digest: add implementations of the AssociatedOid trait

[newpavlov]

This PR adds implementation of the const_oid::AssociatedOid trait for the core wrappers. It allows to define OID for a core type and make it accessible for higher-level wrapped types.

Lack of these impls was mentioned in #1069 (comment)

[newpavlov]

During creation of this PR I found that, unfortunately, it will not work as-is. SHA-224 and SHA-256 share the same core, but have different OIDs. I don't think we can resolve this issue without introducing breaking changes.

Note that we can not write the following impl ot work around this issue:

impl AssociatedOid for CtVariableCoreWrapper<Sha256VarCore, U28> {
    const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("...");
}

[lumag]

@newpavlov I suppose that using newtype for the digests would allow defining AssociateOids. However this is definitely a bigger change.

[newpavlov]

@lumag
Manual newtypes would mean a HUGE amount of boilerplate. The only practical solution is to introduce a bunch of macros to digest instead of the generic wrappers, but I would like to avoid such solution if possible.

Unfortunately, we hit some of Rust limitations (e.g. currently it's impossible to use ObjectIdentifier as a generic const argument) which prevent straightforward implementation of optional OIDs on non-core types, but I have some ideas about potential workarounds, which I would like to try.

[tarcieri]

See #1069 for some discussion of newtypes as a potential alternative (probably a better place to continue discussion than this particular PR)

[newpavlov]

I have added optional type parameter to CtVariableCoreWrapper which allows to pass OID for resulting hash function. Unfortunately, it means that we have to generate separate "carrier" types, but otherwise I think the workaround works quite well.

How addition of OIDs looks in implementation crates can be seen in RustCrypto/hashes#405.

[newpavlov]

I wonder how can we handle it better.

[tarcieri]

You can split out a separate job for it with a comment to re-unify them when MSRV is bumped.

[newpavlov]

Note that we still do not have a way to add AssociatedOid implementation for "compound" algorithms such as HMAC-SHA256, but I think it's better to discuss it in a separate issue.

[lumag]

@newpavlov you rock! I've used your implementation for the rsa crate and it works like a charm: RustCrypto/RSA#183

[tarcieri]

Instead of using an extra generic type here, could CtVariableCoreWrapper have an impl of AssociatedOid which delegates to inner, and is bounded on inner having an impl of AssociatedOid?

That would avoid complicating the type signature and eliminate the need for NoOid.

Ditto for CoreWrapper.

[newpavlov]

If I understand you correctly, then no, it will not work. See the SHA-224 vs SHA-256 issue raised in my earlier comment. They have the same core (i.e. the same inner type), so with such solution they can not have different OIDs.

[tarcieri]

Ugh, ok. That's really rather unfortunate.

[newpavlov]

Ideally we would use const OID: Option<ObjectIdentifier> instead of the O parameter with AssociatedOid impl bounded on OID being Some, but, as you know, const generics are not powerful enough for that and will not be in the mid term future.

[tarcieri]

Would be good to get this merged/release to make progress on RustCrypto/RSA#183