Copyright 2015 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+//! Public key signatures: signing and verification.
+//!
+//! Use the `verify` function to verify signatures, passing a reference to the
+//! `_VERIFY` algorithm that identifies the algorithm. See the documentation
+//! for `verify` for examples.
+//!
+//! The design of this module is unusual compared to other public key signature
+//! APIs. Algorithms like split into "signing" and "verification" algorithms.
+//! Also, this API treats each combination of parameters as a separate
+//! algorithm. For example, instead of having a single "RSA" algorithm with a
+//! verification function that takes a bunch of parameters, there are
+//! `RSA_PKCS1_2048_8192_SHA256`, `RSA_PKCS1_2048_8192_SHA512`,
+//! etc. which encode sets of parameter choices into objects. This design is
+//! designed to reduce the risks of algorithm agility. It is also designed to
+//! be optimized for Ed25519, which has a fixed signature format, a fixed curve,
+//! a fixed key size, and a fixed digest algorithm.
+//!
+//! Currently this module does not support digesting the message to be signed
+//! separately from the public key operation, as it is currently being
+//! optimized for Ed25519 and for the implementation of protocols that do not
+//! requiring signing large messages. An interface for efficiently supporting
+//! larger messages will be added later. Similarly, the signing interface is
+//! not available yet.
+
+use super::{c, digest, ecc, ffi};
+use super::input::Input;
+
+/// A signature verification algorithm.
+pub trait VerificationAlgorithm {
+    #[doc(hidden)]
+    fn verify(&self, public_key: Input, msg: Input, signature: Input)
+              -> Result<(), ()>;
+}
+
+/// Verify the signature `signature` of message `msg` with the public key
+/// `public_key` using the algorithm `alg`.
+///
+/// # Examples
+///
+/// ## Verify a RSA PKCS#1 signature that uses the SHA-256 digest
+///
+/// ```
+/// use ring::input::Input;
+/// use ring::signature;
+///
+/// // Ideally this function should take its inputs as `Input`s instead of
+/// // slices. It takes its input as slices to illustrate how to convert slices
+/// // to `Input`s.
+/// fn verify_rsa_pkcs1_sha256(public_key: &[u8], msg: &[u8], sig: &[u8])
+///                            -> Result<(), ()> {
+///    let public_key = try!(Input::new(public_key));
+///    let msg = try!(Input::new(msg));
+///    let sig = try!(Input::new(sig));
+///    signature::verify(&signature::RSA_PKCS1_2048_8192_SHA256, public_key,
+///                      msg, sig)
+/// }
+/// ```
+///
+/// ## Verify an Ed25519 signature
+///
+/// ```
+/// use ring::input::Input;
+/// use ring::signature;
+///
+/// fn verify_ed25519(public_key: Input, msg: Input, sig: Input)
+///                   -> Result<(), ()> {
+///    signature::verify(&signature::ED25519, public_key, msg, sig)
+/// }
+/// ```
+pub fn verify(alg: &VerificationAlgorithm, public_key: Input, msg: Input,
+              signature: Input) -> Result<(), ()> {
+    alg.verify(public_key, msg, signature)
+}
+
+
+/// ECDSA Signatures (ASN.1 DER encoded) with public keys in uncompressed form.
+///
+/// The public key will be decoded using the
+/// `Octet-String-to-Elliptic-Curve-Point` algorithm in [SEC 1: Elliptic
+/// Curve Cryptography, Version 2.0](http://www.secg.org/sec1-v2.pdf); it must
+/// in be in uncompressed form. The signature will be parsed as a DER-encoded
+/// `Ecdsa-Sig-Value` as described in [RFC 3279 Section
+/// 2.2.3](https://tools.ietf.org/html/rfc3279#section-2.2.3).
+pub struct ECDSA {
+    #[doc(hidden)]
+    digest_alg: &'static digest::Algorithm,
+
+    #[doc(hidden)]
+    ec_group_fn: unsafe extern fn() -> *const ecc::EC_GROUP,
+}
+
+impl VerificationAlgorithm for ECDSA {
+    fn verify(&self, public_key: Input, msg: Input, signature: Input)
+              -> Result<(), ()> {
+        let digest = digest::digest(self.digest_alg, msg.as_slice_less_safe());
+        let signature = signature.as_slice_less_safe();
+        let public_key = public_key.as_slice_less_safe();
+        ffi::map_bssl_result(unsafe {
+            ECDSA_verify_signed_digest((self.ec_group_fn)(),
+                                       digest.algorithm().nid,
+                                       digest.as_ref().as_ptr(),
+                                       digest.as_ref().len(), signature.as_ptr(),
+                                       signature.len(), public_key.as_ptr(),
+                                       public_key.len())
+        })
+    }
+}
+
+macro_rules! ecdsa {
+    ( $VERIFY_ALGORITHM:ident, $curve_name:expr, $ec_group_fn:expr,
+      $digest_alg_name:expr, $digest_alg:expr ) => {
+        #[doc="ECDSA signatures using the "]
+        #[doc=$curve_name]
+        #[doc=" curve and the "]
+        #[doc=$digest_alg_name]
+        #[doc=" digest algorithm."]
