From 633616047ec5c8de0ec489a0edb3cb8c8112db28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 09:52:57 +0100 Subject: [PATCH 01/36] Pull HACL* HMAC. HACL* is at revision fc2e38f4d899ba28665c5b91caedaf35b3b37452. --- Modules/_hacl/Hacl_HMAC.c | 1609 +++++++++++++++++++++ Modules/_hacl/Hacl_HMAC.h | 231 +++ Modules/_hacl/Hacl_Hash_Blake2b.c | 3 +- Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c | 3 +- Modules/_hacl/Hacl_Hash_Blake2s.c | 3 +- Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c | 3 +- Modules/_hacl/Hacl_Hash_SHA2.c | 6 +- Modules/_hacl/Hacl_Hash_SHA3.c | 3 +- Modules/_hacl/internal/Hacl_HMAC.h | 59 + Modules/_hacl/internal/Hacl_Hash_SHA2.h | 2 + Modules/_hacl/python_hacl_namespaces.h | 7 + Modules/_hacl/refresh.sh | 16 +- 12 files changed, 1935 insertions(+), 10 deletions(-) create mode 100644 Modules/_hacl/Hacl_HMAC.c create mode 100644 Modules/_hacl/Hacl_HMAC.h create mode 100644 Modules/_hacl/internal/Hacl_HMAC.h diff --git a/Modules/_hacl/Hacl_HMAC.c b/Modules/_hacl/Hacl_HMAC.c new file mode 100644 index 00000000000000..93002d2ba3e42b --- /dev/null +++ b/Modules/_hacl/Hacl_HMAC.c @@ -0,0 +1,1609 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "internal/Hacl_HMAC.h" + + +#include "internal/Hacl_Hash_SHA3.h" +#include "internal/Hacl_Hash_SHA2.h" +#include "internal/Hacl_Hash_SHA1.h" +#include "internal/Hacl_Hash_MD5.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" + +/** +Write the HMAC-MD5 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 16 bytes of memory. +*/ +void +Hacl_HMAC_compute_md5( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 16U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_MD5_hash_oneshot(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t s[4U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_MD5_update_last(s, 0ULL, ipad, 64U); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_MD5_update_multi(s, ipad, 1U); + Hacl_Hash_MD5_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_MD5_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + } + Hacl_Hash_MD5_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_MD5_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 16U / block_len; + uint32_t rem0 = 16U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 16U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_MD5_update_multi(s, opad, 1U); + Hacl_Hash_MD5_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_MD5_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + Hacl_Hash_MD5_finish(s, dst); +} + +/** +Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 20 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha1( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 20U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA1_update_last(s, 0ULL, ipad, 64U); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA1_update_multi(s, ipad, 1U); + Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + } + Hacl_Hash_SHA1_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA1_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 20U / block_len; + uint32_t rem0 = 20U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 20U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA1_update_multi(s, opad, 1U); + Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + Hacl_Hash_SHA1_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 28U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_224(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint32_t *os = st; + uint32_t x = Hacl_Hash_SHA2_h224[i]; + os[i] = x;); + uint32_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha224_update_last(0ULL + (uint64_t)64U, 64U, ipad, s); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha224_update_nblocks(64U, ipad, s); + Hacl_Hash_SHA2_sha224_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha224_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha224_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha224_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 28U / block_len; + uint32_t rem0 = 28U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 28U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha224_update_nblocks(64U, opad, s); + Hacl_Hash_SHA2_sha224_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha224_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha224_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 32U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_256(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint32_t *os = st; + uint32_t x = Hacl_Hash_SHA2_h256[i]; + os[i] = x;); + uint32_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha256_update_last(0ULL + (uint64_t)64U, 64U, ipad, s); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha256_update_nblocks(64U, ipad, s); + Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha256_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha256_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 32U / block_len; + uint32_t rem0 = 32U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha256_update_nblocks(64U, opad, s); + Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha256_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 128U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 128U) + { + ite = key_len; + } + else + { + ite = 48U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 128U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_384(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint64_t *os = st; + uint64_t x = Hacl_Hash_SHA2_h384[i]; + os[i] = x;); + uint64_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL), + FStar_UInt128_uint64_to_uint128((uint64_t)128U)), + 128U, + ipad, + s); + } + else + { + uint32_t block_len = 128U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha384_update_nblocks(128U, ipad, s); + Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha384_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha384_init(s); + uint32_t block_len = 128U; + uint32_t n_blocks0 = 48U / block_len; + uint32_t rem0 = 48U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha384_update_nblocks(128U, opad, s); + Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha384_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 128U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 128U) + { + ite = key_len; + } + else + { + ite = 64U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 128U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_512(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint64_t *os = st; + uint64_t x = Hacl_Hash_SHA2_h512[i]; + os[i] = x;); + uint64_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL), + FStar_UInt128_uint64_to_uint128((uint64_t)128U)), + 128U, + ipad, + s); + } + else + { + uint32_t block_len = 128U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha512_update_nblocks(128U, ipad, s); + Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha512_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha512_init(s); + uint32_t block_len = 128U; + uint32_t n_blocks0 = 64U / block_len; + uint32_t rem0 = 64U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha512_update_nblocks(128U, opad, s); + Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha512_finish(s, dst); +} + +/** +Write the HMAC-SHA-3-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 144 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 144U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 144U) + { + ite = key_len; + } + else + { + ite = 28U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 144U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_224(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_224, s, ipad, 144U); + } + else + { + uint32_t block_len = 144U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_224, s, rem, rem_len); + } + uint32_t remOut = 28U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 28U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 144U; + uint32_t n_blocks0 = 28U / block_len; + uint32_t rem0 = 28U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 28U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_224, s, rem, rem_len); + uint32_t remOut0 = 28U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 28U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-SHA-3-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 136 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 136U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 136U) + { + ite = key_len; + } + else + { + ite = 32U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 136U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_256(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_256, s, ipad, 136U); + } + else + { + uint32_t block_len = 136U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_256, s, rem, rem_len); + } + uint32_t remOut = 32U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 32U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 136U; + uint32_t n_blocks0 = 32U / block_len; + uint32_t rem0 = 32U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_256, s, rem, rem_len); + uint32_t remOut0 = 32U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 32U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-SHA-3-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 104 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 104U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 104U) + { + ite = key_len; + } + else + { + ite = 48U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 104U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_384(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_384, s, ipad, 104U); + } + else + { + uint32_t block_len = 104U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_384, s, rem, rem_len); + } + uint32_t remOut = 48U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 48U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 104U; + uint32_t n_blocks0 = 48U / block_len; + uint32_t rem0 = 48U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_384, s, rem, rem_len); + uint32_t remOut0 = 48U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 48U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-SHA-3-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 72 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 72U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 72U) + { + ite = key_len; + } + else + { + ite = 64U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 72U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_512(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_512, s, ipad, 72U); + } + else + { + uint32_t block_len = 72U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_512, s, rem, rem_len); + } + uint32_t remOut = 64U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 64U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 72U; + uint32_t n_blocks0 = 64U / block_len; + uint32_t rem0 = 64U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_512, s, rem, rem_len); + uint32_t remOut0 = 64U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 64U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2s_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 32U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t s[16U] = { 0U }; + Hacl_Hash_Blake2s_init(s, 0U, 32U); + uint32_t *s0 = s; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + uint32_t wv[16U] = { 0U }; + Hacl_Hash_Blake2s_update_last(64U, wv, s0, false, 0ULL, 64U, ipad); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + uint32_t wv[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, ipad, 1U); + uint32_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(n_blocks * 64U, + wv0, + s0, + (uint64_t)block_len, + full_blocks, + n_blocks); + uint32_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2s_update_last(rem_len, + wv1, + s0, + false, + (uint64_t)64U + (uint64_t)full_blocks_len, + rem_len, + rem); + } + Hacl_Hash_Blake2s_finish(32U, dst1, s0); + uint8_t *hash1 = ipad; + Hacl_Hash_Blake2s_init(s0, 0U, 32U); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 32U / block_len; + uint32_t rem0 = 32U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + uint32_t wv[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, opad, 1U); + uint32_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(n_blocks * 64U, + wv0, + s0, + (uint64_t)block_len, + full_blocks, + n_blocks); + uint32_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2s_update_last(rem_len, + wv1, + s0, + false, + (uint64_t)64U + (uint64_t)full_blocks_len, + rem_len, + rem); + Hacl_Hash_Blake2s_finish(32U, dst, s0); +} + +/** +Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2b_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 128U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 128U) + { + ite = key_len; + } + else + { + ite = 64U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 128U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[16U] = { 0U }; + Hacl_Hash_Blake2b_init(s, 0U, 64U); + uint64_t *s0 = s; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + uint64_t wv[16U] = { 0U }; + Hacl_Hash_Blake2b_update_last(128U, + wv, + s0, + false, + FStar_UInt128_uint64_to_uint128(0ULL), + 128U, + ipad); + } + else + { + uint32_t block_len = 128U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + uint64_t wv[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), ipad, 1U); + uint64_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(n_blocks * 128U, + wv0, + s0, + FStar_UInt128_uint64_to_uint128((uint64_t)block_len), + full_blocks, + n_blocks); + uint64_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2b_update_last(rem_len, + wv1, + s0, + false, + FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + rem_len, + rem); + } + Hacl_Hash_Blake2b_finish(64U, dst1, s0); + uint8_t *hash1 = ipad; + Hacl_Hash_Blake2b_init(s0, 0U, 64U); + uint32_t block_len = 128U; + uint32_t n_blocks0 = 64U / block_len; + uint32_t rem0 = 64U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + uint64_t wv[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), opad, 1U); + uint64_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(n_blocks * 128U, + wv0, + s0, + FStar_UInt128_uint64_to_uint128((uint64_t)block_len), + full_blocks, + n_blocks); + uint64_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2b_update_last(rem_len, + wv1, + s0, + false, + FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + rem_len, + rem); + Hacl_Hash_Blake2b_finish(64U, dst, s0); +} + diff --git a/Modules/_hacl/Hacl_HMAC.h b/Modules/_hacl/Hacl_HMAC.h new file mode 100644 index 00000000000000..6feb51a88626c9 --- /dev/null +++ b/Modules/_hacl/Hacl_HMAC.h @@ -0,0 +1,231 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_HMAC_H +#define __Hacl_HMAC_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "python_hacl_namespaces.h" +#include "krml/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Streaming_Types.h" + +#include "Hacl_Hash_SHA3.h" +#include "Hacl_Hash_SHA2.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b.h" + +/** +Write the HMAC-MD5 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 16 bytes of memory. +*/ +void +Hacl_HMAC_compute_md5( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 20 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha1( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 144 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 136 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 104 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 72 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2s_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2b_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_HMAC_H_DEFINED +#endif diff --git a/Modules/_hacl/Hacl_Hash_Blake2b.c b/Modules/_hacl/Hacl_Hash_Blake2b.c index cd3b9777e09f6c..1bab75e6aaf2ab 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2b.c +++ b/Modules/_hacl/Hacl_Hash_Blake2b.c @@ -1029,7 +1029,8 @@ Hacl_Hash_Blake2b_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c b/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c index 92b2e8f539041b..19234ab9d7f9b2 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c +++ b/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c @@ -855,7 +855,8 @@ Hacl_Hash_Blake2b_Simd256_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_Blake2s.c b/Modules/_hacl/Hacl_Hash_Blake2s.c index e5e0ecd0bfde7e..ceb7385072e048 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2s.c +++ b/Modules/_hacl/Hacl_Hash_Blake2s.c @@ -1011,7 +1011,8 @@ Hacl_Hash_Blake2s_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c b/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c index f675a7f14f192f..3b68783bfad9b4 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c +++ b/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c @@ -842,7 +842,8 @@ Hacl_Hash_Blake2s_Simd128_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_SHA2.c b/Modules/_hacl/Hacl_Hash_SHA2.c index 4b6af5fc78c680..cc930bbc89e8ad 100644 --- a/Modules/_hacl/Hacl_Hash_SHA2.c +++ b/Modules/_hacl/Hacl_Hash_SHA2.c @@ -211,7 +211,7 @@ void Hacl_Hash_SHA2_sha224_init(uint32_t *hash) os[i] = x;); } -static inline void sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st) +void Hacl_Hash_SHA2_sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st) { Hacl_Hash_SHA2_sha256_update_nblocks(len, b, st); } @@ -825,7 +825,7 @@ void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *outpu } uint8_t *buf_last = buf_1 + r - ite; uint8_t *buf_multi = buf_1; - sha224_update_nblocks(0U, buf_multi, tmp_block_state); + Hacl_Hash_SHA2_sha224_update_nblocks(0U, buf_multi, tmp_block_state); uint64_t prev_len_last = total_len - (uint64_t)r; Hacl_Hash_SHA2_sha224_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state); Hacl_Hash_SHA2_sha224_finish(tmp_block_state, output); @@ -847,7 +847,7 @@ void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len Hacl_Hash_SHA2_sha224_init(st); uint32_t rem = input_len % 64U; uint64_t len_ = (uint64_t)input_len; - sha224_update_nblocks(input_len, ib, st); + Hacl_Hash_SHA2_sha224_update_nblocks(input_len, ib, st); uint32_t rem1 = input_len % 64U; uint8_t *b0 = ib; uint8_t *lb = b0 + input_len - rem1; diff --git a/Modules/_hacl/Hacl_Hash_SHA3.c b/Modules/_hacl/Hacl_Hash_SHA3.c index 9cf5abb330b180..b964e1d9c0aa69 100644 --- a/Modules/_hacl/Hacl_Hash_SHA3.c +++ b/Modules/_hacl/Hacl_Hash_SHA3.c @@ -251,7 +251,8 @@ Hacl_Hash_SHA3_update_multi_sha3( uint8_t *bl0 = b_; uint8_t *uu____0 = b0 + i * block_len(a); memcpy(bl0, uu____0, block_len(a) * sizeof (uint8_t)); - block_len(a); + uint32_t unused = block_len(a); + KRML_MAYBE_UNUSED_VAR(unused); absorb_inner_32(b_, s); } } diff --git a/Modules/_hacl/internal/Hacl_HMAC.h b/Modules/_hacl/internal/Hacl_HMAC.h new file mode 100644 index 00000000000000..5038a6cf224a70 --- /dev/null +++ b/Modules/_hacl/internal/Hacl_HMAC.h @@ -0,0 +1,59 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_HMAC_H +#define __internal_Hacl_HMAC_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + + +#include "internal/Hacl_Hash_SHA3.h" +#include "internal/Hacl_Hash_SHA2.h" +#include "internal/Hacl_Hash_SHA1.h" +#include "internal/Hacl_Hash_MD5.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" +#include "../Hacl_HMAC.h" + +typedef struct K___uint32_t_uint32_t_s +{ + uint32_t fst; + uint32_t snd; +} +K___uint32_t_uint32_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_HMAC_H_DEFINED +#endif diff --git a/Modules/_hacl/internal/Hacl_Hash_SHA2.h b/Modules/_hacl/internal/Hacl_Hash_SHA2.h index 0127f4373fb1a1..cb60f9e9bd4df6 100644 --- a/Modules/_hacl/internal/Hacl_Hash_SHA2.h +++ b/Modules/_hacl/internal/Hacl_Hash_SHA2.h @@ -123,6 +123,8 @@ void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h); void Hacl_Hash_SHA2_sha224_init(uint32_t *hash); +void Hacl_Hash_SHA2_sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st); + void Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st); diff --git a/Modules/_hacl/python_hacl_namespaces.h b/Modules/_hacl/python_hacl_namespaces.h index 8a1f4aef384d62..052b893112f18f 100644 --- a/Modules/_hacl/python_hacl_namespaces.h +++ b/Modules/_hacl/python_hacl_namespaces.h @@ -209,4 +209,11 @@ #define Hacl_Hash_SHA3_state_free python_hashlib_Hacl_Hash_SHA3_state_free #define Hacl_Hash_SHA3_state_malloc python_hashlib_Hacl_Hash_SHA3_state_malloc +#define Hacl_HMAC_compute_sha1 python_hashlib_Hacl_HMAC_compute_sha1 +#define Hacl_HMAC_compute_sha2_256 python_hashlib_Hacl_HMAC_compute_sha2_256 +#define Hacl_HMAC_compute_sha2_384 python_hashlib_Hacl_HMAC_compute_sha2_384 +#define Hacl_HMAC_compute_sha2_512 python_hashlib_Hacl_HMAC_compute_sha2_512 +#define Hacl_HMAC_compute_blake2s_32 python_hashlib_Hacl_HMAC_compute_blake2s_32 +#define Hacl_HMAC_compute_blake2b_32 python_hashlib_Hacl_HMAC_compute_blake2b_32 + #endif // _PYTHON_HACL_NAMESPACES_H diff --git a/Modules/_hacl/refresh.sh b/Modules/_hacl/refresh.sh index 6234fea9f17bc7..78b9c8acd762e0 100755 --- a/Modules/_hacl/refresh.sh +++ b/Modules/_hacl/refresh.sh @@ -22,7 +22,7 @@ fi # Update this when updating to a new version after verifying that the changes # the update brings in are good. -expected_hacl_star_rev=315a9e491d2bc347b9dae99e0ea506995ea84d9d +expected_hacl_star_rev=fc2e38f4d899ba28665c5b91caedaf35b3b37452 hacl_dir="$(realpath "$1")" cd "$(dirname "$0")" @@ -41,6 +41,7 @@ fi declare -a dist_files dist_files=( Hacl_Streaming_Types.h +# Cryptographic Hash Functions (headers) Hacl_Hash_MD5.h Hacl_Hash_SHA1.h Hacl_Hash_SHA2.h @@ -49,6 +50,9 @@ dist_files=( Hacl_Hash_Blake2s.h Hacl_Hash_Blake2b_Simd256.h Hacl_Hash_Blake2s_Simd128.h +# Cryptographic Primitives (headers) + Hacl_HMAC.h +# Cryptographic Hash Functions (internal headers) internal/Hacl_Hash_MD5.h internal/Hacl_Hash_SHA1.h internal/Hacl_Hash_SHA2.h @@ -58,6 +62,9 @@ dist_files=( internal/Hacl_Hash_Blake2b_Simd256.h internal/Hacl_Hash_Blake2s_Simd128.h internal/Hacl_Impl_Blake2_Constants.h +# Cryptographic Primitives (internal headers) + internal/Hacl_HMAC.h +# Cryptographic Hash Functions (sources) Hacl_Hash_MD5.c Hacl_Hash_SHA1.c Hacl_Hash_SHA2.c @@ -66,6 +73,9 @@ dist_files=( Hacl_Hash_Blake2s.c Hacl_Hash_Blake2b_Simd256.c Hacl_Hash_Blake2s_Simd128.c +# Cryptographic Primitives (sources) + Hacl_HMAC.c +# Miscellaneous libintvector.h lib_memzero0.h Lib_Memzero0.c @@ -143,7 +153,9 @@ $sed -i -z 's!