digest: add Mac::verify_reset and Mac::verify_slice_reset methods (#1154

)
RustCrypto · Nov 17, 2022 · a9ef4f6 · a9ef4f6
1 parent f6ebf83
commit a9ef4f6
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 42 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/digest/CHANGELOG.md b/digest/CHANGELOG.md
@@ -5,9 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.10.6 (2022-11-17)
+### Added
+- `Mac::verify_reset` and `Mac::verify_slice_reset` methods ([#1154])
+
+[#1154]: https://github.com/RustCrypto/traits/pull/1154
+
 ## 0.10.5 (2022-09-16)
 ### Fixed 
-- MSRV build. ([#1117])
+- MSRV build ([#1117])
 
 [#1117]: https://github.com/RustCrypto/traits/pull/1117
 

diff --git a/digest/Cargo.toml b/digest/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "digest"
-description = "Traits for cryptographic hash functions"
-version = "0.10.5"
+description = "Traits for cryptographic hash functions and message authentication codes"
+version = "0.10.6"
 authors = ["RustCrypto Developers"]
 license = "MIT OR Apache-2.0"
 readme = "README.md"

diff --git a/digest/src/mac.rs b/digest/src/mac.rs
@@ -59,13 +59,28 @@ pub trait Mac: OutputSizeUser + Sized {
     /// Check if tag/code value is correct for the processed input.
     fn verify(self, tag: &Output<Self>) -> Result<(), MacError>;
 
+    /// Check if tag/code value is correct for the processed input and reset
+    /// [`Mac`] instance.
+    fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset;
+
     /// Check truncated tag correctness using all bytes
     /// of calculated tag.
     ///
     /// Returns `Error` if `tag` is not valid or not equal in length
     /// to MAC's output.
     fn verify_slice(self, tag: &[u8]) -> Result<(), MacError>;
 
+    /// Check truncated tag correctness using all bytes
+    /// of calculated tag and reset [`Mac`] instance.
+    ///
+    /// Returns `Error` if `tag` is not valid or not equal in length
+    /// to MAC's output.
+    fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset;
+
     /// Check truncated tag correctness using left side bytes
     /// (i.e. `tag[..n]`) of calculated tag.
     ///
@@ -137,6 +152,18 @@ impl<T: Update + FixedOutput + MacMarker> Mac for T {
         }
     }
 
+    #[inline]
+    fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset,
+    {
+        if self.finalize_reset() == tag.into() {
+            Ok(())
+        } else {
+            Err(MacError)
+        }
+    }
+
     #[inline]
     fn verify_slice(self, tag: &[u8]) -> Result<(), MacError> {
         let n = tag.len();
@@ -151,6 +178,23 @@ impl<T: Update + FixedOutput + MacMarker> Mac for T {
         }
     }
 
+    #[inline]
+    fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset,
+    {
+        let n = tag.len();
+        if n != Self::OutputSize::USIZE {
+            return Err(MacError);
+        }
+        let choice = self.finalize_fixed_reset().ct_eq(tag);
+        if choice.into() {
+            Ok(())
+        } else {
+            Err(MacError)
+        }
+    }
+
     fn verify_truncated_left(self, tag: &[u8]) -> Result<(), MacError> {
         let n = tag.len();
         if n == 0 || n > Self::OutputSize::USIZE {