Return reset for hash/signature functions

Author: whyoleg

cryptography-core/api/cryptography-core.api

@@ -866,6 +866,7 @@ public abstract interface class dev/whyoleg/cryptography/operations/SignatureVer
 }
 
 public abstract interface class dev/whyoleg/cryptography/operations/UpdateFunction : java/lang/AutoCloseable {
+	public abstract fun reset ()V
 	public fun update (Lkotlinx/io/RawSource;)V
 	public fun update (Lkotlinx/io/bytestring/ByteString;II)V
 	public abstract fun update ([BII)V

cryptography-core/api/cryptography-core.klib.api

@@ -685,6 +685,7 @@ abstract interface dev.whyoleg.cryptography.operations/SignatureVerifier { // de
 }
 
 abstract interface dev.whyoleg.cryptography.operations/UpdateFunction : kotlin/AutoCloseable { // dev.whyoleg.cryptography.operations/UpdateFunction|null[0]
+    abstract fun reset() // dev.whyoleg.cryptography.operations/UpdateFunction.reset|reset(){}[0]
     abstract fun update(kotlin/ByteArray, kotlin/Int = ..., kotlin/Int = ...) // dev.whyoleg.cryptography.operations/UpdateFunction.update|update(kotlin.ByteArray;kotlin.Int;kotlin.Int){}[0]
     open fun update(kotlinx.io.bytestring/ByteString, kotlin/Int = ..., kotlin/Int = ...) // dev.whyoleg.cryptography.operations/UpdateFunction.update|update(kotlinx.io.bytestring.ByteString;kotlin.Int;kotlin.Int){}[0]
     open fun update(kotlinx.io/RawSource) // dev.whyoleg.cryptography.operations/UpdateFunction.update|update(kotlinx.io.RawSource){}[0]

cryptography-core/src/commonMain/kotlin/operations/UpdateFunction.kt

@@ -11,6 +11,8 @@ import kotlinx.io.unsafe.*
 
 @SubclassOptInRequired(CryptographyProviderApi::class)
 public interface UpdateFunction : AutoCloseable {
+    public fun reset()
+
     public fun update(source: ByteArray, startIndex: Int = 0, endIndex: Int = source.size)
     public fun update(source: ByteString, startIndex: Int = 0, endIndex: Int = source.size) {
         update(source.asByteArray(), startIndex, endIndex)

cryptography-providers-tests/src/commonMain/kotlin/default/DigestTest.kt

@@ -91,6 +91,33 @@ abstract class DigestTest(provider: CryptographyProvider) : ProviderTest(provide
         }
     }
 
+    @Test
+    fun testFunctionReuse() = testAlgorithm(SHA256) {
+        if (!supportsFunctions()) return@testAlgorithm
+
+        val hasher = algorithm.hasher()
+        val bytes1 = ByteString(CryptographyRandom.nextBytes(10000))
+        val bytes2 = ByteString(CryptographyRandom.nextBytes(10000))
+
+        val digest1 = hasher.hash(bytes1)
+        val digest2 = hasher.hash(bytes2)
+        hasher.createHashFunction().use { function ->
+            function.update(bytes1)
+            assertContentEquals(digest1, function.hash())
+
+            function.update(bytes2)
+            assertContentEquals(digest2, function.hash())
+
+            // update and then discard
+            function.update(bytes1)
+            function.update(bytes1)
+            function.reset()
+            // update after reset
+            function.update(bytes1)
+            assertContentEquals(digest1, function.hash())
+        }
+    }
+
     @Test
     fun testFunctionSource() = testAlgorithm(SHA256) {
         val hasher = algorithm.hasher()

cryptography-providers/apple/src/commonMain/kotlin/algorithms/CCDigest.kt

@@ -16,21 +16,20 @@ internal class CCDigest<CTX : CPointed>(
     override val id: CryptographyAlgorithmId<Digest>,
 ) : Hasher, Digest {
     override fun hasher(): Hasher = this
-    override fun createHashFunction(): HashFunction {
-        val context = hashAlgorithm.alloc()
-        // TODO: error handle
-        hashAlgorithm.ccInit(context)
-        return CCHashFunction(
-            algorithm = hashAlgorithm,
-            context = Resource(context, nativeHeap::free)
-        )
-    }
+    override fun createHashFunction(): HashFunction = CCHashFunction(
+        algorithm = hashAlgorithm,
+        context = Resource(hashAlgorithm.alloc(), nativeHeap::free)
+    )
 }
 
 private class CCHashFunction<CTX : CPointed>(
     private val algorithm: CCHashAlgorithm<CTX>,
     private val context: Resource<CPointer<CTX>>,
 ) : HashFunction, SafeCloseable(SafeCloseAction(context, AutoCloseable::close)) {
+    init {
+        reset()
+    }
+
     override fun update(source: ByteArray, startIndex: Int, endIndex: Int) {
         checkBounds(source.size, startIndex, endIndex)
 
@@ -47,7 +46,7 @@ private class CCHashFunction<CTX : CPointed>(
         destination.usePinned {
             check(algorithm.ccFinal(context, it.safeAddressOf(destinationOffset).reinterpret()) > 0)
         }
-        close()
+        reset()
         return algorithm.digestSize
     }
 