\(extern\|typedef\)[^;]*;\n\n!!g' include/krml/FStar_UInt_8_16_32_ $sed -i 's!#include.*Hacl_Krmllib.h"!!g' "${all_files[@]}" # Use globally unique names for the Hacl_ C APIs to avoid linkage conflicts. -$sed -i -z 's!#include \n!#include \n#include "python_hacl_namespaces.h"\n!' Hacl_Hash_*.h +$sed -i -z 's!#include \n!#include \n#include "python_hacl_namespaces.h"\n!' \ + Hacl_Hash_*.h \ + Hacl_HMAC.h # Finally, we remove a bunch of ifdefs from target.h that are, again, useful in # the general case, but not exercised by the subset of HACL* that we vendor. From 5a410f8f3747576e8e7a45565c34b9e517ddfca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 14:08:22 +0100 Subject: [PATCH 02/36] Update SBOM files --- Misc/sbom.spdx.json | 97 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 77 insertions(+), 20 deletions(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index cc73e93009b43f..36df377910d9d2 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -295,16 +295,44 @@ ], "fileName": "Modules/expat/xmltok_ns.c" }, + { + "SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "39845bf2f06d85ba98824f6f4f02f3a2f27d4d1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "0ca9c580923d8e88e09d8b709257462dcf11eb18ea40d9b782e0ffa694141bbd" + } + ], + "fileName": "Modules/_hacl/Hacl_HMAC.c" + }, + { + "SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.h", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "397e27ce27de4f18a209033ed7f576a005a0c8c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "b584dc409211857210c3444973cf84dc5efba7d29ca4ebdbe1305170ac5dfb73" + } + ], + "fileName": "Modules/_hacl/Hacl_HMAC.h" + }, { "SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-Hash-Blake2b.c", "checksums": [ { "algorithm": "SHA1", - "checksumValue": "a34e821b68ef5334eccf4f729b28bb7bb65b965e" + "checksumValue": "1cd3cda98e0e6882a13a59268b88640c542350fd" }, { "algorithm": "SHA256", - "checksumValue": "4582db9143c0810b98838a5357c577e0b32ae77f3018486159df4e0dfd3fce3c" + "checksumValue": "41a420bc9355e451720e60e9536e66f04dc6e416ca9217c4ab18d827887a2e08" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2b.c" @@ -328,11 +356,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "0ffe60c6d5eed5dd222515e820d461d319d16b1f" + "checksumValue": "0ceef306590ec12251db03a31fc08ecba697486d" }, { "algorithm": "SHA256", - "checksumValue": "4804cb3ce68bfdcf98853d6f1d77b4a844a3c2796f776b39770ba327e400d402" + "checksumValue": "1575a23b21319e55e670f74194fc2dfd1777eb5a3816cad43750e03da6e44db9" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c" @@ -370,11 +398,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "cf035ffeff875bc74345a47373ce25dc408ea9dc" + "checksumValue": "9616a9f8d795d64487bf86a96719f943729621e2" }, { "algorithm": "SHA256", - "checksumValue": "579059b002c45fab0fed6381e85c3f5eaf1d959400ca64b103542ac6c35bade3" + "checksumValue": "5ecde5ddc8ec073cffe64d60e868535d995f33fb0f87f9b50e68bd2a694b7434" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2s.c" @@ -398,11 +426,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "9bb53022d158a9c349edb52a8def8aac7d098a4e" + "checksumValue": "5b950ce0a5c8f0c2c56b4ac96e1943b504255d45" }, { "algorithm": "SHA256", - "checksumValue": "2abde0c6b5da0402e91b4bedfe786c24b908fbdc04e08e74651c7624729254d9" + "checksumValue": "5a5f5d8e376dc30d89fd6c6c435157fe9ffa5308030e7abb1256afaee0765536" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c" @@ -496,11 +524,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "f2aa3ed6acce621c162bc3a0592780ce5aa3bc4d" + "checksumValue": "b0aa8810339adb09623ffa429246b4324fac4565" }, { "algorithm": "SHA256", - "checksumValue": "30638efb75c8b185bb09c3df6977e3f3c5d21a1e696218cf7ade6bc4d5201b31" + "checksumValue": "2288f8f860efe80eed4f1e14ef570079b7459aeb41f87e94e691d7cf5e0e7adb" } ], "fileName": "Modules/_hacl/Hacl_Hash_SHA2.c" @@ -524,11 +552,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "fc2c3ef83a71bef42eb3f73b78e4ef6642a4634e" + "checksumValue": "ef374b9d0951ebb38006af944dd4b38a6cf3abb2" }, { "algorithm": "SHA256", - "checksumValue": "e4f3ed9d1e8f661482cbd2d04b197e15cc3b698c5ef2ddedf0eb65df320dbbc4" + "checksumValue": "164df19f229143006c5f9a3c0bd771415f152bfbc7efb61c337fa0f903003eb3" } ], "fileName": "Modules/_hacl/Hacl_Hash_SHA3.c" @@ -659,6 +687,20 @@ ], "fileName": "Modules/_hacl/include/krml/types.h" }, + { + "SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-HMAC.h", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aef7c96186f1f5b5058b4ddffd3ccdd5d6e33669" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d2ea32f3384513de59df04820bc09c4a3dd9b83aa8cd8e292981b5c19ac55c3" + } + ], + "fileName": "Modules/_hacl/internal/Hacl_HMAC.h" + }, { "SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Hash-Blake2b.h", "checksums": [ @@ -748,11 +790,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "0018e084339058dd454b4e49d10d236b4f896bf8" + "checksumValue": "2e9ae174142fc491f20567ab8b5c08cef9b07cfe" }, { "algorithm": "SHA256", - "checksumValue": "10e959a92b3288a6165a404c8fae2bbcd7fb00a9abbae2b7809fa55d6fe9068d" + "checksumValue": "07100964adcf4b5f8bd4773e25f475b34cd180b90df8b1c0052e55c008b7cc49" } ], "fileName": "Modules/_hacl/internal/Hacl_Hash_SHA2.h" @@ -818,11 +860,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "37e3eb63c5c6f8ae671748bfde642c180b96d2de" + "checksumValue": "d707a40ab54dabab9958205005be3cb91b73a3da" }, { "algorithm": "SHA256", - "checksumValue": "0b5c7892cc25a2b3467936c1f346a6186d9d0a257d1bd5671beda253b66e0f68" + "checksumValue": "775bf3c0303b1228d404a864e20e3e283971a33ddd22c3e4592085b03f5ac460" } ], "fileName": "Modules/_hacl/python_hacl_namespaces.h" @@ -1640,14 +1682,14 @@ "checksums": [ { "algorithm": "SHA256", - "checksumValue": "935ae51d0ff0bf1403f0ecc1ff02b8f685d09053618558c07fbe4bd2abbc5dd1" + "checksumValue": "cbd19d064b3136172cabe88ab1b51fe2ee5264fe8eaf4a586355533ffe97977d" } ], - "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/315a9e491d2bc347b9dae99e0ea506995ea84d9d.zip", + "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/fc2e38f4d899ba28665c5b91caedaf35b3b37452.zip", "externalRefs": [ { "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:315a9e491d2bc347b9dae99e0ea506995ea84d9d:*:*:*:*:*:*:*", + "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:fc2e38f4d899ba28665c5b91caedaf35b3b37452:*:*:*:*:*:*:*", "referenceType": "cpe23Type" } ], @@ -1655,7 +1697,7 @@ "name": "hacl-star", "originator": "Organization: HACL* Developers", "primaryPackagePurpose": "SOURCE", - "versionInfo": "315a9e491d2bc347b9dae99e0ea506995ea84d9d" + "versionInfo": "fc2e38f4d899ba28665c5b91caedaf35b3b37452" }, { "SPDXID": "SPDXRef-PACKAGE-macholib", @@ -1808,6 +1850,16 @@ "relationshipType": "CONTAINS", "spdxElementId": "SPDXRef-PACKAGE-expat" }, + { + "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-PACKAGE-hacl-star" + }, + { + "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.h", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-PACKAGE-hacl-star" + }, { "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-Hash-Blake2b.c", "relationshipType": "CONTAINS", @@ -1938,6 +1990,11 @@ "relationshipType": "CONTAINS", "spdxElementId": "SPDXRef-PACKAGE-hacl-star" }, + { + "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-HMAC.h", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-PACKAGE-hacl-star" + }, { "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Hash-Blake2b.h", "relationshipType": "CONTAINS", From c1c7c92db7d08aca324ba88f18cfdb88e224a5e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:14:32 +0100 Subject: [PATCH 03/36] Update HACL (CPython) namespace --- Modules/_hacl/python_hacl_namespaces.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Modules/_hacl/python_hacl_namespaces.h b/Modules/_hacl/python_hacl_namespaces.h index 052b893112f18f..acb0e34e8963d8 100644 --- a/Modules/_hacl/python_hacl_namespaces.h +++ b/Modules/_hacl/python_hacl_namespaces.h @@ -209,10 +209,21 @@ #define Hacl_Hash_SHA3_state_free python_hashlib_Hacl_Hash_SHA3_state_free #define Hacl_Hash_SHA3_state_malloc python_hashlib_Hacl_Hash_SHA3_state_malloc +// HMAC-MD5 +#define Hacl_HMAC_compute_md5 python_hashlib_Hacl_HMAC_compute_md5 +// HMAC-SHA-1 #define Hacl_HMAC_compute_sha1 python_hashlib_Hacl_HMAC_compute_sha1 +// HMAC-SHA-2 +#define Hacl_HMAC_compute_sha2_224 python_hashlib_Hacl_HMAC_compute_sha2_224 #define Hacl_HMAC_compute_sha2_256 python_hashlib_Hacl_HMAC_compute_sha2_256 #define Hacl_HMAC_compute_sha2_384 python_hashlib_Hacl_HMAC_compute_sha2_384 #define Hacl_HMAC_compute_sha2_512 python_hashlib_Hacl_HMAC_compute_sha2_512 +// HMAC-SHA-3 +#define Hacl_HMAC_compute_sha3_224 python_hashlib_Hacl_HMAC_compute_sha3_224 +#define Hacl_HMAC_compute_sha3_256 python_hashlib_Hacl_HMAC_compute_sha3_256 +#define Hacl_HMAC_compute_sha3_384 python_hashlib_Hacl_HMAC_compute_sha3_384 +#define Hacl_HMAC_compute_sha3_512 python_hashlib_Hacl_HMAC_compute_sha3_512 +// HMAC-BLAKE #define Hacl_HMAC_compute_blake2s_32 python_hashlib_Hacl_HMAC_compute_blake2s_32 #define Hacl_HMAC_compute_blake2b_32 python_hashlib_Hacl_HMAC_compute_blake2b_32 From 2901987980deae93e986bedc5b72f63004f70ffe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:14:57 +0100 Subject: [PATCH 04/36] Update HACL (CPython) README --- Modules/_hacl/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Modules/_hacl/README.md b/Modules/_hacl/README.md index e6a156a54b3cee..0d6454cdd6efb3 100644 --- a/Modules/_hacl/README.md +++ b/Modules/_hacl/README.md @@ -8,10 +8,10 @@ safety, functional correctness, and secret independence. ## Updating HACL* -Use the `refresh.sh` script in this directory to pull in a new upstream code -version. The upstream git hash used for the most recent code pull is recorded -in the script. Modify the script as needed to bring in more if changes are -needed based on upstream code refactoring. +Use the [refresh.sh](refresh.sh) script in this directory to pull in a new +upstream code version. The upstream git hash used for the most recent code +pull is recorded in the script. Modify the script as needed to bring in more +if changes are needed based on upstream code refactoring. Never manually edit HACL\* files. Always add transformation shell code to the `refresh.sh` script to perform any necessary edits. If there are serious code @@ -19,9 +19,9 @@ changes needed, work with the upstream repository. ## Local files -1. `./include/python_hacl_namespaces.h` -1. `./README.md` -1. `./refresh.sh` +* [python_hacl_namespaces.h](python_hacl_namespaces.h) +* [README.md](README.md) +* [refresh.sh](refresh.sh) ## ACKS From 92a1e76f3df370c0dd9b79aef63ef30ac389d1a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:20:23 +0100 Subject: [PATCH 05/36] Update `configure` script --- configure | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 13 +++++++++++ 2 files changed, 77 insertions(+) diff --git a/configure b/configure index 1097747e055179..df724b42444090 100755 --- a/configure +++ b/configure @@ -718,6 +718,8 @@ LIBHACL_SIMD256_FLAGS LIBHACL_SIMD128_OBJS LIBHACL_SIMD128_FLAGS LIBHACL_CFLAGS +MODULE__HMAC_FALSE +MODULE__HMAC_TRUE MODULE__BLAKE2_FALSE MODULE__BLAKE2_TRUE MODULE__SHA3_FALSE @@ -1133,6 +1135,7 @@ with_openssl with_openssl_rpath with_ssl_default_suites with_builtin_hashlib_hashes +with_builtin_hashlib_hmac enable_test_modules ' ac_precious_vars='build_alias @@ -1955,6 +1958,9 @@ Optional Packages: --with-builtin-hashlib-hashes=md5,sha1,sha2,sha3,blake2 builtin hash modules, md5, sha1, sha2, sha3 (with shake), blake2 + --with-builtin-hashlib-hmac + use builtin HACL* HMAC when possible [default is + yes] Some influential environment variables: PKG_CONFIG path to pkg-config utility @@ -29084,6 +29090,21 @@ esac done IFS=$as_save_IFS +# builtin HACL* HMAC module +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --with-builtin-hashlib-hmac=yes,no" >&5 +printf %s "checking for --with-builtin-hashlib-hmac=yes,no... " >&6; } + +# Check whether --with-builtin-hashlib-hmac was given. +if test ${with_builtin_hashlib_hmac+y} +then : + withval=$with_builtin_hashlib_hmac; with_builtin_hashlib_hmac=$with_val +else $as_nop + with_builtin_hashlib_hmac=yes +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_builtin_hashlib_hmac" >&5 +printf "%s\n" "$with_builtin_hashlib_hmac" >&6; } + # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --disable-test-modules" >&5 @@ -30765,6 +30786,45 @@ fi printf "%s\n" "$py_cv_module__blake2" >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 +printf %s "checking for stdlib extension module _hmac... " >&6; } + if test "$py_cv_module__hmac" != "n/a" +then : + + if test "$with_builtin_hashlib_hmac" = yes +then : + if true +then : + py_cv_module__hmac=yes +else $as_nop + py_cv_module__hmac=missing +fi +else $as_nop + py_cv_module__hmac=disabled +fi + +fi + as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" + if test "x$py_cv_module__hmac" = xyes +then : + + + + +fi + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 +printf "%s\n" "$py_cv_module__hmac" >&6; } + + LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) @@ -32406,6 +32466,10 @@ if test -z "${MODULE__BLAKE2_TRUE}" && test -z "${MODULE__BLAKE2_FALSE}"; then as_fn_error $? "conditional \"MODULE__BLAKE2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${MODULE__HMAC_TRUE}" && test -z "${MODULE__HMAC_FALSE}"; then + as_fn_error $? "conditional \"MODULE__HMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${MODULE__CTYPES_TRUE}" && test -z "${MODULE__CTYPES_FALSE}"; then as_fn_error $? "conditional \"MODULE__CTYPES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 diff --git a/configure.ac b/configure.ac index 6d514705e91ce5..d266e01fb62b80 100644 --- a/configure.ac +++ b/configure.ac @@ -7502,6 +7502,15 @@ for builtin_hash in $with_builtin_hashlib_hashes; do done IFS=$as_save_IFS +# builtin HACL* HMAC module +AC_MSG_CHECKING([for --with-builtin-hashlib-hmac=yes,no]) +AC_ARG_WITH([builtin-hashlib-hmac], + [AS_HELP_STRING([--with-builtin-hashlib-hmac], + [use builtin HACL* HMAC when possible @<:@default is yes@:>@])], + [with_builtin_hashlib_hmac=$with_val], + [with_builtin_hashlib_hmac=yes]) +AC_MSG_RESULT([$with_builtin_hashlib_hmac]) + # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. AC_MSG_CHECKING([for --disable-test-modules]) @@ -7843,6 +7852,10 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) +dnl We always build the '_hmac' extension module but falls back +dnl to the Python implementation if needs arise. +PY_STDLIB_MOD([_hmac], [test "$with_builtin_hashlib_hmac" = yes]) + LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) From 027964bf24e86e86a1f5220d0b769b95a4cccc66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:20:46 +0100 Subject: [PATCH 06/36] Update Makefile scripts --- Makefile.pre.in | 112 +++++++++++++++++++++++++++++++++------- Modules/Setup | 11 ++-- Modules/Setup.stdlib.in | 13 +++-- 3 files changed, 108 insertions(+), 28 deletions(-) diff --git a/Makefile.pre.in b/Makefile.pre.in index b0263f9f4c21da..8b985cca66e9a2 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -227,8 +227,12 @@ ENSUREPIP= @ENSUREPIP@ # Internal static libraries LIBMPDEC_A= Modules/_decimal/libmpdec/libmpdec.a LIBEXPAT_A= Modules/expat/libexpat.a +LIBHACL_MD5_A= Modules/_hacl/libHacl_Hash_MD5.a +LIBHACL_SHA1_A= Modules/_hacl/libHacl_Hash_SHA1.a LIBHACL_SHA2_A= Modules/_hacl/libHacl_Hash_SHA2.a +LIBHACL_SHA3_A= Modules/_hacl/libHacl_Hash_SHA3.a LIBHACL_BLAKE2_A= Modules/_hacl/libHacl_Hash_Blake2.a +LIBHACL_HMAC_A= Modules/_hacl/libHacl_HMAC.a LIBHACL_CFLAGS=@LIBHACL_CFLAGS@ LIBHACL_SIMD128_FLAGS=@LIBHACL_SIMD128_FLAGS@ LIBHACL_SIMD256_FLAGS=@LIBHACL_SIMD256_FLAGS@ @@ -657,29 +661,61 @@ LIBEXPAT_HEADERS= \ ########################################################################## # hashlib's HACL* library +LIBHACL_MD5_OBJS= \ + Modules/_hacl/Hacl_Hash_MD5.o + +LIBHACL_SHA1_OBJS= \ + Modules/_hacl/Hacl_Hash_SHA1.o + LIBHACL_SHA2_OBJS= \ - Modules/_hacl/Hacl_Hash_SHA2.o + Modules/_hacl/Hacl_Hash_SHA2.o + +LIBHACL_SHA3_OBJS= \ + Modules/_hacl/Hacl_Hash_SHA3.o LIBHACL_BLAKE2_OBJS= \ - Modules/_hacl/Hacl_Hash_Blake2s.o \ - Modules/_hacl/Hacl_Hash_Blake2b.o \ - Modules/_hacl/Lib_Memzero0.o \ + Modules/_hacl/Hacl_Hash_Blake2s.o \ + Modules/_hacl/Hacl_Hash_Blake2b.o \ + Modules/_hacl/Lib_Memzero0.o \ $(LIBHACL_SIMD128_OBJS) \ $(LIBHACL_SIMD256_OBJS) +LIBHACL_HMAC_OBJS= \ + Modules/_hacl/Hacl_HMAC.o \ + $(LIBHACL_MD5_OBJS) \ + $(LIBHACL_SHA1_OBJS) \ + $(LIBHACL_SHA2_OBJS) \ + $(LIBHACL_SHA3_OBJS) \ + $(LIBHACL_BLAKE2_OBJS) + LIBHACL_HEADERS= \ - Modules/_hacl/include/krml/FStar_UInt128_Verified.h \ - Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \ - Modules/_hacl/include/krml/fstar_uint128_struct_endianness.h \ - Modules/_hacl/include/krml/internal/target.h \ - Modules/_hacl/include/krml/lowstar_endianness.h \ - Modules/_hacl/include/krml/types.h \ + Modules/_hacl/include/krml/FStar_UInt128_Verified.h \ + Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \ + Modules/_hacl/include/krml/fstar_uint128_struct_endianness.h \ + Modules/_hacl/include/krml/internal/target.h \ + Modules/_hacl/include/krml/lowstar_endianness.h \ + Modules/_hacl/include/krml/types.h \ Modules/_hacl/Hacl_Streaming_Types.h \ - Modules/_hacl/python_hacl_namespaces.h + Modules/_hacl/python_hacl_namespaces.h + +LIBHACL_MD5_HEADERS= \ + Modules/_hacl/Hacl_Hash_MD5.h \ + Modules/_hacl/internal/Hacl_Hash_MD5.h \ + $(LIBHACL_HEADERS) + +LIBHACL_SHA1_HEADERS= \ + Modules/_hacl/Hacl_Hash_SHA1.h \ + Modules/_hacl/internal/Hacl_Hash_SHA1.h \ + $(LIBHACL_HEADERS) LIBHACL_SHA2_HEADERS= \ - Modules/_hacl/Hacl_Hash_SHA2.h \ - Modules/_hacl/internal/Hacl_Hash_SHA2.h \ + Modules/_hacl/Hacl_Hash_SHA2.h \ + Modules/_hacl/internal/Hacl_Hash_SHA2.h \ + $(LIBHACL_HEADERS) + +LIBHACL_SHA3_HEADERS= \ + Modules/_hacl/Hacl_Hash_SHA3.h \ + Modules/_hacl/internal/Hacl_Hash_SHA3.h \ $(LIBHACL_HEADERS) LIBHACL_BLAKE2_HEADERS= \ @@ -694,6 +730,16 @@ LIBHACL_BLAKE2_HEADERS= \ Modules/_hacl/internal/Hacl_Hash_Blake2b_Simd256.h \ $(LIBHACL_HEADERS) +LIBHACL_HMAC_HEADERS= \ + Modules/_hacl/Hacl_HMAC.h \ + Modules/_hacl/internal/Hacl_HMAC.h \ + $(LIBHACL_MD5_HEADERS) \ + $(LIBHACL_SHA1_HEADERS) \ + $(LIBHACL_SHA2_HEADERS) \ + $(LIBHACL_SHA3_HEADERS) \ + $(LIBHACL_BLAKE2_HEADERS) \ + $(LIBHACL_HEADERS) + ######################################################################### # Rules @@ -1377,10 +1423,25 @@ $(LIBEXPAT_A): $(LIBEXPAT_OBJS) $(AR) $(ARFLAGS) $@ $(LIBEXPAT_OBJS) ########################################################################## -# Build HACL* static libraries for hashlib: libHacl_Hash_SHA2.a, and -# libHacl_Blake2.a -- the contents of the latter vary depending on whether we +# Build HACL* static libraries for hashlib and HACL* HMAC. +# +# The contents of libHacl_Blake2.a vary depending on whether we # have the ability to compile vectorized versions +Modules/_hacl/Hacl_Hash_MD5.o: $(srcdir)/Modules/_hacl/Hacl_Hash_MD5.c $(LIBHACL_MD5_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_MD5.c + +$(LIBHACL_MD5_A): $(LIBHACL_MD5_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_MD5_OBJS) + +Modules/_hacl/Hacl_Hash_SHA1.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA1.c $(LIBHACL_SHA1_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA1.c + +$(LIBHACL_SHA1_A): $(LIBHACL_SHA1_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_SHA1_OBJS) + Modules/_hacl/Hacl_Hash_SHA2.