diff --git a/Cargo.lock b/Cargo.lock index f5352108..36b63ab9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -244,6 +244,15 @@ dependencies = [ "hex-literal", ] +[[package]] +name = "md6" +version = "0.1.0" +dependencies = [ + "base16ct", + "digest", + "hex-literal", +] + [[package]] name = "ppv-lite86" version = "0.2.20" diff --git a/Cargo.toml b/Cargo.toml index e13018a4..3222cccf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,6 +12,7 @@ members = [ "md2", "md4", "md5", + "md6", "ripemd", "sha1", "sha1-checked", diff --git a/md6/Cargo.toml b/md6/Cargo.toml new file mode 100644 index 00000000..a82a8256 --- /dev/null +++ b/md6/Cargo.toml @@ -0,0 +1,26 @@ +[package] +name = "md6" +version = "0.1.0" +description = "MD6 hash function" +authors = ["RustCrypto Developers"] +license = "MIT OR Apache-2.0" +readme = "README.md" +edition = "2021" +repository = "https://github.com/RustCrypto/hashes" +keywords = ["crypto", "md6", "hash", "digest"] +categories = ["cryptography", "no-std"] +rust-version = "1.81" + +[dependencies] +digest = "=0.11.0-pre.9" + +[dev-dependencies] +digest = { version = "=0.11.0-pre.9", features = ["dev"] } +hex-literal = "0.4" +base16ct = { version = "0.2", features = ["alloc"] } + +[features] +default = ["oid", "std"] +std = ["digest/std"] +oid = ["digest/oid"] +zeroize = ["digest/zeroize"] diff --git a/md6/README.md b/md6/README.md new file mode 100644 index 00000000..6080ec82 --- /dev/null +++ b/md6/README.md @@ -0,0 +1,83 @@ +# RustCrypto: MD6 + +Pure Rust implementation of the MD6 hash function. + +## Example + +### Fixed output size + +```rust +use md6::Md6_256; +use digest::Digest; +use hex_literal::hex; + +// create a Md6_256 object +let mut hasher = Md6_256::new(); + +// write input message +hasher.update(b"hello world"); + +// read hash digest and consume hasher +let hash = hasher.finalize(); +assert_eq!(hash.to_vec(), hex!( + "9ae602639631cc2c60adaa7a952aae8756141f31a7e6a9b76adc1de121db2230" +)); +``` + +Also, see the [examples section] in the RustCrypto/hashes readme. + +### Variable output size + +This implementation supports run and compile time variable sizes. + +Output size set at run time: +```rust +use md6::Md6Var; +use digest::{Update, VariableOutput}; +use hex_literal::hex; + +let mut hasher = Md6Var::new(12).unwrap(); +hasher.update(b"hello rust"); +let mut buf = [0u8; 12]; +hasher.finalize_variable(&mut buf).unwrap(); +assert_eq!(buf, hex!("9c5b8d9744898ec981bcc573")); +``` + +Output size set at compile time: +```rust +use md6::Md6; +use digest::{Digest, consts::U20}; +use hex_literal::hex; + +type Md6_160 = Md6; + +let mut hasher = Md6_160::new(); +hasher.update(b"hello rust"); +let res = hasher.finalize(); +assert_eq!(res, hex!("576d736a93a555a1c868973cfdd2d21838a26623")); +``` + +## Minimum Supported Rust Version + +Rust **1.81** or higher. + +Minimum supported Rust version can be changed in the future, but it will be +done with a minor version bump. + +## SemVer Policy + +- All on-by-default features of this library are covered by SemVer +- MSRV is considered exempt from SemVer as noted above + +## License + +The crate is licensed under either of: + +* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) +* [MIT license](http://opensource.org/licenses/MIT) + +## Contributing + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. diff --git a/md6/benches/mod.rs b/md6/benches/mod.rs new file mode 100644 index 00000000..46869523 --- /dev/null +++ b/md6/benches/mod.rs @@ -0,0 +1,54 @@ +#![feature(test)] +extern crate test; + +use digest::bench_update; +use md6::{Md6_128, Md6_224, Md6_256, Md6_384, Md6_512, Md6_64}; +use test::Bencher; + +bench_update!( + Md6_64::default(); + md6_64_10 10; + md6_64_100 100; + md6_64_1000 1000; + md6_64_10000 10000; +); + +bench_update!( + Md6_128::default(); + md6_128_10 10; + md6_128_100 100; + md6_128_1000 1000; + md6_128_10000 10000; +); + +bench_update!( + Md6_224::default(); + md6_224_10 10; + md6_224_100 100; + md6_224_1000 1000; + md6_224_10000 10000; +); + +bench_update!( + Md6_256::default(); + md6_256_10 10; + md6_256_100 100; + md6_256_1000 1000; + md6_256_10000 10000; +); + +bench_update!( + Md6_384::default(); + md6_384_10 10; + md6_384_100 100; + md6_384_1000 1000; + md6_384_10000 10000; +); + +bench_update!( + Md6_512::default(); + md6_512_10 10; + md6_512_100 100; + md6_512_1000 1000; + md6_512_10000 10000; +); diff --git a/md6/src/compress.rs b/md6/src/compress.rs new file mode 100644 index 00000000..95908873 --- /dev/null +++ b/md6/src/compress.rs @@ -0,0 +1,178 @@ +use crate::consts::*; + +macro_rules! call_loop_bodies { + ($w: ident, $s: expr, $i: expr) => { + if $w == 64 { + loop_body!(10, 11, 0, $s, $i); + loop_body!(5, 24, 1, $s, $i); + loop_body!(13, 9, 2, $s, $i); + loop_body!(10, 16, 3, $s, $i); + loop_body!(11, 15, 4, $s, $i); + loop_body!(12, 9, 5, $s, $i); + loop_body!(2, 27, 6, $s, $i); + loop_body!(7, 15, 7, $s, $i); + loop_body!(14, 6, 8, $s, $i); + loop_body!(15, 2, 9, $s, $i); + loop_body!(7, 29, 10, $s, $i); + loop_body!(13, 8, 11, $s, $i); + loop_body!(11, 15, 12, $s, $i); + loop_body!(7, 5, 13, $s, $i); + loop_body!(6, 31, 14, $s, $i); + loop_body!(12, 9, 15, $s, $i); + } else if $w == 32 { + loop_body!(5, 4, 0, $s, $i); + loop_body!(3, 7, 1, $s, $i); + loop_body!(6, 7, 2, $s, $i); + loop_body!(5, 9, 3, $s, $i); + loop_body!(4, 13, 4, $s, $i); + loop_body!(6, 8, 5, $s, $i); + loop_body!(7, 4, 6, $s, $i); + loop_body!(3, 14, 7, $s, $i); + loop_body!(5, 7, 8, $s, $i); + loop_body!(6, 4, 9, $s, $i); + loop_body!(5, 8, 10, $s, $i); + loop_body!(5, 11, 11, $s, $i); + loop_body!(4, 5, 12, $s, $i); + loop_body!(6, 8, 13, $s, $i); + loop_body!(7, 2, 14, $s, $i); + loop_body!(5, 11, 15, $s, $i); + } else if $w == 16 { + loop_body!(5, 6, 0, $s, $i); + loop_body!(4, 7, 1, $s, $i); + loop_body!