+        ///
+        /// See the documentation for `ECDSA` for details of how the public key
+        /// and signature are encoded.
+        pub static $VERIFY_ALGORITHM: ECDSA = ECDSA {
+            digest_alg: $digest_alg,
+            ec_group_fn: $ec_group_fn,
+        };
+    }
+}
+
+ecdsa!(ECDSA_P256_SHA1, "P-256 (secp256r1)", ecc::EC_GROUP_P256, "SHA-1",
+       &digest::SHA1);
+ecdsa!(ECDSA_P256_SHA256, "P-256 (secp256r1)", ecc::EC_GROUP_P256, "SHA-256",
+       &digest::SHA256);
+ecdsa!(ECDSA_P256_SHA384, "P-256 (secp256r1)", ecc::EC_GROUP_P256, "SHA-384",
+       &digest::SHA384);
+ecdsa!(ECDSA_P256_SHA512, "P-256 (secp256r1)", ecc::EC_GROUP_P256, "SHA-512",
+       &digest::SHA512);
+
+ecdsa!(ECDSA_P384_SHA1, "P-384 (secp384r1)", ecc::EC_GROUP_P384, "SHA-1",
+       &digest::SHA1);
+ecdsa!(ECDSA_P384_SHA256, "P-384 (secp384r1)", ecc::EC_GROUP_P384, "SHA-256",
+       &digest::SHA256);
+ecdsa!(ECDSA_P384_SHA384, "P-384 (secp384r1)", ecc::EC_GROUP_P384, "SHA-384",
+       &digest::SHA384);
+ecdsa!(ECDSA_P384_SHA512, "P-384 (secp384r1)", ecc::EC_GROUP_P384, "SHA-512",
+       &digest::SHA512);
+
+ecdsa!(ECDSA_P521_SHA1, "P-521 (secp521r1)", ecc::EC_GROUP_P521, "SHA-1",
+       &digest::SHA1);
+ecdsa!(ECDSA_P521_SHA256, "P-521 (secp521r1)", ecc::EC_GROUP_P521, "SHA-256",
+       &digest::SHA256);
+ecdsa!(ECDSA_P521_SHA384, "P-521 (secp521r1)", ecc::EC_GROUP_P521, "SHA-384",
+       &digest::SHA384);
+ecdsa!(ECDSA_P521_SHA512, "P-521 (secp521r1)", ecc::EC_GROUP_P521, "SHA-512",
+       &digest::SHA512);
+
+
+/// EdDSA signatures.
+pub struct EdDSA {
+    #[doc(hidden)]
+    _unused: u8, // XXX: Stable Rust doesn't allow empty structs.
+}
+
+/// [Ed25519](http://ed25519.cr.yp.to/) signatures.
+///
+/// Ed25519 uses SHA-512 as the digest algorithm.
+pub static ED25519: EdDSA = EdDSA {
+    _unused: 1,
+};
+
+#[cfg(test)]
+fn ed25519_sign(private_key: &[u8], msg: &[u8], signature: &mut [u8])
+                -> Result<(), ()> {
+    if private_key.len() != 64 || signature.len() != 64 {
+        return Err(());
+    }
+    ffi::map_bssl_result(unsafe {
+        ED25519_sign(signature.as_mut_ptr(), msg.as_ptr(), msg.len(),
+                     private_key.as_ptr())
+    })
+}
+
+impl VerificationAlgorithm for EdDSA {
+    fn verify(&self, public_key: Input, msg: Input, signature: Input)
+              -> Result<(), ()> {
+        let public_key = public_key.as_slice_less_safe();
+        if public_key.len() != 32 || signature.len() != 64 {
+            return Err(())
+        }
+        let msg = msg.as_slice_less_safe();
+        let signature = signature.as_slice_less_safe();
+        ffi::map_bssl_result(unsafe {
+            ED25519_verify(msg.as_ptr(), msg.len(), signature.as_ptr(),
+                           public_key.as_ptr())
+        })
+    }
+}
+
+
+/// RSA PKCS#1 1.5 signatures.