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c $(LIBHACL_SHA2_HEADERS) $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c @@ -1388,6 +1449,13 @@ $(LIBHACL_SHA2_A): $(LIBHACL_SHA2_OBJS) -rm -f $@ $(AR) $(ARFLAGS) $@ $(LIBHACL_SHA2_OBJS) +Modules/_hacl/Hacl_Hash_SHA3.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA3.c $(LIBHACL_SHA3_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA3.c + +$(LIBHACL_SHA3_A): $(LIBHACL_SHA3_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_SHA3_OBJS) + Modules/_hacl/Hacl_Hash_Blake2s.o: $(srcdir)/Modules/_hacl/Hacl_Hash_Blake2s.c $(LIBHACL_BLAKE2_HEADERS) $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_Blake2s.c @@ -1413,6 +1481,13 @@ $(LIBHACL_BLAKE2_A): $(LIBHACL_BLAKE2_OBJS) -rm -f $@ $(AR) $(ARFLAGS) $@ $(LIBHACL_BLAKE2_OBJS) +Modules/_hacl/Hacl_HMAC.o: $(srcdir)/Modules/_hacl/Hacl_HMAC.c $(LIBHACL_HMAC_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_HMAC.c + +$(LIBHACL_HMAC_A): $(LIBHACL_HMAC_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_HMAC_OBJS) + # create relative links from build/lib.platform/egg.so to Modules/egg.so # pybuilddir.txt is created too late. We cannot use it in Makefile # targets. ln --relative is not portable. @@ -3198,11 +3273,12 @@ MODULE__DECIMAL_DEPS=$(srcdir)/Modules/_decimal/docstrings.h @LIBMPDEC_INTERNAL@ MODULE__ELEMENTTREE_DEPS=$(srcdir)/Modules/pyexpat.c @LIBEXPAT_INTERNAL@ MODULE__HASHLIB_DEPS=$(srcdir)/Modules/hashlib.h MODULE__IO_DEPS=$(srcdir)/Modules/_io/_iomodule.h -MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_MD5.h Modules/_hacl/internal/Hacl_Hash_MD5.h Modules/_hacl/Hacl_Hash_MD5.c -MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA1.h Modules/_hacl/internal/Hacl_Hash_SHA1.h Modules/_hacl/Hacl_Hash_SHA1.c +MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_MD5_HEADERS) $(LIBHACL_MD5_A) +MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA1_HEADERS) $(LIBHACL_SHA1_A) MODULE__SHA2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA2_HEADERS) $(LIBHACL_SHA2_A) -MODULE__SHA3_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA3.h Modules/_hacl/internal/Hacl_Hash_SHA3.h Modules/_hacl/Hacl_Hash_SHA3.c +MODULE__SHA3_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA3_HEADERS) $(LIBHACL_SHA3_A) MODULE__BLAKE2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_BLAKE2_HEADERS) $(LIBHACL_BLAKE2_A) +MODULE__HMAC_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HMAC_HEADERS) $(LIBHACL_HMAC_A) MODULE__SOCKET_DEPS=$(srcdir)/Modules/socketmodule.h $(srcdir)/Modules/addrinfo.h $(srcdir)/Modules/getaddrinfo.c $(srcdir)/Modules/getnameinfo.c MODULE__SSL_DEPS=$(srcdir)/Modules/_ssl.h $(srcdir)/Modules/_ssl/cert.c $(srcdir)/Modules/_ssl/debughelpers.c $(srcdir)/Modules/_ssl/misc.c $(srcdir)/Modules/_ssl_data_111.h $(srcdir)/Modules/_ssl_data_300.h $(srcdir)/Modules/socketmodule.h MODULE__TESTCAPI_DEPS=$(srcdir)/Modules/_testcapi/parts.h $(srcdir)/Modules/_testcapi/util.h diff --git a/Modules/Setup b/Modules/Setup index ddf39e0b966610..f075571ab94577 100644 --- a/Modules/Setup +++ b/Modules/Setup @@ -165,11 +165,12 @@ PYTHONPATH=$(COREPYTHONPATH) #pyexpat pyexpat.c # hashing builtins -#_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -#_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_MD5.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA1.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_hmac hmacmodule.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_HMAC.a -D_BSD_SOURCE -D_DEFAULT_SOURCE # text encodings and unicode #_codecs_cn cjkcodecs/_codecs_cn.c diff --git a/Modules/Setup.stdlib.in b/Modules/Setup.stdlib.in index 52c0f883d383db..8999bf0f14a4b4 100644 --- a/Modules/Setup.stdlib.in +++ b/Modules/Setup.stdlib.in @@ -78,11 +78,14 @@ @MODULE_READLINE_TRUE@readline readline.c # hashing builtins, can be disabled with --without-builtin-hashlib-hashes -@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -@MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -@MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a +@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_MD5.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA1.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE + +# HMAC builtin, can be disabled with --without-builtin-hashlib-hmac +@MODULE__HMAC_TRUE@_hmac hmacmodule.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_HMAC.a -D_BSD_SOURCE -D_DEFAULT_SOURCE ############################################################################ # XML and text From 17a2e4649e4f7636a24c25d035d1dac5890fd567 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:21:02 +0100 Subject: [PATCH 07/36] Update MSVC project --- PCbuild/pythoncore.vcxproj | 2 ++ PCbuild/pythoncore.vcxproj.filters | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/PCbuild/pythoncore.vcxproj b/PCbuild/pythoncore.vcxproj index a4881e9256e4dd..c30db5f3285a63 100644 --- a/PCbuild/pythoncore.vcxproj +++ b/PCbuild/pythoncore.vcxproj @@ -433,6 +433,7 @@ + @@ -469,6 +470,7 @@ + diff --git a/PCbuild/pythoncore.vcxproj.filters b/PCbuild/pythoncore.vcxproj.filters index 740790cc5e1119..32f22a4007f64a 100644 --- a/PCbuild/pythoncore.vcxproj.filters +++ b/PCbuild/pythoncore.vcxproj.filters @@ -938,6 +938,9 @@ Modules + + Modules + Modules @@ -992,6 +995,9 @@ Modules + + Modules + Modules @@ -1007,6 +1013,9 @@ Modules + + Modules + Modules From 186094b09b1f23cb696e0dc4061935b7a456fe03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:21:11 +0100 Subject: [PATCH 08/36] Implement HACL* HMAC module --- Modules/clinic/hmacmodule.c.h | 545 ++++++++++++++++++++++++++++ Modules/hmacmodule.c | 277 ++++++++++++++ PC/config.c | 2 + Python/stdlib_module_names.h | 1 + Tools/c-analyzer/cpython/_parser.py | 1 + 5 files changed, 826 insertions(+) create mode 100644 Modules/clinic/hmacmodule.c.h create mode 100644 Modules/hmacmodule.c diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h new file mode 100644 index 00000000000000..3a4b7ffa29bae9 --- /dev/null +++ b/Modules/clinic/hmacmodule.c.h @@ -0,0 +1,545 @@ +/*[clinic input] +preserve +[clinic start generated code]*/ + +#include "pycore_critical_section.h"// Py_BEGIN_CRITICAL_SECTION() +#include "pycore_modsupport.h" // _PyArg_CheckPositional() + +PyDoc_STRVAR(_hmac_compute_md5__doc__, +"compute_md5($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_MD5_METHODDEF \ + {"compute_md5", _PyCFunction_CAST(_hmac_compute_md5), METH_FASTCALL, _hmac_compute_md5__doc__}, + +static PyObject * +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data); + +static PyObject * +_hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_md5", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_md5_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha1__doc__, +"compute_sha1($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA1_METHODDEF \ + {"compute_sha1", _PyCFunction_CAST(_hmac_compute_sha1), METH_FASTCALL, _hmac_compute_sha1__doc__}, + +static PyObject * +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data); + +static PyObject * +_hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha1", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha1_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, +"compute_sha2_224($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_224_METHODDEF \ + {"compute_sha2_224", _PyCFunction_CAST(_hmac_compute_sha2_224), METH_FASTCALL, _hmac_compute_sha2_224__doc__}, + +static PyObject * +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_224", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_224_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, +"compute_sha2_256($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_256_METHODDEF \ + {"compute_sha2_256", _PyCFunction_CAST(_hmac_compute_sha2_256), METH_FASTCALL, _hmac_compute_sha2_256__doc__}, + +static PyObject * +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_256", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_256_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, +"compute_sha2_384($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_384_METHODDEF \ + {"compute_sha2_384", _PyCFunction_CAST(_hmac_compute_sha2_384), METH_FASTCALL, _hmac_compute_sha2_384__doc__}, + +static PyObject * +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_384", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_384_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, +"compute_sha2_512($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_512_METHODDEF \ + {"compute_sha2_512", _PyCFunction_CAST(_hmac_compute_sha2_512), METH_FASTCALL, _hmac_compute_sha2_512__doc__}, + +static PyObject * +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_512", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_512_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, +"compute_sha3_224($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_224_METHODDEF \ + {"compute_sha3_224", _PyCFunction_CAST(_hmac_compute_sha3_224), METH_FASTCALL, _hmac_compute_sha3_224__doc__}, + +static PyObject * +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_224", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_224_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, +"compute_sha3_256($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_256_METHODDEF \ + {"compute_sha3_256", _PyCFunction_CAST(_hmac_compute_sha3_256), METH_FASTCALL, _hmac_compute_sha3_256__doc__}, + +static PyObject * +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_256", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_256_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, +"compute_sha3_384($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_384_METHODDEF \ + {"compute_sha3_384", _PyCFunction_CAST(_hmac_compute_sha3_384), METH_FASTCALL, _hmac_compute_sha3_384__doc__}, + +static PyObject * +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_384", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_384_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, +"compute_sha3_512($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_512_METHODDEF \ + {"compute_sha3_512", _PyCFunction_CAST(_hmac_compute_sha3_512), METH_FASTCALL, _hmac_compute_sha3_512__doc__}, + +static PyObject * +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_512", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_512_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, +"compute_blake2s_32($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_BLAKE2S_32_METHODDEF \ + {"compute_blake2s_32", _PyCFunction_CAST(_hmac_compute_blake2s_32), METH_FASTCALL, _hmac_compute_blake2s_32__doc__}, + +static PyObject * +_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_blake2s_32", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_blake2s_32_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, +"compute_blake2b_32($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_BLAKE2B_32_METHODDEF \ + {"compute_blake2b_32", _PyCFunction_CAST(_hmac_compute_blake2b_32), METH_FASTCALL, _hmac_compute_blake2b_32__doc__}, + +static PyObject * +_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_blake2b_32", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_blake2b_32_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} +/*[clinic end generated code: output=c10b8daa18a66857 input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c new file mode 100644 index 00000000000000..73945cc245ca3c --- /dev/null +++ b/Modules/hmacmodule.c @@ -0,0 +1,277 @@ +#ifndef Py_BUILD_CORE_BUILTIN +# define Py_BUILD_CORE_MODULE 1 +#endif + +#include "pyconfig.h" +#include "Python.h" +#include "hashlib.h" + +#include "_hacl/Hacl_HMAC.h" + +#include "clinic/hmacmodule.c.h" + +#define HACL_HMAC_COMPUTE_HASH(HACL_FUNCTION, DIGEST_SIZE, KEY, SRC) \ + do { \ + unsigned char out[DIGEST_SIZE]; \ + HACL_FUNCTION( \ + out, \ + (uint8_t *)KEY->buf, (uint32_t)KEY->len, \ + (uint8_t *)SRC->buf, (uint32_t)SRC->len \ + ); \ + return PyBytes_FromString((const char *)out); \ + } while (0) + +/*[clinic input] +module _hmac +[clinic start generated code]*/ +/*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ + +/*[clinic input] +@critical_section +_hmac.compute_md5 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data) +/*[clinic end generated code: output=bcf3dfafd7092a5a input=9ceaaa27ec318007]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha1 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data) +/*[clinic end generated code: output=f26338ed3aa68853 input=2380452bf9d1fe7d]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_224 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=d9907a240da31c07 input=b874f95fd4b0fb99]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_256 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=1ba977f01c332460 input=c880969b65dca329]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_384 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=5ad8e1c6346fcf5b input=e206968b3c4aad3d]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_512 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=8e73b2c39812934c input=839c27c90c3aed01]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_224 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=5b3ee358e5d96fa8 input=f52550611ea10725]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_256 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=cf977eed9c59ed3b input=ce59d1ddd77c0624]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_384 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=3f576e31d4d05f35 input=f4bca88551693caa]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_512 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=238126dcba98fda2 input=2f98f302c64eca64]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_blake2s_32 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=72a8231623e4ccf9 input=0be9099b69bcd9e7]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_blake2b_32 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=ea083dfa29679029 input=aecba54a3e2dff72]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 32, key, data); +} + +static PyMethodDef hmacmodule_methods[] = { + _HMAC_COMPUTE_MD5_METHODDEF + _HMAC_COMPUTE_SHA1_METHODDEF + _HMAC_COMPUTE_SHA2_224_METHODDEF + _HMAC_COMPUTE_SHA2_256_METHODDEF + _HMAC_COMPUTE_SHA2_384_METHODDEF + _HMAC_COMPUTE_SHA2_512_METHODDEF + _HMAC_COMPUTE_SHA3_224_METHODDEF + _HMAC_COMPUTE_SHA3_256_METHODDEF + _HMAC_COMPUTE_SHA3_384_METHODDEF + _HMAC_COMPUTE_SHA3_512_METHODDEF + _HMAC_COMPUTE_BLAKE2S_32_METHODDEF + _HMAC_COMPUTE_BLAKE2B_32_METHODDEF + {NULL, NULL, 0, NULL} +}; + +static struct PyModuleDef_Slot hmacmodule_slots[] = { + {Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED}, + {Py_mod_gil, Py_MOD_GIL_NOT_USED}, + {0, NULL} +}; + +static struct PyModuleDef _hmacmodule = { + PyModuleDef_HEAD_INIT, + .m_name = "_hmac", + .m_size = 0, + .m_methods = hmacmodule_methods, + .m_slots = hmacmodule_slots, +}; + +PyMODINIT_FUNC +PyInit__hmac(void) +{ + return PyModuleDef_Init(&_hmacmodule); +} diff --git a/PC/config.c b/PC/config.c index b744f711b0d636..1af3d1ecbd2851 100644 --- a/PC/config.c +++ b/PC/config.c @@ -25,6 +25,7 @@ extern PyObject* PyInit__statistics(void); extern PyObject* PyInit__sysconfig(void); extern PyObject* PyInit__typing(void); extern PyObject* PyInit__blake2(void); +extern PyObject* PyInit__hmac(void); extern PyObject* PyInit_time(void); extern PyObject* PyInit__thread(void); #ifdef WIN32 @@ -102,6 +103,7 @@ struct _inittab _PyImport_Inittab[] = { {"_sha2", PyInit__sha2}, {"_sha3", PyInit__sha3}, {"_blake2", PyInit__blake2}, + {"_hmac", PyInit__hmac}, {"_sysconfig", PyInit__sysconfig}, {"time", PyInit_time}, {"_thread", PyInit__thread}, diff --git a/Python/stdlib_module_names.h b/Python/stdlib_module_names.h index c8cdb933bb108f..46a7c744750cac 100644 --- a/Python/stdlib_module_names.h +++ b/Python/stdlib_module_names.h @@ -38,6 +38,7 @@ static const char* _Py_stdlib_module_names[] = { "_gdbm", "_hashlib", "_heapq", +"_hmac", "_imp", "_interpchannels", "_interpqueues", diff --git a/Tools/c-analyzer/cpython/_parser.py b/Tools/c-analyzer/cpython/_parser.py index 3a73f65f8ff7b3..930b4e34e0a199 100644 --- a/Tools/c-analyzer/cpython/_parser.py +++ b/Tools/c-analyzer/cpython/_parser.py @@ -128,6 +128,7 @@ def clean_lines(text): Modules/sha2module.c Modules/_hacl/include Modules/sha3module.c Modules/_hacl/include Modules/blake2module.c Modules/_hacl/include +Modules/hmacmodule.c Modules/_hacl/include Objects/stringlib/*.h Objects # possible system-installed headers, just in case From b10c7292cdab6d440445cdfb71d45c623b89dea2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:09:31 +0100 Subject: [PATCH 09/36] fix blake2b digest size --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 73945cc245ca3c..7da236dadb12b1 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -237,7 +237,7 @@ _hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, Py_buffer *data) /*[clinic end generated code: output=ea083dfa29679029 input=aecba54a3e2dff72]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, data); } static PyMethodDef hmacmodule_methods[] = { From 6a3515f4bd7bc813b792dff9dfa1c453777a0cbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:12:11 +0100 Subject: [PATCH 10/36] drop un-necessary `@critical_section` --- Modules/clinic/hmacmodule.c.h | 227 +++++++++++++++------------------- Modules/hmacmodule.c | 116 +++++++---------- 2 files changed, 145 insertions(+), 198 deletions(-) diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h index 3a4b7ffa29bae9..019bedc63d4f4e 100644 --- a/Modules/clinic/hmacmodule.c.h +++ b/Modules/clinic/hmacmodule.c.h @@ -2,11 +2,10 @@ preserve [clinic start generated code]*/ -#include "pycore_critical_section.h"// Py_BEGIN_CRITICAL_SECTION() #include "pycore_modsupport.h" // _PyArg_CheckPositional() PyDoc_STRVAR(_hmac_compute_md5__doc__, -"compute_md5($module, key, data, /)\n" +"compute_md5($module, key, msg, /)\n" "--\n" "\n"); @@ -14,14 +13,14 @@ PyDoc_STRVAR(_hmac_compute_md5__doc__, {"compute_md5", _PyCFunction_CAST(_hmac_compute_md5), METH_FASTCALL, _hmac_compute_md5__doc__}, static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data); +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_md5", nargs, 2, 2)) { goto exit; @@ -29,28 +28,26 @@ _hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_md5_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_md5_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha1__doc__, -"compute_sha1($module, key, data, /)\n" +"compute_sha1($module, key, msg, /)\n" "--\n" "\n"); @@ -58,14 +55,14 @@ PyDoc_STRVAR(_hmac_compute_sha1__doc__, {"compute_sha1", _PyCFunction_CAST(_hmac_compute_sha1), METH_FASTCALL, _hmac_compute_sha1__doc__}, static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data); +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha1", nargs, 2, 2)) { goto exit; @@ -73,28 +70,26 @@ _hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha1_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha1_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, -"compute_sha2_224($module, key, data, /)\n" +"compute_sha2_224($module, key, msg, /)\n" "--\n" "\n"); @@ -102,15 +97,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, {"compute_sha2_224", _PyCFunction_CAST(_hmac_compute_sha2_224), METH_FASTCALL, _hmac_compute_sha2_224__doc__}, static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_224", nargs, 2, 2)) { goto exit; @@ -118,28 +112,26 @@ _hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_224_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_224_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, -"compute_sha2_256($module, key, data, /)\n" +"compute_sha2_256($module, key, msg, /)\n" "--\n" "\n"); @@ -147,15 +139,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, {"compute_sha2_256", _PyCFunction_CAST(_hmac_compute_sha2_256), METH_FASTCALL, _hmac_compute_sha2_256__doc__}, static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_256", nargs, 2, 2)) { goto exit; @@ -163,28 +154,26 @@ _hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_256_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_256_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, -"compute_sha2_384($module, key, data, /)\n" +"compute_sha2_384($module, key, msg, /)\n" "--\n" "\n"); @@ -192,15 +181,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, {"compute_sha2_384", _PyCFunction_CAST(_hmac_compute_sha2_384), METH_FASTCALL, _hmac_compute_sha2_384__doc__}, static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_384", nargs, 2, 2)) { goto exit; @@ -208,28 +196,26 @@ _hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_384_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_384_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, -"compute_sha2_512($module, key, data, /)\n" +"compute_sha2_512($module, key, msg, /)\n" "--\n" "\n"); @@ -237,15 +223,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, {"compute_sha2_512", _PyCFunction_CAST(_hmac_compute_sha2_512), METH_FASTCALL, _hmac_compute_sha2_512__doc__}, static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_512", nargs, 2, 2)) { goto exit; @@ -253,28 +238,26 @@ _hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_512_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_512_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, -"compute_sha3_224($module, key, data, /)\n" +"compute_sha3_224($module, key, msg, /)\n" "--\n" "\n"); @@ -282,15 +265,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, {"compute_sha3_224", _PyCFunction_CAST(_hmac_compute_sha3_224), METH_FASTCALL, _hmac_compute_sha3_224__doc__}, static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_224", nargs, 2, 2)) { goto exit; @@ -298,28 +280,26 @@ _hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_224_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_224_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, -"compute_sha3_256($module, key, data, /)\n" +"compute_sha3_256($module, key, msg, /)\n" "--\n" "\n"); @@ -327,15 +307,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, {"compute_sha3_256", _PyCFunction_CAST(_hmac_compute_sha3_256), METH_FASTCALL, _hmac_compute_sha3_256__doc__}, static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_256", nargs, 2, 2)) { goto exit; @@ -343,28 +322,26 @@ _hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_256_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_256_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, -"compute_sha3_384($module, key, data, /)\n" +"compute_sha3_384($module, key, msg, /)\n" "--\n" "\n"); @@ -372,15 +349,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, {"compute_sha3_384", _PyCFunction_CAST(_hmac_compute_sha3_384), METH_FASTCALL, _hmac_compute_sha3_384__doc__}, static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_384", nargs, 2, 2)) { goto exit; @@ -388,28 +364,26 @@ _hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_384_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_384_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, -"compute_sha3_512($module, key, data, /)\n" +"compute_sha3_512($module, key, msg, /)\n" "--\n" "\n"); @@ -417,15 +391,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, {"compute_sha3_512", _PyCFunction_CAST(_hmac_compute_sha3_512), METH_FASTCALL, _hmac_compute_sha3_512__doc__}, static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_512", nargs, 2, 2)) { goto exit; @@ -433,28 +406,26 @@ _hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_512_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_512_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, -"compute_blake2s_32($module, key, data, /)\n" +"compute_blake2s_32($module, key, msg, /)\n" "--\n" "\n"); @@ -463,14 +434,14 @@ PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); + Py_buffer *msg); static PyObject * _hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_blake2s_32", nargs, 2, 2)) { goto exit; @@ -478,28 +449,26 @@ _hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nar if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_blake2s_32_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_blake2s_32_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, -"compute_blake2b_32($module, key, data, /)\n" +"compute_blake2b_32($module, key, msg, /)\n" "--\n" "\n"); @@ -508,14 +477,14 @@ PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); + Py_buffer *msg); static PyObject * _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_blake2b_32", nargs, 2, 2)) { goto exit; @@ -523,23 +492,21 @@ _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nar if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_blake2b_32_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_blake2b_32_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } -/*[clinic end generated code: output=c10b8daa18a66857 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=563e665a88ea572a input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 7da236dadb12b1..2e9d482c30f612 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -27,217 +27,197 @@ module _hmac /*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ /*[clinic input] -@critical_section _hmac.compute_md5 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data) -/*[clinic end generated code: output=bcf3dfafd7092a5a input=9ceaaa27ec318007]*/ +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=06415d62c949b812 input=ba930327d472e0be]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha1 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data) -/*[clinic end generated code: output=f26338ed3aa68853 input=2380452bf9d1fe7d]*/ +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=3daf26128c9e84b5 input=6015854f4040c058]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_224 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=d9907a240da31c07 input=b874f95fd4b0fb99]*/ +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=f665a01d0ce8873b input=b82974de99696949]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_256 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=1ba977f01c332460 input=c880969b65dca329]*/ +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=6eda2182e50c3832 input=ae9639dccbca11bb]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_384 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=5ad8e1c6346fcf5b input=e206968b3c4aad3d]*/ +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=0fc9803f1d0b731c input=d643b1254bc142e1]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_512 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=8e73b2c39812934c input=839c27c90c3aed01]*/ +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=f4b3f79c749c2100 input=1252a28c102c1d23]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_224 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=5b3ee358e5d96fa8 input=f52550611ea10725]*/ +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=ba0f59d80a557e20 input=b02a4325fbc691ad]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_256 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=cf977eed9c59ed3b input=ce59d1ddd77c0624]*/ +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=cda6fbc13c233f45 input=64a7b8ac5fc62521]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_384 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=3f576e31d4d05f35 input=f4bca88551693caa]*/ +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=5a0fc341caa1b4ed input=3e9e2f74c65193bd]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_512 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=238126dcba98fda2 input=2f98f302c64eca64]*/ +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=af9773a23df74056 input=da79fd5e1de89478]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, msg); } /*[clinic input] -@critical_section _hmac.compute_blake2s_32 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=72a8231623e4ccf9 input=0be9099b69bcd9e7]*/ + Py_buffer *msg) +/*[clinic end generated code: output=9951eb111793d727 input=cc384ff59f0bf43b]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, msg); } /*[clinic input] -@critical_section _hmac.compute_blake2b_32 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=ea083dfa29679029 input=aecba54a3e2dff72]*/ + Py_buffer *msg) +/*[clinic end generated code: output=341c892645174059 input=52f8b6ccfc97bcba]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, msg); } static PyMethodDef hmacmodule_methods[] = { From 612974e97f8812010dcf9f712bb4e7d51ddf67f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:13:18 +0100 Subject: [PATCH 11/36] Improve 1-shot macro --- Modules/clinic/hmacmodule.c.h | 304 ++++++++-------------------------- Modules/hmacmodule.c | 172 +++++++++++-------- 2 files changed, 173 insertions(+), 303 deletions(-) diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h index 019bedc63d4f4e..5210d553e4fa07 100644 --- a/Modules/clinic/hmacmodule.c.h +++ b/Modules/clinic/hmacmodule.c.h @@ -13,36 +13,23 @@ PyDoc_STRVAR(_hmac_compute_md5__doc__, {"compute_md5", _PyCFunction_CAST(_hmac_compute_md5), METH_FASTCALL, _hmac_compute_md5__doc__}, static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_md5", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_md5_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_md5_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -55,36 +42,23 @@ PyDoc_STRVAR(_hmac_compute_sha1__doc__, {"compute_sha1", _PyCFunction_CAST(_hmac_compute_sha1), METH_FASTCALL, _hmac_compute_sha1__doc__}, static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha1", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha1_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha1_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -97,36 +71,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, {"compute_sha2_224", _PyCFunction_CAST(_hmac_compute_sha2_224), METH_FASTCALL, _hmac_compute_sha2_224__doc__}, static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_224", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_224_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_224_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -139,36 +100,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, {"compute_sha2_256", _PyCFunction_CAST(_hmac_compute_sha2_256), METH_FASTCALL, _hmac_compute_sha2_256__doc__}, static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_256", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_256_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_256_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -181,36 +129,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, {"compute_sha2_384", _PyCFunction_CAST(_hmac_compute_sha2_384), METH_FASTCALL, _hmac_compute_sha2_384__doc__}, static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_384", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_384_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_384_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -223,36 +158,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, {"compute_sha2_512", _PyCFunction_CAST(_hmac_compute_sha2_512), METH_FASTCALL, _hmac_compute_sha2_512__doc__}, static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_512", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_512_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_512_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -265,36 +187,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, {"compute_sha3_224", _PyCFunction_CAST(_hmac_compute_sha3_224), METH_FASTCALL, _hmac_compute_sha3_224__doc__}, static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_224", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_224_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_224_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -307,36 +216,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, {"compute_sha3_256", _PyCFunction_CAST(_hmac_compute_sha3_256), METH_FASTCALL, _hmac_compute_sha3_256__doc__}, static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_256", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_256_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_256_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -349,36 +245,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, {"compute_sha3_384", _PyCFunction_CAST(_hmac_compute_sha3_384), METH_FASTCALL, _hmac_compute_sha3_384__doc__}, static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_384", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_384_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_384_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -391,36 +274,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, {"compute_sha3_512", _PyCFunction_CAST(_hmac_compute_sha3_512), METH_FASTCALL, _hmac_compute_sha3_512__doc__}, static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_512", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_512_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_512_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -433,37 +303,23 @@ PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, {"compute_blake2s_32", _PyCFunction_CAST(_hmac_compute_blake2s_32), METH_FASTCALL, _hmac_compute_blake2s_32__doc__}, static PyObject * -_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg); +_hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_blake2s_32", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_blake2s_32_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_blake2s_32_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -476,37 +332,23 @@ PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, {"compute_blake2b_32", _PyCFunction_CAST(_hmac_compute_blake2b_32), METH_FASTCALL, _hmac_compute_blake2b_32__doc__}, static PyObject * -_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg); +_hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_blake2b_32", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_blake2b_32_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_blake2b_32_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } -/*[clinic end generated code: output=563e665a88ea572a input=a9049054013a1b77]*/ +/*[clinic end generated code: output=02933e59cf87411a input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 2e9d482c30f612..2ca35c5c7c6555 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -2,7 +2,6 @@ # define Py_BUILD_CORE_MODULE 1 #endif -#include "pyconfig.h" #include "Python.h" #include "hashlib.h" @@ -10,15 +9,46 @@ #include "clinic/hmacmodule.c.h" -#define HACL_HMAC_COMPUTE_HASH(HACL_FUNCTION, DIGEST_SIZE, KEY, SRC) \ - do { \ - unsigned char out[DIGEST_SIZE]; \ - HACL_FUNCTION( \ - out, \ - (uint8_t *)KEY->buf, (uint32_t)KEY->len, \ - (uint8_t *)SRC->buf, (uint32_t)SRC->len \ - ); \ - return PyBytes_FromString((const char *)out); \ +typedef void (*HACL_HMAC_digest_f)(uint8_t *out, + uint8_t *key, uint32_t keylen, + uint8_t *msg, uint32_t msglen); + +/* Check that the buffer length fits on a uint32_t. */ +static inline int +has_uint32_t_buffer_length(const Py_buffer *buffer) +{ +#if PY_SSIZE_T_MAX > UINT32_MAX + return buffer->len <= (Py_ssize_t)UINT32_MAX; +#else + return 1; +#endif +} + +/* One-shot HMAC-HASH using the given HACL_HMAC_FUNCTION. */ +#define Py_HACL_HMAC_ONESHOT(HACL_HMAC_FUNCTION, DIGEST_SIZE, KEY, MSG) \ + do { \ + Py_buffer keyview, msgview; \ + GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ + if (!has_uint32_t_buffer_length(&keyview)) { \ + PyErr_SetString(PyExc_ValueError, \ + "key length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ + if (!has_uint32_t_buffer_length(&msgview)) { \ + PyErr_SetString(PyExc_ValueError, \ + "message length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + uint8_t out[(DIGEST_SIZE)]; \ + HACL_HMAC_FUNCTION( \ + out, \ + (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ + (uint8_t *)msgview.buf, (uint32_t)msgview.len \ + ); \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + return PyBytes_FromStringAndSize((const char *)out, (DIGEST_SIZE)); \ } while (0) /*[clinic input] @@ -29,195 +59,193 @@ module _hmac /*[clinic input] _hmac.compute_md5 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=06415d62c949b812 input=ba930327d472e0be]*/ +_hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_md5, 16, key, msg); } /*[clinic input] _hmac.compute_sha1 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=3daf26128c9e84b5 input=6015854f4040c058]*/ +_hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha1, 20, key, msg); } /*[clinic input] _hmac.compute_sha2_224 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=f665a01d0ce8873b input=b82974de99696949]*/ +_hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_224, 28, key, msg); } /*[clinic input] _hmac.compute_sha2_256 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=6eda2182e50c3832 input=ae9639dccbca11bb]*/ +_hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_256, 32, key, msg); } /*[clinic input] _hmac.compute_sha2_384 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=0fc9803f1d0b731c input=d643b1254bc142e1]*/ +_hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_384, 48, key, msg); } /*[clinic input] _hmac.compute_sha2_512 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=f4b3f79c749c2100 input=1252a28c102c1d23]*/ +_hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_512, 64, key, msg); } /*[clinic input] _hmac.compute_sha3_224 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=ba0f59d80a557e20 input=b02a4325fbc691ad]*/ +_hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_224, 28, key, msg); } /*[clinic input] _hmac.compute_sha3_256 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=cda6fbc13c233f45 input=64a7b8ac5fc62521]*/ +_hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_256, 32, key, msg); } /*[clinic input] _hmac.compute_sha3_384 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=5a0fc341caa1b4ed input=3e9e2f74c65193bd]*/ +_hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_384, 48, key, msg); } /*[clinic input] _hmac.compute_sha3_512 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=af9773a23df74056 input=da79fd5e1de89478]*/ +_hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_512, 64, key, msg); } /*[clinic input] _hmac.compute_blake2s_32 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg) -/*[clinic end generated code: output=9951eb111793d727 input=cc384ff59f0bf43b]*/ +_hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2s_32, 32, key, msg); } /*[clinic input] _hmac.compute_blake2b_32 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg) -/*[clinic end generated code: output=341c892645174059 input=52f8b6ccfc97bcba]*/ +_hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2b_32, 64, key, msg); } static PyMethodDef hmacmodule_methods[] = { From e71413525a39a1d6f167ff9785b3e4f27d6727b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:56:04 +0100 Subject: [PATCH 12/36] Define HMAC static information --- Modules/hmacmodule.c | 109 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 94 insertions(+), 15 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 2ca35c5c7c6555..3c94e32f7e2160 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -9,9 +9,64 @@ #include "clinic/hmacmodule.c.h" -typedef void (*HACL_HMAC_digest_f)(uint8_t *out, - uint8_t *key, uint32_t keylen, - uint8_t *msg, uint32_t msglen); +typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, + uint8_t *key, uint32_t keylen, + uint8_t *msg, uint32_t msglen); + +// HMAC underlying hash function static information. + +/* MD-5 */ +#define Py_hmac_md5_block_size 64 +#define Py_hmac_md5_digest_size 16 +#define Py_hmac_md5_digest_func Hacl_HMAC_compute_md5 + +/* SHA-1 family */ +#define Py_hmac_sha1_block_size 64 +#define Py_hmac_sha1_digest_size 20 +#define Py_hmac_sha1_digest_func Hacl_HMAC_compute_sha1 + +/* SHA-2 family */ +#define Py_hmac_sha2_224_block_size 64 +#define Py_hmac_sha2_224_digest_size 28 +#define Py_hmac_sha2_224_digest_func Hacl_HMAC_compute_sha2_224 + +#define Py_hmac_sha2_256_block_size 64 +#define Py_hmac_sha2_256_digest_size 32 +#define Py_hmac_sha2_256_digest_func Hacl_HMAC_compute_sha2_256 + +#define Py_hmac_sha2_384_block_size 128 +#define Py_hmac_sha2_384_digest_size 48 +#define Py_hmac_sha2_384_digest_func Hacl_HMAC_compute_sha2_384 + +#define Py_hmac_sha2_512_block_size 128 +#define Py_hmac_sha2_512_digest_size 64 +#define Py_hmac_sha2_512_digest_func Hacl_HMAC_compute_sha2_512 + +/* SHA-3 family */ +#define Py_hmac_sha3_224_block_size 144 +#define Py_hmac_sha3_224_digest_size 28 +#define Py_hmac_sha3_224_digest_func Hacl_HMAC_compute_sha3_224 + +#define Py_hmac_sha3_256_block_size 136 +#define Py_hmac_sha3_256_digest_size 32 +#define Py_hmac_sha3_256_digest_func Hacl_HMAC_compute_sha3_256 + +#define Py_hmac_sha3_384_block_size 104 +#define Py_hmac_sha3_384_digest_size 48 +#define Py_hmac_sha3_384_digest_func Hacl_HMAC_compute_sha3_384 + +#define Py_hmac_sha3_512_block_size 72 +#define Py_hmac_sha3_512_digest_size 64 +#define Py_hmac_sha3_512_digest_func Hacl_HMAC_compute_sha3_512 + +/* Blake family */ +#define Py_hmac_blake2s_block_size 64 +#define Py_hmac_blake2s_digest_size 32 +#define Py_hmac_blake2s_digest_func Hacl_HMAC_compute_blake2s_32 + +#define Py_hmac_blake2b_block_size 128 +#define Py_hmac_blake2b_digest_size 64 +#define Py_hmac_blake2b_digest_func Hacl_HMAC_compute_blake2b_32 /* Check that the buffer length fits on a uint32_t. */ static inline int @@ -69,7 +124,9 @@ static PyObject * _hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_md5, 16, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_md5_digest_func, + Py_hmac_md5_digest_size, + key, msg); } /*[clinic input] @@ -85,7 +142,9 @@ static PyObject * _hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha1, 20, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha1_digest_func, + Py_hmac_sha1_digest_size, + key, msg); } /*[clinic input] @@ -101,7 +160,9 @@ static PyObject * _hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_224_digest_func, + Py_hmac_sha2_224_digest_size, + key, msg); } /*[clinic input] @@ -117,7 +178,9 @@ static PyObject * _hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_256_digest_func, + Py_hmac_sha2_256_digest_size, + key, msg); } /*[clinic input] @@ -133,7 +196,9 @@ static PyObject * _hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_384_digest_func, + Py_hmac_sha2_384_digest_size, + key, msg); } /*[clinic input] @@ -149,7 +214,9 @@ static PyObject * _hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_512_digest_func, + Py_hmac_sha2_512_digest_size, + key, msg); } /*[clinic input] @@ -165,7 +232,9 @@ static PyObject * _hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_224_digest_func, + Py_hmac_sha3_224_digest_size, + key, msg); } /*[clinic input] @@ -181,7 +250,9 @@ static PyObject * _hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_256_digest_func, + Py_hmac_sha3_256_digest_size, + key, msg); } /*[clinic input] @@ -197,7 +268,9 @@ static PyObject * _hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_384_digest_func, + Py_hmac_sha3_384_digest_size, + key, msg); } /*[clinic input] @@ -213,7 +286,9 @@ static PyObject * _hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_512_digest_func, + Py_hmac_sha3_512_digest_size, + key, msg); } /*[clinic input] @@ -229,7 +304,9 @@ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2s_32, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_blake2s_digest_func, + Py_hmac_blake2s_digest_size, + key, msg); } /*[clinic input] @@ -245,7 +322,9 @@ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2b_32, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_blake2b_digest_func, + Py_hmac_blake2b_digest_size, + key, msg); } static PyMethodDef hmacmodule_methods[] = { From 9fb6300a5047721d200a38b83cd41f4f537fb92c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:01:35 +0100 Subject: [PATCH 13/36] reduce the possibility of typos --- Modules/hmacmodule.c | 142 +++++++++++++++++++++++-------------------- 1 file changed, 75 insertions(+), 67 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 3c94e32f7e2160..649684ac7518d6 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -16,57 +16,83 @@ typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, // HMAC underlying hash function static information. /* MD-5 */ +// (HACL_HID = md5) #define Py_hmac_md5_block_size 64 #define Py_hmac_md5_digest_size 16 +#define Py_hmac_md5_update_func NULL #define Py_hmac_md5_digest_func Hacl_HMAC_compute_md5 /* SHA-1 family */ +// HACL_HID = sha1 #define Py_hmac_sha1_block_size 64 #define Py_hmac_sha1_digest_size 20 +#define Py_hmac_sha1_update_func NULL #define Py_hmac_sha1_digest_func Hacl_HMAC_compute_sha1 /* SHA-2 family */ +// HACL_HID = sha2_224 #define Py_hmac_sha2_224_block_size 64 #define Py_hmac_sha2_224_digest_size 28 +#define Py_hmac_sha2_224_update_func NULL #define Py_hmac_sha2_224_digest_func Hacl_HMAC_compute_sha2_224 +// HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 #define Py_hmac_sha2_256_digest_size 32 +#define Py_hmac_sha2_256_update_func NULL #define Py_hmac_sha2_256_digest_func Hacl_HMAC_compute_sha2_256 +// HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 #define Py_hmac_sha2_384_digest_size 48 +#define Py_hmac_sha2_384_update_func NULL #define Py_hmac_sha2_384_digest_func Hacl_HMAC_compute_sha2_384 +// HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 #define Py_hmac_sha2_512_digest_size 64 +#define Py_hmac_sha2_512_update_func NULL #define Py_hmac_sha2_512_digest_func Hacl_HMAC_compute_sha2_512 /* SHA-3 family */ +// HACL_HID = sha3_224 #define Py_hmac_sha3_224_block_size 144 #define Py_hmac_sha3_224_digest_size 28 +#define Py_hmac_sha3_224_update_func NULL #define Py_hmac_sha3_224_digest_func Hacl_HMAC_compute_sha3_224 +// HACL_HID = sha3_256 #define Py_hmac_sha3_256_block_size 136 #define Py_hmac_sha3_256_digest_size 32 +#define Py_hmac_sha3_256_update_func NULL #define Py_hmac_sha3_256_digest_func Hacl_HMAC_compute_sha3_256 +// HACL_HID = sha3_384 #define Py_hmac_sha3_384_block_size 104 #define Py_hmac_sha3_384_digest_size 48 +#define Py_hmac_sha3_384_update_func NULL #define Py_hmac_sha3_384_digest_func Hacl_HMAC_compute_sha3_384 +// HACL_HID = sha3_512 #define Py_hmac_sha3_512_block_size 72 #define Py_hmac_sha3_512_digest_size 64 +#define Py_hmac_sha3_512_update_func NULL #define Py_hmac_sha3_512_digest_func Hacl_HMAC_compute_sha3_512 /* Blake family */ -#define Py_hmac_blake2s_block_size 64 -#define Py_hmac_blake2s_digest_size 32 -#define Py_hmac_blake2s_digest_func Hacl_HMAC_compute_blake2s_32 +// HACL_HID = blake2s_32 +#define Py_hmac_blake2s_32_block_size 64 +#define Py_hmac_blake2s_32_digest_size 32 +#define Py_hmac_blake2s_32_update_func NULL +#define Py_hmac_blake2s_32_digest_func Hacl_HMAC_compute_blake2s_32 -#define Py_hmac_blake2b_block_size 128 -#define Py_hmac_blake2b_digest_size 64 -#define Py_hmac_blake2b_digest_func Hacl_HMAC_compute_blake2b_32 +// HACL_HID = blake2b_32 +#define Py_hmac_blake2b_32_block_size 128 +#define Py_hmac_blake2b_32_digest_size 64 +#define Py_hmac_blake2b_32_update_func NULL +#define Py_hmac_blake2b_32_digest_func Hacl_HMAC_compute_blake2b_32 + +#define Py_hmac_hash_max_digest_size 64 /* Check that the buffer length fits on a uint32_t. */ static inline int @@ -79,31 +105,37 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) #endif } -/* One-shot HMAC-HASH using the given HACL_HMAC_FUNCTION. */ -#define Py_HACL_HMAC_ONESHOT(HACL_HMAC_FUNCTION, DIGEST_SIZE, KEY, MSG) \ - do { \ - Py_buffer keyview, msgview; \ - GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ - if (!has_uint32_t_buffer_length(&keyview)) { \ - PyErr_SetString(PyExc_ValueError, \ - "key length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ - if (!has_uint32_t_buffer_length(&msgview)) { \ - PyErr_SetString(PyExc_ValueError, \ - "message length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - uint8_t out[(DIGEST_SIZE)]; \ - HACL_HMAC_FUNCTION( \ - out, \ - (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ - (uint8_t *)msgview.buf, (uint32_t)msgview.len \ - ); \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - return PyBytes_FromStringAndSize((const char *)out, (DIGEST_SIZE)); \ +/* One-shot HMAC-HASH using the given HACL_HID. */ +#define Py_HACL_HMAC_ONESHOT(HACL_HID, KEY, MSG) \ + do { \ + Py_buffer keyview, msgview; \ + GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ + if (!has_uint32_t_buffer_length(&keyview)) { \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_ValueError, \ + "key length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ + if (!has_uint32_t_buffer_length(&msgview)) { \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_ValueError, \ + "message length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ + Py_hmac_## HACL_HID ##_digest_func( \ + out, \ + (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ + (uint8_t *)msgview.buf, (uint32_t)msgview.len \ + ); \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + return PyBytes_FromStringAndSize( \ + (const char *)out, \ + Py_hmac_## HACL_HID ##_digest_size \ + ); \ } while (0) /*[clinic input] @@ -124,9 +156,7 @@ static PyObject * _hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_md5_digest_func, - Py_hmac_md5_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(md5, key, msg); } /*[clinic input] @@ -142,9 +172,7 @@ static PyObject * _hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha1_digest_func, - Py_hmac_sha1_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha1, key, msg); } /*[clinic input] @@ -160,9 +188,7 @@ static PyObject * _hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_224_digest_func, - Py_hmac_sha2_224_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_224, key, msg); } /*[clinic input] @@ -178,9 +204,7 @@ static PyObject * _hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_256_digest_func, - Py_hmac_sha2_256_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_256, key, msg); } /*[clinic input] @@ -196,9 +220,7 @@ static PyObject * _hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_384_digest_func, - Py_hmac_sha2_384_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_384, key, msg); } /*[clinic input] @@ -214,9 +236,7 @@ static PyObject * _hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_512_digest_func, - Py_hmac_sha2_512_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_512, key, msg); } /*[clinic input] @@ -232,9 +252,7 @@ static PyObject * _hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_224_digest_func, - Py_hmac_sha3_224_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_224, key, msg); } /*[clinic input] @@ -250,9 +268,7 @@ static PyObject * _hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_256_digest_func, - Py_hmac_sha3_256_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_256, key, msg); } /*[clinic input] @@ -268,9 +284,7 @@ static PyObject * _hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_384_digest_func, - Py_hmac_sha3_384_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_384, key, msg); } /*[clinic input] @@ -286,9 +300,7 @@ static PyObject * _hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_512_digest_func, - Py_hmac_sha3_512_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_512, key, msg); } /*[clinic input] @@ -304,9 +316,7 @@ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_blake2s_digest_func, - Py_hmac_blake2s_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(blake2s_32, key, msg); } /*[clinic input] @@ -322,9 +332,7 @@ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_blake2b_digest_func, - Py_hmac_blake2b_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(blake2b_32, key, msg); } static PyMethodDef hmacmodule_methods[] = { From 755d6c0768e7fe37dd693fad2d08af4663b20873 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:32:33 +0100 Subject: [PATCH 14/36] update names --- Modules/hmacmodule.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 649684ac7518d6..e1d18604947c17 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -106,7 +106,7 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) } /* One-shot HMAC-HASH using the given HACL_HID. */ -#define Py_HACL_HMAC_ONESHOT(HACL_HID, KEY, MSG) \ +#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ do { \ Py_buffer keyview, msgview; \ GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ @@ -156,7 +156,7 @@ static PyObject * _hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - Py_HACL_HMAC_ONESHOT(md5, key, msg); + Py_HMAC_HACL_ONESHOT(md5, key, msg); } /*[clinic input] @@ -172,7 +172,7 @@ static PyObject * _hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - Py_HACL_HMAC_ONESHOT(sha1, key, msg); + Py_HMAC_HACL_ONESHOT(sha1, key, msg); } /*[clinic input] @@ -188,7 +188,7 @@ static PyObject * _hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - Py_HACL_HMAC_ONESHOT(sha2_224, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_224, key, msg); } /*[clinic input] @@ -204,7 +204,7 @@ static PyObject * _hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - Py_HACL_HMAC_ONESHOT(sha2_256, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_256, key, msg); } /*[clinic input] @@ -220,7 +220,7 @@ static PyObject * _hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - Py_HACL_HMAC_ONESHOT(sha2_384, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_384, key, msg); } /*[clinic input] @@ -236,7 +236,7 @@ static PyObject * _hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - Py_HACL_HMAC_ONESHOT(sha2_512, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_512, key, msg); } /*[clinic input] @@ -252,7 +252,7 @@ static PyObject * _hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - Py_HACL_HMAC_ONESHOT(sha3_224, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_224, key, msg); } /*[clinic input] @@ -268,7 +268,7 @@ static PyObject * _hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - Py_HACL_HMAC_ONESHOT(sha3_256, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_256, key, msg); } /*[clinic input] @@ -284,7 +284,7 @@ static PyObject * _hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - Py_HACL_HMAC_ONESHOT(sha3_384, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_384, key, msg); } /*[clinic input] @@ -300,7 +300,7 @@ static PyObject * _hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - Py_HACL_HMAC_ONESHOT(sha3_512, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_512, key, msg); } /*[clinic input] @@ -316,7 +316,7 @@ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - Py_HACL_HMAC_ONESHOT(blake2s_32, key, msg); + Py_HMAC_HACL_ONESHOT(blake2s_32, key, msg); } /*[clinic input] @@ -332,7 +332,7 @@ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - Py_HACL_HMAC_ONESHOT(blake2b_32, key, msg); + Py_HMAC_HACL_ONESHOT(blake2b_32, key, msg); } static PyMethodDef hmacmodule_methods[] = { From 89c5f893d4e41ba41be4fc76138072c353955fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:32:49 +0100 Subject: [PATCH 15/36] cleanup --- Modules/hmacmodule.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index e1d18604947c17..de553516df9f44 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -3,16 +3,10 @@ #endif #include "Python.h" -#include "hashlib.h" +#include "hashlib.h" #include "_hacl/Hacl_HMAC.h" -#include "clinic/hmacmodule.c.h" - -typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, - uint8_t *key, uint32_t keylen, - uint8_t *msg, uint32_t msglen); - // HMAC underlying hash function static information. /* MD-5 */ @@ -94,6 +88,13 @@ typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, #define Py_hmac_hash_max_digest_size 64 +/*[clinic input] +module _hmac +[clinic start generated code]*/ +/*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ + +#include "clinic/hmacmodule.c.h" + /* Check that the buffer length fits on a uint32_t. */ static inline int has_uint32_t_buffer_length(const Py_buffer *buffer) @@ -138,11 +139,6 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) ); \ } while (0) -/*[clinic input] -module _hmac -[clinic start generated code]*/ -/*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ - /*[clinic input] _hmac.compute_md5 From 755aca6a809c3f7ce966403faa9d48701f21249b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:34:23 +0100 Subject: [PATCH 16/36] cleanup --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index de553516df9f44..c0da5709a776c3 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -4,8 +4,8 @@ #include "Python.h" -#include "hashlib.h" #include "_hacl/Hacl_HMAC.h" +#include "hashlib.h" // HMAC underlying hash function static information. From 1ddbe265cf94e2f9da1b9c460930a7f1c1062bdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 14:10:54 +0100 Subject: [PATCH 17/36] improve naming --- Modules/hmacmodule.c | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index c0da5709a776c3..34873998a4420e 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -14,77 +14,89 @@ #define Py_hmac_md5_block_size 64 #define Py_hmac_md5_digest_size 16 #define Py_hmac_md5_update_func NULL -#define Py_hmac_md5_digest_func Hacl_HMAC_compute_md5 +#define Py_hmac_md5_digest_func NULL +#define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 /* SHA-1 family */ // HACL_HID = sha1 #define Py_hmac_sha1_block_size 64 #define Py_hmac_sha1_digest_size 20 #define Py_hmac_sha1_update_func NULL -#define Py_hmac_sha1_digest_func Hacl_HMAC_compute_sha1 +#define Py_hmac_sha1_digest_func NULL +#define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 /* SHA-2 family */ // HACL_HID = sha2_224 #define Py_hmac_sha2_224_block_size 64 #define Py_hmac_sha2_224_digest_size 28 #define Py_hmac_sha2_224_update_func NULL -#define Py_hmac_sha2_224_digest_func Hacl_HMAC_compute_sha2_224 +#define Py_hmac_sha2_224_digest_func NULL +#define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 // HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 #define Py_hmac_sha2_256_digest_size 32 #define Py_hmac_sha2_256_update_func NULL -#define Py_hmac_sha2_256_digest_func Hacl_HMAC_compute_sha2_256 +#define Py_hmac_sha2_256_digest_func NULL +#define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 // HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 #define Py_hmac_sha2_384_digest_size 48 #define Py_hmac_sha2_384_update_func NULL -#define Py_hmac_sha2_384_digest_func Hacl_HMAC_compute_sha2_384 +#define Py_hmac_sha2_384_digest_func NULL +#define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 // HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 #define Py_hmac_sha2_512_digest_size 64 #define Py_hmac_sha2_512_update_func NULL -#define Py_hmac_sha2_512_digest_func Hacl_HMAC_compute_sha2_512 +#define Py_hmac_sha2_512_digest_func NULL +#define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 /* SHA-3 family */ // HACL_HID = sha3_224 #define Py_hmac_sha3_224_block_size 144 #define Py_hmac_sha3_224_digest_size 28 #define Py_hmac_sha3_224_update_func NULL -#define Py_hmac_sha3_224_digest_func Hacl_HMAC_compute_sha3_224 +#define Py_hmac_sha3_224_digest_func NULL +#define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 // HACL_HID = sha3_256 #define Py_hmac_sha3_256_block_size 136 #define Py_hmac_sha3_256_digest_size 32 #define Py_hmac_sha3_256_update_func NULL -#define Py_hmac_sha3_256_digest_func Hacl_HMAC_compute_sha3_256 +#define Py_hmac_sha3_256_digest_func NULL +#define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 // HACL_HID = sha3_384 #define Py_hmac_sha3_384_block_size 104 #define Py_hmac_sha3_384_digest_size 48 #define Py_hmac_sha3_384_update_func NULL -#define Py_hmac_sha3_384_digest_func Hacl_HMAC_compute_sha3_384 +#define Py_hmac_sha3_384_digest_func NULL +#define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 // HACL_HID = sha3_512 #define Py_hmac_sha3_512_block_size 72 #define Py_hmac_sha3_512_digest_size 64 #define Py_hmac_sha3_512_update_func NULL -#define Py_hmac_sha3_512_digest_func Hacl_HMAC_compute_sha3_512 +#define Py_hmac_sha3_512_digest_func NULL +#define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 /* Blake family */ // HACL_HID = blake2s_32 #define Py_hmac_blake2s_32_block_size 64 #define Py_hmac_blake2s_32_digest_size 32 #define Py_hmac_blake2s_32_update_func NULL -#define Py_hmac_blake2s_32_digest_func Hacl_HMAC_compute_blake2s_32 +#define Py_hmac_blake2s_32_digest_func NULL +#define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 // HACL_HID = blake2b_32 #define Py_hmac_blake2b_32_block_size 128 #define Py_hmac_blake2b_32_digest_size 64 #define Py_hmac_blake2b_32_update_func NULL -#define Py_hmac_blake2b_32_digest_func Hacl_HMAC_compute_blake2b_32 +#define Py_hmac_blake2b_32_digest_func NULL +#define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 #define Py_hmac_hash_max_digest_size 64 @@ -126,7 +138,7 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) return NULL; \ } \ uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ - Py_hmac_## HACL_HID ##_digest_func( \ + Py_hmac_## HACL_HID ##_compute_func( \ out, \ (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ (uint8_t *)msgview.buf, (uint32_t)msgview.len \ From 12fbfc4eb5dda2f7e9404098b4b032b1e321fd45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 14:53:26 +0100 Subject: [PATCH 18/36] Update HACL* project. Commit hash is now `cea4e8eb5c81fa668c6240e8c5a334de8a86394f`. --- Misc/sbom.spdx.json | 8 +- Modules/_hacl/Hacl_HMAC.c | 240 +++++++++++++++----------------------- Modules/_hacl/refresh.sh | 2 +- 3 files changed, 101 insertions(+), 149 deletions(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index 36df377910d9d2..af9727d829cdb7 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -1682,14 +1682,14 @@ "checksums": [ { "algorithm": "SHA256", - "checksumValue": "cbd19d064b3136172cabe88ab1b51fe2ee5264fe8eaf4a586355533ffe97977d" + "checksumValue": "017202337a7052c64832c134d80777a7a868cefd056471052cb608f38c71b181" } ], - "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/fc2e38f4d899ba28665c5b91caedaf35b3b37452.zip", + "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/cea4e8eb5c81fa668c6240e8c5a334de8a86394f.zip", "externalRefs": [ { "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:fc2e38f4d899ba28665c5b91caedaf35b3b37452:*:*:*:*:*:*:*", + "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:cea4e8eb5c81fa668c6240e8c5a334de8a86394f:*:*:*:*:*:*:*", "referenceType": "cpe23Type" } ], @@ -1697,7 +1697,7 @@ "name": "hacl-star", "originator": "Organization: HACL* Developers", "primaryPackagePurpose": "SOURCE", - "versionInfo": "fc2e38f4d899ba28665c5b91caedaf35b3b37452" + "versionInfo": "cea4e8eb5c81fa668c6240e8c5a334de8a86394f" }, { "SPDXID": "SPDXRef-PACKAGE-macholib", diff --git a/Modules/_hacl/Hacl_HMAC.c b/Modules/_hacl/Hacl_HMAC.c index 93002d2ba3e42b..2c32e403d88112 100644 --- a/Modules/_hacl/Hacl_HMAC.c +++ b/Modules/_hacl/Hacl_HMAC.c @@ -48,10 +48,8 @@ Hacl_HMAC_compute_md5( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -72,19 +70,17 @@ Hacl_HMAC_compute_md5( { Hacl_Hash_MD5_hash_oneshot(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -162,10 +158,8 @@ Hacl_HMAC_compute_sha1( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -186,19 +180,17 @@ Hacl_HMAC_compute_sha1( { Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -276,10 +268,8 @@ Hacl_HMAC_compute_sha2_224( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -300,19 +290,17 @@ Hacl_HMAC_compute_sha2_224( { Hacl_Hash_SHA2_hash_224(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -404,10 +392,8 @@ Hacl_HMAC_compute_sha2_256( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -428,19 +414,17 @@ Hacl_HMAC_compute_sha2_256( { Hacl_Hash_SHA2_hash_256(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -532,10 +516,8 @@ Hacl_HMAC_compute_sha2_384( uint32_t data_len ) { - uint32_t l = 128U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[128U]; + memset(key_block, 0U, 128U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 128U) @@ -556,19 +538,17 @@ Hacl_HMAC_compute_sha2_384( { Hacl_Hash_SHA2_hash_384(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[128U]; + memset(ipad, 0x36U, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[128U]; + memset(opad, 0x5cU, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -668,10 +648,8 @@ Hacl_HMAC_compute_sha2_512( uint32_t data_len ) { - uint32_t l = 128U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[128U]; + memset(key_block, 0U, 128U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 128U) @@ -692,19 +670,17 @@ Hacl_HMAC_compute_sha2_512( { Hacl_Hash_SHA2_hash_512(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[128U]; + memset(ipad, 0x36U, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[128U]; + memset(opad, 0x5cU, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -804,10 +780,8 @@ Hacl_HMAC_compute_sha3_224( uint32_t data_len ) { - uint32_t l = 144U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[144U]; + memset(key_block, 0U, 144U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 144U) @@ -828,19 +802,17 @@ Hacl_HMAC_compute_sha3_224( { Hacl_Hash_SHA3_sha3_224(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[144U]; + memset(ipad, 0x36U, 144U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 144U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[144U]; + memset(opad, 0x5cU, 144U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 144U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -934,10 +906,8 @@ Hacl_HMAC_compute_sha3_256( uint32_t data_len ) { - uint32_t l = 136U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[136U]; + memset(key_block, 0U, 136U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 136U) @@ -958,19 +928,17 @@ Hacl_HMAC_compute_sha3_256( { Hacl_Hash_SHA3_sha3_256(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[136U]; + memset(ipad, 0x36U, 136U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 136U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[136U]; + memset(opad, 0x5cU, 136U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 136U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1064,10 +1032,8 @@ Hacl_HMAC_compute_sha3_384( uint32_t data_len ) { - uint32_t l = 104U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[104U]; + memset(key_block, 0U, 104U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 104U) @@ -1088,19 +1054,17 @@ Hacl_HMAC_compute_sha3_384( { Hacl_Hash_SHA3_sha3_384(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[104U]; + memset(ipad, 0x36U, 104U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 104U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[104U]; + memset(opad, 0x5cU, 104U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 104U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1194,10 +1158,8 @@ Hacl_HMAC_compute_sha3_512( uint32_t data_len ) { - uint32_t l = 72U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[72U]; + memset(key_block, 0U, 72U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 72U) @@ -1218,19 +1180,17 @@ Hacl_HMAC_compute_sha3_512( { Hacl_Hash_SHA3_sha3_512(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[72U]; + memset(ipad, 0x36U, 72U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 72U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[72U]; + memset(opad, 0x5cU, 72U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 72U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1324,10 +1284,8 @@ Hacl_HMAC_compute_blake2s_32( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -1348,19 +1306,17 @@ Hacl_HMAC_compute_blake2s_32( { Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1469,10 +1425,8 @@ Hacl_HMAC_compute_blake2b_32( uint32_t data_len ) { - uint32_t l = 128U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[128U]; + memset(key_block, 0U, 128U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 128U) @@ -1493,19 +1447,17 @@ Hacl_HMAC_compute_blake2b_32( { Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[128U]; + memset(ipad, 0x36U, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[128U]; + memset(opad, 0x5cU, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; diff --git a/Modules/_hacl/refresh.sh b/Modules/_hacl/refresh.sh index 78b9c8acd762e0..8f6d1b3132cc06 100755 --- a/Modules/_hacl/refresh.sh +++ b/Modules/_hacl/refresh.sh @@ -22,7 +22,7 @@ fi # Update this when updating to a new version after verifying that the changes # the update brings in are good. -expected_hacl_star_rev=fc2e38f4d899ba28665c5b91caedaf35b3b37452 +expected_hacl_star_rev=cea4e8eb5c81fa668c6240e8c5a334de8a86394f hacl_dir="$(realpath "$1")" cd "$(dirname "$0")" From 39be4b1d61c81eb8fb10e8ddef3b11633f115027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 9 Nov 2024 09:48:34 +0100 Subject: [PATCH 19/36] update SBOM files --- Misc/sbom.spdx.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index af9727d829cdb7..a0bcb87f174171 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -300,11 +300,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "39845bf2f06d85ba98824f6f4f02f3a2f27d4d1a" + "checksumValue": "c314722e89fefe2c00fb35b89f6eec7e03c336e6" }, { "algorithm": "SHA256", - "checksumValue": "0ca9c580923d8e88e09d8b709257462dcf11eb18ea40d9b782e0ffa694141bbd" + "checksumValue": "a3166efac8b34ea03fb61e7ce3a06cfab52adcccdac765c59eb3b0b848678ebf" } ], "fileName": "Modules/_hacl/Hacl_HMAC.c" From 5ae6b6d8e48c202e7aec7f547fd5c3554169806b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 9 Nov 2024 12:04:28 +0100 Subject: [PATCH 20/36] cosmetic cleanups --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 34873998a4420e..8db3a75de47818 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -10,7 +10,7 @@ // HMAC underlying hash function static information. /* MD-5 */ -// (HACL_HID = md5) +// HACL_HID = md5 #define Py_hmac_md5_block_size 64 #define Py_hmac_md5_digest_size 16 #define Py_hmac_md5_update_func NULL From 49083aa406d22f8f8f1a5c21f6bfb9ab3223d8d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 11:42:12 +0100 Subject: [PATCH 21/36] unconditionally build `_hmac` extension module --- configure | 47 ++++++----------------------------------------- configure.ac | 13 +------------ 2 files changed, 7 insertions(+), 53 deletions(-) diff --git a/configure b/configure index 7416165563888b..7009897768ebc8 100755 --- a/configure +++ b/configure @@ -1135,7 +1135,6 @@ with_openssl with_openssl_rpath with_ssl_default_suites with_builtin_hashlib_hashes -with_builtin_hashlib_hmac enable_test_modules ' ac_precious_vars='build_alias @@ -1958,9 +1957,6 @@ Optional Packages: --with-builtin-hashlib-hashes=md5,sha1,sha2,sha3,blake2 builtin hash modules, md5, sha1, sha2, sha3 (with shake), blake2 - --with-builtin-hashlib-hmac - use builtin HACL* HMAC when possible [default is - yes] Some influential environment variables: PKG_CONFIG path to pkg-config utility @@ -29052,21 +29048,6 @@ esac done IFS=$as_save_IFS -# builtin HACL* HMAC module -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --with-builtin-hashlib-hmac=yes,no" >&5 -printf %s "checking for --with-builtin-hashlib-hmac=yes,no... " >&6; } - -# Check whether --with-builtin-hashlib-hmac was given. -if test ${with_builtin_hashlib_hmac+y} -then : - withval=$with_builtin_hashlib_hmac; with_builtin_hashlib_hmac=$with_val -else $as_nop - with_builtin_hashlib_hmac=yes -fi - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_builtin_hashlib_hmac" >&5 -printf "%s\n" "$with_builtin_hashlib_hmac" >&6; } - # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --disable-test-modules" >&5 @@ -30749,24 +30730,18 @@ printf "%s\n" "$py_cv_module__blake2" >&6; } - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 -printf %s "checking for stdlib extension module _hmac... " >&6; } if test "$py_cv_module__hmac" != "n/a" then : - - if test "$with_builtin_hashlib_hmac" = yes -then : - if true -then : py_cv_module__hmac=yes -else $as_nop - py_cv_module__hmac=missing fi -else $as_nop - py_cv_module__hmac=disabled + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= fi -fi as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" if test "x$py_cv_module__hmac" = xyes then : @@ -30775,16 +30750,6 @@ then : fi - if test "$py_cv_module__hmac" = yes; then - MODULE__HMAC_TRUE= - MODULE__HMAC_FALSE='#' -else - MODULE__HMAC_TRUE='#' - MODULE__HMAC_FALSE= -fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 -printf "%s\n" "$py_cv_module__hmac" >&6; } LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' diff --git a/configure.ac b/configure.ac index 81acff048d133d..51017373c526ea 100644 --- a/configure.ac +++ b/configure.ac @@ -7460,15 +7460,6 @@ for builtin_hash in $with_builtin_hashlib_hashes; do done IFS=$as_save_IFS -# builtin HACL* HMAC module -AC_MSG_CHECKING([for --with-builtin-hashlib-hmac=yes,no]) -AC_ARG_WITH([builtin-hashlib-hmac], - [AS_HELP_STRING([--with-builtin-hashlib-hmac], - [use builtin HACL* HMAC when possible @<:@default is yes@:>@])], - [with_builtin_hashlib_hmac=$with_val], - [with_builtin_hashlib_hmac=yes]) -AC_MSG_RESULT([$with_builtin_hashlib_hmac]) - # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. AC_MSG_CHECKING([for --disable-test-modules]) @@ -7810,9 +7801,7 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) -dnl We always build the '_hmac' extension module but falls back -dnl to the Python implementation if needs arise. -PY_STDLIB_MOD([_hmac], [test "$with_builtin_hashlib_hmac" = yes]) +PY_STDLIB_MOD_SIMPLE([_hmac]) LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in From dd8060034a8400b5f4dd361314243294e673f722 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:48:38 +0100 Subject: [PATCH 22/36] implement hash algorithm resolution --- Modules/clinic/hmacmodule.c.h | 34 +- Modules/hmacmodule.c | 586 ++++++++++++++++++++++++++++++---- 2 files changed, 555 insertions(+), 65 deletions(-) diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h index 5210d553e4fa07..dc3fdd655ccd9f 100644 --- a/Modules/clinic/hmacmodule.c.h +++ b/Modules/clinic/hmacmodule.c.h @@ -4,6 +4,38 @@ preserve #include "pycore_modsupport.h" // _PyArg_CheckPositional() +PyDoc_STRVAR(_hmac_compute_digest__doc__, +"compute_digest($module, key, msg, digestmod, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_DIGEST_METHODDEF \ + {"compute_digest", _PyCFunction_CAST(_hmac_compute_digest), METH_FASTCALL, _hmac_compute_digest__doc__}, + +static PyObject * +_hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, + PyObject *digestmod); + +static PyObject * +_hmac_compute_digest(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + PyObject *key; + PyObject *msg; + PyObject *digestmod; + + if (!_PyArg_CheckPositional("compute_digest", nargs, 3, 3)) { + goto exit; + } + key = args[0]; + msg = args[1]; + digestmod = args[2]; + return_value = _hmac_compute_digest_impl(module, key, msg, digestmod); + +exit: + return return_value; +} + PyDoc_STRVAR(_hmac_compute_md5__doc__, "compute_md5($module, key, msg, /)\n" "--\n" @@ -351,4 +383,4 @@ _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nar exit: return return_value; } -/*[clinic end generated code: output=02933e59cf87411a input=a9049054013a1b77]*/ +/*[clinic end generated code: output=f0d13237cf250e7d input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 8db3a75de47818..6b5d0bf709a4a7 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -3,102 +3,192 @@ #endif #include "Python.h" +#include "pycore_hashtable.h" +#include "pycore_strhex.h" // _Py_strhex() + +#include // LN_* macros #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" + // HMAC underlying hash function static information. +#define Py_hmac_hash_max_digest_size 64 + /* MD-5 */ // HACL_HID = md5 -#define Py_hmac_md5_block_size 64 -#define Py_hmac_md5_digest_size 16 -#define Py_hmac_md5_update_func NULL -#define Py_hmac_md5_digest_func NULL -#define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 +#define Py_hmac_md5_block_size 64 +#define Py_hmac_md5_digest_size 16 + +#define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 /* SHA-1 family */ // HACL_HID = sha1 -#define Py_hmac_sha1_block_size 64 -#define Py_hmac_sha1_digest_size 20 -#define Py_hmac_sha1_update_func NULL -#define Py_hmac_sha1_digest_func NULL -#define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 +#define Py_hmac_sha1_block_size 64 +#define Py_hmac_sha1_digest_size 20 + +#define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 /* SHA-2 family */ // HACL_HID = sha2_224 -#define Py_hmac_sha2_224_block_size 64 -#define Py_hmac_sha2_224_digest_size 28 -#define Py_hmac_sha2_224_update_func NULL -#define Py_hmac_sha2_224_digest_func NULL -#define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 +#define Py_hmac_sha2_224_block_size 64 +#define Py_hmac_sha2_224_digest_size 28 + +#define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 // HACL_HID = sha2_256 -#define Py_hmac_sha2_256_block_size 64 -#define Py_hmac_sha2_256_digest_size 32 -#define Py_hmac_sha2_256_update_func NULL -#define Py_hmac_sha2_256_digest_func NULL -#define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 +#define Py_hmac_sha2_256_block_size 64 +#define Py_hmac_sha2_256_digest_size 32 + +#define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 // HACL_HID = sha2_384 -#define Py_hmac_sha2_384_block_size 128 -#define Py_hmac_sha2_384_digest_size 48 -#define Py_hmac_sha2_384_update_func NULL -#define Py_hmac_sha2_384_digest_func NULL -#define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 +#define Py_hmac_sha2_384_block_size 128 +#define Py_hmac_sha2_384_digest_size 48 + +#define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 // HACL_HID = sha2_512 -#define Py_hmac_sha2_512_block_size 128 -#define Py_hmac_sha2_512_digest_size 64 -#define Py_hmac_sha2_512_update_func NULL -#define Py_hmac_sha2_512_digest_func NULL -#define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 +#define Py_hmac_sha2_512_block_size 128 +#define Py_hmac_sha2_512_digest_size 64 + +#define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 /* SHA-3 family */ // HACL_HID = sha3_224 -#define Py_hmac_sha3_224_block_size 144 -#define Py_hmac_sha3_224_digest_size 28 -#define Py_hmac_sha3_224_update_func NULL -#define Py_hmac_sha3_224_digest_func NULL -#define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 +#define Py_hmac_sha3_224_block_size 144 +#define Py_hmac_sha3_224_digest_size 28 + +#define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 // HACL_HID = sha3_256 -#define Py_hmac_sha3_256_block_size 136 -#define Py_hmac_sha3_256_digest_size 32 -#define Py_hmac_sha3_256_update_func NULL -#define Py_hmac_sha3_256_digest_func NULL -#define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 +#define Py_hmac_sha3_256_block_size 136 +#define Py_hmac_sha3_256_digest_size 32 + +#define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 // HACL_HID = sha3_384 -#define Py_hmac_sha3_384_block_size 104 -#define Py_hmac_sha3_384_digest_size 48 -#define Py_hmac_sha3_384_update_func NULL -#define Py_hmac_sha3_384_digest_func NULL -#define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 +#define Py_hmac_sha3_384_block_size 104 +#define Py_hmac_sha3_384_digest_size 48 + +#define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 // HACL_HID = sha3_512 -#define Py_hmac_sha3_512_block_size 72 -#define Py_hmac_sha3_512_digest_size 64 -#define Py_hmac_sha3_512_update_func NULL -#define Py_hmac_sha3_512_digest_func NULL -#define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 +#define Py_hmac_sha3_512_block_size 72 +#define Py_hmac_sha3_512_digest_size 64 + +#define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 /* Blake family */ // HACL_HID = blake2s_32 -#define Py_hmac_blake2s_32_block_size 64 -#define Py_hmac_blake2s_32_digest_size 32 -#define Py_hmac_blake2s_32_update_func NULL -#define Py_hmac_blake2s_32_digest_func NULL -#define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 +#define Py_hmac_blake2s_32_block_size 64 +#define Py_hmac_blake2s_32_digest_size 32 -// HACL_HID = blake2b_32 -#define Py_hmac_blake2b_32_block_size 128 -#define Py_hmac_blake2b_32_digest_size 64 -#define Py_hmac_blake2b_32_update_func NULL -#define Py_hmac_blake2b_32_digest_func NULL -#define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 +#define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 -#define Py_hmac_hash_max_digest_size 64 +// HACL_HID = blake2b_32 +#define Py_hmac_blake2b_32_block_size 128 +#define Py_hmac_blake2b_32_digest_size 64 + +#define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 + +/* Enumeration indicating the underlying hash function used by HMAC. */ +typedef enum HMAC_Hash_Kind { + Py_hmac_kind_unknown = 0, + /* MD5 */ + Py_hmac_kind_hmac_md5, + /* SHA-1 */ + Py_hmac_kind_hmac_sha1, + /* SHA-2 family */ + Py_hmac_kind_hmac_sha2_224, + Py_hmac_kind_hmac_sha2_256, + Py_hmac_kind_hmac_sha2_384, + Py_hmac_kind_hmac_sha2_512, + /* SHA-3 family */ + Py_hmac_kind_hmac_sha3_224, + Py_hmac_kind_hmac_sha3_256, + Py_hmac_kind_hmac_sha3_384, + Py_hmac_kind_hmac_sha3_512, + /* Blake family */ + Py_hmac_kind_hmac_blake2s_32, + Py_hmac_kind_hmac_blake2b_32, +} HMAC_Hash_Kind; + +/* Function pointer type for 1-shot HACL* HMAC functions. */ +typedef void +(*HACL_HMAC_compute_func)(uint8_t *out, + uint8_t *key, uint32_t keylen, + uint8_t *msg, uint32_t msglen); + +/* Function pointer type for 1-shot HACL* HMAC CPython AC functions. */ +typedef PyObject * +(*PYAC_HMAC_compute_func)(PyObject *module, PyObject *key, PyObject *msg); + +/* + * HACL* HMAC minimal interface. + */ +typedef struct py_hmac_hacl_api { + HACL_HMAC_compute_func compute; + PYAC_HMAC_compute_func compute_py; +} py_hmac_hacl_api; + +/* + * HMAC underlying hash function static information. + * + * The '_hmac' built-in module is able to recognize the same hash + * functions as the '_hashlib' built-in module with the exception + * of truncated SHA-2-512-224/256 which are not yet implemented by + * the HACL* project. + */ +typedef struct py_hmac_hinfo { + /* + * Name of the hash function used by the HACL* HMAC module. + * + * This name may differ from the hashlib names and OpenSSL names. + * For instance, SHA-2/224 is named "sha2_224" instead of "sha224" + * as it is done by 'hashlib'. + */ + const char *name; + /* + * Optional field to cache storing the 'name' field as a Python string. + * + * This field is NULL by default in the items of "py_hmac_hinfo_table" + * but will be populated when creating the module's state "hinfo_table". + */ + PyObject *p_name; + + /* hash function information */ + HMAC_Hash_Kind kind; + uint32_t block_size; + uint32_t digest_size; + + /* HACL* HMAC API */ + py_hmac_hacl_api api; + + const char *hashlib_name; /* hashlib preferred name (default: name) */ + const char *hashlib_altn; /* hashlib alias (default: hashlib_name) */ + const char *openssl_name; /* hashlib preferred OpenSSL alias (if any) */ + + Py_ssize_t refcnt; +} py_hmac_hinfo; + +typedef struct hmacmodule_state { + _Py_hashtable_t *hinfo_table; + /* imported from _hashlib */ + PyObject *hashlib_constructs_mappingproxy; + PyObject *hashlib_unsupported_digestmod_error; + /* interned strings */ + PyObject *str_lower; +} hmacmodule_state; + +static inline hmacmodule_state * +get_hmacmodule_state(PyObject *module) +{ + void *state = PyModule_GetState(module); + assert(state != NULL); + return (hmacmodule_state *)state; +} /*[clinic input] module _hmac @@ -107,6 +197,91 @@ module _hmac #include "clinic/hmacmodule.c.h" +static inline int +find_hash_info_by_utf8name(hmacmodule_state *state, + const char *name, + const py_hmac_hinfo **info) +{ + if (name == NULL) { + *info = NULL; + return -1; + } + *info = _Py_hashtable_get(state->hinfo_table, name); + return *info != NULL; +} + +static int +find_hash_info_by_name(hmacmodule_state *state, + PyObject *name, + const py_hmac_hinfo **info) +{ + int rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(name), info); + if (rc == 0) { + // try to find an alternative using the lowercase name + PyObject *lower = PyObject_CallMethodNoArgs(name, state->str_lower); + if (lower == NULL) { + *info = NULL; + return -1; + } + rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(lower), info); + Py_DECREF(lower); + } + return rc; +} + +/* + * Find the corresponding HMAC static information. + * + * If an error occurs or if nothing can be found, this + * returns -1 or 0 respectively, and sets 'info' to NULL. + * Otherwise, this returns 1 and stores the result in 'info'. + * + * Parameters + * + * state The HMAC module state. + * hash_info_ref An input to hashlib.new(). + * info The deduced information, if any. + */ +static int +find_hash_info_impl(hmacmodule_state *state, + PyObject *hash_info_ref, + const py_hmac_hinfo **info) +{ + if (PyUnicode_Check(hash_info_ref)) { + return find_hash_info_by_name(state, hash_info_ref, info); + } + PyObject *hashlib_name = NULL; + int rc = PyMapping_GetOptionalItem(state->hashlib_constructs_mappingproxy, + hash_info_ref, &hashlib_name); + if (rc <= 0) { + *info = NULL; + return rc; + } + rc = find_hash_info_by_name(state, hashlib_name, info); + Py_DECREF(hashlib_name); + return rc; +} + +static const py_hmac_hinfo * +find_hash_info(hmacmodule_state *state, PyObject *hash_info_ref) +{ + const py_hmac_hinfo *info = NULL; + int rc = find_hash_info_impl(state, hash_info_ref, &info); + if (rc < 0) { + assert(info == NULL); + assert(PyErr_Occurred()); + return NULL; + } + if (rc == 0) { + assert(info == NULL); + assert(!PyErr_Occurred()); + PyErr_Format(state->hashlib_unsupported_digestmod_error, + "unsupported hash type: %R", hash_info_ref); + return NULL; + } + return info; +} + /* Check that the buffer length fits on a uint32_t. */ static inline int has_uint32_t_buffer_length(const Py_buffer *buffer) @@ -118,7 +293,39 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) #endif } -/* One-shot HMAC-HASH using the given HACL_HID. */ +// --- One-shot HMAC-HASH interface ------------------------------------------- + +/*[clinic input] +_hmac.compute_digest + + key: object + msg: object + digestmod: object + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, + PyObject *digestmod) +/*[clinic end generated code: output=593ea8a175024c9a input=bd3be7c5b717c950]*/ +{ + hmacmodule_state *state = get_hmacmodule_state(module); + const py_hmac_hinfo *info = find_hash_info(state, digestmod); + if (info == NULL) { + return NULL; + } + assert(info->api.compute_py != NULL); + return info->api.compute_py(module, key, msg); +} + +/* + * One-shot HMAC-HASH using the given HACL_HID. + * + * The length of the key and message buffers must not exceed UINT32_MAX, + * lest an OverflowError is raised. The Python implementation takes care + * of dispatching to the OpenSSL implementation in this case. + */ #define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ do { \ Py_buffer keyview, msgview; \ @@ -343,7 +550,12 @@ _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) Py_HMAC_HACL_ONESHOT(blake2b_32, key, msg); } +// --- HMAC module methods ---------------------------------------------------- + static PyMethodDef hmacmodule_methods[] = { + /* one-shot dispatcher */ + _HMAC_COMPUTE_DIGEST_METHODDEF + /* one-shot methods */ _HMAC_COMPUTE_MD5_METHODDEF _HMAC_COMPUTE_SHA1_METHODDEF _HMAC_COMPUTE_SHA2_224_METHODDEF @@ -359,7 +571,250 @@ static PyMethodDef hmacmodule_methods[] = { {NULL, NULL, 0, NULL} }; +// --- HMAC static information table ------------------------------------------ + + +/* Static information used to construct the hash table. */ +static const py_hmac_hinfo py_hmac_static_hinfo[] = { +#define Py_HMAC_HINFO_HACL_API(HACL_HID) \ + { \ + .compute = &Py_hmac_## HACL_HID ##_compute_func, \ + .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ + } + +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN, OSSL_NAME) \ + { \ + .name = Py_STRINGIFY(HACL_HID), \ + .p_name = NULL, \ + .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ + .block_size = Py_hmac_## HACL_HID ##_block_size, \ + .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ + .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ + .hashlib_name = HLIB_NAME, \ + .hashlib_altn = HLIB_ALTN, \ + .openssl_name = OSSL_NAME, \ + .refcnt = 0, \ + } + /* MD5 */ + Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5", LN_md5), + /* SHA-1 */ + Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1", LN_sha1), + /* SHA-2 family */ + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224", LN_sha224), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256", LN_sha256), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384", LN_sha384), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512", LN_sha512), + /* SHA-3 family */ + Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL, LN_sha3_224), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL, LN_sha3_256), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL, LN_sha3_384), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL, LN_sha3_512), + /* Blake family */ + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL, LN_blake2s256), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL, LN_blake2b512), +#undef Py_HMAC_HINFO_ENTRY +#undef Py_HMAC_HINFO_HACL_API + /* sentinel */ + { + NULL, NULL, + Py_hmac_kind_unknown, 0, 0, + {NULL, NULL}, + NULL, NULL, NULL, + 0 + }, +}; + +static inline Py_uhash_t +py_hmac_hinfo_ht_hash(const void *name) +{ + return Py_HashBuffer(name, strlen((const char *)name)); +} + +static inline int +py_hmac_hinfo_ht_comp(const void *a, const void *b) +{ + return strcmp((const char *)a, (const char *)b) == 0; +} + +static void +py_hmac_hinfo_ht_free(void *hinfo) +{ + py_hmac_hinfo *entry = (py_hmac_hinfo *)hinfo; + assert(entry->p_name != NULL); + if (--(entry->refcnt) == 0) { + Py_CLEAR(entry->p_name); + PyMem_Free(hinfo); + } +} + +static inline int +py_hmac_hinfo_ht_add(_Py_hashtable_t *table, const void *key, void *info) +{ + if (key == NULL || _Py_hashtable_get(table, key) != NULL) { + return 0; + } + int ok = _Py_hashtable_set(table, key, info); + return ok < 0 ? -1 : ok == 0; +} + +static _Py_hashtable_t * +py_hmac_hinfo_ht_new(void) +{ + _Py_hashtable_t *table = _Py_hashtable_new_full( + py_hmac_hinfo_ht_hash, + py_hmac_hinfo_ht_comp, + NULL, + py_hmac_hinfo_ht_free, + NULL + ); + + if (table == NULL) { + return NULL; + } + + for (const py_hmac_hinfo *e = py_hmac_static_hinfo; e->name != NULL; e++) { + py_hmac_hinfo *value = PyMem_Malloc(sizeof(py_hmac_hinfo)); + if (value == NULL) { + goto error; + } + + memcpy(value, e, sizeof(py_hmac_hinfo)); + assert(value->p_name == NULL); + value->refcnt = 0; + +#define Py_HMAC_HINFO_LINK(KEY) \ + do { \ + int rc = py_hmac_hinfo_ht_add(table, KEY, value); \ + if (rc < 0) { \ + PyMem_Free(value); \ + goto error; \ + } \ + else if (rc == 1) { \ + value->refcnt++; \ + } \ + } while (0) + Py_HMAC_HINFO_LINK(e->name); + Py_HMAC_HINFO_LINK(e->hashlib_name); + Py_HMAC_HINFO_LINK(e->hashlib_altn); + Py_HMAC_HINFO_LINK(e->openssl_name); +#undef Py_HMAC_HINFO_LINK + assert(value->refcnt > 0); + value->p_name = PyUnicode_FromString(e->name); + if (value->p_name == NULL) { + PyMem_Free(value); + goto error; + } + } + + return table; + +error: + _Py_hashtable_destroy(table); + return NULL; +} + +// --- HMAC module initialization and finalization functions ------------------ + +static int +hmacmodule_init_hash_info_table(hmacmodule_state *state) +{ + state->hinfo_table = py_hmac_hinfo_ht_new(); + if (state->hinfo_table == NULL) { + // An exception other than a memory error can be raised + // by PyUnicode_FromString() or _Py_hashtable_set() when + // creating the hash table entries. + if (!PyErr_Occurred()) { + PyErr_NoMemory(); + } + return -1; + } + return 0; +} + +static int +hmacmodule_init_from_hashlib(hmacmodule_state *state) +{ + PyObject *_hashlib = PyImport_ImportModule("_hashlib"); + if (_hashlib == NULL) { + return -1; + } +#define IMPORT_FROM_HASHLIB(VAR, NAME) \ + do { \ + (VAR) = PyObject_GetAttrString(_hashlib, NAME); \ + if ((VAR) == NULL) { \ + Py_DECREF(_hashlib); \ + return -1; \ + } \ + } while (0) + + IMPORT_FROM_HASHLIB(state->hashlib_constructs_mappingproxy, + "_constructors"); + IMPORT_FROM_HASHLIB(state->hashlib_unsupported_digestmod_error, + "UnsupportedDigestmodError"); +#undef IMPORT_FROM_HASHLIB + Py_DECREF(_hashlib); + return 0; +} + +static int +hmacmodule_init_strings(hmacmodule_state *state) +{ + state->str_lower = PyUnicode_FromString("lower"); + if (state->str_lower == NULL) { + return -1; + } + return 0; +} + +static int +hmacmodule_exec(PyObject *module) +{ + hmacmodule_state *state = get_hmacmodule_state(module); + if (hmacmodule_init_hash_info_table(state) < 0) { + return -1; + } + if (hmacmodule_init_from_hashlib(state) < 0) { + return -1; + } + if (hmacmodule_init_strings(state) < 0) { + return -1; + } + return 0; +} + +static int +hmacmodule_traverse(PyObject *mod, visitproc visit, void *arg) +{ + Py_VISIT(Py_TYPE(mod)); + hmacmodule_state *state = get_hmacmodule_state(mod); + Py_VISIT(state->hashlib_constructs_mappingproxy); + Py_VISIT(state->hashlib_unsupported_digestmod_error); + Py_VISIT(state->str_lower); + return 0; +} + +static int +hmacmodule_clear(PyObject *mod) +{ + hmacmodule_state *state = get_hmacmodule_state(mod); + if (state->hinfo_table != NULL) { + _Py_hashtable_destroy(state->hinfo_table); + state->hinfo_table = NULL; + } + Py_CLEAR(state->hashlib_constructs_mappingproxy); + Py_CLEAR(state->hashlib_unsupported_digestmod_error); + Py_CLEAR(state->str_lower); + return 0; +} + +static inline void +hmacmodule_free(void *mod) +{ + (void)hmacmodule_clear((PyObject *)mod); +} + static struct PyModuleDef_Slot hmacmodule_slots[] = { + {Py_mod_exec, hmacmodule_exec}, {Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED}, {Py_mod_gil, Py_MOD_GIL_NOT_USED}, {0, NULL} @@ -368,9 +823,12 @@ static struct PyModuleDef_Slot hmacmodule_slots[] = { static struct PyModuleDef _hmacmodule = { PyModuleDef_HEAD_INIT, .m_name = "_hmac", - .m_size = 0, + .m_size = sizeof(hmacmodule_state), .m_methods = hmacmodule_methods, .m_slots = hmacmodule_slots, + .m_traverse = hmacmodule_traverse, + .m_clear = hmacmodule_clear, + .m_free = hmacmodule_free, }; PyMODINIT_FUNC From 542738cf0e7998486138a73d36fe9820bcb1c3f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:02:10 +0100 Subject: [PATCH 23/36] raise OverflowError instead of ValueError in 1-shot HMAC --- Modules/hmacmodule.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 6b5d0bf709a4a7..ed8a0e6f24f66b 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -332,7 +332,7 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ if (!has_uint32_t_buffer_length(&keyview)) { \ PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_ValueError, \ + PyErr_SetString(PyExc_OverflowError, \ "key length exceeds UINT32_MAX"); \ return NULL; \ } \ @@ -340,7 +340,7 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, if (!has_uint32_t_buffer_length(&msgview)) { \ PyBuffer_Release(&msgview); \ PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_ValueError, \ + PyErr_SetString(PyExc_OverflowError, \ "message length exceeds UINT32_MAX"); \ return NULL; \ } \ From 09c631ac7f7cc54cebc39d6c8c93e2edb95a7bda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:03:42 +0100 Subject: [PATCH 24/36] reduce import time --- Lib/hmac.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Lib/hmac.py b/Lib/hmac.py index 8b4eb2fe741e60..98adf50bec97b9 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -3,7 +3,6 @@ Implements the HMAC algorithm as described by RFC 2104. """ -import warnings as _warnings try: import _hashlib as _hashopenssl except ImportError: @@ -84,11 +83,15 @@ def _init_old(self, key, msg, digestmod): if hasattr(self._inner, 'block_size'): blocksize = self._inner.block_size if blocksize < 16: + import warnings as _warnings + _warnings.warn('block_size of %d seems too small; using our ' 'default of %d.' % (blocksize, self.blocksize), RuntimeWarning, 2) blocksize = self.blocksize else: + import warnings as _warnings + _warnings.warn('No block_size attribute on given digest object; ' 'Assuming %d.' % (self.blocksize), RuntimeWarning, 2) From 9bee955d169435fa27e208a9cad5f70ef5f33e22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:16:51 +0100 Subject: [PATCH 25/36] expose 1-shot HMAC --- Lib/hmac.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Lib/hmac.py b/Lib/hmac.py index 98adf50bec97b9..47bb25913c7891 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -13,6 +13,14 @@ compare_digest = _hashopenssl.compare_digest _functype = type(_hashopenssl.openssl_sha256) # builtin type +try: + import _hmac +except ImportError: + _hmac = None + _functype = None +else: + _functype = type(_hmac.compute_md5) # builtin type + import hashlib as _hashlib trans_5C = bytes((x ^ 0x5C) for x in range(256)) @@ -196,6 +204,12 @@ def digest(key, msg, digest): A hashlib constructor returning a new hash object. *OR* A module supporting PEP 247. """ + if _hmac is not None and isinstance(digest, (str, _functype)): + try: + return _hmac.compute_digest(key, msg, digest) + except (OverflowError, _hashopenssl.UnsupportedDigestmodError): + pass + if _hashopenssl is not None and isinstance(digest, (str, _functype)): try: return _hashopenssl.hmac_digest(key, msg, digest) From d36977f540fe175415dee5202d59a9b55b4d5bd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 13:12:11 +0100 Subject: [PATCH 26/36] ensure that openssl is linked --- Modules/hmacmodule.c | 87 ++++++++++++++++++++++++++++++++------------ configure | 82 +++++++++++++++++++++++++++++++++++++---- configure.ac | 15 +++++++- 3 files changed, 151 insertions(+), 33 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index ed8a0e6f24f66b..a72d89d88d1fd6 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -573,6 +573,45 @@ static PyMethodDef hmacmodule_methods[] = { // --- HMAC static information table ------------------------------------------ +#define Py_OpenSSL_LN_md5 LN_md5 +#define Py_OpenSSL_LN_sha1 LN_sha1 + +#define Py_OpenSSL_LN_sha2_224 LN_sha224 +#define Py_OpenSSL_LN_sha2_256 LN_sha256 +#define Py_OpenSSL_LN_sha2_384 LN_sha384 +#define Py_OpenSSL_LN_sha2_512 LN_sha512 + +#if defined(LN_sha3_224) +# define Py_OpenSSL_LN_sha3_224 LN_sha3_224 +#else +# define Py_OpenSSL_LN_sha3_224 "sha3_224" +#endif +#if defined(LN_sha3_256) +# define Py_OpenSSL_LN_sha3_256 LN_sha3_256 +#else +# define Py_OpenSSL_LN_sha3_256 "sha3_256" +#endif +#if defined(LN_sha3_384) +# define Py_OpenSSL_LN_sha3_384 LN_sha3_384 +#else +# define Py_OpenSSL_LN_sha3_384 "sha3_384" +#endif +#if defined(LN_sha3_512) +# define Py_OpenSSL_LN_sha3_512 LN_sha3_512 +#else +# define Py_OpenSSL_LN_sha3_512 "sha3_512" +#endif + +#if defined(LN_blake2s256) +# define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 +#else +# define Py_OpenSSL_LN_blake2s_32 "blake2s256" +#endif +#if defined(LN_blake2b512) +# define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 +#else +# define Py_OpenSSL_LN_blake2b_32 "blake2b512" +#endif /* Static information used to construct the hash table. */ static const py_hmac_hinfo py_hmac_static_hinfo[] = { @@ -582,36 +621,36 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ } -#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN, OSSL_NAME) \ - { \ - .name = Py_STRINGIFY(HACL_HID), \ - .p_name = NULL, \ - .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ - .block_size = Py_hmac_## HACL_HID ##_block_size, \ - .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ - .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ - .hashlib_name = HLIB_NAME, \ - .hashlib_altn = HLIB_ALTN, \ - .openssl_name = OSSL_NAME, \ - .refcnt = 0, \ +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN) \ + { \ + .name = Py_STRINGIFY(HACL_HID), \ + .p_name = NULL, \ + .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ + .block_size = Py_hmac_## HACL_HID ##_block_size, \ + .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ + .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ + .hashlib_name = HLIB_NAME, \ + .hashlib_altn = HLIB_ALTN, \ + .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ + .refcnt = 0, \ } /* MD5 */ - Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5", LN_md5), + Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5"), /* SHA-1 */ - Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1", LN_sha1), + Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1"), /* SHA-2 family */ - Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224", LN_sha224), - Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256", LN_sha256), - Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384", LN_sha384), - Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512", LN_sha512), + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224"), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256"), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384"), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512"), /* SHA-3 family */ - Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL, LN_sha3_224), - Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL, LN_sha3_256), - Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL, LN_sha3_384), - Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL, LN_sha3_512), + Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL), /* Blake family */ - Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL, LN_blake2s256), - Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL, LN_blake2b512), + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL), #undef Py_HMAC_HINFO_ENTRY #undef Py_HMAC_HINFO_HACL_API /* sentinel */ diff --git a/configure b/configure index 7009897768ebc8..78bd0c981ff002 100755 --- a/configure +++ b/configure @@ -28957,6 +28957,56 @@ LIBS=$save_LIBS +save_CFLAGS=$CFLAGS +save_CPPFLAGS=$CPPFLAGS +save_LDFLAGS=$LDFLAGS +save_LIBS=$LIBS + + + LIBS="$LIBS $LIBCRYPTO_LIBS" + CFLAGS="$CFLAGS $OPENSSL_INCLUDES" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL provides LN_* macros" >&5 +printf %s "checking whether OpenSSL provides LN_* macros... " >&6; } +if test ${ac_cv_working_openssl_hmac+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include // for LN_* macros + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_working_openssl_hmac=yes +else $as_nop + ac_cv_working_openssl_hmac=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_openssl_hmac" >&5 +printf "%s\n" "$ac_cv_working_openssl_hmac" >&6; } + +CFLAGS=$save_CFLAGS +CPPFLAGS=$save_CPPFLAGS +LDFLAGS=$save_LDFLAGS +LIBS=$save_LIBS + + + # ssl module default cipher suite string @@ -30730,26 +30780,42 @@ printf "%s\n" "$py_cv_module__blake2" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 +printf %s "checking for stdlib extension module _hmac... " >&6; } if test "$py_cv_module__hmac" != "n/a" then : + + if true +then : + if test "$ac_cv_working_openssl_hmac" = yes +then : py_cv_module__hmac=yes +else $as_nop + py_cv_module__hmac=missing fi - if test "$py_cv_module__hmac" = yes; then - MODULE__HMAC_TRUE= - MODULE__HMAC_FALSE='#' -else - MODULE__HMAC_TRUE='#' - MODULE__HMAC_FALSE= +else $as_nop + py_cv_module__hmac=disabled fi +fi as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" if test "x$py_cv_module__hmac" = xyes then : - - + as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$OPENSSL_INCLUDES$as_nl" + as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" fi + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 +printf "%s\n" "$py_cv_module__hmac" >&6; } LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' diff --git a/configure.ac b/configure.ac index 51017373c526ea..2a719e868d0699 100644 --- a/configure.ac +++ b/configure.ac @@ -7387,6 +7387,18 @@ WITH_SAVE_ENV([ ]) ]) +WITH_SAVE_ENV([ + LIBS="$LIBS $LIBCRYPTO_LIBS" + CFLAGS="$CFLAGS $OPENSSL_INCLUDES" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" + + AC_CACHE_CHECK([whether OpenSSL provides LN_* macros], [ac_cv_working_openssl_hmac], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include // for LN_* macros + ], [])], [ac_cv_working_openssl_hmac=yes], [ac_cv_working_openssl_hmac=no]) + ]) +]) + # ssl module default cipher suite string AH_TEMPLATE([PY_SSL_DEFAULT_CIPHERS], [Default cipher suites list for ssl module. @@ -7801,7 +7813,8 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) -PY_STDLIB_MOD_SIMPLE([_hmac]) +PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], + [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in