Skip to content

Commit

Permalink
sha1: implement collision detection and mitigation (RustCrypto#566)
Browse files Browse the repository at this point in the history
This implements sha1 collision detection, including rehashing for mitigation.
As the code is 1-1 based on the version that git uses, the mitigation
hashes should match as well.

## Limitations

Can only be used with the pure software implementation, asfaiu. The
reason for this is, that the algorithm needs access to all intermediary
states, and so processing 4 rounds at once through the intrinsics will
screw things up.
For that reason I have made it it's own implementation, instead of
adapting the existing `compress` implementations.

It might be possible to add support for the "simpler" assembly
implementations that do round for round processing, but I think this
could be a follow up in the future, if this is too slow for these
platforms.


## Prior art 

- Paper: https://marc-stevens.nl/research/papers/C13-S.pdf
- C reference implementation: https://github.com/cr-marcstevens/sha1collisiondetection
- C2Rust translation: https://gitlab.com/sequoia-pgp/sha1collisiondetection/
  • Loading branch information
dignifiedquire authored Mar 27, 2024
1 parent c30e701 commit e766aec
Show file tree
Hide file tree
Showing 21 changed files with 3,162 additions and 25 deletions.
155 changes: 155 additions & 0 deletions .github/workflows/sha1-checked.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
name: sha1-checked

on:
pull_request:
paths:
- ".github/workflows/sha1-checked.yml"
- "sha1-checked/**"
- "Cargo.*"
push:
branches: master

defaults:
run:
working-directory: sha1-checked

env:
RUSTFLAGS: "-Dwarnings"
CARGO_INCREMENTAL: 0

jobs:
set-msrv:
uses: RustCrypto/actions/.github/workflows/set-msrv.yml@master
with:
msrv: 1.72.0

# Builds for no_std platforms
build:
needs: set-msrv
runs-on: ubuntu-latest
strategy:
matrix:
rust:
- ${{needs.set-msrv.outputs.msrv}}
- stable
target:
- thumbv7em-none-eabi
- wasm32-unknown-unknown
- loongarch64-unknown-linux-gnu
steps:
- uses: actions/checkout@v4
- uses: RustCrypto/actions/cargo-cache@master
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
targets: ${{ matrix.target }}
- uses: RustCrypto/actions/cargo-hack-install@master
- run: cargo hack build --target ${{ matrix.target }} --each-feature --exclude-features default,std

minimal-versions:
uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
with:
working-directory: ${{ github.workflow }}

# Linux tests
linux:
needs: set-msrv
strategy:
matrix:
include:
# 32-bit Linux/x86
#- target: i686-unknown-linux-gnu
# rust: ${{needs.set-msrv.outputs.msrv}}
# deps: sudo apt update && sudo apt install gcc-multilib
#- target: i686-unknown-linux-gnu
# rust: stable
# deps: sudo apt update && sudo apt install gcc-multilib

# 64-bit Linux/x86_64
- target: x86_64-unknown-linux-gnu
rust: ${{needs.set-msrv.outputs.msrv}}
- target: x86_64-unknown-linux-gnu
rust: stable

runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: RustCrypto/actions/cargo-cache@master
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
targets: ${{ matrix.target }}
- uses: RustCrypto/actions/cargo-hack-install@master
- run: ${{ matrix.deps }}
- run: cargo hack test --feature-powerset

# macOS tests
macos:
needs: set-msrv
strategy:
matrix:
rust:
- ${{needs.set-msrv.outputs.msrv}}
- stable

runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: RustCrypto/actions/cargo-cache@master
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
targets: x86_64-apple-darwin
- run: cargo test --no-default-features
- run: cargo test
- run: cargo test --all-features

# Windows tests
windows:
needs: set-msrv
strategy:
matrix:
include:
# 64-bit Windows (GNU)
- target: x86_64-pc-windows-gnu
toolchain: ${{needs.set-msrv.outputs.msrv}}
- target: x86_64-pc-windows-gnu
toolchain: stable

runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- uses: RustCrypto/actions/cargo-cache@master
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.toolchain }}
targets: ${{ matrix.target }}
- uses: msys2/setup-msys2@v2
- run: cargo test --target ${{ matrix.target }}

# Cross-compiled tests
cross:
strategy:
matrix:
rust:
- 1.72.0
- stable
target:
- aarch64-unknown-linux-gnu
- powerpc-unknown-linux-gnu
features:
- default

runs-on: ubuntu-latest
defaults:
run:
# Cross mounts only current package, i.e. by default it ignores workspace's Cargo.toml
working-directory: .
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/cross-tests
with:
rust: ${{ matrix.rust }}
package: ${{ github.workflow }}
target: ${{ matrix.target }}
features: ${{ matrix.features }}
Loading

0 comments on commit e766aec

Please sign in to comment.