WIP

aws-lc-rs/src/unstable/kdf/kbkdf.rs → aws-lc-rs/src/kdf/kbkdf.rs

@@ -3,28 +3,8 @@
 
 #![allow(clippy::module_name_repetitions)]
 
-#[cfg(not(feature = "fips"))]
 use aws_lc::KBKDF_ctr_hmac;
-
 use aws_lc::EVP_MD;
-#[cfg(feature = "fips")]
-use stubs::KBKDF_ctr_hmac;
-
-#[cfg(feature = "fips")]
-mod stubs {
-    #[allow(non_snake_case)]
-    pub(super) unsafe fn KBKDF_ctr_hmac(
-        _out_key: *mut u8,
-        _out_len: usize,
-        _digest: *const aws_lc::EVP_MD,
-        _secret: *const u8,
-        _secret_len: usize,
-        _info: *const u8,
-        _info_len: usize,
-    ) -> std::os::raw::c_int {
-        0
-    }
-}
 
 use crate::{
     digest::{match_digest_type, AlgorithmID},
@@ -56,19 +36,11 @@ const KBKDF_CTR_HMAC_SHA512: KbkdfCtrHmacAlgorithm = KbkdfCtrHmacAlgorithm {
     id: KbkdfCtrHmacAlgorithmId::Sha512,
 };
 
-/// Retrieve an unstable [`KbkdfCtrHmacAlgorithm`] using the [`KbkdfCtrHmacAlgorithmId`] specified by `id`.
-///
-/// May return [`None`] if the algorithm is not usable with the configured crate feature set (i.e. `fips`).
+/// Retrieve [`KbkdfCtrHmacAlgorithm`] using the [`KbkdfCtrHmacAlgorithmId`] specified by `id`.
 #[must_use]
 pub const fn get_kbkdf_ctr_hmac_algorithm(
     id: KbkdfCtrHmacAlgorithmId,
 ) -> Option<&'static KbkdfCtrHmacAlgorithm> {
-    #[cfg(feature = "fips")]
-    {
-        let _ = id;
-        None
-    }
-    #[cfg(not(feature = "fips"))]
     {
         Some(match id {
             KbkdfCtrHmacAlgorithmId::Sha224 => &KBKDF_CTR_HMAC_SHA224,

aws-lc-rs/src/unstable/kdf/sskdf.rs → aws-lc-rs/src/kdf/sskdf.rs

@@ -4,49 +4,14 @@
 #![allow(clippy::module_name_repetitions)]
 
 use aws_lc::EVP_MD;
-#[cfg(not(feature = "fips"))]
 use aws_lc::{SSKDF_digest, SSKDF_hmac};
 
-#[cfg(feature = "fips")]
-use stubs::{SSKDF_digest, SSKDF_hmac};
-
 use crate::{
     digest::{match_digest_type, AlgorithmID},
     error::Unspecified,
     ptr::ConstPointer,
 };
 
-#[cfg(feature = "fips")]
-mod stubs {
-    #[allow(non_snake_case)]
-    pub(super) unsafe fn SSKDF_digest(
-        _out_key: *mut u8,
-        _out_len: usize,
-        _digest: *const aws_lc::EVP_MD,
-        _secret: *const u8,
-        _secret_len: usize,
-        _info: *const u8,
-        _info_len: usize,
-    ) -> std::os::raw::c_int {
-        0
-    }
-
-    #[allow(clippy::too_many_arguments, non_snake_case)]
-    pub(super) unsafe fn SSKDF_hmac(
-        _out_key: *mut u8,
-        _out_len: usize,
-        _digest: *const aws_lc::EVP_MD,
-        _secret: *const u8,
-        _secret_len: usize,
-        _info: *const u8,
-        _info_len: usize,
-        _salt: *const u8,
-        _salt_len: usize,
-    ) -> std::os::raw::c_int {
-        0
-    }
-}
-
 /// SSKDF with HMAC-SHA224
 #[allow(dead_code)]
 const SSKDF_HMAC_SHA224: SskdfHmacAlgorithm = SskdfHmacAlgorithm {
@@ -95,19 +60,11 @@ const SSKDF_DIGEST_SHA512: SskdfDigestAlgorithm = SskdfDigestAlgorithm {
     id: SskdfDigestAlgorithmId::Sha512,
 };
 
-/// Retrieve an unstable [`SskdfHmacAlgorithm`] using the [`SskdfHmacAlgorithmId`] specified by `id`.
-///
-/// May return [`None`] if the algorithm is not usable with the configured crate feature set (i.e. `fips`).
+/// Retrieve [`SskdfHmacAlgorithm`] using the [`SskdfHmacAlgorithmId`] specified by `id`.
 #[must_use]
 pub const fn get_sskdf_hmac_algorithm(
     id: SskdfHmacAlgorithmId,
 ) -> Option<&'static SskdfHmacAlgorithm> {
-    #[cfg(feature = "fips")]
-    {
-        let _ = id;
-        None
-    }
-    #[cfg(not(feature = "fips"))]
     {
         match id {
             SskdfHmacAlgorithmId::Sha224 => Some(&SSKDF_HMAC_SHA224),
@@ -118,19 +75,11 @@ pub const fn get_sskdf_hmac_algorithm(
     }
 }
 
-/// Retrieve an unstable [`SskdfDigestAlgorithm`] using the [`SskdfDigestAlgorithmId`] specified by `id`.
-///
-/// May return [`None`] if the algorithm is not usable with the configured crate feature set (i.e. `fips`).
+/// Retrieve [`SskdfDigestAlgorithm`] using the [`SskdfDigestAlgorithmId`] specified by `id`.
 #[must_use]
 pub const fn get_sskdf_digest_algorithm(
     id: SskdfDigestAlgorithmId,
 ) -> Option<&'static SskdfDigestAlgorithm> {
-    #[cfg(feature = "fips")]
-    {
-        let _ = id;
-        None
-    }
-    #[cfg(not(feature = "fips"))]
     {
         match id {
             SskdfDigestAlgorithmId::Sha224 => Some(&SSKDF_DIGEST_SHA224),

aws-lc-rs/src/lib.rs

@@ -142,13 +142,13 @@
 #![warn(clippy::exhaustive_enums)]
 #![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))]
 
+extern crate alloc;
 #[cfg(feature = "fips")]
 extern crate aws_lc_fips_sys as aws_lc;
-
-extern crate alloc;
 #[cfg(not(feature = "fips"))]
 extern crate aws_lc_sys as aws_lc;
 extern crate core;
+
 pub mod aead;
 pub mod agreement;
 pub mod constant_time;
@@ -179,6 +179,7 @@ mod evp_pkey;
 mod fips;
 mod hex;
 pub mod iv;
+pub mod kdf;
 #[allow(clippy::module_name_repetitions)]
 pub mod kem;
 mod ptr;

aws-lc-rs/src/unstable.rs

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
 #![cfg(feature = "unstable")]
+#![allow(missing_docs)]
 
 //! Unstable aws-lc-rs features.
 //!