@@ -56,4 +55,9 @@ private class CCHashFunction<CTX : CPointed>(
         hashIntoByteArray(output)
         return output
     }
+
+    override fun reset() {
+        val context = context.access()
+        check(algorithm.ccInit(context) > 0)
+    }
 }

cryptography-providers/apple/src/commonMain/kotlin/algorithms/CCHmac.kt

@@ -83,25 +83,26 @@ private class HmacSignature(
     private val key: ByteArray,
     private val digestSize: Int,
 ) : SignatureGenerator, SignatureVerifier {
-
-    @OptIn(UnsafeNumber::class)
-    private fun createFunction(): HmacFunction {
-        val context = nativeHeap.alloc<CCHmacContext>().ptr
-        // TODO: error handle?
-        key.usePinned {
-            CCHmacInit(context, hmacAlgorithm, it.safeAddressOf(0), key.size.convert())
-        }
-        return HmacFunction(digestSize, Resource(context, nativeHeap::free))
-    }
+    private fun createFunction() = HmacFunction(
+        hmacAlgorithm = hmacAlgorithm,
+        key = key,
+        digestSize = digestSize,
+        context = Resource(nativeHeap.alloc<CCHmacContext>().ptr, nativeHeap::free)
+    )
 
     override fun createSignFunction(): SignFunction = createFunction()
     override fun createVerifyFunction(): VerifyFunction = createFunction()
 }
 
 private class HmacFunction(
+    private val hmacAlgorithm: CCHmacAlgorithm,
+    private val key: ByteArray,
     private val digestSize: Int,
     private val context: Resource<CPointer<CCHmacContext>>,
 ) : SignFunction, VerifyFunction, SafeCloseable(SafeCloseAction(context, AutoCloseable::close)) {
+    init {
+        reset()
+    }
 
     @OptIn(UnsafeNumber::class)
     override fun update(source: ByteArray, startIndex: Int, endIndex: Int) {
@@ -120,7 +121,7 @@ private class HmacFunction(
         destination.usePinned {
             CCHmacFinal(context, it.safeAddressOf(destinationOffset))
         }
-        close()
+        reset()
         return digestSize
     }
 
@@ -138,4 +139,12 @@ private class HmacFunction(
     override fun verify(signature: ByteArray, startIndex: Int, endIndex: Int) {
         check(tryVerify(signature, startIndex, endIndex)) { "Invalid signature" }
     }
+
+    @OptIn(UnsafeNumber::class)
+    override fun reset() {
+        val context = context.access()
+        key.usePinned {
+            CCHmacInit(context, hmacAlgorithm, it.safeAddressOf(0), key.size.convert())
+        }
+    }
 }

cryptography-providers/apple/src/commonMain/kotlin/algorithms/SecEcdsa.kt

@@ -278,6 +278,10 @@ private class EcdsaRawSignatureGenerator(
             return rawSignature
         }
 
+        override fun reset() {
+            derSignFunction.reset()
+        }
+
         override fun close() {
             derSignFunction.close()
         }
@@ -322,6 +326,10 @@ private class EcdsaRawSignatureVerifier(
             check(tryVerify(signature, startIndex, endIndex)) { "Invalid signature" }
         }
 
+        override fun reset() {
+            derVerifyFunction.reset()
+        }
+
         override fun close() {
             derVerifyFunction.close()
         }

cryptography-providers/apple/src/commonMain/kotlin/internal/SecSignature.kt

@@ -70,9 +70,14 @@ private class SecVerifyFunction(
                     else   -> error.value.releaseBridgeAs<NSError>()?.description ?: ""
                 }
             }
+        }.also {
+            reset()
         }
-    }.also {
-        close()
+    }
+
+    override fun reset() {
+        ensureNotClosed()
+        accumulator = EmptyByteArray
     }
 
     override fun close() {
@@ -123,9 +128,14 @@ private class SecSignFunction(
             }
 
             signature.toByteArray()
+        }.also {
+            reset()
         }
-    }.also {
-        close()
+    }
+
+    override fun reset() {
+        ensureNotClosed()
+        accumulator = EmptyByteArray
     }
 
     override fun close() {

cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkDigest.kt

@@ -17,9 +17,7 @@ internal class JdkDigest(
 ) : Hasher, Digest {
     private val messageDigest = state.messageDigest(algorithm)
     override fun hasher(): Hasher = this
-    override fun createHashFunction(): HashFunction = JdkHashFunction(messageDigest.borrowResource().also {
-        it.access().reset()
-    })
+    override fun createHashFunction(): HashFunction = JdkHashFunction(messageDigest.borrowResource { reset() })
 }
 
 private class JdkHashFunction(private val messageDigest: Pooled.Resource<JMessageDigest>) : HashFunction {
@@ -35,12 +33,17 @@ private class JdkHashFunction(private val messageDigest: Pooled.Resource<JMessag
 
         checkBounds(destination.size, destinationOffset, destinationOffset + messageDigest.digestLength)
 
-        return messageDigest.digest(destination, destinationOffset, messageDigest.digestLength).also { close() }
+        return messageDigest.digest(destination, destinationOffset, messageDigest.digestLength)
     }
 
     override fun hashToByteArray(): ByteArray {
         val messageDigest = messageDigest.access()
-        return messageDigest.digest().also { close() }
+        return messageDigest.digest()
+    }
+
+    override fun reset() {
+        val messageDigest = messageDigest.access()
+        messageDigest.reset()
     }
 
     override fun close() {

cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkEcdsa.kt

@@ -90,6 +90,10 @@ private class EcdsaRawSignatureGenerator(
             return rawSignature
         }
 
+        override fun reset() {
+            derSignFunction.reset()
+        }
+
         override fun close() {
             derSignFunction.close()
         }
@@ -134,6 +138,10 @@ private class EcdsaRawSignatureVerifier(
             check(tryVerify(signature, startIndex, endIndex)) { "Invalid signature" }
         }
 
+        override fun reset() {
+            derVerifyFunction.reset()
+        }
+
         override fun close() {
             derVerifyFunction.close()
         }