(3, 2, 2, $s, $i); + loop_body!(5, 4, 3, $s, $i); + loop_body!(7, 2, 4, $s, $i); + loop_body!(5, 6, 5, $s, $i); + loop_body!(5, 3, 6, $s, $i); + loop_body!(2, 7, 7, $s, $i); + loop_body!(4, 5, 8, $s, $i); + loop_body!(3, 7, 9, $s, $i); + loop_body!(4, 6, 10, $s, $i); + loop_body!(3, 5, 11, $s, $i); + loop_body!(4, 5, 12, $s, $i); + loop_body!(7, 6, 13, $s, $i); + loop_body!(7, 4, 14, $s, $i); + loop_body!(2, 3, 15, $s, $i); + } else if $w == 8 { + loop_body!(3, 2, 0, $s, $i); + loop_body!(3, 4, 1, $s, $i); + loop_body!(3, 2, 2, $s, $i); + loop_body!(4, 3, 3, $s, $i); + loop_body!(3, 2, 4, $s, $i); + loop_body!(3, 2, 5, $s, $i); + loop_body!(3, 2, 6, $s, $i); + loop_body!(3, 4, 7, $s, $i); + loop_body!(2, 3, 8, $s, $i); + loop_body!(2, 3, 9, $s, $i); + loop_body!(3, 2, 10, $s, $i); + loop_body!(2, 3, 11, $s, $i); + loop_body!(2, 3, 12, $s, $i); + loop_body!(3, 4, 13, $s, $i); + loop_body!(2, 3, 14, $s, $i); + loop_body!(3, 4, 15, $s, $i); + } + }; +} + +fn get_s_constants(ws: usize) -> (Md6Word, Md6Word) { + match ws { + 64 => (0x0123456789abcdef, 0x7311c2812425cfa0), + 32 => (0x01234567, 0x7311c281), + 16 => (0x01234, 0x7311), + 8 => (0x01, 0x73), + _ => panic!("bad w"), + } +} + +fn main_compression_loop(a: &mut [Md6Word], r: usize) { + macro_rules! loop_body { + ($rs: expr, $ls: expr, $step: expr, $s: expr, $i: expr) => { + let mut x = $s; // feedback constant + x ^= a[$i + $step - T5]; // end-around feedback + x ^= a[$i + $step - T0]; // linear feedback + x ^= (a[$i + $step - T1] & a[$i + $step - T2]); // first quadratic term + x ^= (a[$i + $step - T3] & a[$i + $step - T4]); // second quadratic term + x ^= x >> $rs; // right shift + a[$i + $step] = x ^ (x << $ls); // left shift + }; + } + + // Get the initial values for `s` and `smask` based on the width `w`. + let (mut s, smask) = get_s_constants(W); + + let mut i = N; + let mut j = 0; + + while j < r * C { + // Call the loop bodies based on the value of `w`. + // This will perform the main computation for each step in the compression loop. + call_loop_bodies!(W, s, i); + + // Advance round constant s to the next round constant. + s = (s << 1) ^ (s >> (W - 1)) ^ (s & smask); + i += 16; + j += C; + } +} + +pub fn compress(c: &mut [Md6Word], n: &mut [Md6Word], r: usize, a: &mut [Md6Word]) { + // check that the input is sensible + assert!(!n.is_empty()); + assert!(!n.is_empty()); + assert!(r <= MD6_MAX_R); + assert!(!a.is_empty()); + + a[..n.len()].copy_from_slice(n); // copy n to front of a + + main_compression_loop(a, r); // do the main computation + + c.copy_from_slice(&a[((r - 1) * C + N)..((r - 1) * C + N + C)]); // output into c +} + +pub fn make_control_word( + r: usize, + l: usize, + z: usize, + p: usize, + keylen: usize, + d: usize, +) -> Md6ControlWord { + (0 as Md6ControlWord) << 60 // reserved width 4 bits + | (r as Md6ControlWord) << 48 // r width 12 bits + | (l as Md6ControlWord) << 40 // L width 8 bits + | (z as Md6ControlWord) << 36 // z width 4 bits + | (p as Md6ControlWord) << 20 // p width 16 bits + | (keylen as Md6ControlWord) << 12 // keylen width 8 bits + | (d as Md6ControlWord) // d width 12 bits +} + +pub fn make_node_id(ell: usize, i: Md6Word) -> Md6NodeID { + (ell as Md6NodeID) << 56 | i // ell width 8 bits, i width 56 bits +} + +pub fn pack( + n: &mut [Md6Word], + q: &[Md6Word], + k: [Md6Word; K], + b: [Md6Word; 64], + u: Md6NodeID, + v: Md6ControlWord, +) { + let mut ni = 0; + + n[ni..ni + Q].copy_from_slice(&q[..Q]); // q: q in words 0--14 + ni += Q; + + n[ni..ni + K].copy_from_slice(&k[..K]); // k: key in words 15--22 + ni += K; + + // u: unique node ID in 23 + n[ni] = u; + ni += U; + + // v: control word in 24 + n[ni] = v; + ni += V; + + n[ni..ni + B].copy_from_slice(&b[..B]); // b: data words 25--88 +} diff --git a/md6/src/consts.rs b/md6/src/consts.rs new file mode 100644 index 00000000..e24f0b0e --- /dev/null +++ b/md6/src/consts.rs @@ -0,0 +1,63 @@ +/// MD6 constants related to standard mode of operation + +pub type Md6Word = u64; +pub type Md6ControlWord = u64; +pub type Md6NodeID = u64; + +/// Maximum stack height +pub const MD6_MAX_STACK_HEIGHT: usize = 29; +/// Maximum number of rounds +pub const MD6_MAX_R: usize = 255; +/// Large so that MD6 is fully hierarchical +pub const MD6_DEFAULT_L: usize = 64; + +/// Number of bits in a word +pub const MD6_W: usize = 64; +/// Size of compression output in words +pub const MD6_C: usize = 16; +/// Size of compression input block in words +pub const MD6_N: usize = 89; + +// These five values give lengths of the components of compression +// input block; they should sum to MD6_N. + +// Q words in a compression block (>= 0) +pub const MD6_Q: usize = 15; +/// Key words per compression block (>= 0) +pub const MD6_K: usize = 8; +/// Words for unique node ID (0 or 64/w) +pub const MD6_U: usize = 64 / MD6_W; +/// Words for control word (0 or 64/w) +pub const MD6_V: usize = 64 / MD6_W; +/// Data words per compression block (> 0) +pub const MD6_B: usize = 64; + +/// Number of bits in a word (64) +pub const W: usize = MD6_W; +/// Size of compression output in words (16) +pub const C: usize = MD6_C; +/// Size of compression input block in words (89) +pub const N: usize = MD6_N; +/// Q words in a compression block (>= 0) (15) +pub const Q: usize = MD6_Q; +/// Key words per compression block (>= 0) (8) +pub const K: usize = MD6_K; +/// Words for unique node ID (0 or 64/w) +pub const U: usize = MD6_U; +/// Words for control word (0 or 64/w) +pub const V: usize = MD6_V; +/// Data words per compression block (> 0) (64) +pub const B: usize = MD6_B; + +/// Index for linear feedback +pub const T0: usize = 17; +/// Index for first input to first and +pub const T1: usize = 18; +/// Index for second input to first and +pub const T2: usize = 21; +/// Index for first input to second and +pub const T3: usize = 31; +/// Index for second input to second and +pub const T4: usize = 67; +/// Last tap +pub const T5: usize = 89; diff --git a/md6/src/lib.rs b/md6/src/lib.rs new file mode 100644 index 00000000..afaa85eb --- /dev/null +++ b/md6/src/lib.rs @@ -0,0 +1,40 @@ +#![no_std] +#![doc = include_str!