From ddc40c7159cf5730bda303961503a664c4dc826b Mon Sep 17 00:00:00 2001 From: Aaron Feickert <66188213+AaronFeickert@users.noreply.github.com> Date: Wed, 9 Aug 2023 18:29:05 -0500 Subject: [PATCH] Use hasher wrappers --- src/hashing.rs | 69 ++++++++++++++------------------- src/ristretto/ristretto_keys.rs | 18 +++++---- src/ristretto/ristretto_sig.rs | 3 +- src/signatures/schnorr.rs | 6 +-- 4 files changed, 46 insertions(+), 50 deletions(-) diff --git a/src/hashing.rs b/src/hashing.rs index e00e59b7..177d8c2f 100644 --- a/src/hashing.rs +++ b/src/hashing.rs @@ -222,12 +222,11 @@ impl AsRef<[u8]> for DomainSeparatedHash { /// Calculating a signature challenge /// /// ``` +/// # use blake2::Digest; /// # use tari_utilities::hex::{to_hex, Hex}; -/// use blake2::{Blake2b, Digest}; -/// use digest::consts::U32; -/// use tari_crypto::{ +/// # use tari_crypto::{ /// hash_domain, -/// hashing::{DomainSeparatedHash, DomainSeparatedHasher, DomainSeparation}, +/// hashing::{Blake2b256, DomainSeparatedHash, DomainSeparatedHasher, DomainSeparation}, /// }; /// /// hash_domain!(CardHashDomain, "com.cards"); @@ -237,8 +236,8 @@ impl AsRef<[u8]> for DomainSeparatedHash { /// strength: u8, /// } /// -/// fn calculate_challenge(msg: &str) -> DomainSeparatedHash> { -/// DomainSeparatedHasher::, CardHashDomain>::new_with_label("schnorr_challenge") +/// fn calculate_challenge(msg: &str) -> DomainSeparatedHash { +/// DomainSeparatedHasher::::new_with_label("schnorr_challenge") /// .chain_update(msg.as_bytes()) /// .finalize() /// } @@ -539,18 +538,13 @@ impl Deref for Mac { /// # use tari_crypto::keys::SecretKey; /// # use tari_crypto::ristretto::ristretto_keys::RistrettoKdf; /// # use tari_crypto::ristretto::RistrettoSecretKey; -/// # use digest::consts::U64; -/// # use blake2::Blake2b; +/// # use tari_crypto::hashing::Blake2b512; /// /// fn wallet_keys( /// primary_key: &RistrettoSecretKey, /// index: usize, /// ) -> Result { -/// RistrettoKdf::generate::>( -/// primary_key.as_bytes(), -/// &index.to_le_bytes(), -/// "wallet", -/// ) +/// RistrettoKdf::generate::(primary_key.as_bytes(), &index.to_le_bytes(), "wallet") /// } /// /// let key = RistrettoSecretKey::from_hex( @@ -655,17 +649,14 @@ pub fn create_hasher() -> DomainSeparatedHasher #[cfg(test)] mod test { use blake2::Blake2b; - use digest::{ - consts::{U32, U64}, - generic_array::GenericArray, - Digest, - Update, - }; + use digest::{consts::U32, generic_array::GenericArray, Digest, Update}; use tari_utilities::hex::{from_hex, to_hex}; use crate::hashing::{ byte_to_decimal_ascii_bytes, AsFixedBytes, + Blake2b256, + Blake2b512, DomainSeparatedHasher, DomainSeparation, Mac, @@ -693,7 +684,7 @@ mod test { #[test] fn hasher_macro_tests() { { - hasher!(Blake2b, MyDemoHasher, "com.macro.test"); + hasher!(Blake2b256, MyDemoHasher, "com.macro.test"); util::hash_from_digest( MyDemoHasher::new(), @@ -702,7 +693,7 @@ mod test { ); } { - hasher!(Blake2b, MyDemoHasher2, "com.macro.test", 1); + hasher!(Blake2b256, MyDemoHasher2, "com.macro.test", 1); util::hash_from_digest( MyDemoHasher2::new(), @@ -724,7 +715,7 @@ mod test { #[test] fn finalize_into() { hash_domain!