digest: improve implementations of the SerializableState trait (#1953)

newpavlov · web-flow · commit 7bbc010a76ef · 2025-08-13T13:43:22.000+03:00
Previously we were using block size + 1 byte to serialize eager block
buffers while block size is sufficient. It resulted in odd serialization
state sizes. The `SerializableState` impl also a bit convoluted.

The new implementation results in more efficient serialization and more
straightforward code. The main drawback is that it inevitably involves a
breaking change in the serialization format.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,4 +20,5 @@ signature = { path = "signature" }
 # https://github.com/RustCrypto/utils/pull/1187
 blobby = { git = "https://github.com/RustCrypto/utils" }
 # https://github.com/RustCrypto/utils/pull/1192
+# https://github.com/RustCrypto/utils/pull/1200
 block-buffer = { git = "https://github.com/RustCrypto/utils" }
diff --git a/digest/CHANGELOG.md b/digest/CHANGELOG.md
@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Edition changed to 2024 and MSRV bumped to 1.85 ([#1759])
 - `CtVariableCoreWrapper` renamed to `CtOutWrapper` ([#1799])
 - Removed the OID type parameter from `CtOutWrapper` ([#1799])
+- Implementations of the `SerializableState` trait ([#1953])
 
 ### Removed
 - `Mac::new`, `Mac::new_from_slice`, and `Mac::generate_key` methods ([#1173])
@@ -29,6 +30,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#1799]: https://github.com/RustCrypto/traits/pull/1799
 [#1809]: https://github.com/RustCrypto/traits/pull/1809
 [#1820]: https://github.com/RustCrypto/traits/pull/1820
+[#1953]: https://github.com/RustCrypto/traits/pull/1953
 
 ## 0.10.7 (2023-05-19)
 ### Changed
diff --git a/digest/src/block_api/ct_variable.rs b/digest/src/block_api/ct_variable.rs
@@ -5,16 +5,12 @@ use super::{
 #[cfg(feature = "mac")]
 use crate::MacMarker;
 use crate::{CollisionResistance, CustomizedInit, HashMarker, VarOutputCustomized};
-use core::{
-    fmt,
-    marker::PhantomData,
-    ops::{Add, Sub},
-};
+use core::{fmt, marker::PhantomData};
 use crypto_common::{
     Block, BlockSizeUser, OutputSizeUser,
     array::{Array, ArraySize},
-    hazmat::{DeserializeStateError, SerializableState, SerializedState, SubSerializedStateSize},
-    typenum::{IsLess, IsLessOrEqual, Le, NonZero, Sum, True, U1, U256},
+    hazmat::{DeserializeStateError, SerializableState, SerializedState},
+    typenum::{IsLessOrEqual, True},
 };
 
 /// Wrapper around [`VariableOutputCore`] which selects output size at compile time.
@@ -177,41 +173,21 @@ where
     }
 }
 
-type CtVariableCoreWrapperSerializedStateSize<T> =
-    Sum<<T as SerializableState>::SerializedStateSize, U1>;
-
 impl<T, OutSize> SerializableState for CtOutWrapper<T, OutSize>
 where
     T: VariableOutputCore + SerializableState,
     OutSize: ArraySize + IsLessOrEqual<T::OutputSize, Output = True>,
-    T::BlockSize: IsLess<U256>,
-    Le<T::BlockSize, U256>: NonZero,
-    T::SerializedStateSize: Add<U1>,
-    CtVariableCoreWrapperSerializedStateSize<T>: Sub<T::SerializedStateSize> + ArraySize,
-    SubSerializedStateSize<CtVariableCoreWrapperSerializedStateSize<T>, T>: ArraySize,
 {
-    type SerializedStateSize = CtVariableCoreWrapperSerializedStateSize<T>;
+    type SerializedStateSize = <T as SerializableState>::SerializedStateSize;
 