("../README.md")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] +#![warn(missing_docs, rust_2018_idioms)] + +mod compress; +pub(crate) mod consts; +mod md6; + +use digest::{ + consts::{U16, U28, U32, U48, U64, U8}, + core_api::{CoreWrapper, CtVariableCoreWrapper, RtVariableCoreWrapper}, +}; + +pub use digest::{Digest, Update, VariableOutput}; + +use crate::md6::Md6VarCore; + +/// Md6 which allows variable output size at runtime +pub type Md6Var = RtVariableCoreWrapper; +/// Core hash function for Md6 generic over output size +pub type Md6Core = CtVariableCoreWrapper; +/// Md6 generic over output size. +pub type Md6 = CoreWrapper>; +/// Md6 with 64-bit output +pub type Md6_64 = CoreWrapper>; +/// Md6 with 128-bit output +pub type Md6_128 = CoreWrapper>; +/// Md6 with 224-bit output +pub type Md6_224 = CoreWrapper>; +/// Md6 with 256-bit output +pub type Md6_256 = CoreWrapper>; +/// Md6 with 384-bit output +pub type Md6_384 = CoreWrapper>; +/// Md6 with 512-bit output +pub type Md6_512 = CoreWrapper>; diff --git a/md6/src/md6.rs b/md6/src/md6.rs new file mode 100644 index 00000000..b43414d8 --- /dev/null +++ b/md6/src/md6.rs @@ -0,0 +1,737 @@ +use crate::compress::*; +use crate::consts::*; + +use core::fmt; +use digest::{ + block_buffer::Eager, + core_api::{ + AlgorithmName, Block, BlockSizeUser, Buffer, BufferKindUser, OutputSizeUser, Reset, + TruncSide, UpdateCore, VariableOutputCore, + }, + crypto_common::hazmat::{DeserializeStateError, SerializableState, SerializedState}, + typenum::{Unsigned, U128, U64}, + HashMarker, Output, +}; + +pub struct Md6VarCore { + d: usize, + hashbitlen: usize, + hashval: [u8; C * (W / 8)], + hexhashval: [char; C * (W / 8) + 1], + initialized: bool, + bits_processed: usize, + compression_calls: usize, + finalized: bool, + k: [Md6Word; K], + keylen: usize, + l: usize, + r: usize, + top: usize, + b: [[Md6Word; B]; MD6_MAX_STACK_HEIGHT], + bits: [usize; MD6_MAX_STACK_HEIGHT], + i_for_level: [u64; MD6_MAX_STACK_HEIGHT], +} + +impl HashMarker for Md6VarCore {} + +impl BlockSizeUser for Md6VarCore { + type BlockSize = U128; +} + +impl BufferKindUser for Md6VarCore { + type BufferKind = Eager; +} + +impl OutputSizeUser for Md6VarCore { + type OutputSize = U64; +} + +impl UpdateCore for Md6VarCore { + #[inline] + fn update_blocks(&mut self, blocks: &[Block]) { + for block in blocks { + self.update(block, block.len() * 8); + } + } +} + +impl VariableOutputCore for Md6VarCore { + const TRUNC_SIDE: TruncSide = TruncSide::Left; + + #[inline] + fn new(output_size: usize) -> Result { + if output_size > Self::OutputSize::USIZE { + return Err(digest::InvalidOutputSize); + } + + Ok(Self::init(output_size * 8)) + } + + #[inline] + fn finalize_variable_core(&mut self, buffer: &mut Buffer, out: &mut Output) { + let databitlen = buffer.get_pos() * 8; + let block = buffer.pad_with_zeros(); + self.update(&block, databitlen); + + // Create a temporary buffer to store the hash value + let mut hashval = [0u8; 128]; + + // Finalize the hash computation + self.finalize(&mut hashval); + + // Copy the resulting hash value into the output slice + for (i, o) in out.iter_mut().enumerate() { + *o = hashval[i]; + } + } +} + +impl AlgorithmName for Md6VarCore { + fn write_alg_name(f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.write_str("Md6") + } +} + +impl Default for Md6VarCore { + #[inline] + fn default() -> Self { + Self::init(256) + } +} + +impl Reset for Md6VarCore { + #[inline] + fn reset(&mut self) { + *self = Self::init(self.d); + } +} + +impl fmt::Debug for Md6VarCore { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("Md6Core { ... }") + } +} + +impl Drop for Md6VarCore { + fn drop(&mut self) { + #[cfg(feature = "zeroize")] + { + self.hashval.zeroize(); + self.hexhashval.zeroize(); + self.k.zeroize(); + self.b.zeroize(); + self.bits.zeroize(); + self.i_for_level.zeroize(); + self.d.zeroize(); + self.hashbitlen.zeroize(); + self.keylen.zeroize(); + self.l.zeroize(); + self.r.zeroize(); + self.top.zeroize(); + self.compression_calls.zeroize(); + self.bits_processed.zeroize(); + self.initialized.zeroize(); + self.finalized.zeroize(); + } + } +} + +impl SerializableState for Md6VarCore { + type SerializedStateSize = U64; + + fn serialize(&self) -> SerializedState { + let mut serialized_state = SerializedState::::default(); + + // Serialize usize fields + serialized_state.copy_from_slice(&self.d.to_le_bytes()); + serialized_state.copy_from_slice(&self.hashbitlen.to_le_bytes()); + serialized_state.copy_from_slice(&self.bits_processed.to_le_bytes()); + serialized_state.copy_from_slice(&self.compression_calls.to_le_bytes()); + serialized_state.copy_from_slice(&self.keylen.to_le_bytes()); + serialized_state.copy_from_slice(&self.l.to_le_bytes()); + serialized_state.copy_from_slice(&self.r.to_le_bytes()); + serialized_state.copy_from_slice(&self.top.to_le_bytes()); + + // Serialize boolean fields + serialized_state.copy_from_slice(&(self.initialized as u8).to_le_bytes()); + serialized_state.copy_from_slice(&(self.finalized as u8).to_le_bytes()); + + // Serialize arrays + serialized_state.copy_from_slice(&self.hashval); + for &c in &self.hexhashval { + serialized_state.copy_from_slice(&(c as u32).to_le_bytes()); + } + for &word in &self.k { + serialized_state.copy_from_slice(&word.to_le_bytes()); + } + for row in &self.b { + for &word in row { + serialized_state.copy_from_slice(&word.to_le_bytes()); + } + } + for &bit in &self.bits { + serialized_state.copy_from_slice(&bit.to_le_bytes()); + } + for &level in &self.i_for_level { + serialized_state.copy_from_slice(&level.to_le_bytes()); + } + + serialized_state + } + + fn deserialize( + serialized_state: &SerializedState, + ) -> Result { + let mut offset = 0; + + // Helper function to read a usize from the serialized state + fn read_usize(serialized_state: &[u8], offset: &mut usize) -> usize { + let size = core::mem::size_of::(); + let mut buf = [0u8; core::mem::size_of::()]; + buf.copy_from_slice(&serialized_state[*offset..