(TestHasher, "com.example.test"); - let mut hasher = DomainSeparatedHasher::, TestHasher>::new(); + let mut hasher = DomainSeparatedHasher::::new(); hasher.update([0, 0, 0]); let mut output = GenericArray::::default(); @@ -734,7 +725,7 @@ mod test { #[test] fn finalize_into_reset() { hash_domain!(TestHasher, "com.example.test"); - let mut hasher = DomainSeparatedHasher::, TestHasher>::new(); + let mut hasher = DomainSeparatedHasher::::new(); hasher.update([0, 0, 0]); let mut output = GenericArray::::default(); @@ -747,7 +738,7 @@ mod test { use zeroize::Zeroize; hash_domain!(TestHasher, "com.example.test"); - let mut hasher = DomainSeparatedHasher::, TestHasher>::new(); + let mut hasher = DomainSeparatedHasher::::new(); hasher.update([0, 0, 0]); hidden_type!(Key, SafeArray); @@ -759,10 +750,10 @@ mod test { fn dst_hasher() { hash_domain!(GenericHashDomain, "com.tari.generic"); assert_eq!(GenericHashDomain::domain_separation_tag(""), "com.tari.generic.v1"); - let hash = DomainSeparatedHasher::, GenericHashDomain>::new_with_label("test_hasher") + let hash = DomainSeparatedHasher::::new_with_label("test_hasher") .chain("some foo") .finalize(); - let mut hash2 = DomainSeparatedHasher::, GenericHashDomain>::new_with_label("test_hasher"); + let mut hash2 = DomainSeparatedHasher::::new_with_label("test_hasher"); hash2.update("some foo"); let hash2 = hash2.finalize(); assert_eq!(hash.as_ref(), hash2.as_ref()); @@ -772,8 +763,8 @@ mod test { ); let hash_1 = - DomainSeparatedHasher::, GenericHashDomain>::new_with_label("mynewtest").digest(b"rincewind"); - let hash_2 = DomainSeparatedHasher::, GenericHashDomain>::new_with_label("mynewtest") + DomainSeparatedHasher::::new_with_label("mynewtest").digest(b"rincewind"); + let hash_2 = DomainSeparatedHasher::::new_with_label("mynewtest") .chain(b"rincewind") .finalize(); assert_eq!(hash_1.as_ref(), hash_2.as_ref()); @@ -783,12 +774,12 @@ mod test { fn digest_is_the_same_as_standard_api() { hash_domain!(MyDemoHasher, "com.macro.test"); assert_eq!(MyDemoHasher::domain_separation_tag(""), "com.macro.test.v1"); - util::hash_test::, MyDemoHasher>>( + util::hash_test::>( &[0, 0, 0], "d4cbf5b6b97485a991973db8a6ce4d3fc660db5dff5f55f2b0cb363fca34b0a2", ); - let mut hasher = DomainSeparatedHasher::, MyDemoHasher>::new(); + let mut hasher = DomainSeparatedHasher::::new(); hasher.update([0, 0, 0]); let hash = hasher.finalize(); assert_eq!( @@ -796,7 +787,7 @@ mod test { "d4cbf5b6b97485a991973db8a6ce4d3fc660db5dff5f55f2b0cb363fca34b0a2" ); - let mut hasher = DomainSeparatedHasher::, MyDemoHasher>::new_with_label(""); + let mut hasher = DomainSeparatedHasher::::new_with_label(""); hasher.update([0, 0, 0]); let hash = hasher.finalize(); assert_eq!( @@ -810,21 +801,21 @@ mod test { fn can_be_used_as_digest() { hash_domain!(MyDemoHasher, "com.macro.test"); assert_eq!(MyDemoHasher::domain_separation_tag(""), "com.macro.test.v1"); - util::hash_test::, MyDemoHasher>>( + util::hash_test::>( &[0, 0, 0], "d4cbf5b6b97485a991973db8a6ce4d3fc660db5dff5f55f2b0cb363fca34b0a2", ); hash_domain!(MyDemoHasher2, "com.macro.test", 2); assert_eq!(MyDemoHasher2::domain_separation_tag(""), "com.macro.test.v2"); - util::hash_test::, MyDemoHasher2>>( + util::hash_test::>( &[0, 0, 0], "ce327b02271d035bad4dcc1e69bc292392ee4ee497f1f8467d54bf4b4c72639a", ); hash_domain!(TariHasher, "com.tari.hasher"); assert_eq!