initial work on prf

pop-mpc-core/Cargo.toml

@@ -11,12 +11,12 @@ garble = ["regex"]
 ot = []
 ss = ["elliptic-curve", "p256", "paillier", "curv"]
 proto = ["prost", "prost-build"]
-prf = []
+prf = ["hmac", "digest"]
 
 [dependencies]
 aes = { version = "0.7.5", features = [] }
 cipher = "0.3"
-sha2 = { version = "0.10.1" }
+sha2 = { version = "0.10.1", features = ["compress"] }
 rand = "0.8.5"
 rand_core = "0.6.3"
 rand_chacha = "0.3.1"
@@ -29,6 +29,8 @@ thiserror = "1.0.30"
 anyhow = "1.0.55"
 elliptic-curve = { version = "0.11.12", optional = true }
 p256 = { version = "0.10.1", optional = true }
+hmac = { version = "0.12.1", optional = true }
+digest = { version = "0.10.3", optional = true }
 
 [dependencies.paillier]
 package = "kzen-paillier"

pop-mpc-core/src/lib.rs

@@ -7,6 +7,8 @@ pub mod circuit;
 pub mod garble;
 #[cfg(feature = "ot")]
 pub mod ot;
+#[cfg(feature = "prf")]
+pub mod prf;
 #[cfg(feature = "proto")]
 pub mod proto;
 #[cfg(feature = "ss")]

pop-mpc-core/src/prf/master.rs

@@ -0,0 +1,26 @@
+use super::H;
+
+pub struct Initialized;
+pub struct Ms1;
+
+pub trait State {}
+impl State for Initialized {}
+impl State for Ms1 {}
+
+pub struct PrfMaster<S>
+where
+    S: State,
+{
+    /// State of 2PC PRF Protocol
+    state: S,
+}
+
+impl PrfMaster<Initialized> {
+    pub fn new(seed: &str) -> Self {
+        Self { state: Initialized }
+    }
+
+    pub fn next(self) -> ((), PrfMaster<Ms1>) {
+        todo!()
+    }
+}

pop-mpc-core/src/prf/mod.rs

@@ -0,0 +1,16 @@
+pub mod master;
+mod sha;
+pub mod slave;
+
+use hmac::Hmac;
+use sha2::Sha256;
+
+pub use master::PrfMaster;
+pub use slave::PrfSlave;
+
+type H = Hmac<Sha256>;
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+}

pop-mpc-core/src/prf/sha.rs

@@ -0,0 +1,79 @@
+use core::slice::from_ref;
+use digest::{
+    block_buffer::{BlockBuffer, Eager},
+    core_api::{BlockSizeUser, Buffer},
+    generic_array::GenericArray,
+    typenum::{U32, U64},
+};
+use sha2::compress256;
+
+#[inline]
+fn partial_sha256_digest(state: &mut [u32; 8], input: &[u8]) {
+    if input.len() % 64 != 0 {
+        panic!("input length must be a multiple of 64");
+    }
+
+    for b in input.chunks_exact(64) {
+        let mut block = GenericArray::<u8, U64>::default();
+        block[..].copy_from_slice(b);
+        compress256(state, &[block]);
+    }
+}
+
+/// Takes existing state from SHA2 hash and finishes it with additional data
+#[inline]
+fn finalize_sha256_digest(mut state: [u32; 8], pos: usize, input: &[u8]) -> [u8; 32] {
+    let mut buffer = BlockBuffer::<U64, Eager>::new(input);
+    buffer.digest_pad(0x80, &((input.len() + pos) * 8).to_be_bytes(), |b| {
+        compress256(&mut state, from_ref(b))
+    });
+
+    let mut out: [u8; 32] = [0; 32];
+    for (chunk, v) in out.chunks_exact_mut(4).zip(state.iter()) {
+        chunk.copy_from_slice(&v.to_be_bytes());
+    }
+    out
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use sha2::{Digest, Sha256};
+
+    #[test]
+    fn test_sha2_initial_state() {
+        let s = b"test string";
+
+        // initial state for sha2
+        let mut state = [
+            0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab,
+            0x5be0cd19,
+        ];
+        let digest = finalize_sha256_digest(state, 0, s);
+
+        let mut hasher = Sha256::new();
+        hasher.update(s);
+        assert_eq!(digest, hasher.finalize().as_slice());
+    }
+
+    #[test]
+    fn test_sha2_resume_state() {
+        let s = b"test string test string test string test string test string test";
+
+        // initial state for sha2
+        let mut state = [
+            0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab,
+            0x5be0cd19,
+        ];
+        partial_sha256_digest(&mut state, s);
+
+        let s2 = b"additional data";
+
+        let digest = finalize_sha256_digest(state, s.len(), s2);
+
+        let mut hasher = Sha256::new();
+        hasher.update(s);
+        hasher.update(s2);
+        assert_eq!(digest, hasher.finalize().as_slice());
+    }
+}

pop-mpc-core/src/prf/slave.rs

@@ -0,0 +1,26 @@
+use super::H;
+
+pub struct Initialized;
+pub struct Ms1;
+
+pub trait State {}
+impl State for Initialized {}
+impl State for Ms1 {}
+
+pub struct PrfSlave<S>
+where
+    S: State,
+{
+    /// State of 2PC PRF Protocol
+    state: S,
+}
+
+impl PrfSlave<Initialized> {
+    pub fn new() -> Self {
+        Self { state: Initialized }
+    }
+
+    pub fn next(self) -> ((), PrfSlave<Ms1>) {
+        todo!()
+    }
+}