*offset + size]); + *offset += size; + usize::from_le_bytes(buf) + } + + // Helper function to read a u64 from the serialized state + fn read_u64(serialized_state: &[u8], offset: &mut usize) -> u64 { + let size = 8; + let mut buf = [0u8; 8]; + buf.copy_from_slice(&serialized_state[*offset..*offset + size]); + *offset += size; + u64::from_le_bytes(buf) + } + + // Helper function to read a boolean from the serialized state + fn read_bool(serialized: &[u8], offset: &mut usize) -> bool { + let val = serialized[*offset]; + *offset += 1; + val != 0 + } + + // Deserialize usize fields + let d = read_usize(serialized_state, &mut offset); + let hashbitlen = read_usize(serialized_state, &mut offset); + let bits_processed = read_usize(serialized_state, &mut offset); + let compression_calls = read_usize(serialized_state, &mut offset); + let keylen = read_usize(serialized_state, &mut offset); + let l = read_usize(serialized_state, &mut offset); + let r = read_usize(serialized_state, &mut offset); + let top = read_usize(serialized_state, &mut offset); + + // Deserialize boolean fields + let initialized = read_bool(serialized_state, &mut offset); + let finalized = read_bool(serialized_state, &mut offset); + + // Deserialize arrays + let hashval_len = C * (W / 8); + let mut hashval = [0u8; C * (W / 8)]; + hashval.copy_from_slice(&serialized_state[offset..offset + hashval_len]); + offset += hashval_len; + + let mut hexhashval = ['\0'; C * (W / 8) + 1]; + for c in &mut hexhashval { + let size = 4; + let mut buf = [0u8; 4]; + buf.copy_from_slice(&serialized_state[offset..offset + size]); + offset += size; + *c = char::from_u32(u32::from_le_bytes(buf)).expect("invalid char in serialized state"); + } + + let mut k = [0u64; K]; + for word in &mut k { + *word = read_u64(serialized_state, &mut offset); + } + + let mut b = [[0u64; B]; MD6_MAX_STACK_HEIGHT]; + for row in &mut b { + for word in row.iter_mut() { + *word = read_u64(serialized_state, &mut offset); + } + } + + let mut bits = [0usize; MD6_MAX_STACK_HEIGHT]; + for bit in &mut bits { + *bit = read_usize(serialized_state, &mut offset); + } + + let mut i_for_level = [0u64; MD6_MAX_STACK_HEIGHT]; + for level in &mut i_for_level { + *level = read_u64(serialized_state, &mut offset); + } + + Ok(Self { + d, + hashbitlen, + hashval, + hexhashval, + initialized, + bits_processed, + compression_calls, + finalized, + k, + keylen, + l, + r, + top, + b, + bits, + i_for_level, + }) + } +} + +impl Md6VarCore { + #[inline] + fn init(d: usize) -> Self { + Self::full_init(d, None, 0, MD6_DEFAULT_L, default_r(d, 0)) + } + + #[inline] + fn full_init(d: usize, key: Option<&[u8]>, keylen: usize, l: usize, r: usize) -> Self { + if key.is_some() { + assert!(keylen <= K * (W / 8), "bad keylen"); + } + assert!((1..=512).contains(&d), "bad hashlen"); + + let (k, keylen) = match key { + Some(key) if keylen > 0 => { + let mut key_bytes = [0x00; 64]; + key_bytes[..keylen.min(64)].copy_from_slice(&key[..keylen.min(64)]); + + let mut k_words = [0; K]; + + bytes_to_words(&key_bytes, &mut k_words); + + (k_words, keylen) + } + _ => ([0u64; K], 0), + }; + + assert!(l <= 255, "bad L"); + assert!(r <= 255, "bad r"); + + let initialized = true; + let finalized = false; + let compression_calls = 0; + let bits_processed = 0; + let hexhashval = ['\n'; C * (W / 8) + 1]; + let hashval = [0; C * (W / 8)]; + let hashbitlen = 0; + let top = 1; + + let mut bits = [0; MD6_MAX_STACK_HEIGHT]; + if l == 0 { + bits[1] = C * W + }; + + let b = [[0; B]; MD6_MAX_STACK_HEIGHT]; + let i_for_level = [0; MD6_MAX_STACK_HEIGHT]; + + Md6VarCore { + d, + hashbitlen, + hashval, + hexhashval, + initialized, + bits_processed, + compression_calls, + finalized, + k, + keylen, + l, + r, + top, + b, + bits, + i_for_level, + } + } + + pub fn standard_compress( + &self, + c: &mut [Md6Word], + q: &[Md6Word], + ell: usize, + p: usize, + z: usize, + ) { + let mut n = [0; MD6_N]; + let mut a = [0; 5000]; + + // check that the input values are sensible + assert!(!c.is_empty()); + assert!(!q.is_empty()); + assert!(!self.b.is_empty()); + assert!(self.r <= MD6_MAX_R); + assert!(self.l <= 255); + assert!(ell <= 255); + assert!(p <= B * W); + assert!(self.d <= C * W / 2); + assert!(!self.k.is_empty()); + + let u = make_node_id(ell, self.i_for_level[ell]); + let v = make_control_word(self.r, self.l, z, p, self.keylen, self.d); + + pack(&mut n, q, self.k, self.b[ell], u, v); // pack input data into N + + compress(c, &mut n, self.r, &mut a); // compress + } + + #[inline] + fn compress_block(&mut self, c: &mut [u64], ell: usize, z: usize) { + // check that input values are sensible + assert!(self.initialized, "state not init"); + assert!(ell < MD6_MAX_STACK_HEIGHT + 1, "stackoverflow"); + + self.compression_calls += 1; + + let p = B * W - self.bits[ell]; // number of padding bits + let q = get_round_constants(W); // Q constant + + self.standard_compress(c, q, ell, p, z); + + self.bits[ell] = 0; // clear bits used count this level + self.i_for_level[ell] += 1; // increment i for this level + + self.b[ell] = [0; W]; // clear B for this level + } + + #[inline] + fn process(&mut self, ell: usize, is_final: bool) { + // check that input values are sensible + assert!