feat(hmac): add implementation for hmac-sha512 (#74)

NishantJoshi00 · hyperswitch-bot[bot] · web-flow · commit e3eea9a32f81 · 2024-02-06T19:26:42.000+05:30
Co-authored-by: hyperswitch-bot[bot] &lt;148525504+hyperswitch-bot[bot]@users.noreply.github.com&gt;
diff --git a/Cargo.toml b/Cargo.toml
@@ -92,3 +92,8 @@ harness = false
 [[bench]]
 name = "encryption"
 harness = false
+
+
+[[bench]]
+name = "hashing"
+harness = false
diff --git a/benches/hashing.rs b/benches/hashing.rs
@@ -0,0 +1,57 @@
+#![allow(clippy::expect_used)]
+#![allow(clippy::missing_panics_doc)]
+
+use criterion::{black_box, criterion_group, criterion_main, Criterion};
+use tartarus::crypto::{sha::HmacSha512, Encode};
+
+const ITERATION: u32 = 14;
+
+criterion_main!(benches);
+criterion_group!(benches, criterion_hmac_sha512);
+
+macro_rules! const_iter {
+    ($algo:ident, $body:block, $key:ident, $($ty:expr),*) => {
+        $(
+            let $algo = $ty($key.clone());
+            $body
+        )*
+    };
+}
+
+pub fn criterion_hmac_sha512(c: &mut Criterion) {
+    let key: masking::Secret<_> = (0..1000)
+        .map(|_| rand::random::<u8>())
+        .collect::<Vec<_>>()
+        .into();
+
+    const_iter!(
+        algo,
+        {
+            let mut group = c.benchmark_group(format!("{}", algo));
+            (1..ITERATION).for_each(|po| {
+                let max: u64 = (2_u64).pow(po);
+                let value = (0..max).map(|_| rand::random::<u8>()).collect::<Vec<_>>();
+                let hashed = algo.encode(value.clone()).expect("Failed while hashing");
+                group.throughput(criterion::Throughput::Bytes(max));
+                group.bench_with_input(
+                    criterion::BenchmarkId::from_parameter(format!("{}", max)),
+                    &value,
+                    |b, value| {
+                        b.iter(|| {
+                            black_box(
+                                algo.encode(black_box(value.clone()))
+                                    .expect("Failed while hashing")
+                                    == hashed,
+                            )
+                        })
+                    },
+                );
+            })
+        },
+        key,
+        HmacSha512::<1>::new,
+        HmacSha512::<10>::new,
+        HmacSha512::<100>::new,
+        HmacSha512::<1000>::new
+    );
+}
diff --git a/src/crypto/sha.rs b/src/crypto/sha.rs
@@ -1,3 +1,6 @@
+use masking::PeekInterface;
+use ring::hmac;
+
 use crate::error;
 
 ///
@@ -13,3 +16,172 @@ impl super::Encode<Vec<u8>, Vec<u8>> for Sha512 {
         Ok(digest.as_ref().to_vec())
     }
 }
+
+///
+/// Type providing encoding functional to perform HMAC-SHA512 hashing
+///
+/// # Example
+///
+///```
+/// use tartarus::crypto::sha::HmacSha512;
+/// use tartarus::crypto::Encode;
+///
+/// let data = "Hello, World!";
+/// let key = "key";
+/// let algo = HmacSha512::<1>::new(key.as_bytes().to_vec().into());
+/// let hash = algo.encode(data.as_bytes().to_vec()).unwrap();
+///
+/// ```
+///
+/// This will not compile if `N` is less than or equal to 0.