     fn serialize(&self) -> SerializedState<Self> {
-        let serialized_inner = self.inner.serialize();
-        let serialized_outsize = Array([OutSize::U8]);
-
-        serialized_inner.concat(serialized_outsize)
+        self.inner.serialize()
     }
 
     fn deserialize(
         serialized_state: &SerializedState<Self>,
     ) -> Result<Self, DeserializeStateError> {
-        let (serialized_inner, serialized_outsize) =
-            serialized_state.split_ref::<T::SerializedStateSize>();
-
-        if serialized_outsize[0] != OutSize::U8 {
-            return Err(DeserializeStateError);
-        }
-
-        Ok(Self {
-            inner: T::deserialize(serialized_inner)?,
-            _out: PhantomData,
-        })
+        let _out = PhantomData;
+        T::deserialize(serialized_state).map(|inner| Self { inner, _out })
     }
 }
diff --git a/digest/src/buffer_macros/fixed.rs b/digest/src/buffer_macros/fixed.rs
@@ -429,49 +429,33 @@ macro_rules! buffer_fixed {
         impl$(< $( $lt $( : $clt $(+ $dlt )* )? ),+ >)? $crate::crypto_common::hazmat::SerializableState for $name$(< $( $lt ),+ >)? {
             type SerializedStateSize = $crate::typenum::Sum<
                 <$core_ty as $crate::crypto_common::hazmat::SerializableState>::SerializedStateSize,
-                $crate::typenum::Add1<
-                    <$core_ty as $crate::block_api::BlockSizeUser>::BlockSize
+                $crate::block_buffer::SerializedBufferSize<
+                    <$core_ty as $crate::block_api::BlockSizeUser>::BlockSize,
+                    <$core_ty as $crate::block_api::BufferKindUser>::BufferKind,
                 >
             >;
 
             #[inline]
             fn serialize(&self) -> $crate::crypto_common::hazmat::SerializedState<Self> {
-                use $crate::{
-                    array::Array,
-                    consts::U1,
-                    block_buffer::BlockBuffer,
-                    crypto_common::hazmat::SerializableState,
-                };
-
                 let serialized_core = self.core.serialize();
-                let pos = u8::try_from(self.buffer.get_pos()).unwrap();
-                let serialized_pos: Array<u8, U1> = Array([pos]);
-                let serialized_data = self.buffer.clone().pad_with_zeros();
-
-                serialized_core
-                    .concat(serialized_pos)
-                    .concat(serialized_data)
+                let serialized_buf = self.buffer.serialize();
+                serialized_core.concat(serialized_buf)
             }
 
             #[inline]
             fn deserialize(
                 serialized_state: &$crate::crypto_common::hazmat::SerializedState<Self>,
             ) -> Result<Self, $crate::crypto_common::hazmat::DeserializeStateError> {
-                use $crate::{
-                    block_buffer::BlockBuffer,
-                    consts::U1,
-                    crypto_common::hazmat::{SerializableState, DeserializeStateError},
-                };
+                use $crate::crypto_common::hazmat::{SerializableState, DeserializeStateError};
 
-                let (serialized_core, remaining_buffer) = serialized_state
+                let (serialized_core, serialized_buf) = serialized_state
                     .split_ref::<<$core_ty as SerializableState>::SerializedStateSize>();
-                let (serialized_pos, serialized_data) = remaining_buffer.split_ref::<U1>();
 
-                Ok(Self {
-                    core: <$core_ty as SerializableState>::deserialize(serialized_core)?,
-                    buffer: BlockBuffer::try_new(&serialized_data[..serialized_pos[0].into()])
-                        .map_err(|_| DeserializeStateError)?,
-                })
+                let core = SerializableState::deserialize(serialized_core)?;
+                let buffer = $crate::block_buffer::BlockBuffer::deserialize(serialized_buf)
+                    .map_err(|_| DeserializeStateError)?;
+
+                Ok(Self { core, buffer })
             }
         }
 