(self.initialized, "state not init"); + + // not final -- more input will be coming + if !is_final { + // if this is a leaf, then we're done + if self.bits[ell] < B * W { + return; + } + } else if ell == self.top { + if ell == self.l + 1 { + // SEQ node + if self.bits[ell] == C * W && self.i_for_level[ell] > 0 { + return; + } + } else if ell > 1 && self.bits[ell] == C * W { + return; + } + } + + let mut c = [0x00; C]; // compression output + let z = if is_final && ell == self.top { 1 } else { 0 }; // is this the last block + + self.compress_block(&mut c, ell, z); // compress block + + // if this is the last block, then we're done + if z == 1 { + words_to_bytes(&c, &mut self.hashval); + return; + } + + // where should result go To "next level" + let next_level = (ell + 1).min(self.l + 1); + + if next_level == self.l + 1 + && self.i_for_level[next_level] == 0 + && self.bits[next_level] == 0 + { + self.bits[next_level] = C * W; + } + + self.b[next_level][..C].copy_from_slice(&c); // copy c onto the next level + self.bits[next_level] += C * W; + + if next_level > self.top { + self.top = next_level; + } + + self.process(next_level, is_final); + } + + #[inline] + fn append_bits(&mut self, src: &[u8], srclen: usize) { + if srclen == 0 { + return; + } + + let mut accum: u16 = 0; // Accumulates bits waiting to be moved, right-justified + let mut accumlen = 0; // Number of bits in accumulator + let destlen = self.bits[1]; + + // Initialize accum, accumlen, and destination index (di) + if destlen % 8 != 0 { + accumlen = destlen % 8; + accum = self.b[1][destlen / 8] as u16; // Grab partial byte from dest + accum >>= 8 - accumlen; // Right-justify it in accumulator + } + let mut di = destlen / 8; // Index of where next byte will go within dest + + // Ensure dest has enough space + let new_len = (destlen + srclen + 7) / 8; + if self.b[1].len() < new_len { + panic!("destination buffer is too small"); + } + + // Number of bytes (full or partial) in src + let srcbytes = (srclen + 7) / 8; + + for (i, item) in src.iter().enumerate().take(srcbytes) { + if i != srcbytes - 1 { + // Not the last byte + accum = (accum << 8) ^ src[i] as u16; + accumlen += 8; + } else { + // Last byte + let newbits = if srclen % 8 == 0 { 8 } else { srclen % 8 }; + accum = (accum << newbits) ^ ((*item as u16) >> (8 - newbits)); + accumlen += newbits; + } + + // Process as many high-order bits of accum as possible + while (i != srcbytes - 1 && accumlen >= 8) || (i == srcbytes - 1 && accumlen > 0) { + let numbits = 8.min(accumlen); + let mut bits = accum >> (accumlen - numbits); // Right justified + bits <<= 8 - numbits; // Left justified + bits &= 0xff00 >> numbits; // Mask + let bits = bits as u8; + self.b[1][di] = bits as u64; // Save + di += 1; + accumlen -= numbits; + } + } + } + + #[inline] + fn update(&mut self, data: &[u8], databitlen: usize) { + // check that input values are sensible + assert!(self.initialized, "state not init"); + assert!(!data.is_empty(), "null data"); + + let mut j = 0; + while j < databitlen { + let portion_size = (databitlen - j).min(B * W - self.bits[1]); + if (portion_size % 8 == 0) && (self.bits[1] % 8 == 0) && (j % 8 == 0) { + let start = j / 8; + let end = start + portion_size / 8; + let data_slice = &data[start..end]; + let mut i = 0; + + while i < data_slice.len() { + let byte = data_slice[i]; + let index_u64 = i / 8; + let shift_amount = (7 - i % 8) * 8; + + self.b[1][(self.bits[1] / 64) + index_u64] |= (byte as u64) << shift_amount; + + i += 1; + } + } else { + self.append_bits(&data[j / 8..], portion_size); + } + + j += portion_size; + self.bits[1] += portion_size; + self.bits_processed += portion_size; + + if self.bits[1] == B * W && j < databitlen { + self.process(1, false); + } + } + } + + #[inline] + fn compute_hex_hashval(&mut self) { + let hex_digits = [ + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', + ]; + + for i in 0..((self.d + 7) / 8) { + self.hexhashval[2 * i] = hex_digits[((self.hashval[i] >> 4) & 0xf) as usize]; + self.hexhashval[2 * i + 1] = hex_digits[((self.hashval[i]) & 0xf) as usize]; + } + + self.hexhashval[(self.d + 3) / 4] = '\n'; + } + + #[inline] + fn trim_hashval(&mut self) { + let full_or_partial_bytes = (self.d + 7) / 8; + let bits = self.d % 8; + + // move relevant bytes to the front + for i in 0..full_or_partial_bytes { + self.hashval[i] = self.hashval[C * (W / 8) - full_or_partial_bytes + i]; + } + + // zero out following byte + for i in full_or_partial_bytes..(C * (W / 8)) { + self.hashval[i] = 0; + } + + // shift result left by (8-bits) bit positions, per byte, if needed + if bits > 0 { + for i in 0..full_or_partial_bytes { + self.hashval[i] <<= 8 - bits; + if (i + 1) < C * (W / 8) { + self.hashval[i] |= self.hashval[i + 1] >> bits; + } + } + } + } + + #[inline] + fn finalize(&mut self, hashval: &mut [u8]) { + // check that input values are sensible + if !self.initialized { + panic!("state not init"); + } + + // "finalize" was previously called + if self.finalized { + return; + } + + let mut ell; + // force any processing that needs doing + if self.top == 1 { + ell = 1; + } else { + ell = 1; + while ell <= self.top { + if self.bits[ell] > 0 { + break; + } + ell += 1; + } + } + + // process starting at level ell, up to root + self.process(ell, true); + + // + self.trim_hashval(); + + if hashval.iter().all(|&x| x == 0) { + hashval.copy_from_slice(&self.hashval); + } + + self.compute_hex_hashval(); + + self.finalized = true; + } +} + +const fn get_round_constants(w: usize) -> &'static [Md6Word] { + if w == 64 { + &[ + 0x7311c2812425cfa0, + 0x6432286434aac8e7, + 0xb60450e9ef68b7c1, + 0xe8fb23908d9f06f1, + 0xdd2e76cba691e5bf, + 0x0cd0d63b2c30bc41, + 0x1f8ccf6823058f8a, + 0x54e5ed5b88e3775d, + 0x4ad12aae0a6d6031, + 0x3e7f16bb88222e0d, + 0x8af8671d3fb50c2c, + 0x995ad1178bd25c31, + 0xc878c1dd04c4b633, + 0x3b72066c7a1552ac, + 0x0d6f3522631effcb, + ] + } else if w == 32 { + &[ + 0x7311c281, 0x2425cfa0, 0x64322864, 0x34aac8e7, 0xb60450e9, 0xef68b7c1, 0xe8fb2390, + 0x8d9f06f1, 0xdd2e76cb, 0xa691e5bf, 0x0cd0d63b, 0x2c30bc41, 0x1f8ccf68, 0x23058f8a, + 0x54e5ed5b, 0x88e3775d, 0x4ad12aae, 0x0a6d6031, 0x3e7f16bb, 0x88222e0d, 0x8af8671d, + 0x3fb50c2c, 0x995ad117, 0x8bd25c31, 0xc878c1dd, 0x04c4b633, 0x3b72066c, 0x7a1552ac, + 0x0d6f3522, 0x631effcb, + ] + } else if w == 16 { + &[ + 0x7311, 0xc281, 0x2425, 0xcfa0, 0x6432, 0x2864, 0x34aa, 0xc8e7, 0xb604, 0x50e9, 0xef68, + 0xb7c1, 0xe8fb, 0x2390, 0x8d9f, 0x06f1, 0xdd2e, 0x76cb, 0xa691, 0xe5bf, 0x0cd0, 0xd63b, + 0x2c30, 0xbc41, 0x1f8c, 0xcf68, 0x2305, 0x8f8a, 0x54e5, 0xed5b, 0x88e3, 0x775d, 0x4ad1, + 0x2aae, 0x0a6d, 0x6031, 0x3e7f, 0x16bb, 0x8822, 0x2e0d, 0x8af8, 0x671d, 0x3fb5, 0x0c2c, + 0x995a, 0xd117, 0x8bd2, 0x5c31, 0xc878, 0xc1dd, 0x04c4, 0xb633, 0x3b72, 0x066c, 0x7a15, + 0x52ac, 0x0d6f, 0x3522, 0x631e, 0xffcb, + ] + } else if W == 8 { + &[ + 0x73, 0x11, 0xc2, 0x81, 0x24, 0x25, 0xcf, 0xa0, 0x64, 0x32, 0x28, 0x64, 0x34, 0xaa, + 0xc8, 0xe7, 0xb6, 0x04, 0x50, 0xe9, 0xef, 0x68, 0xb7, 0xc1, 0xe8, 0xfb, 0x23, 0x90, + 0x8d, 0x9f, 0x06, 0xf1, 0xdd, 0x2e, 0x76, 0xcb, 0xa6, 0x91, 0xe5, 0xbf, 0x0c, 0xd0, + 0xd6, 0x3b, 0x2c, 0x30, 0xbc, 0x41, 0x1f, 0x8c, 0xcf, 0x68, 0x23, 0x05, 0x8f, 0x8a, + 0x54, 0xe5, 0xed, 0x5b, 0x88, 0xe3, 0x77, 0x5d, 0x4a, 0xd1, 0x2a, 0xae, 0x0a, 0x6d, + 0x60, 0x31, 0x3e, 0x7f, 0x16, 0xbb, 0x88, 0x22, 0x2e, 0x0d, 0x8a, 0xf8, 0x67, 0x1d, + 0x3f, 0xb5, 0x0c, 0x2c, 0x99, 0x5a, 0xd1, 0x17, 0x8b, 0xd2, 0x5c, 0x31, 0xc8, 0x78, + 0xc1, 0xdd, 0x04, 0xc4, 0xb6, 0x33, 0x3b, 0x72, 0x06, 0x6c, 0x7a, 0x15, 0x52, 0xac, + 0x0d, 0x6f, 0x35, 0x22, 0x63, 0x1e, 0xff, 0xcb, + ] + } else { + panic!("bad w") + } +} + +fn default_r(d: usize, keylen: usize) -> usize { + // Default number of rounds is forty plus floor(d/4) + let mut r = 40 + (d / 4); + + // unless keylen > 0, in which case it must be >= 80 as well + if keylen > 0 { + r = 80.max(r); + } + + r +} + +fn bytes_to_words(bytes: &[u8], output: &mut [u64]) -> usize { + let mut bytes_len = bytes.len(); + + assert!(bytes_len != 0, "input slice should not be null"); + + assert!( + core::mem::size_of_val(output) >= bytes_len, + "output slice is too small." + ); + + let words_to_write = if bytes_len % size_of::() != 0 { + bytes_len / size_of::() + 1 + } else { + bytes_len / size_of::() + }; + + for i in 0..words_to_write { + let mut word: u64 = 0; + for j in 0..core::cmp::min(size_of::(), bytes_len) { + word |= u64::from(bytes[i * size_of::() + j]) << (8 * (size_of::() - 1 - j)); + } + output[i] = word; + + if i != words_to_write - 1 { + bytes_len -= size_of::(); + } + } + + words_to_write +} + +fn words_to_bytes(words: &[u64], output: &mut [u8]) { + assert!( + output.len() == words.len() * 8, + "output slice is too small." + ); + + for (i, &word) in words.iter().enumerate() { + for shift in (0..8).rev() { + let byte = (word >> (shift * 8)) as u8; + output[i * 8 + (7 - shift)] = byte; + } + } +} + +#[cfg(feature = "zeroize")] +impl ZeroizeOnDrop for Md6VarCore {} diff --git a/md6/tests/mod.rs b/md6/tests/mod.rs new file mode 100644 index 00000000..50a13896 --- /dev/null +++ b/md6/tests/mod.rs @@ -0,0 +1,363 @@ +use digest::Digest; +use hex_literal::hex; + +// Test vectors from https://github.com/Snack-X/md6/blob/master/test/result.csv + +#[test] +fn test_md6_64() { + const TEST_VECTOR: &[(&[u8], &[u8; 8])] = &[ + (b"a", &hex!("32d13030a6815e95")), + (b"aa", &hex!("af7966908a5d9c13")), + (b"aaa", &hex!("3d8a4ff7a21eb0c6")), + (b"aaaa", &hex!("5aafda0f42635bbe")), + (b"aaaaa", &hex!("c370f6eceefb2c04")), + (b"aaaaaa", &hex!("453f31fe99e3365d")), + (b"aaaaaaa", &hex!("9d52c725c926756b")), + (b"aaaaaaaa", &hex!("836d56b5756bd4d3")), + (b"aaaaaaaaa", &hex!("2d27ed075595d38f")), + (b"aaaaaaaaaa", &hex!("e31280f1a2fc2528")), + (b"0", &hex!("17d073d4d38b5400")), + (b"1", &hex!("870f87ac0bd00aee")), + (b"2", &hex!("0d70630287b9031a")), + (b"3", &hex!("f60aa0d9fa94116d")), + (b"4", &hex!("1e6b0691ef4d4705")), + (b"5", &hex!("6305b39e912c144b")), + (b"6", &hex!("b47486289e236138")), + (b"7", &hex!("dd018e6e7363124a")), + (b"8", &hex!("eb456a3ae7348bf8")), + (b"9", &hex!("15bc9eac62570fe7")), + (b"md6", &hex!("b2f36109e52bd99f")), + (b"md6 FTW", &hex!("47cda109418592ca")), + ]; + + for (msg, &expected_hash) in TEST_VECTOR.iter() { + let mut hasher = md6::Md6_64::new(); + hasher.update(msg); + let output = hasher.finalize(); + + assert!(output.to_vec() == expected_hash); + } +} + +#[test] +fn test_md6_128() { + const TEST_VECTOR: &[(&[u8], &[u8; 16])] = &[ + (b"a", &hex!("bb691c1bfa4b4345292eb35f364919ea")), + (b"aa", &hex!("19487e566f9ae2584d62628af2795f8c")), + (b"aaa", &hex!("319f1b026f76f9caf62320b4e2e79e29")), + (b"aaaa", &hex!("eb94dae524df4b84ba4a14115c3d0448")), + (b"aaaaa", &hex!("07d01330b8af7013284b9b339378aac1")), + (b"aaaaaa", &hex!("5638b2a1b7c5b66e963ea7744d1c9876")), + (b"aaaaaaa", &hex!("2ad627c7c0e089c28824a354841e9215")), + (b"aaaaaaaa", &hex!("1f7d2461fcfe705a7afadfabc9c95eb6")), + (b"aaaaaaaaa", &hex!("aa74a4962cdc8b3ae4bacf8995e9fa68")), + (b"aaaaaaaaaa", &hex!("623522019a5e40188a3b8956d44ea57d")), + (b"0", &hex!("7464cb2427a4b04bc0ca92653711e3a5")), + (b"1", &hex!("84a229d23cf5f380527c7dd9a887a384")), + (b"2", &hex!("44bf1a90a89c4bf3d6668e7886226127")), + (b"3", &hex!("cad8b9e548056c8ffd19cf469d1ac1ee")), + (b"4", &hex!("78746de94a7ff50fa11d22119a3d6545")), + (b"5", &hex!("ccc274bde4ebb8a38b6f19a8e0c022c0")), + (b"6", &hex!("b19533319a23aa00af9d143db6655041")), + (b"7", &hex!("3c049e4e57a5661b66c5235a07393bd1")), + (b"8", &hex!("ba73bb10cf0fee5758f3f8b37cd9fdd4")), + (b"9", &hex!("cc5f60133f81e505343174fa672d9f96")), + (b"md6", &hex!("98b4a2b7363159f810a60432df277b7c")), + (b"md6 FTW", &hex!