+///
+/// ```compile_fail
+///
+/// use tartarus::crypto::sha::HmacSha512;
+/// use tartarus::crypto::Encode;
+///
+/// let key = "key";
+/// let algo = HmacSha512::<0>::new(key.as_bytes().to_vec().into());
+///
+///
+/// ```
+///
+///
+pub struct HmacSha512<const N: usize = 1>(masking::Secret<Vec<u8>>);
+
+impl<const N: usize> HmacSha512<N> {
+    pub fn new(key: masking::Secret<Vec<u8>>) -> Self {
+        #[allow(clippy::let_unit_value)]
+        let _ = <Self as AssertGt0>::VALID;
+
+        Self(key)
+    }
+}
+
+impl<const N: usize> std::fmt::Display for HmacSha512<N> {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "HmacSha512<{}>", N)
+    }
+}
+
+impl<const N: usize> super::Encode<Vec<u8>, Vec<u8>> for HmacSha512<N> {
+    type ReturnType<T> = Result<T, error::ContainerError<error::CryptoError>>;
+
+    fn encode(&self, input: Vec<u8>) -> Self::ReturnType<Vec<u8>> {
+        let key = hmac::Key::new(ring::hmac::HMAC_SHA512, self.0.peek());
+        let first = hmac::sign(&key, &input);
+
+        let signature = (0..=(N - 1)).fold(first, |input, _| hmac::sign(&key, input.as_ref()));
+
+        Ok(signature.as_ref().to_vec())
+    }
+}
+
+trait AssertGt0 {
+    const VALID: ();
+}
+
+impl<const N: usize> AssertGt0 for HmacSha512<N> {
+    const VALID: () = assert!(N > 0);
+}
+
+#[cfg(test)]
+mod tests {
+    #![allow(clippy::unwrap_used, clippy::expect_used)]
+    //!
+    //! Testing HMAC-SHA512 encoding consists of 3 variables.
+    //! 1. The input data
+    //! 2. The Key
+    //! 3. The `N` value
+    //!
+
+    use crate::crypto::Encode;
+
+    use super::*;
+
+    #[test]
+    fn test_input_data_equal() {
+        let data1 = "Hello, World!";
+        let data2 = "Hello, World!";
+        let key = "key";
+
+        let algo = HmacSha512::<1>::new(key.as_bytes().to_vec().into());
+
+        let hash1 = algo.encode(data1.as_bytes().to_vec()).unwrap();
+        let hash2 = algo.encode(data2.as_bytes().to_vec()).unwrap();
+
+        assert_eq!(hash1, hash2);
+    }
+
+    #[test]
+    fn test_input_data_not_equal() {
+        let data1 = "Hello, World!";
+        let data2 = "Hello, world";
+        let key = "key";
+
+        let algo = HmacSha512::<1>::new(key.as_bytes().to_vec().into());
+
+        let hash1 = algo.encode(data1.as_bytes().to_vec()).unwrap();
+        let hash2 = algo.encode(data2.as_bytes().to_vec()).unwrap();
+
+        assert_ne!(hash1, hash2);
+    }
+
+    #[test]
+    fn test_key_not_equal() {
+        let data = "Hello, World!";
+        let key1 = "key1";
+        let key2 = "key2";
+
+        let algo1 = HmacSha512::<1>::new(key1.as_bytes().to_vec().into());
+        let algo2 = HmacSha512::<1>::new(key2.as_bytes().to_vec().into());
+
+        let hash1 = algo1.encode(data.as_bytes().to_vec()).unwrap();
+        let hash2 = algo2.encode(data.as_bytes().to_vec()).unwrap();
+
+        assert_ne!(hash1, hash2);
+    }
+
+    #[test]
+    fn test_key_equal() {
+        let data = "Hello, World!";
+        let key1 = "key";
+        let key2 = "key";
+
+        let algo1 = HmacSha512::<1>::new(key1.as_bytes().to_vec().into());
+        let algo2 = HmacSha512::<1>::new(key2.as_bytes().to_vec().into());
+
+        let hash1 = algo1.encode(data.as_bytes().to_vec()).unwrap();
+        let hash2 = algo2.encode(data.as_bytes().to_vec()).unwrap();
+
+        assert_eq!(hash1, hash2);
+    }
+
+    #[test]
+    fn test_n_equal() {
+        let data = "Hello, World!";
+        let key = "key";
+
+        let algo1 = HmacSha512::<10>::new(key.as_bytes().to_vec().into());
+        let algo2 = HmacSha512::<10>::new(key.as_bytes().to_vec().into());
+
+        let hash1 = algo1.encode(data.as_bytes().to_vec()).unwrap();
+        let hash2 = algo2.encode(data.as_bytes().to_vec()).unwrap();
+
+        assert_eq!(hash1, hash2);
+    }
+
+    #[test]
+    fn test_n_not_equal() {
+        let data = "Hello, World!";
+        let key = "key";
+
+        let algo1 = HmacSha512::<10>::new(key.as_bytes().to_vec().into());
+        let algo2 = HmacSha512::<20>::new(key.as_bytes().to_vec().into());
+
+        let hash1 = algo1.encode(data.as_bytes().to_vec()).unwrap();
+        let hash2 = algo2.encode(data.as_bytes().to_vec()).unwrap();
+
+        assert_ne!(hash1, hash2);
+    }
+}
