Rust wrapper: add HMAC-BLAKE2[bs] wrappers #9687
Conversation
|
retest this please (org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for wolf-linux-cloud-node-2zcwho; wolf-linux-cloud-node-2zcwho was marked offline: Connection was broken) |
dgarske
requested review from
gasbytes and
mattia-moffa
and removed request for
mattia-moffa
| /// | ||
| /// Returns either Ok(()) on success or Err(e) containing the wolfSSL | ||
| /// library error code value. | ||
| #[cfg(blake2b_hmac)] |
There was a problem hiding this comment.
I think this is not necessary, since the whole impl block is gated (line 177).
There was a problem hiding this comment.
Ah yes, thanks. I originally had the one-shot API in the BLAKE2b impl block instead of making a separate BLAKE2bHmac struct. Removed!
| /// | ||
| /// Returns either Ok(()) on success or Err(e) containing the wolfSSL | ||
| /// library error code value. | ||
| #[cfg(blake2s_hmac)] |
There was a problem hiding this comment.
I think this is not necessary, since the whole impl block is gated (line 451).
| /// let mut mac = [0u8; 64]; | ||
| /// hmac_blake2b.finalize(&key, &mut mac).expect("Error with finalize()"); | ||
| /// ``` | ||
| pub fn finalize(&mut self, key: &[u8], mac: &mut [u8]) -> Result<(), i32> { |
There was a problem hiding this comment.
From the docs it says "must be 64 bytes", but there's no check to enforce that.
Maybe you can turn the mac argument to be &mut [u8; 64], or at least document what happens if the length is not respected once the buffer is passed to the C api.
This applies to the finalize function in the HMAC-BLAKE2s module too, but with 32 bytes instead.
There was a problem hiding this comment.
Good idea; I added an exact length requirement.
| /// Returns either Ok(()) on success or Err(e) containing the wolfSSL | ||
| /// library error code value. | ||
| #[cfg(blake2b_hmac)] | ||
| pub fn hmac(data: &[u8], key: &[u8], out: &mut [u8]) -> Result<(), i32> { |
There was a problem hiding this comment.
The out parameter doesn't document or enforce its expected size (64 bytes for BLAKE2b, 32 bytes for BLAKE2s). Maybe turn it to &mut [u8; 64] for compile-time enforcement, or at least document what happens if the length is not respected once the buffer is passed to the C API. This applies to both BLAKE2bHmac::hmac() and BLAKE2sHmac::hmac().
There was a problem hiding this comment.
Good idea; I added an exact length requirement.
|
retest this please (org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for wolf-linux-cloud-node-q02z3c; wolf-linux-cloud-node-q02z3c was marked offline: Connection was broken) |
4 participants
Description
Add Rust wrapper for HMAC-BLAKE2[bs] one-shot and incremental APIs.
Also attempted to avoid a couple coverity messages about overrunning the x_key array (false positives).
Testing
Unit tests and integration with boringtun
Checklist