("e866b430fa07b5bea28981db1f9b24a6")), + ]; + + for (msg, &expected_hash) in TEST_VECTOR.iter() { + let mut hasher = md6::Md6_128::new(); + hasher.update(msg); + let output = hasher.finalize(); + + assert!(output.to_vec() == expected_hash); + } +} + +#[test] +fn test_md6_224() { + const TEST_VECTOR: &[(&[u8], &[u8; 28])] = &[ + ( + b"a", + &hex!("05de8792a96e024c806eb815f9f30053cf9f1b50661047a4934121b7"), + ), + ( + b"aa", + &hex!("a03a918a4d15e30c70b64a46374d8f3d97ac46bcd70176cc47fc6864"), + ), + ( + b"aaa", + &hex!("bb30c438e8aad6ba79c826542087a82e8d0d233c50c945a2071abb25"), + ), + ( + b"aaaa", + &hex!("bd4ecd894231f31df590f9e819600e363352b683b0acf0c84f69ede4"), + ), + ( + b"aaaaa", + &hex!("3a01ad0af963adefdff3d4f19b18fc409dbc371f52183125ea35409a"), + ), + ( + b"aaaaaa", + &hex!("b25d4fef8fef6de11074578de58c79da670dbfe2384c31e75b467be8"), + ), + ( + b"aaaaaaa", + &hex!("972c4efe175501a60a5ae668969317006640c8a79af596b6388f80c9"), + ), + ( + b"aaaaaaaa", + &hex!("d51f874f6ecc64526baf3d9acf1fdaaf25e5d7b0dd7a046cc5362a2d"), + ), + ( + b"aaaaaaaaa", + &hex!("a9713653a744b7198ac66744488de95b67ed4f97a0eff17dc5b9f0ad"), + ), + ( + b"aaaaaaaaaa", + &hex!("5672369481389de3fc4e5a678b071d328f2ff400b22c2aa226e72035"), + ), + ( + b"0", + &hex!("61ac9c7608a733ae06b37ebd729dbd2395e08aa3e08c2e645f996e0c"), + ), + ( + b"1", + &hex!("cbed1f15034d1a64e8ac4e4b61b20a1af88ce6b5975a66a31854f4b5"), + ), + ( + b"2", + &hex!("94efb1ddb684213949647ed2b7fc7cfed3c39bb7e6e7a206ce96a12d"), + ), + ( + b"3", + &hex!("74b69557a1caad60a0ff05605482c7683437a8cd84644b0ab511d629"), + ), + ( + b"4", + &hex!("8986a064f4fc94675f32f278984a472d70898267063eae0efb46b5aa"), + ), + ( + b"5", + &hex!("f42f6a4e12109d78a4fb1d701ea9447be6263bbdc7270c6da10fb78e"), + ), + ( + b"6", + &hex!("55bfa088f6d6f63579a6e79ea9b5a17101d46821ce7624b03aeed66d"), + ), + ( + b"7", + &hex!("48e4bbdb81eafab004a3067591765f75e10b835b04797912ce4ac6c9"), + ), + ( + b"8", + &hex!("4c690ad845a62e6c6f765cb58b5707f19d01af419c122b0118c8223c"), + ), + ( + b"9", + &hex!("a2ac8d05145172d6450806d84065211d14c712f3995dfbfbd05924a4"), + ), + ( + b"md6", + &hex!("577f5287cf2d8e515d5f22fefb730ba4e8e0607fc7705c5b123036cc"), + ), + ( + b"md6 FTW", + &hex!("7952f429ebbe134d302939817eff92e099b16273a2c3b0741614d8ad"), + ), + ]; + + for (msg, &expected_hash) in TEST_VECTOR.iter() { + let mut hasher = md6::Md6_224::new(); + hasher.update(msg); + let output = hasher.finalize(); + + assert!(output.to_vec() == expected_hash); + } +} + +#[test] +fn test_md6_256() { + const TEST_VECTOR: &[(&[u8], &[u8; 32])] = &[ + ( + b"a", + &hex!("2b0a697a081c21269514640aab4d74ffafeb3c0212df68ce92922087c69b0a77"), + ), + ( + b"aa", + &hex!("dc62c2f369d0d0a8de1d3239e312e12ac8c92d77d64262eb1fc209f8a2aaa48a"), + ), + ( + b"aaa", + &hex!("84610026b18ef3019a73be33f9b084194ce6ef4cd7348ae5a390b2d20d3b45fe"), + ), + ( + b"aaaa", + &hex!("28c490c3d4b0ad1809f59160b522ccd99c5a7565499b53af94bc311b3581a9f6"), + ), + ( + b"aaaaa", + &hex!("40f8bab5ef49065851f602e062b7fa819497ea9e1aa9419ba70b3730f108d42f"), + ), + ( + b"aaaaaa", + &hex!("ff01d77b95f1aa6dafa4813c75d5ba2900cbe399505097f9c4fb1d1e9b0a1ba0"), + ), + ( + b"aaaaaaa", + &hex!("0107532d1a2c5028124135df7783c5177bc520d622c5bac3001e2c2e90011741"), + ), + ( + b"aaaaaaaa", + &hex!("44e7e33cf46bc248a0476332f6d24c59252412d8db037470142eb66f1afdae11"), + ), + ( + b"aaaaaaaaa", + &hex!("261ac535cae8a76b2e70c2b6f24e3fe5acf32f3d5db5662c8f933c90f84cfed1"), + ), + ( + b"aaaaaaaaaa", + &hex!("3c74f2b9d89cf806cf0b529773ef09b8ed0b393afe166fa759f53d2cb6dfb40b"), + ), + ( + b"0", + &hex!("d979642b9060ce2dc24183bf3ac6d9ae4b54f144d3af24935e9b8bc907a72b4e"), + ), + ( + b"1", + &hex!("7fe3b063c891feb631ed0988895cfaf8a90fcb5a7d43c25f9dd1e1c21f896711"), + ), + ( + b"2", + &hex!("1595783f79211f1d954c181f3573025020f9495f5763934ee25954ee7c2a83cc"), + ), + ( + b"3", + &hex!("edae30bbeb946b55333732d7c5ad872da6ece3ba28cece17d14c2302b4f98a51"), + ), + ( + b"4", + &hex!("8a1cb9446a2791e600879d214e50ab9f255c763f02043df556f3aad6e41d2b41"), + ), + ( + b"5", + &hex!("632a4ef13a940fec5c41cadd550dcd41d491024da37cfc686cea53026a39c2e7"), + ), + ( + b"6", + &hex!("bfed808c85097bd8bd45fe1b0223eb3a15c013af38c4a09a2e81f5eb2c2f6d43"), + ), + ( + b"7", + &hex!("662e1312173e2bf826439e234367ceaab3b0d98af400907742ea2c01fec70d2a"), + ), + ( + b"8", + &hex!("3edd4058e60c3e85c56341aaf8d037e3f3e5ff9233d17a66880616f3151de9ad"), + ), + ( + b"9", + &hex!("6c9f735d57a9b12493b5c5c0ec9733b459f13e7e996edd090dda164ebfe43d54"), + ), + ( + b"md6", + &hex!("cbe8da56ff91be9bc299ed4c1da6159f9a41ab380f565db0a5ef08895aed4f7d"), + ), + ( + b"md6 FTW", + &hex!("7bfaa624f661a683be2a3b2007493006a30a7845ee1670e499927861a8e74cce"), + ), + ]; + + for (msg, &expected_hash) in TEST_VECTOR.iter() { + let mut hasher = md6::Md6_256::new(); + hasher.update(msg); + let output = hasher.finalize(); + + assert!(output.to_vec() == expected_hash); + } +} + +#[test] +fn test_md6_384() { + const TEST_VECTOR: &[(&[u8], &[u8; 48])] = &[ + (b"a", &hex!("a40c8d059495a278fadd30b96e3b2227758090c759b934197265bf632cabf8547a7429e5316d496c2a1ddae8d27e87ee")), + (b"aa", &hex!("330547441b6518e7693ea01bfc55158bcfc084853fa1960a9e8999f98b57cea7d8b0564bf192b6ab1eb7638939dc9bbf")), + (b"aaa", &hex!("f43bb4e108ec31e0cf8ded506f79373e69cddcd8c7c46298f1bd475401132e4c255c08e378c9db988f0de97131cbe36c")), + (b"aaaa", &hex!("b848065d437013c8fda2493bbf240587ef5fd82a178416613e5c0077541c1ca33f205e58d49387d4d9e3cd62d2d104f6")), + (b"aaaaa", &hex!("20ba7998f75c67dd1371cec629e0606739514cdfb32a17b94fa8ad4c4ec7a06a09821c93a16c863ff7ff72631b5ad02b")), + (b"aaaaaa", &hex!("4930a7f1d619e219a12ca118f1a2f6dd9b23b32b366014b5d14976a927d4252e89d927b7c1d1e796aec3d2f3fd294287")), + (b"aaaaaaa", &hex!("cf15b1b738f91476f2a139dda60e59f5e7422d7e99cb35d9bbb96f85c52a8e6542d4b08070c0855474946d86cc99fba3")), + (b"aaaaaaaa", &hex!("7f9dba3ca2c4442eefd377877b168a2283576abd157c87cda401aa86c484669aa17326fe1e4a50dcca8cbe5bb5a0e947")), + (b"aaaaaaaaa", &hex!