Fix hmac size block template issue (#82)

cheatfate · web-flow · commit a0b65f2a0dba · 2024-09-23T22:28:05.000+03:00
* Add one more check.

* Distribute hmacSizeBlock() to implementations, eliminate dependency on hashes for HMAC code.

* Bump nimble file version.
diff --git a/nimcrypto.nimble b/nimcrypto.nimble
@@ -1,6 +1,6 @@
 # Package
 
-version       = "0.6.0"
+version       = "0.6.1"
 author        = "Eugene Kabanov"
 description   = "Nim cryptographic library"
 license       = "MIT"
diff --git a/nimcrypto/blake2.nim b/nimcrypto/blake2.nim
@@ -283,6 +283,11 @@ template sizeBlock*(r: typedesc[blake2]): int =
   else:
     (128)
 
+template hmacSizeBlock*(r: typedesc[blake2]): int =
+  ## Size of processing block in octets (bytes), while perform HMAC[blake2]
+  ## operation.
+  r.sizeBlock
+
 proc init*[T: bchar](ctx: var Blake2Context, key: openArray[T]) {.inline.} =
   when ctx is Blake2sContext:
     when nimvm:
diff --git a/nimcrypto/hash.nim b/nimcrypto/hash.nim
@@ -66,9 +66,6 @@ else:
       ## Message digest type
       data*: array[bits div 8, byte]
 
-type
-  bchar* = byte | char
-
 proc `$`*(digest: MDigest): string =
   ## Return hexadecimal string representation of ``digest``.
   ##
diff --git a/nimcrypto/hmac.nim b/nimcrypto/hmac.nim
@@ -55,29 +55,7 @@
 ##    # 18AF7C8586141A47EAAD416C2B356431D001FAFF3B8C98C80AA108DC971B230D
 ##    # 18AF7C8586141A47EAAD416C2B356431D001FAFF3B8C98C80AA108DC971B230D
 ##    # 18AF7C8586141A47EAAD416C2B356431D001FAFF3B8C98C80AA108DC971B230D
-import utils
-import sha, sha2, ripemd, keccak, blake2, hash
-export sha, sha2, ripemd, keccak, blake2, hash
-
-template hmacSizeBlock*(h: typedesc): int =
-  mixin sizeBlock
-  when (h is Sha1Context) or (h is Sha2Context) or (h is RipemdContext) or
-       (h is Blake2Context):
-    int(h.sizeBlock)
-  elif h is KeccakContext:
-    when h.kind == Keccak or h.kind == Sha3:
-      when h.bits == 224:
-        144
-      elif h.bits == 256:
-        136
-      elif h.bits == 384:
-        104
-      elif h.bits == 512:
-        72
-      else:
-        {.fatal: "Choosen hash primitive is not yet supported!".}
-    else:
-      {.fatal: "Choosen hash primitive is not yet supported!".}
+import hash, utils
 
 type
   HMAC*[HashType] = object
@@ -136,6 +114,7 @@ proc init*[T](hmctx: var HMAC[T], key: ptr byte, keylen: uint) =
 proc clear*(hmctx: var HMAC) =
   ## Clear HMAC context ``hmctx``.
   when nimvm:
+    mixin clear
     hmctx.mdctx.clear()
     hmctx.opadctx.clear()
     for i in 0 ..< len(hmctx.ipad):
@@ -199,18 +178,21 @@ proc finish*[T: bchar](hmctx: var HMAC,
   ## ``data``. ``data`` length must be at least ``hmctx.sizeDigest`` octets
   ## (bytes).
   mixin update, finish
-  if len(data) >= int(hmctx.sizeDigest):
-    var buffer: array[hmctx.sizeDigest, byte]
-    discard finish(hmctx.mdctx, buffer)
-    hmctx.opadctx.update(buffer)
-    result = hmctx.opadctx.finish(data)
+  if len(data) < int(hmctx.sizeDigest):
+    return 0'u
+
+  var buffer: array[hmctx.sizeDigest, byte]
+  discard finish(hmctx.mdctx, buffer)
+  hmctx.opadctx.update(buffer)
+  hmctx.opadctx.finish(data)
+
 
 proc finish*(hmctx: var HMAC, pbytes: ptr byte, nbytes: uint): uint {.inline.} =
   ## Finalize HMAC context ``hmctx`` and store calculated digest to address
   ## pointed by ``pbytes`` of length ``nbytes``. ``pbytes`` must be able to
   ## hold at ``hmctx.sizeDigest`` octets (bytes).
   var ptrarr = cast[ptr UncheckedArray[byte]](pbytes)
-  result = hmctx.finish(ptrarr.toOpenArray(0, int(nbytes) - 1))
+  hmctx.finish(ptrarr.toOpenArray(0, int(nbytes) - 1))
 
