twox_hash/xxhash3_64/
secret.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
use core::{hint::assert_unchecked, mem};

use super::SliceBackport as _;

/// The minimum length of a secret.
pub const SECRET_MINIMUM_LENGTH: usize = 136;

#[repr(transparent)]
pub struct Secret([u8]);

impl Secret {
    #[inline]
    pub fn new(bytes: &[u8]) -> Result<&Self, Error> {
        // Safety: We check for validity before returning.
        unsafe {
            let this = Self::new_unchecked(bytes);
            if this.is_valid() {
                Ok(this)
            } else {
                Err(Error(()))
            }
        }
    }

    /// # Safety
    ///
    /// You must ensure that the secret byte length is >=
    /// SECRET_MINIMUM_LENGTH.
    #[inline]
    pub const unsafe fn new_unchecked(bytes: &[u8]) -> &Self {
        // Safety: We are `#[repr(transparent)]`. It's up to the
        // caller to ensure the length
        unsafe { mem::transmute(bytes) }
    }

    #[inline]
    pub fn words_for_0(&self) -> [u64; 2] {
        self.reassert_preconditions();

        let (q, _) = self.0[56..].bp_as_chunks();
        [q[0], q[1]].map(u64::from_le_bytes)
    }

    #[inline]
    pub fn words_for_1_to_3(&self) -> [u32; 2] {
        self.reassert_preconditions();

        let (q, _) = self.0.bp_as_chunks();
        [q[0], q[1]].map(u32::from_le_bytes)
    }

    #[inline]
    pub fn words_for_4_to_8(&self) -> [u64; 2] {
        self.reassert_preconditions();

        let (q, _) = self.0[8..].bp_as_chunks();
        [q[0], q[1]].map(u64::from_le_bytes)
    }

    #[inline]
    pub fn words_for_9_to_16(&self) -> [u64; 4] {
        self.reassert_preconditions();

        let (q, _) = self.0[24..].bp_as_chunks();
        [q[0], q[1], q[2], q[3]].map(u64::from_le_bytes)
    }

    #[inline]
    pub fn words_for_17_to_128(&self) -> &[[u8; 16]] {
        self.reassert_preconditions();

        let (words, _) = self.0.bp_as_chunks();
        words
    }

    #[inline]
    pub fn words_for_127_to_240_part1(&self) -> &[[u8; 16]] {
        self.reassert_preconditions();

        let (ss, _) = self.0.bp_as_chunks();
        ss
    }

    #[inline]
    pub fn words_for_127_to_240_part2(&self) -> &[[u8; 16]] {
        self.reassert_preconditions();

        let (ss, _) = self.0[3..].bp_as_chunks();
        ss
    }

    #[inline]
    pub fn words_for_127_to_240_part3(&self) -> &[u8; 16] {
        self.reassert_preconditions();

        self.0[119..].first_chunk().unwrap()
    }

    /// # Safety
    ///
    /// `i` must be less than the number of stripes in the secret
    /// ([`Self::n_stripes`][]).
    #[inline]
    pub unsafe fn stripe(&self, i: usize) -> &[u8; 64] {
        self.reassert_preconditions();

        // Safety: The caller has ensured that `i` is
        // in-bounds. `&[u8]` and `&[u8; 64]` have the same alignment.
        unsafe {
            debug_assert!(i < self.n_stripes());
            &*self.0.get_unchecked(i * 8..).as_ptr().cast()
        }
    }

    #[inline]
    pub fn last_stripe(&self) -> &[u8; 64] {
        self.reassert_preconditions();

        self.0.last_chunk().unwrap()
    }

    #[inline]
    pub fn last_stripe_secret_better_name(&self) -> &[u8; 64] {
        self.reassert_preconditions();

        self.0[self.0.len() - 71..].first_chunk().unwrap()
    }

    #[inline]
    pub fn final_secret(&self) -> &[u8; 64] {
        self.reassert_preconditions();

        self.0[11..].first_chunk().unwrap()
    }

    #[inline]
    pub fn len(&self) -> usize {
        self.0.len()
    }

    #[inline]
    pub fn n_stripes(&self) -> usize {
        // stripes_per_block
        (self.len() - 64) / 8
    }

    #[inline(always)]
    fn reassert_preconditions(&self) {
        // Safety: The length of the bytes was checked at value
        // construction time.
        unsafe {
            debug_assert!(self.is_valid());
            assert_unchecked(self.is_valid());
        }
    }

    #[inline(always)]
    pub fn is_valid(&self) -> bool {
        self.0.len() >= SECRET_MINIMUM_LENGTH
    }
}

#[derive(Debug)]
pub struct Error(());

impl core::error::Error for Error {}

impl core::fmt::Display for Error {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        write!(
            f,
            "The secret must have at least {SECRET_MINIMUM_LENGTH} bytes"
        )
    }
}