(TariHasher::domain_separation_tag(""), "com.tari.hasher.v1"); - util::hash_test::, TariHasher>>( + util::hash_test::>( &[0, 0, 0], "ae359f05bb76c646c6767d25f53893fc38b0c7b56f8a74a1cbb008ea3ffc183f", ); @@ -834,7 +825,7 @@ mod test { #[test] fn hash_to_fixed_bytes_conversion() { hash_domain!(TestDomain, "com.tari.generic"); - let hash = DomainSeparatedHasher::, TestDomain>::new_with_label("mytest") + let hash = DomainSeparatedHasher::::new_with_label("mytest") .chain("some data") .finalize(); let hash_to_bytes_7: [u8; 7] = hash.as_fixed_bytes().unwrap(); @@ -849,7 +840,7 @@ mod test { fn deconstruction() { hash_domain!(TestDomain, "com.tari.generic"); // Illustrate exactly what gets hashed and how we try and avoid collisions - let hash = DomainSeparatedHasher::, TestDomain>::new_with_label("mytest") + let hash = DomainSeparatedHasher::::new_with_label("mytest") .chain("rincewind") .chain("hex") .finalize(); @@ -879,7 +870,7 @@ mod test { } let domain = "com.discworld.v42.turtles"; assert_eq!(MyDemoHasher::domain_separation_tag("turtles"), domain); - let hash = DomainSeparatedHasher::, MyDemoHasher>::new_with_label("turtles").finalize(); + let hash = DomainSeparatedHasher::::new_with_label("turtles").finalize(); let expected = Blake2b::::default() .chain((domain.len() as u64).to_le_bytes()) .chain(domain) @@ -914,7 +905,7 @@ mod test { "com.discworld" } } - let hash = DomainSeparatedHasher::, MyDemoHasher>::new_with_label("turtles") + let hash = DomainSeparatedHasher::::new_with_label("turtles") .chain("elephants") .finalize(); assert_eq!(to_hex(hash.as_ref()), "64a89c7160a1076a725fac97d3f67803abd0991d82518a595072fa62df4c870bddee9160f591231c381087831bf6925616013de317ce0b02846585caf41942ac"); @@ -927,7 +918,7 @@ mod test { // let mac = Mac::generate::(&key, "test message", "test"); // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `LengthExtensionAttackResistant` is not implemented for // `Sha256` - let mac = Mac::>::generate(key, "test message", "test"); + let mac = Mac::::generate(key, "test message", "test"); assert_eq!(MacDomain::domain_separation_tag("test"), "com.tari.mac.v1.test"); assert_eq!( to_hex(mac.as_ref()), diff --git a/src/ristretto/ristretto_keys.rs b/src/ristretto/ristretto_keys.rs index 39c97b4d..f39b46fc 100644 --- a/src/ristretto/ristretto_keys.rs +++ b/src/ristretto/ristretto_keys.rs @@ -26,7 +26,7 @@ use zeroize::{Zeroize, ZeroizeOnDrop, Zeroizing}; use crate::{ errors::HashingError, - hashing::{DerivedKeyDomain, DomainSeparatedHasher, DomainSeparation}, + hashing::{Blake2b512, DerivedKeyDomain, DomainSeparatedHasher, DomainSeparation}, keys::{PublicKey, SecretKey}, }; @@ -317,7 +317,7 @@ impl RistrettoPublicKey { /// A verifiable group generator using a domain separated hasher pub fn new_generator(label: &'static str) -> Result { // This function requires 512 bytes of data, so let's be opinionated here and use blake2b - let hash = DomainSeparatedHasher::, RistrettoGeneratorPoint>::new_with_label(label).finalize(); + let hash = DomainSeparatedHasher::::new_with_label(label).finalize(); if hash.as_ref().len() < 64 { return Err(HashingError::DigestTooShort { bytes: 64 }); } @@ -622,7 +622,11 @@ mod test { use tari_utilities::ByteArray; use super::*; - use crate::{keys::PublicKey, ristretto::test_common::get_keypair}; + use crate::{ + hashing::{Blake2b256, Blake2b512}, + keys::PublicKey, + ristretto::test_common::get_keypair, + }; fn assert_completely_equal(k1: &RistrettoPublicKey, k2: &RistrettoPublicKey) { assert_eq!