diff --git a/digest/src/buffer_macros/variable_ct.rs b/digest/src/buffer_macros/variable_ct.rs
@@ -176,54 +176,32 @@ macro_rules! buffer_ct_variable {
         where
             $out_size: $crate::array::ArraySize + $crate::typenum::IsLessOrEqual<$max_size, Output = $crate::typenum::True>,
         {
-            type SerializedStateSize = $crate::typenum::Add1<$crate::typenum::Sum<
-                <
-                    $crate::block_api::CtOutWrapper<$core_ty, $out_size>
-                    as $crate::crypto_common::hazmat::SerializableState
-                >::SerializedStateSize,
-                <$core_ty as $crate::block_api::BlockSizeUser>::BlockSize,
-            >>;
+            type SerializedStateSize = $crate::typenum::Sum<
+                <$core_ty as $crate::crypto_common::hazmat::SerializableState>::SerializedStateSize,
+                $crate::block_buffer::SerializedBufferSize<
+                    <$core_ty as $crate::block_api::BlockSizeUser>::BlockSize,
+                    <$core_ty as $crate::block_api::BufferKindUser>::BufferKind,
+                >
+            >;
 
             #[inline]
             fn serialize(&self) -> $crate::crypto_common::hazmat::SerializedState<Self> {
-                use $crate::{
-                    array::Array,
-                    consts::U1,
-                    block_buffer::BlockBuffer,
-                    crypto_common::hazmat::SerializableState,
-                };
-
                 let serialized_core = self.core.serialize();
-                let pos = u8::try_from(self.buffer.get_pos()).unwrap();
-                let serialized_pos: Array<u8, U1> = Array([pos]);
-                let serialized_data = self.buffer.clone().pad_with_zeros();
-
-                serialized_core
-                    .concat(serialized_pos)
-                    .concat(serialized_data)
+                let serialized_buf = self.buffer.serialize();
+                serialized_core.concat(serialized_buf)
             }
 
             #[inline]
             fn deserialize(
                 serialized_state: &$crate::crypto_common::hazmat::SerializedState<Self>,
             ) -> Result<Self, $crate::crypto_common::hazmat::DeserializeStateError> {
-                use $crate::{
-                    block_buffer::BlockBuffer,
-                    consts::U1,
-                    block_api::CtOutWrapper,
-                    crypto_common::hazmat::{SerializableState, DeserializeStateError},
-                };
-
-                let (serialized_core, remaining_buffer) = serialized_state
-                    .split_ref::<<
-                        CtOutWrapper<$core_ty, $out_size>
-                        as SerializableState
-                    >::SerializedStateSize>();
-                let (serialized_pos, serialized_data) = remaining_buffer.split_ref::<U1>();
+                use $crate::crypto_common::hazmat::{SerializableState, DeserializeStateError};
+
+                let (serialized_core, serialized_buf) = serialized_state
+                    .split_ref::<<$core_ty as SerializableState>::SerializedStateSize>();
 
                 let core = SerializableState::deserialize(serialized_core)?;
-                let pos = usize::from(serialized_pos[0]);
-                let buffer = BlockBuffer::try_new(&serialized_data[..pos])
+                let buffer = $crate::block_buffer::BlockBuffer::deserialize(serialized_buf)
                     .map_err(|_| DeserializeStateError)?;
 
                 Ok(Self { core, buffer })
diff --git a/digest/src/buffer_macros/xof.rs b/digest/src/buffer_macros/xof.rs
@@ -284,49 +284,33 @@ macro_rules! buffer_xof {
         impl $crate::crypto_common::hazmat::SerializableState for $name {
             type SerializedStateSize = $crate::typenum::Sum<
                 <$core_ty as $crate::crypto_common::hazmat::SerializableState>::SerializedStateSize,
-                $crate::typenum::Add1<
-                    <$core_ty as $crate::block_api::BlockSizeUser>::BlockSize
+                $crate::block_buffer::SerializedBufferSize<
+                    <$core_ty as $crate::block_api::BlockSizeUser>::BlockSize,
+                    <$core_ty as $crate::block_api::BufferKindUser>::BufferKind,
                 >
             >;
 
