forked from RustCrypto/hashes
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sha1: implement collision detection and mitigation (RustCrypto#566)
This implements sha1 collision detection, including rehashing for mitigation. As the code is 1-1 based on the version that git uses, the mitigation hashes should match as well. ## Limitations Can only be used with the pure software implementation, asfaiu. The reason for this is, that the algorithm needs access to all intermediary states, and so processing 4 rounds at once through the intrinsics will screw things up. For that reason I have made it it's own implementation, instead of adapting the existing `compress` implementations. It might be possible to add support for the "simpler" assembly implementations that do round for round processing, but I think this could be a follow up in the future, if this is too slow for these platforms. ## Prior art - Paper: https://marc-stevens.nl/research/papers/C13-S.pdf - C reference implementation: https://github.com/cr-marcstevens/sha1collisiondetection - C2Rust translation: https://gitlab.com/sequoia-pgp/sha1collisiondetection/
- Loading branch information
1 parent
c30e701
commit e766aec
Showing
21 changed files
with
3,162 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
name: sha1-checked | ||
|
||
on: | ||
pull_request: | ||
paths: | ||
- ".github/workflows/sha1-checked.yml" | ||
- "sha1-checked/**" | ||
- "Cargo.*" | ||
push: | ||
branches: master | ||
|
||
defaults: | ||
run: | ||
working-directory: sha1-checked | ||
|
||
env: | ||
RUSTFLAGS: "-Dwarnings" | ||
CARGO_INCREMENTAL: 0 | ||
|
||
jobs: | ||
set-msrv: | ||
uses: RustCrypto/actions/.github/workflows/set-msrv.yml@master | ||
with: | ||
msrv: 1.72.0 | ||
|
||
# Builds for no_std platforms | ||
build: | ||
needs: set-msrv | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
rust: | ||
- ${{needs.set-msrv.outputs.msrv}} | ||
- stable | ||
target: | ||
- thumbv7em-none-eabi | ||
- wasm32-unknown-unknown | ||
- loongarch64-unknown-linux-gnu | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: RustCrypto/actions/cargo-cache@master | ||
- uses: dtolnay/rust-toolchain@master | ||
with: | ||
toolchain: ${{ matrix.rust }} | ||
targets: ${{ matrix.target }} | ||
- uses: RustCrypto/actions/cargo-hack-install@master | ||
- run: cargo hack build --target ${{ matrix.target }} --each-feature --exclude-features default,std | ||
|
||
minimal-versions: | ||
uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master | ||
with: | ||
working-directory: ${{ github.workflow }} | ||
|
||
# Linux tests | ||
linux: | ||
needs: set-msrv | ||
strategy: | ||
matrix: | ||
include: | ||
# 32-bit Linux/x86 | ||
#- target: i686-unknown-linux-gnu | ||
# rust: ${{needs.set-msrv.outputs.msrv}} | ||
# deps: sudo apt update && sudo apt install gcc-multilib | ||
#- target: i686-unknown-linux-gnu | ||
# rust: stable | ||
# deps: sudo apt update && sudo apt install gcc-multilib | ||
|
||
# 64-bit Linux/x86_64 | ||
- target: x86_64-unknown-linux-gnu | ||
rust: ${{needs.set-msrv.outputs.msrv}} | ||
- target: x86_64-unknown-linux-gnu | ||
rust: stable | ||
|
||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: RustCrypto/actions/cargo-cache@master | ||
- uses: dtolnay/rust-toolchain@master | ||
with: | ||
toolchain: ${{ matrix.rust }} | ||
targets: ${{ matrix.target }} | ||
- uses: RustCrypto/actions/cargo-hack-install@master | ||
- run: ${{ matrix.deps }} | ||
- run: cargo hack test --feature-powerset | ||
|
||
# macOS tests | ||
macos: | ||
needs: set-msrv | ||
strategy: | ||
matrix: | ||
rust: | ||
- ${{needs.set-msrv.outputs.msrv}} | ||
- stable | ||
|
||
runs-on: macos-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: RustCrypto/actions/cargo-cache@master | ||
- uses: dtolnay/rust-toolchain@master | ||
with: | ||
toolchain: ${{ matrix.rust }} | ||
targets: x86_64-apple-darwin | ||
- run: cargo test --no-default-features | ||
- run: cargo test | ||
- run: cargo test --all-features | ||
|
||
# Windows tests | ||
windows: | ||
needs: set-msrv | ||
strategy: | ||
matrix: | ||
include: | ||
# 64-bit Windows (GNU) | ||
- target: x86_64-pc-windows-gnu | ||
toolchain: ${{needs.set-msrv.outputs.msrv}} | ||
- target: x86_64-pc-windows-gnu | ||
toolchain: stable | ||
|
||
runs-on: windows-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: RustCrypto/actions/cargo-cache@master | ||
- uses: dtolnay/rust-toolchain@master | ||
with: | ||
toolchain: ${{ matrix.toolchain }} | ||
targets: ${{ matrix.target }} | ||
- uses: msys2/setup-msys2@v2 | ||
- run: cargo test --target ${{ matrix.target }} | ||
|
||
# Cross-compiled tests | ||
cross: | ||
strategy: | ||
matrix: | ||
rust: | ||
- 1.72.0 | ||
- stable | ||
target: | ||
- aarch64-unknown-linux-gnu | ||
- powerpc-unknown-linux-gnu | ||
features: | ||
- default | ||
|
||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
# Cross mounts only current package, i.e. by default it ignores workspace's Cargo.toml | ||
working-directory: . | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: ./.github/actions/cross-tests | ||
with: | ||
rust: ${{ matrix.rust }} | ||
package: ${{ github.workflow }} | ||
target: ${{ matrix.target }} | ||
features: ${{ matrix.features }} |
Oops, something went wrong.