Merge ee310314cd into 4ec3be8bfa

Cargo.toml

@@ -89,7 +89,7 @@ no_neon = []
 
 [package.metadata.docs.rs]
 # Document the rayon/mmap methods and the Serialize/Deserialize/Zeroize impls on docs.rs.
-features = ["mmap", "rayon", "serde", "zeroize"]
+features = ["mmap", "rayon", "serde", "zeroize", "rkyv"]
 
 [dependencies]
 arrayref = "0.3.5"
@@ -101,6 +101,7 @@ memmap2 = { version = "0.9", optional = true }
 rayon = { version = "1.2.1", optional = true }
 serde = { version = "1.0", default-features = false, features = ["derive"], optional = true }
 zeroize = { version = "1", default-features = false, features = ["zeroize_derive"], optional = true }
+rkyv = { version = "0.7", features = ["validation"], optional = true }
 
 [dev-dependencies]
 hmac = "0.12.0"

reference_impl/reference_impl.rs

@@ -78,23 +78,14 @@ fn compress(
     block_len: u32,
     flags: u32,
 ) -> [u32; 16] {
+    let counter_low = counter as u32;
+    let counter_high = (counter >> 32) as u32;
+    #[rustfmt::skip]
     let mut state = [
-        chaining_value[0],
-        chaining_value[1],
-        chaining_value[2],
-        chaining_value[3],
-        chaining_value[4],
-        chaining_value[5],
-        chaining_value[6],
-        chaining_value[7],
-        IV[0],
-        IV[1],
-        IV[2],
-        IV[3],
-        counter as u32,
-        (counter >> 32) as u32,
-        block_len,
-        flags,
+        chaining_value[0], chaining_value[1], chaining_value[2], chaining_value[3],
+        chaining_value[4], chaining_value[5], chaining_value[6], chaining_value[7],
+        IV[0],             IV[1],             IV[2],             IV[3],
+        counter_low,       counter_high,      block_len,         flags,
     ];
     let mut block = *block_words;
 

src/lib.rs

@@ -218,6 +218,11 @@ fn counter_high(counter: u64) -> u32 {
 /// [`FromStr`]: https://doc.rust-lang.org/std/str/trait.FromStr.html
 #[cfg_attr(feature = "zeroize", derive(zeroize::Zeroize))]
 #[cfg_attr(feature = "serde", derive(serde::Deserialize, serde::Serialize))]
+#[cfg_attr(
+    feature = "rkyv",
+    derive(rkyv::Archive, rkyv::Serialize, rkyv::Deserialize)
+)]
+#[cfg_attr(feature = "rkyv", archive(check_bytes))]
 #[derive(Clone, Copy, Hash)]
 pub struct Hash([u8; OUT_LEN]);
 
@@ -355,6 +360,45 @@ impl PartialEq<[u8]> for Hash {
 
 impl Eq for Hash {}
 
+#[cfg(feature = "rkyv")]
+/// This implementation is constant-time.
+impl PartialEq for ArchivedHash {
+    #[inline]
+    fn eq(&self, other: &ArchivedHash) -> bool {
+        constant_time_eq::constant_time_eq_32(&self.0, &other.0)
+    }
+}
+
+#[cfg(feature = "rkyv")]
+/// This implementation is constant-time.
+impl PartialEq<[u8; OUT_LEN]> for ArchivedHash {
+    #[inline]
+    fn eq(&self, other: &[u8; OUT_LEN]) -> bool {
+        constant_time_eq::constant_time_eq_32(&self.0, other)
+    }
+}
+
+#[cfg(feature = "rkyv")]
+/// This implementation is constant-time if the target is 32 bytes long.
+impl PartialEq<[u8]> for ArchivedHash {
+    #[inline]
+    fn eq(&self, other: &[u8]) -> bool {
+        constant_time_eq::constant_time_eq(&self.0, other)
+    }
+}
+
+#[cfg(feature = "rkyv")]
+/// This implementation is constant-time if the target is 32 bytes long.
+impl PartialEq<Hash> for ArchivedHash {
+    #[inline]
+    fn eq(&self, other: &Hash) -> bool {
+        constant_time_eq::constant_time_eq(&self.0, &other.0)
+    }
+}
+
+#[cfg(feature = "rkyv")]
+impl Eq for ArchivedHash {}
+
 impl fmt::Display for Hash {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         // Formatting field as `&str` to reduce code size since the `Debug`