("067d6be27eef07c654254a62275daa41630b9fd5d074badb2d16f0cf5e9621026ef0506649efebcf3a18bdf2b6a17a3a")), + (b"aaaaaaaaaa", &hex!("f1fc124cbfa55170d508a26bdad017978bac8be6899f1a99f420c94bd1ef8d5547bf36488e8824215cf5da878041cf76")), + (b"0", &hex!("9a97b926552bb7bc61015e43e9430e3c49a76724c6d6e0b31c14f9c5bb4c7dbf78d5c583401976da7139819dc16c5934")), + (b"1", &hex!("103644563cda42ea432d325fed2b0977f0d767f475b4794322916b7d82b24308c11389a6fe2acf6cade70ddf990da337")), + (b"2", &hex!("dcfdb3807231f3c5d0da945e0cc83f1d2368479f059c46841b112796bca717b4acce887877062e60f3af0276a43eb13d")), + (b"3", &hex!("37e21bffcc21b6de5d3bbae971d9e889670e9c77ad8f42558caea4e59fea1efb7b3392ca53a294b862b04893cdf0a4f6")), + (b"4", &hex!("aaf0b2fd043fc3f2e247f02ab1618b1450db799174bf6fae883822b7cf145d7080c5b70899c10ebb7a4221c9ab36070b")), + (b"5", &hex!("4d59a67f4c321eb971d7bd26a0c8e3ff7a023bb7c15097aa9b13a94fce91b24cf82ce09acac63f63f1da708ecfe49427")), + (b"6", &hex!("36886709330eae549c25558ac0d4ae2b7082261e76d33d589379d3ada613eb31943bf8dda1e92fbc7001fa6f407b025e")), + (b"7", &hex!("9124c888a99743a90daa8a3032014c6542f0e4ed949e950e3a2ff4945ae9f7c648dc6bf712a5556edaed50e7dc299007")), + (b"8", &hex!("41b469911cebb00f5ab173e5238fe4e6aa1737f21159f550913b7b30c99d8c2c1ecd2c431f0baa992eccc5a9cfddf782")), + (b"9", &hex!("9211ce0b1ae366def2d9337c34e4b1ea75ac93efab88c273ce691ed7d20da8d0bd8cbd8d2341e7a619705fcb4eeda311")), + (b"md6", &hex!("1aa5bb36a472fdb3d19ae8b3aa84773ab9a8e7e13d0fde914488bba066d64d5309155ea5b7a3b33b4d9d6855fa9050b1")), + (b"md6 FTW", &hex!("7a4e8ecd1035ccdf00567595c15aa5a382fef2b6a4ec4bc609e0c655887b1c05e10eee223dd6c0ba5fa4a46159c70757")), + ]; + + for (msg, &expected_hash) in TEST_VECTOR.iter() { + let mut hasher = md6::Md6_384::new(); + hasher.update(msg); + let output = hasher.finalize(); + + assert!(output.to_vec() == expected_hash); + } +} + +#[test] +fn test_md6_512() { + const TEST_VECTOR: &[(&[u8], &[u8; 64])] = &[ + (b"a", &hex!("c0e4e18acb69cd1a7e5a20981fe6cc6f7b5b70e814d3a13b05ac292aba74c0d8c9d34c211414e7ab755a9559c27211cd749fc3eb09ae670e138881743b8d5051")), + (b"aa", &hex!("2afa253b05702770343e5c46e9d47231812a741d7bba479539a3c5484a412ea419f0d0ca96e124ba92e4ca506ca12684579323051d9d52fe5a669d079a226683")), + (b"aaa", &hex!("56b0131875d458f6d30ed1c594991df1efa8d6cae0c8abb36a9b811df23ac476c58e36d9adbe845e840d3de9175a8ceda11235144c3222587af108b902ce0fc5")), + (b"aaaa", &hex!("26a0bbf7df198fef1aa1945ebb91e7a9436e0892f4cdd5ee18e8dfe533f45da50c36debe4d98d0eae21925403e0d37603ea67f136b3076a1e053421052971480")), + (b"aaaaa", &hex!("86da00c33edf5d1daff144312af7e1a37f6441fc9905feb8caf4023fb6b34951464dc276a29925e3ad796cbdb7a09febd7d985c21702cc1b1c849e604de6580b")), + (b"aaaaaa", &hex!("7e67f0540f2afd27a17ff7a8be74039b79ff060a69b6f8fb98e3afc8e0a828fffb35aff2f3e20569933ef7c418fb3a8d7cfc7c17f3360a6ecca2a800c6657592")), + (b"aaaaaaa", &hex!("08d8eb85e5fe6b8e0f81841e9373de9ed18f14e911506a81cbd4e388535632edc425c88c1acbaefd61e98ea59fcda024acf662f79791acb3d15e935aa482dfef")), + (b"aaaaaaaa", &hex!("2db495253418869d64c3be65f304f0f73f87da659d1aa3ad457fa437e9370bf24f88b5c28c3c0dd4e67b351499ea380b60cb0010ffd28ac2449d5361925c8ce7")), + (b"aaaaaaaaa", &hex!("6d12438e615b0c1171678d262ba429a6ee58a87e24eb7b2fa0d5bec70bba1ea2e43acef122b1ca5de1a414153b0a12d795abed88cf3e88f26bf59a3222b04b99")), + (b"aaaaaaaaaa", &hex!("c4451dcd12d3847e1f2408ed3c9cc2f79a179ddf5a0a9246b68adcf918bbcea67f6c8721cc226599d587313895b8a8d53881061014b6444f3d3464b03602ecc2")), + (b"0", &hex!("057e1c40468ab5661defdbcd3bf671d398116373db2e7ab0adc6b0871d603eda39cf7255361ca456543157fbe09847b501586d701d53564fab651bd2f49dcda4")), + (b"1", &hex!("0f19bc75955c2e405620d5a69d3ce7078c11c3805523cbd5ff834704af67d40c65e9f011fdd3723fea365eb6fa744b981fc9cd53928edae43eaa942158a649d5")), + (b"2", &hex!("5f68d3c677d9cde81417f92889287e94141ff212080b1bb8d4485b01061dc0bccd8eed96fe728ea5ff3596201225337ebbf06ae6cf6162290843dfd226f7d647")), + (b"3", &hex!("f4243d7945b667900c78b894d83a343b2e8865ff62cef11e51a20472600df8a17a026d3ce09cb85925540a1515b34210bdd8eed76b8fe37f35cdc5350bb7bd19")), + (b"4", &hex!("8a1b250daf9fc0b2b5878504991b8950ed7c621e0b9163fbcb5f34b363f22fd6be96ed4a9c5aacbc9d6e30de4e97090a5758f89b6ae61b45658b2f79ec26fc51")), + (b"5", &hex!("ad6fa2a0f8e35189d5d070559124bd6cbb1170969356165dfda720b4ded83fd14ee8d81a2ef30d918ebcfc01d668950ba681bedcc3e1180b76c06a55e9a11497")), + (b"6", &hex!("2e2bb4d681f61821c6c470064b83b924cf691de74ed05bd8610cef5397d7e2c4aeda1930446f306dece4bbefe4fc87168d7a15ab80c890672b676a532739bc67")), + (b"7", &hex!("adb9009ae9abf8444d45a62b7adafcaef48c6ee7c48fa65d206d7a58ac3a5993e2eb81120d45338b9f9aa1b100365e2a98cd59fd7062783e5d23088b562176c3")), + (b"8", &hex!("516315942af5bbd028a533420a6496b77ca707a0b5dd0b473359d9bb74bdd00a59987a881c774a59dd2c62f1759f570713b881a622a70894ff319881e07cfd34")), + (b"9", &hex!("b98f4b7c5cecda77117180a38be5bda00bf72b7e4106c0d00137d269a0d48eb571004a8069f25fab4c2b4b16ab118af881eb904f9f32331dc726c1a404489604")), + (b"md6", &hex!("e94595891b2b3e2b2e3ae6943c17a34703c4230296f12f1689264e46518e0e1b0106996387ad6d8ec9b9c86e54301a71e6f4dab6e7369db4e503daae64f2e0a1")), + (b"md6 FTW", &hex!("75df3b6031e8241ef59d01628b093b05906f1a2d80c43908cb2883f7db6fbdd1cadffd7d643505c20b9529b6a5d19f8b6ff1623cabbc14a606caa7bcb239611a")), + ]; + + for (msg, &expected_hash) in TEST_VECTOR.iter() { + let mut hasher = md6::Md6_512::new(); + hasher.update(msg); + let output = hasher.finalize(); + + assert!(output.to_vec() == expected_hash); + } +} + +#[test] +fn test_md6_var() { + use md6::{Update, VariableOutput}; + + let mut hasher = md6::Md6Var::new(12).unwrap(); + hasher.update(b"hello rust"); + let mut buf = [0u8; 12]; + hasher.finalize_variable(&mut buf).unwrap(); + assert_eq!(buf, hex!("9c5b8d9744898ec981bcc573")); +}