(k1, k2); @@ -988,10 +992,10 @@ mod test { #[test] fn kdf_too_short() { - let err = RistrettoKdf::generate::>(b"this_hasher_is_too_short", b"data", "test").err(); + let err = RistrettoKdf::generate::(b"this_hasher_is_too_short", b"data", "test").err(); assert!(matches!(err, Some(HashingError::InputTooShort {}))); - let err = RistrettoKdf::generate::>(b"this_key_is_too_short", b"data", "test").err(); + let err = RistrettoKdf::generate::(b"this_key_is_too_short", b"data", "test").err(); assert!(matches!(err, Some(HashingError::InputTooShort {}))); } @@ -999,8 +1003,8 @@ mod test { fn kdf_test() { let key = RistrettoSecretKey::from_hex("45c5b950e04167785ff735bead8d746740db04bce3ee2c1f6523bdc59023e50e").unwrap(); - let derived1 = RistrettoKdf::generate::>(key.as_bytes(), b"derived1", "test").unwrap(); - let derived2 = RistrettoKdf::generate::>(key.as_bytes(), b"derived2", "test").unwrap(); + let derived1 = RistrettoKdf::generate::(key.as_bytes(), b"derived1", "test").unwrap(); + let derived2 = RistrettoKdf::generate::(key.as_bytes(), b"derived2", "test").unwrap(); assert_eq!( derived1.to_hex(), "22deb0c38ec2dc9f741912f6e3c2cd3f76a5b33142a289da15eecdcd882bda06" diff --git a/src/ristretto/ristretto_sig.rs b/src/ristretto/ristretto_sig.rs index 28a36b14..930485aa 100644 --- a/src/ristretto/ristretto_sig.rs +++ b/src/ristretto/ristretto_sig.rs @@ -132,6 +132,7 @@ mod test { use crate::{ hash_domain, + hashing::Blake2b512, keys::{PublicKey, SecretKey}, ristretto::{ ristretto_sig::RistrettoSchnorrWithDomain, @@ -213,7 +214,7 @@ mod test { let R = RistrettoPublicKey::from_hex("fa14cb581ce5717248444721242e6b195a482d503a853dea4acb513074d8d803").unwrap(); let msg = "Moving Pictures"; - let hash = SchnorrSignature::<_, _, SchnorrSigChallenge>::construct_domain_separated_challenge::<_, Blake2b>( + let hash = SchnorrSignature::<_, _, SchnorrSigChallenge>::construct_domain_separated_challenge::<_, Blake2b512>( &R, &P, msg, ); let naiive = Blake2b::::new() diff --git a/src/signatures/schnorr.rs b/src/signatures/schnorr.rs index 80756a01..4e5ec2eb 100644 --- a/src/signatures/schnorr.rs +++ b/src/signatures/schnorr.rs @@ -20,7 +20,7 @@ use tari_utilities::ByteArray; use crate::{ hash_domain, - hashing::{DomainSeparatedHash, DomainSeparatedHasher, DomainSeparation}, + hashing::{Blake2b512, DomainSeparatedHash, DomainSeparatedHasher, DomainSeparation}, keys::{PublicKey, SecretKey}, }; @@ -158,7 +158,7 @@ where let public_nonce = P::from_secret_key(&nonce); let public_key = P::from_secret_key(secret); let challenge = - Self::construct_domain_separated_challenge::<_, Blake2b>(&public_nonce, &public_key, message); + Self::construct_domain_separated_challenge::<_, Blake2b512>(&public_nonce, &public_key, message); Self::sign_raw(secret, nonce, challenge.as_ref()) } @@ -196,7 +196,7 @@ where B: AsRef<[u8]>, { let challenge = - Self::construct_domain_separated_challenge::<_, Blake2b>(&self.public_nonce, public_key, message); + Self::construct_domain_separated_challenge::<_, Blake2b512>(&self.public_nonce, public_key, message); self.verify_challenge(public_key, challenge.as_ref()) }