Implement mls-rs-crypto-traits backed by BoringSSL.
Fix: 302021139
Test: Presubmit
Change-Id: Iaefa21d3fb69f92d735875778f3f96e1878d0876
diff --git a/mls/mls-rs-crypto-boringssl/src/hash.rs b/mls/mls-rs-crypto-boringssl/src/hash.rs
new file mode 100644
index 0000000..397fb9d
--- /dev/null
+++ b/mls/mls-rs-crypto-boringssl/src/hash.rs
@@ -0,0 +1,152 @@
+// Copyright 2024, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Hash functions and hash-based message authentication codes.
+
+use bssl_crypto::digest;
+use bssl_crypto::hmac::{HmacSha256, HmacSha512};
+use mls_rs_core::crypto::CipherSuite;
+use thiserror::Error;
+
+/// Errors returned from hash functions and HMACs.
+#[derive(Debug, Error)]
+pub enum HashError {
+ /// Error returned when unsupported cipher suite is requested.
+ #[error("unsupported cipher suite")]
+ UnsupportedCipherSuite,
+}
+
+/// Hash function and HMAC implementations backed by BoringSSL.
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+#[repr(u16)]
+pub enum Hash {
+ /// SHA-256.
+ Sha256,
+ /// SHA-384.
+ Sha384,
+ /// SHA-512.
+ Sha512,
+}
+
+impl Hash {
+ /// Creates a new Hash.
+ pub fn new(cipher_suite: CipherSuite) -> Result<Self, HashError> {
+ match cipher_suite {
+ CipherSuite::CURVE25519_AES128
+ | CipherSuite::P256_AES128
+ | CipherSuite::CURVE25519_CHACHA => Ok(Hash::Sha256),
+ CipherSuite::P384_AES256 => Ok(Hash::Sha384),
+ CipherSuite::CURVE448_AES256
+ | CipherSuite::CURVE448_CHACHA
+ | CipherSuite::P521_AES256 => Ok(Hash::Sha512),
+ _ => Err(HashError::UnsupportedCipherSuite),
+ }
+ }
+
+ /// Hashes `data`.
+ pub fn hash(&self, data: &[u8]) -> Vec<u8> {
+ match self {
+ Hash::Sha256 => digest::Sha256::hash(data).to_vec(),
+ Hash::Sha384 => digest::Sha384::hash(data).to_vec(),
+ Hash::Sha512 => digest::Sha512::hash(data).to_vec(),
+ }
+ }
+
+ /// Computes the HMAC of `data` using `key`.
+ pub fn mac(&self, key: &[u8], data: &[u8]) -> Result<Vec<u8>, HashError> {
+ match self {
+ Hash::Sha256 => Ok(HmacSha256::mac(key, data).to_vec()),
+ Hash::Sha384 => Err(HashError::UnsupportedCipherSuite),
+ Hash::Sha512 => Ok(HmacSha512::mac(key, data).to_vec()),
+ }
+ }
+}
+
+#[cfg(all(not(mls_build_async), test))]
+mod test {
+ use super::{Hash, HashError};
+ use crate::test_helpers::decode_hex;
+ use assert_matches::assert_matches;
+ use mls_rs_core::crypto::CipherSuite;
+
+ // bssl_crypto::hmac test vectors.
+
+ #[test]
+ fn sha256() {
+ let hash = Hash::new(CipherSuite::P256_AES128).unwrap();
+ assert_eq!(
+ hash.hash(&decode_hex::<4>("74ba2521")),
+ decode_hex::<32>("b16aa56be3880d18cd41e68384cf1ec8c17680c45a02b1575dc1518923ae8b0e")
+ );
+ }
+
+ #[test]
+ fn sha384() {
+ let hash = Hash::new(CipherSuite::P384_AES256).unwrap();
+ assert_eq!(
+ hash.hash(b"abc"),
+ decode_hex::<48>("cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7")
+ );
+ }
+
+ #[test]
+ fn sha512() {
+ let hash = Hash::new(CipherSuite::CURVE448_CHACHA).unwrap();
+ assert_eq!(
+ hash.hash(&decode_hex::<4>("23be86d5")),
+ decode_hex::<64>(concat!(
+ "76d42c8eadea35a69990c63a762f330614a4699977f058adb988f406fb0be8f2",
+ "ea3dce3a2bbd1d827b70b9b299ae6f9e5058ee97b50bd4922d6d37ddc761f8eb"
+ ))
+ );
+ }
+
+ #[test]
+ fn hmac_sha256() {
+ let expected = vec![
+ 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0xb,
+ 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x0, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c,
+ 0x2e, 0x32, 0xcf, 0xf7,
+ ];
+ let key: [u8; 20] = [0x0b; 20];
+ let data = b"Hi There";
+
+ let hmac = Hash::new(CipherSuite::CURVE25519_AES128).unwrap();
+ assert_eq!(expected, hmac.mac(&key, data).unwrap());
+ }
+
+ #[test]
+ fn hmac_sha384() {
+ let key: [u8; 20] = [0x0b; 20];
+ let data = b"Hi There";
+
+ let hmac = Hash::new(CipherSuite::P384_AES256).unwrap();
+ assert_matches!(hmac.mac(&key, data), Err(HashError::UnsupportedCipherSuite));
+ }
+
+ #[test]
+ fn hmac_sha512() {
+ let expected = vec![
+ 135, 170, 124, 222, 165, 239, 97, 157, 79, 240, 180, 36, 26, 29, 108, 176, 35, 121,
+ 244, 226, 206, 78, 194, 120, 122, 208, 179, 5, 69, 225, 124, 222, 218, 168, 51, 183,
+ 214, 184, 167, 2, 3, 139, 39, 78, 174, 163, 244, 228, 190, 157, 145, 78, 235, 97, 241,
+ 112, 46, 105, 108, 32, 58, 18, 104, 84,
+ ];
+ let key: [u8; 20] = [0x0b; 20];
+ let data = b"Hi There";
+
+ let hmac = Hash::new(CipherSuite::CURVE448_CHACHA).unwrap();
+ assert_eq!(expected, hmac.mac(&key, data).unwrap());
+ }
+}