Skip to content

Commit

Permalink
digest/hmac: Clarify error handling.
Browse files Browse the repository at this point in the history
Computing an HMAC can only fail if the input is too long. The
other `FinishError` condition, where we failed to meet the
precondition for `BlockContext::try_finish()`, is obviously,
using information local to the function, unreachable.

Similarly, when there is only a single slice of bytes as input,
then the `InputTooLongError` should be the `usize` type, not
`u64`. The case where the u64 -> usize condition fails is not
interesting, so we use a saturating conversion instead of
giving ourselves the future work of proving that it is
unreachable.

Finally, remove the `From<FinishError> for error::Unspecified`
implementation, in favor of `error::erase`, following the new
convention.
  • Loading branch information
briansmith committed Jan 9, 2025
1 parent cb93d60 commit 13ddb79
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 22 deletions.
24 changes: 14 additions & 10 deletions src/digest.rs
Original file line number Diff line number Diff line change
Expand Up @@ -170,12 +170,6 @@ impl FinishError {
}
}

impl From<FinishError> for error::Unspecified {
fn from(_: FinishError) -> Self {
Self
}
}

/// A context for multi-step (Init-Update-Finish) digest calculations.
///
/// # Examples
Expand Down Expand Up @@ -270,13 +264,23 @@ impl Context {
pub fn finish(self) -> Digest {
let cpu = cpu::features();
self.try_finish(cpu)
.map_err(error::Unspecified::from)
.map_err(error::erase::<InputTooLongError<_>>)
.unwrap()
}

pub(crate) fn try_finish(mut self, cpu_features: cpu::Features) -> Result<Digest, FinishError> {
pub(crate) fn try_finish(
mut self,
cpu_features: cpu::Features,
) -> Result<Digest, InputTooLongError<u64>> {
self.block
.try_finish(&mut self.pending, self.num_pending, cpu_features)
.map_err(|err| match err {
FinishError::InputTooLong(i) => i,
FinishError::PendingNotAPartialBlock(_) => {
// Due to invariant.
unreachable!()

Check warning on line 281 in src/digest.rs

View check run for this annotation

Codecov / codecov/patch

src/digest.rs#L281

Added line #L281 was not covered by tests
}
})
}

/// The algorithm that this context is using.
Expand Down Expand Up @@ -304,7 +308,7 @@ impl Context {
pub fn digest(algorithm: &'static Algorithm, data: &[u8]) -> Digest {
let cpu = cpu::features();
Digest::compute_from(algorithm, data, cpu)
.map_err(error::Unspecified::from)
.map_err(error::erase::<InputTooLongError<_>>)
.unwrap()
}

Expand All @@ -322,7 +326,7 @@ impl Digest {
algorithm: &'static Algorithm,
data: &[u8],
cpu: cpu::Features,
) -> Result<Self, FinishError> {
) -> Result<Self, InputTooLongError<u64>> {
let mut ctx = Context::new(algorithm);
ctx.update(data);
ctx.try_finish(cpu)
Expand Down
11 changes: 11 additions & 0 deletions src/error/input_too_long.rs
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,14 @@ impl<T> InputTooLongError<T> {
}
}
}

impl InputTooLongError<u64> {
#[cold]
#[inline(never)]
pub(crate) fn into_usize_saturating(self) -> InputTooLongError<usize> {
let imprecise_input_length = self.imprecise_input_length.try_into().unwrap_or(usize::MAX);
InputTooLongError {
imprecise_input_length,
}
}

Check warning on line 49 in src/error/input_too_long.rs

View check run for this annotation

Codecov / codecov/patch

src/error/input_too_long.rs#L44-L49

Added lines #L44 - L49 were not covered by tests
}
47 changes: 35 additions & 12 deletions src/hmac.rs
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,9 @@
use crate::{
constant_time, cpu,
digest::{self, Digest},
error, hkdf, rand,
digest::{self, Digest, FinishError},
error::{self, InputTooLongError},
hkdf, rand,
};

/// An HMAC algorithm.
Expand Down Expand Up @@ -193,7 +194,7 @@ impl Key {
let mut key_bytes = [0; digest::MAX_OUTPUT_LEN];
let key_bytes = &mut key_bytes[..algorithm.0.output_len()];
fill(key_bytes)?;
Self::try_new(algorithm, key_bytes, cpu).map_err(error::Unspecified::from)
Self::try_new(algorithm, key_bytes, cpu).map_err(error::erase::<InputTooLongError<_>>)
}