 proc finish*(hmctx: var HMAC): MDigest[hmctx.HashType.bits] =
   ## Finalize HMAC context ``hmctx`` and return calculated digest as
@@ -270,5 +252,5 @@ proc hmac*(HashType: typedesc, key: ptr byte, klen: uint,
   ##    echo ripemd160.hmac(key, keylen, data, datalen)
   var keyarr = cast[ptr UncheckedArray[byte]](key)
   var dataarr = cast[ptr UncheckedArray[byte]](data)
-  result = hmac(HashType, keyarr.toOpenArray(0, int(klen) - 1),
-                dataarr.toOpenArray(0, int(ulen) - 1))
+  hmac(HashType, keyarr.toOpenArray(0, int(klen) - 1),
+       dataarr.toOpenArray(0, int(ulen) - 1))
diff --git a/nimcrypto/keccak.nim b/nimcrypto/keccak.nim
@@ -348,6 +348,20 @@ template sizeDigest*(r: typedesc[keccak | shake128 | shake256]): int =
 template sizeBlock*(r: typedesc[keccak | shake128 | shake256]): int =
   (200)
 
+template hmacSizeBlock*(r: typedesc[keccak]): int =
+  ## Size of processing block in octets (bytes), while perform HMAC[keccak]
+  ## operation.
+  when r.bits == 224:
+    144
+  elif r.bits == 256:
+    136
+  elif r.bits == 384:
+    104
+  elif r.bits == 512:
+    72
+  else:
+    {.fatal: "Choosen hash primitive is not supported!".}
+
 proc init*(ctx: var KeccakContext) {.inline.} =
   ctx = type(ctx)()
 
diff --git a/nimcrypto/ripemd.nim b/nimcrypto/ripemd.nim
@@ -658,6 +658,11 @@ template sizeDigest*(r: typedesc[ripemd]): int =
 template sizeBlock*(r: typedesc[ripemd]): int =
   (64)
 
+template hmacSizeBlock*(r: typedesc[ripemd]): int =
+  ## Size of processing block in octets (bytes), while perform HMAC[ripemd]
+  ## operation.
+  r.sizeBlock
+
 proc init*(ctx: var RipemdContext) {.inline.} =
   ctx.count[0] = 0
   ctx.count[1] = 0
diff --git a/nimcrypto/scrypt.nim b/nimcrypto/scrypt.nim
@@ -10,7 +10,7 @@
 ## This module implements
 ## The scrypt Password-Based Key Derivation Function
 ## https://tools.ietf.org/html/rfc7914
-import utils, hmac, pbkdf2
+import utils, sha2, hmac, pbkdf2
 export hmac
 
 proc salsaXor(tmp: var openArray[uint32],
diff --git a/nimcrypto/sha.nim b/nimcrypto/sha.nim
@@ -67,6 +67,11 @@ template sizeDigest*(r: typedesc[sha1]): int =
 template sizeBlock*(r: typedesc[sha1]): int =
   (512 div 8)
 
+template hmacSizeBlock*(r: typedesc[sha1]): int =
+  ## Size of processing block in octets (bytes), while perform HMAC[sha1]
+  ## operation.
+  r.sizeBlock
+
 proc init*(ctx: var Sha1Context) {.inline.} =
   ctx.size = 0'u64
   ctx.h[0] = 0x67452301'u32
diff --git a/nimcrypto/sha2.nim b/nimcrypto/sha2.nim
@@ -129,6 +129,11 @@ template sizeBlock*(r: typedesc[sha2]): int =
   else:
     (128)
 
+template hmacSizeBlock*(r: typedesc[sha2]): int =
+  ## Size of processing block in octets (bytes), while perform HMAC[sha2]
+  ## operation.
+  r.sizeBlock
+
 proc init*(ctx: var Sha2Context) {.inline.} =
   ctx.count[0] = 0
   ctx.count[1] = 0
diff --git a/nimcrypto/utils.nim b/nimcrypto/utils.nim
@@ -21,6 +21,8 @@ type
     SkipSpaces, ## Skips all the whitespace characters inside of string
     SkipPrefix  ## Skips `0x` and `x` prefixes at the begining of string
 
+  bchar* = byte | char
+
 template ROL*(x: uint32, n: int): uint32 =
   (x shl uint32(n and 0x1F)) or (x shr uint32(32 - (n and 0x1F)))
 
diff --git a/tests/testhmac.nim b/tests/testhmac.nim
@@ -1,6 +1,4 @@
-import nimcrypto/hmac, nimcrypto/hash, nimcrypto/utils
-import nimcrypto/sha2, nimcrypto/ripemd, nimcrypto/keccak
-import nimcrypto/sha
+import nimcrypto/[hmac, hash, utils, sha, sha2, ripemd, keccak]
 import unittest
 
 when defined(nimHasUsed): {.used.}