+#[allow(non_camel_case_types)]
+pub struct RSA_PKCS1 {
+    #[doc(hidden)]
+    digest_alg: &'static digest::Algorithm,
+
+    #[doc(hidden)]
+    min_bits: usize,
+}
+
+impl VerificationAlgorithm for RSA_PKCS1 {
+    fn verify(&self, public_key: Input, msg: Input, signature: Input)
+              -> Result<(), ()> {
+        let digest = digest::digest(self.digest_alg, msg.as_slice_less_safe());
+        let signature = signature.as_slice_less_safe();
+        let public_key = public_key.as_slice_less_safe();
+        ffi::map_bssl_result(unsafe {
+            RSA_verify_pkcs1_signed_digest(self.min_bits, 8192,
+                                           digest.algorithm().nid,
+                                           digest.as_ref().as_ptr(),
+                                           digest.as_ref().len(),
+                                           signature.as_ptr(), signature.len(),
+                                           public_key.as_ptr(), public_key.len())
+        })
+    }
+}
+
+macro_rules! rsa_pkcs1 {
+    ( $VERIFY_ALGORITHM:ident, $min_bits:expr, $min_bits_str:expr,
+      $digest_alg_name:expr, $digest_alg:expr ) => {
+        #[doc="RSA PKCS#1 1.5 signatures of "]
+        #[doc=$min_bits_str]
+        #[doc="-8192 bits "]
+        #[doc="using the "]
+        #[doc=$digest_alg_name]
+        #[doc=" digest algorithm."]
+        pub static $VERIFY_ALGORITHM: RSA_PKCS1 = RSA_PKCS1 {
+            digest_alg: $digest_alg,
+            min_bits: $min_bits
+        };
+    }
+}
+
+rsa_pkcs1!(RSA_PKCS1_2048_8192_SHA1,   2048, "2048", "SHA-1", &digest::SHA1);
+rsa_pkcs1!(RSA_PKCS1_2048_8192_SHA256, 2048, "2048", "SHA-256", &digest::SHA256);
+rsa_pkcs1!(RSA_PKCS1_2048_8192_SHA384, 2048, "2048", "SHA-384", &digest::SHA384);
+rsa_pkcs1!(RSA_PKCS1_2048_8192_SHA512, 2048, "2048", "SHA-512", &digest::SHA512);
+
+rsa_pkcs1!(RSA_PKCS1_3072_8192_SHA384, 3072, "3072", "SHA-384", &digest::SHA384);
+
+
+extern {
+    fn ECDSA_verify_signed_digest(group: *const ecc::EC_GROUP, hash_nid: c::int,
+                                  digest: *const u8, digest_len: c::size_t,
+                                  sig_der: *const u8, sig_der_len: c::size_t,
+                                  key_octets: *const u8,
+                                  key_octets_len: c::size_t) -> c::int;
+
+    #[cfg(test)]
+    fn ED25519_sign(out_sig: *mut u8/*[64]*/, message: *const u8,
+                    message_len: c::size_t, private_key: *const u8/*[64]*/)
+                    -> c::int;
+
+    fn ED25519_verify(message: *const u8, message_len: c::size_t,
+                      signature: *const u8/*[64]*/,
+                      public_key: *const u8/*[32]*/) -> c::int;
+
+    fn RSA_verify_pkcs1_signed_digest(min_bits: usize, max_bits: usize,
+                                      digest_nid: c::int, digest: *const u8,
+                                      digest_len: c::size_t, sig: *const u8,
+                                      sig_len: c::size_t, key_der: *const u8,
+                                      key_der_len: c::size_t) -> c::int;
+}
+
+#[cfg(test)]
+mod tests {
+    use super::{ed25519_sign, ED25519, verify};
+    use super::super::file_test;
+    use super::super::input::Input;
+
+    /// Test vectors from BoringSSL.
+    #[test]
+    fn test_ed25519() {
+        file_test::run("src/ed25519_tests.txt", |section, test_case| {
+            assert_eq!(section, "");
+            let private_key = test_case.consume_bytes("PRIV");
+            assert_eq!(64, private_key.len());
+            let public_key = test_case.consume_bytes("PUB");
+            assert_eq!(32, public_key.len());
+            let msg = test_case.consume_bytes("MESSAGE");
+            let expected_sig = test_case.consume_bytes("SIG");
+
+            let mut actual_sig = [0u8; 64];
+            assert!(ed25519_sign(&private_key, &msg, &mut actual_sig).is_ok());
+            assert_eq!(&expected_sig[..], &actual_sig[..]);
+
+            let public_key = Input::new(&public_key).unwrap();
+            let msg = Input::new(&msg).unwrap();
+            let expected_sig = Input::new(&expected_sig).unwrap();
+
+            assert!(verify(&ED25519, public_key, msg, expected_sig).is_ok());
+        });
+    }
+}