/// Construct an HMAC signing key using the given digest algorithm and key
Expand All @@ -217,15 +218,15 @@ impl Key {
/// removed in a future version of *ring*.
pub fn new(algorithm: Algorithm, key_value: &[u8]) -> Self {
Self::try_new(algorithm, key_value, cpu::features())
.map_err(error::Unspecified::from)
.map_err(error::erase::<InputTooLongError<_>>)
.unwrap()
}

fn try_new(
algorithm: Algorithm,
key_value: &[u8],
cpu_features: cpu::Features,
) -> Result<Self, digest::FinishError> {
) -> Result<Self, InputTooLongError> {
let digest_alg = algorithm.0;
let mut key = Self {
inner: digest::BlockContext::new(digest_alg),
Expand All @@ -238,7 +239,8 @@ impl Key {
let key_value = if key_value.len() <= block_len {
key_value
} else {
key_hash = Digest::compute_from(digest_alg, key_value, cpu_features)?;
key_hash = Digest::compute_from(digest_alg, key_value, cpu_features)
.map_err(InputTooLongError::into_usize_saturating)?;
key_hash.as_ref()
};

Expand Down Expand Up @@ -274,14 +276,16 @@ impl Key {
Algorithm(self.inner.algorithm)
}

fn sign(&self, data: &[u8], cpu: cpu::Features) -> Result<Tag, digest::FinishError> {
fn sign(&self, data: &[u8], cpu: cpu::Features) -> Result<Tag, InputTooLongError<u64>> {
let mut ctx = Context::with_key(self);
ctx.update(data);
ctx.try_sign(cpu)
}

fn verify(&self, data: &[u8], tag: &[u8], cpu: cpu::Features) -> Result<(), VerifyError> {
let computed = self.sign(data, cpu).map_err(VerifyError::DigestError)?;
let computed = self
.sign(data, cpu)
.map_err(VerifyError::InputTooLongError)?;
constant_time::verify_slices_are_equal(computed.as_ref(), tag)
.map_err(|_: error::Unspecified| VerifyError::Mismatch)
}
Expand Down Expand Up @@ -341,21 +345,40 @@ impl Context {
/// instead.
pub fn sign(self) -> Tag {
self.try_sign(cpu::features())
.map_err(error::Unspecified::from)
.map_err(error::erase::<InputTooLongError<_>>)
.unwrap()
}

fn try_sign(self, cpu_features: cpu::Features) -> Result<Tag, digest::FinishError> {
fn try_sign(self, cpu_features: cpu::Features) -> Result<Tag, InputTooLongError<u64>> {
// Consequently, `num_pending` is valid.
debug_assert_eq!(self.inner.algorithm(), self.outer.algorithm);
debug_assert!(self.inner.algorithm().output_len() < self.outer.algorithm.block_len());

let inner = self.inner.try_finish(cpu_features)?;
let inner = inner.as_ref();
let num_pending = inner.len();
let buffer = &mut [0u8; digest::MAX_BLOCK_LEN];
const _BUFFER_IS_LARGE_ENOUGH_TO_HOLD_INNER: () =
assert!(digest::MAX_OUTPUT_LEN < digest::MAX_BLOCK_LEN);
buffer[..num_pending].copy_from_slice(inner);

self.outer
.try_finish(buffer, num_pending, cpu_features)
.map(Tag)
.map_err(|err| match err {
FinishError::InputTooLong(i) => {
// Unreachable, as we gave the inner context exactly the
// same input we gave the outer context, and
// `inner.try_finish` already succeeded. However, it is
// quite difficult to prove this, and we already return
// `InputTooLongError`, so just forward it along.
i

Check warning on line 375 in src/hmac.rs

View check run for this annotation

Codecov / codecov/patch

src/hmac.rs#L369-L375

Added lines #L369 - L375 were not covered by tests
}
FinishError::PendingNotAPartialBlock(_) => {
// Follows from the assertions above.
unreachable!()

Check warning on line 379 in src/hmac.rs

View check run for this annotation

Codecov / codecov/patch

src/hmac.rs#L379

Added line #L379 was not covered by tests
}
})
}
}

Expand All @@ -367,7 +390,7 @@ impl Context {
/// return value of `sign` to a tag. Use `verify` for verification instead.
pub fn sign(key: &Key, data: &[u8]) -> Tag {
key.sign(data, cpu::features())
.map_err(error::Unspecified::from)
.map_err(error::erase::<InputTooLongError<_>>)
.unwrap()
}

Expand All @@ -385,7 +408,7 @@ pub fn verify(key: &Key, data: &[u8], tag: &[u8]) -> Result<(), error::Unspecifi

enum VerifyError {
#[allow(dead_code)]
DigestError(digest::FinishError),
InputTooLongError(InputTooLongError<u64>),
Mismatch,
}

Expand Down

0 comments on commit 13ddb79

Please sign in to comment.