             #[inline]
             fn serialize(&self) -> $crate::crypto_common::hazmat::SerializedState<Self> {
-                use $crate::{
-                    array::Array,
-                    consts::U1,
-                    block_buffer::BlockBuffer,
-                    crypto_common::hazmat::SerializableState,
-                };
-
                 let serialized_core = self.core.serialize();
-                let pos = u8::try_from(self.buffer.get_pos()).unwrap();
-                let serialized_pos: Array<u8, U1> = Array([pos]);
-                let serialized_data = self.buffer.clone().pad_with_zeros();
-
-                serialized_core
-                    .concat(serialized_pos)
-                    .concat(serialized_data)
+                let serialized_buf = self.buffer.serialize();
+                serialized_core.concat(serialized_buf)
             }
 
             #[inline]
             fn deserialize(
                 serialized_state: &$crate::crypto_common::hazmat::SerializedState<Self>,
             ) -> Result<Self, $crate::crypto_common::hazmat::DeserializeStateError> {
-                use $crate::{
-                    block_buffer::BlockBuffer,
-                    consts::U1,
-                    crypto_common::hazmat::{SerializableState, DeserializeStateError},
-                };
+                use $crate::crypto_common::hazmat::{SerializableState, DeserializeStateError};
 
-                let (serialized_core, remaining_buffer) = serialized_state
+                let (serialized_core, serialized_buf) = serialized_state
                     .split_ref::<<$core_ty as SerializableState>::SerializedStateSize>();
-                let (serialized_pos, serialized_data) = remaining_buffer.split_ref::<U1>();
 
-                Ok(Self {
-                    core: <$core_ty as SerializableState>::deserialize(serialized_core)?,
-                    buffer: BlockBuffer::try_new(&serialized_data[..serialized_pos[0].into()])
-                        .map_err(|_| DeserializeStateError)?,
-                })
+                let core = SerializableState::deserialize(serialized_core)?;
+                let buffer = $crate::block_buffer::BlockBuffer::deserialize(serialized_buf)
+                    .map_err(|_| DeserializeStateError)?;
+
+                Ok(Self { core, buffer })
             }
         }
 
diff --git a/digest/src/dev.rs b/digest/src/dev.rs
@@ -54,7 +54,7 @@ macro_rules! new_test {
 /// Define hash function serialization test
 #[macro_export]
 macro_rules! hash_serialization_test {
-    ($name:ident, $hasher:ty, $expected_serialized_state:expr) => {
+    ($name:ident, $hasher:ty $(,)?) => {
         #[test]
         fn $name() {
             use digest::{
@@ -68,7 +68,8 @@ macro_rules! hash_serialization_test {
             h.update(&[0x13; <$hasher as BlockSizeUser>::BlockSize::USIZE + 1]);
 
             let serialized_state = h.serialize();
-            assert_eq!(serialized_state.as_slice(), $expected_serialized_state);
+            let expected = include_bytes!(concat!("data/", stringify!($name), ".bin"));
+            assert_eq!(serialized_state.as_slice(), expected);
 
             let mut h = <$hasher>::deserialize(&serialized_state).unwrap();
 
diff --git a/digest/tests/data/fixed_hash_serialization.bin b/digest/tests/data/fixed_hash_serialization.bin
diff --git a/digest/tests/dummy_fixed.rs b/digest/tests/dummy_fixed.rs
@@ -111,6 +111,9 @@ digest::buffer_fixed!(
     impl: FixedHashTraits;
 );
 
+#[cfg(feature = "dev")]
+digest::hash_serialization_test!(fixed_hash_serialization, FixedHashWithSer,);
+
 #[cfg(feature = "zeroize")]
 /// check for `ZeroizeOnDrop` implementations
 const _: () = {