From b3aa599d9281009b8ff7f847299214f4e57d266b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 13:30:34 +0100 Subject: [PATCH 27/36] update globals --- Modules/hmacmodule.c | 128 ++++++++++++++------------- Tools/c-analyzer/cpython/ignored.tsv | 1 + 2 files changed, 69 insertions(+), 60 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index a72d89d88d1fd6..77a5fef853dbb9 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -11,8 +11,7 @@ #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" - -// HMAC underlying hash function static information. +// --- HMAC underlying hash function static information ----------------------- #define Py_hmac_hash_max_digest_size 64 @@ -23,6 +22,8 @@ #define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 +#define Py_OpenSSL_LN_md5 LN_md5 + /* SHA-1 family */ // HACL_HID = sha1 #define Py_hmac_sha1_block_size 64 @@ -30,6 +31,8 @@ #define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 +#define Py_OpenSSL_LN_sha1 LN_sha1 + /* SHA-2 family */ // HACL_HID = sha2_224 #define Py_hmac_sha2_224_block_size 64 @@ -37,24 +40,32 @@ #define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 +#define Py_OpenSSL_LN_sha2_224 LN_sha224 + // HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 #define Py_hmac_sha2_256_digest_size 32 #define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 +#define Py_OpenSSL_LN_sha2_256 LN_sha256 + // HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 #define Py_hmac_sha2_384_digest_size 48 #define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 +#define Py_OpenSSL_LN_sha2_384 LN_sha384 + // HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 #define Py_hmac_sha2_512_digest_size 64 #define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 +#define Py_OpenSSL_LN_sha2_512 LN_sha512 + /* SHA-3 family */ // HACL_HID = sha3_224 #define Py_hmac_sha3_224_block_size 144 @@ -62,24 +73,48 @@ #define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 +#if defined(LN_sha3_224) +# define Py_OpenSSL_LN_sha3_224 LN_sha3_224 +#else +# define Py_OpenSSL_LN_sha3_224 "sha3_224" +#endif + // HACL_HID = sha3_256 #define Py_hmac_sha3_256_block_size 136 #define Py_hmac_sha3_256_digest_size 32 #define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 +#if defined(LN_sha3_256) +# define Py_OpenSSL_LN_sha3_256 LN_sha3_256 +#else +# define Py_OpenSSL_LN_sha3_256 "sha3_256" +#endif + // HACL_HID = sha3_384 #define Py_hmac_sha3_384_block_size 104 #define Py_hmac_sha3_384_digest_size 48 #define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 +#if defined(LN_sha3_384) +# define Py_OpenSSL_LN_sha3_384 LN_sha3_384 +#else +# define Py_OpenSSL_LN_sha3_384 "sha3_384" +#endif + // HACL_HID = sha3_512 #define Py_hmac_sha3_512_block_size 72 #define Py_hmac_sha3_512_digest_size 64 #define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 +#if defined(LN_sha3_512) +# define Py_OpenSSL_LN_sha3_512 LN_sha3_512 +#else +# define Py_OpenSSL_LN_sha3_512 "sha3_512" +#endif + /* Blake family */ // HACL_HID = blake2s_32 #define Py_hmac_blake2s_32_block_size 64 @@ -87,12 +122,24 @@ #define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 +#if defined(LN_blake2s256) +# define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 +#else +# define Py_OpenSSL_LN_blake2s_32 "blake2s256" +#endif + // HACL_HID = blake2b_32 #define Py_hmac_blake2b_32_block_size 128 #define Py_hmac_blake2b_32_digest_size 64 #define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 +#if defined(LN_blake2b512) +# define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 +#else +# define Py_OpenSSL_LN_blake2b_32 "blake2b512" +#endif + /* Enumeration indicating the underlying hash function used by HMAC. */ typedef enum HMAC_Hash_Kind { Py_hmac_kind_unknown = 0, @@ -167,12 +214,13 @@ typedef struct py_hmac_hinfo { py_hmac_hacl_api api; const char *hashlib_name; /* hashlib preferred name (default: name) */ - const char *hashlib_altn; /* hashlib alias (default: hashlib_name) */ const char *openssl_name; /* hashlib preferred OpenSSL alias (if any) */ Py_ssize_t refcnt; } py_hmac_hinfo; +// --- HMAC module state ------------------------------------------------------ + typedef struct hmacmodule_state { _Py_hashtable_t *hinfo_table; /* imported from _hashlib */ @@ -197,6 +245,8 @@ module _hmac #include "clinic/hmacmodule.c.h" +// --- Helpers ---------------------------------------------------------------- + static inline int find_hash_info_by_utf8name(hmacmodule_state *state, const char *name, @@ -230,7 +280,7 @@ find_hash_info_by_name(hmacmodule_state *state, } /* - * Find the corresponding HMAC static information. + * Find the corresponding HMAC hash function static information. * * If an error occurs or if nothing can be found, this * returns -1 or 0 respectively, and sets 'info' to NULL. @@ -573,46 +623,6 @@ static PyMethodDef hmacmodule_methods[] = { // --- HMAC static information table ------------------------------------------ -#define Py_OpenSSL_LN_md5 LN_md5 -#define Py_OpenSSL_LN_sha1 LN_sha1 - -#define Py_OpenSSL_LN_sha2_224 LN_sha224 -#define Py_OpenSSL_LN_sha2_256 LN_sha256 -#define Py_OpenSSL_LN_sha2_384 LN_sha384 -#define Py_OpenSSL_LN_sha2_512 LN_sha512 - -#if defined(LN_sha3_224) -# define Py_OpenSSL_LN_sha3_224 LN_sha3_224 -#else -# define Py_OpenSSL_LN_sha3_224 "sha3_224" -#endif -#if defined(LN_sha3_256) -# define Py_OpenSSL_LN_sha3_256 LN_sha3_256 -#else -# define Py_OpenSSL_LN_sha3_256 "sha3_256" -#endif -#if defined(LN_sha3_384) -# define Py_OpenSSL_LN_sha3_384 LN_sha3_384 -#else -# define Py_OpenSSL_LN_sha3_384 "sha3_384" -#endif -#if defined(LN_sha3_512) -# define Py_OpenSSL_LN_sha3_512 LN_sha3_512 -#else -# define Py_OpenSSL_LN_sha3_512 "sha3_512" -#endif - -#if defined(LN_blake2s256) -# define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 -#else -# define Py_OpenSSL_LN_blake2s_32 "blake2s256" -#endif -#if defined(LN_blake2b512) -# define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 -#else -# define Py_OpenSSL_LN_blake2b_32 "blake2b512" -#endif - /* Static information used to construct the hash table. */ static const py_hmac_hinfo py_hmac_static_hinfo[] = { #define Py_HMAC_HINFO_HACL_API(HACL_HID) \ @@ -621,7 +631,7 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ } -#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN) \ +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME) \ { \ .name = Py_STRINGIFY(HACL_HID), \ .p_name = NULL, \ @@ -630,27 +640,26 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ .hashlib_name = HLIB_NAME, \ - .hashlib_altn = HLIB_ALTN, \ .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ .refcnt = 0, \ } /* MD5 */ - Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5"), + Py_HMAC_HINFO_ENTRY(md5, "md5"), /* SHA-1 */ - Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1"), + Py_HMAC_HINFO_ENTRY(sha1, "sha1"), /* SHA-2 family */ - Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224"), - Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256"), - Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384"), - Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512"), + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224"), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256"), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384"), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512"), /* SHA-3 family */ - Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL), - Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL), - Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL), - Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_224, NULL), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL), /* Blake family */ - Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL), - Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL), + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256"), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512"), #undef Py_HMAC_HINFO_ENTRY #undef Py_HMAC_HINFO_HACL_API /* sentinel */ @@ -658,7 +667,7 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { NULL, NULL, Py_hmac_kind_unknown, 0, 0, {NULL, NULL}, - NULL, NULL, NULL, + NULL, NULL, 0 }, }; @@ -734,7 +743,6 @@ py_hmac_hinfo_ht_new(void) } while (0) Py_HMAC_HINFO_LINK(e->name); Py_HMAC_HINFO_LINK(e->hashlib_name); - Py_HMAC_HINFO_LINK(e->hashlib_altn); Py_HMAC_HINFO_LINK(e->openssl_name); #undef Py_HMAC_HINFO_LINK assert(value->refcnt > 0); diff --git a/Tools/c-analyzer/cpython/ignored.tsv b/Tools/c-analyzer/cpython/ignored.tsv index 686f3935d91bda..4d8f5183e78ae5 100644 --- a/Tools/c-analyzer/cpython/ignored.tsv +++ b/Tools/c-analyzer/cpython/ignored.tsv @@ -302,6 +302,7 @@ Modules/cmathmodule.c - sqrt_special_values - Modules/cmathmodule.c - tanh_special_values - Modules/config.c - _PyImport_Inittab - Modules/faulthandler.c - faulthandler_handlers - +Modules/hmacmodule.c - py_hmac_static_hinfo - Modules/getnameinfo.c - gni_afdl - Modules/posixmodule.c os_getxattr_impl buffer_sizes - Modules/posixmodule.c os_listxattr_impl buffer_sizes - From 49a1294e92ededa51be75298bb1481b6a00beacf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:11:16 +0100 Subject: [PATCH 28/36] fix LN_* macro values --- Modules/hmacmodule.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 77a5fef853dbb9..7e53fd30ca4383 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -6,7 +6,7 @@ #include "pycore_hashtable.h" #include "pycore_strhex.h" // _Py_strhex() -#include // LN_* macros +#include #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" @@ -76,7 +76,7 @@ #if defined(LN_sha3_224) # define Py_OpenSSL_LN_sha3_224 LN_sha3_224 #else -# define Py_OpenSSL_LN_sha3_224 "sha3_224" +# define Py_OpenSSL_LN_sha3_224 "sha3-224" #endif // HACL_HID = sha3_256 @@ -88,7 +88,7 @@ #if defined(LN_sha3_256) # define Py_OpenSSL_LN_sha3_256 LN_sha3_256 #else -# define Py_OpenSSL_LN_sha3_256 "sha3_256" +# define Py_OpenSSL_LN_sha3_256 "sha3-256" #endif // HACL_HID = sha3_384 @@ -100,7 +100,7 @@ #if defined(LN_sha3_384) # define Py_OpenSSL_LN_sha3_384 LN_sha3_384 #else -# define Py_OpenSSL_LN_sha3_384 "sha3_384" +# define Py_OpenSSL_LN_sha3_384 "sha3-384" #endif // HACL_HID = sha3_512 @@ -112,7 +112,7 @@ #if defined(LN_sha3_512) # define Py_OpenSSL_LN_sha3_512 LN_sha3_512 #else -# define Py_OpenSSL_LN_sha3_512 "sha3_512" +# define Py_OpenSSL_LN_sha3_512 "sha3-512" #endif /* Blake family */ From 06b012d55a15b857e6aefb7f778d654202ae0e7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 12:12:28 +0100 Subject: [PATCH 29/36] improve OpenSSL name resolution --- Modules/Setup.stdlib.in | 4 +- Modules/hmacmodule.c | 242 +++++++++++++++++++++++++++------------- configure | 106 ++++++++++-------- configure.ac | 23 +++- 4 files changed, 239 insertions(+), 136 deletions(-) diff --git a/Modules/Setup.stdlib.in b/Modules/Setup.stdlib.in index 8999bf0f14a4b4..ea6b65a1071dcc 100644 --- a/Modules/Setup.stdlib.in +++ b/Modules/Setup.stdlib.in @@ -84,9 +84,6 @@ @MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE @MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE -# HMAC builtin, can be disabled with --without-builtin-hashlib-hmac -@MODULE__HMAC_TRUE@_hmac hmacmodule.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_HMAC.a -D_BSD_SOURCE -D_DEFAULT_SOURCE - ############################################################################ # XML and text @@ -145,6 +142,7 @@ @MODULE__SSL_TRUE@_ssl _ssl.c # needs -lcrypt @MODULE__HASHLIB_TRUE@_hashlib _hashopenssl.c +@MODULE__HMAC_TRUE@_hmac hmacmodule.c # Linux: -luuid, BSD/AIX: libc's uuid_create() @MODULE__UUID_TRUE@_uuid _uuidmodule.c diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 7e53fd30ca4383..42f1a462c13306 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -4,17 +4,33 @@ #include "Python.h" #include "pycore_hashtable.h" -#include "pycore_strhex.h" // _Py_strhex() +#include "pycore_strhex.h" // _Py_strhex() -#include +#include // EVP_* interface +#include // LN_* and NID_* macros #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" +// --- OpenSSL EVP interface (used for resolving algorithm names) ------------- + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +# define Py_EVP_MD EVP_MD +# define Py_EVP_MD_fetch(ALGO) EVP_MD_fetch(NULL, ALGO, NULL) +# define Py_EVP_MD_free(MD) EVP_MD_free(MD) +#else +# define Py_EVP_MD const EVP_MD +# define Py_EVP_MD_fetch(ALGO) EVP_get_digestbyname(ALGO) +# define Py_EVP_MD_free(MD) do {} while(0) +#endif + // --- HMAC underlying hash function static information ----------------------- #define Py_hmac_hash_max_digest_size 64 +#define Py_OpenSSL_LN_MISSING NULL +#define Py_OpenSSL_NID_MISSING -1 + /* MD-5 */ // HACL_HID = md5 #define Py_hmac_md5_block_size 64 @@ -23,6 +39,7 @@ #define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 #define Py_OpenSSL_LN_md5 LN_md5 +#define Py_OpenSSL_NID_md5 NID_md5 /* SHA-1 family */ // HACL_HID = sha1 @@ -32,6 +49,7 @@ #define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 #define Py_OpenSSL_LN_sha1 LN_sha1 +#define Py_OpenSSL_NID_sha1 NID_sha1 /* SHA-2 family */ // HACL_HID = sha2_224 @@ -41,6 +59,7 @@ #define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 #define Py_OpenSSL_LN_sha2_224 LN_sha224 +#define Py_OpenSSL_NID_sha2_224 NID_sha224 // HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 @@ -49,6 +68,7 @@ #define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 #define Py_OpenSSL_LN_sha2_256 LN_sha256 +#define Py_OpenSSL_NID_sha2_256 NID_sha256 // HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 @@ -57,6 +77,7 @@ #define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 #define Py_OpenSSL_LN_sha2_384 LN_sha384 +#define Py_OpenSSL_NID_sha2_384 NID_sha384 // HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 @@ -65,6 +86,7 @@ #define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 #define Py_OpenSSL_LN_sha2_512 LN_sha512 +#define Py_OpenSSL_NID_sha2_512 NID_sha512 /* SHA-3 family */ // HACL_HID = sha3_224 @@ -73,10 +95,12 @@ #define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 -#if defined(LN_sha3_224) +#if defined(LN_sha3_224) && defined(NID_sha3_224) # define Py_OpenSSL_LN_sha3_224 LN_sha3_224 +# define Py_OpenSSL_NID_sha3_224 NID_sha3_224 #else -# define Py_OpenSSL_LN_sha3_224 "sha3-224" +# define Py_OpenSSL_LN_sha3_224 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_224 Py_OpenSSL_NID_MISSING #endif // HACL_HID = sha3_256 @@ -85,10 +109,12 @@ #define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 -#if defined(LN_sha3_256) +#if defined(LN_sha3_256) && defined(NID_sha3_256) # define Py_OpenSSL_LN_sha3_256 LN_sha3_256 +# define Py_OpenSSL_NID_sha3_256 NID_sha3_256 #else -# define Py_OpenSSL_LN_sha3_256 "sha3-256" +# define Py_OpenSSL_LN_sha3_256 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_256 Py_OpenSSL_NID_MISSING #endif // HACL_HID = sha3_384 @@ -97,10 +123,12 @@ #define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 -#if defined(LN_sha3_384) +#if defined(LN_sha3_384) && defined(NID_sha3_384) # define Py_OpenSSL_LN_sha3_384 LN_sha3_384 +# define Py_OpenSSL_NID_sha3_384 NID_sha3_384 #else -# define Py_OpenSSL_LN_sha3_384 "sha3-384" +# define Py_OpenSSL_LN_sha3_384 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_384 Py_OpenSSL_NID_MISSING #endif // HACL_HID = sha3_512 @@ -109,10 +137,12 @@ #define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 -#if defined(LN_sha3_512) +#if defined(LN_sha3_512) && defined(NID_sha3_512) # define Py_OpenSSL_LN_sha3_512 LN_sha3_512 +# define Py_OpenSSL_NID_sha3_512 NID_sha3_512 #else -# define Py_OpenSSL_LN_sha3_512 "sha3-512" +# define Py_OpenSSL_LN_sha3_512 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_512 Py_OpenSSL_NID_MISSING #endif /* Blake family */ @@ -122,10 +152,12 @@ #define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 -#if defined(LN_blake2s256) +#if defined(LN_blake2s256) && defined(NID_blake2s256) # define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 +# define Py_OpenSSL_NID_blake2s_32 NID_blake2s256 #else -# define Py_OpenSSL_LN_blake2s_32 "blake2s256" +# define Py_OpenSSL_LN_blake2s_32 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_blake2s_32 Py_OpenSSL_NID_MISSING #endif // HACL_HID = blake2b_32 @@ -134,10 +166,12 @@ #define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 -#if defined(LN_blake2b512) +#if defined(LN_blake2b512) && defined(NID_blake2b512) # define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 +# define Py_OpenSSL_NID_blake2b_32 NID_blake2b512 #else -# define Py_OpenSSL_LN_blake2b_32 "blake2b512" +# define Py_OpenSSL_LN_blake2b_32 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_blake2b_32 Py_OpenSSL_NID_MISSING #endif /* Enumeration indicating the underlying hash function used by HMAC. */ @@ -214,7 +248,8 @@ typedef struct py_hmac_hinfo { py_hmac_hacl_api api; const char *hashlib_name; /* hashlib preferred name (default: name) */ - const char *openssl_name; /* hashlib preferred OpenSSL alias (if any) */ + const char *openssl_name; /* OpenSSL EVP preferred name (NULL if none) */ + int openssl_nid; /* OpenSSL EVP NID (-1 if none) */ Py_ssize_t refcnt; } py_hmac_hinfo; @@ -247,36 +282,133 @@ module _hmac // --- Helpers ---------------------------------------------------------------- -static inline int +/* Static information used to construct the hash table. */ +static const py_hmac_hinfo py_hmac_static_hinfo[] = { +#define Py_HMAC_HINFO_HACL_API(HACL_HID) \ + { \ + .compute = &Py_hmac_## HACL_HID ##_compute_func, \ + .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ + } + +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME) \ + { \ + .name = Py_STRINGIFY(HACL_HID), \ + .p_name = NULL, \ + .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ + .block_size = Py_hmac_## HACL_HID ##_block_size, \ + .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ + .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ + .hashlib_name = HLIB_NAME, \ + .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ + .openssl_nid = Py_OpenSSL_NID_ ## HACL_HID, \ + .refcnt = 0, \ + } + /* MD5 */ + Py_HMAC_HINFO_ENTRY(md5, "md5"), + /* SHA-1 */ + Py_HMAC_HINFO_ENTRY(sha1, "sha1"), + /* SHA-2 family */ + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224"), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256"), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384"), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512"), + /* SHA-3 family */ + Py_HMAC_HINFO_ENTRY(sha3_224, NULL), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL), + /* Blake family */ + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256"), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512"), +#undef Py_HMAC_HINFO_ENTRY +#undef Py_HMAC_HINFO_HACL_API + /* sentinel */ + { + NULL, NULL, Py_hmac_kind_unknown, 0, 0, + {NULL, NULL}, + NULL, Py_OpenSSL_LN_MISSING, Py_OpenSSL_NID_MISSING, + 0, + }, +}; + +static inline bool find_hash_info_by_utf8name(hmacmodule_state *state, const char *name, const py_hmac_hinfo **info) { - if (name == NULL) { - *info = NULL; - return -1; - } + assert(name != NULL); *info = _Py_hashtable_get(state->hinfo_table, name); return *info != NULL; } +static bool +find_hash_info_by_evp_nid(hmacmodule_state *state, + int openssl_nid, + const py_hmac_hinfo **info) +{ + assert(openssl_nid != Py_OpenSSL_NID_MISSING); + for (const py_hmac_hinfo *e = py_hmac_static_hinfo; e->name != NULL; e++) { + if (e->openssl_nid == openssl_nid) { + assert(e->openssl_name != Py_OpenSSL_LN_MISSING); + *info = e; + return 1; + } + } + *info = NULL; + return 0; +} + +static bool +find_hash_info_by_evp_name(hmacmodule_state *state, + const char *openssl_name, + const py_hmac_hinfo **info) +{ + assert(openssl_name != NULL); + Py_EVP_MD *digest = Py_EVP_MD_fetch(openssl_name); + if (digest == NULL) { + *info = NULL; + return 0; + } + int nid = EVP_MD_nid(digest); + Py_EVP_MD_free(digest); + return find_hash_info_by_evp_nid(state, nid, info); +} + static int find_hash_info_by_name(hmacmodule_state *state, PyObject *name, const py_hmac_hinfo **info) { - int rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(name), info); - if (rc == 0) { - // try to find an alternative using the lowercase name - PyObject *lower = PyObject_CallMethodNoArgs(name, state->str_lower); - if (lower == NULL) { - *info = NULL; - return -1; - } - rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(lower), info); + const char *utf8name = PyUnicode_AsUTF8(name); + if (utf8name == NULL) { + goto error; + } + if (find_hash_info_by_utf8name(state, utf8name, info)) { + return 1; + } + + // try to find an alternative using the lowercase name + PyObject *lower = PyObject_CallMethodNoArgs(name, state->str_lower); + if (lower == NULL) { + goto error; + } + const char *utf8lower = PyUnicode_AsUTF8(lower); + if (utf8lower == NULL) { Py_DECREF(lower); + goto error; } - return rc; + int found = find_hash_info_by_utf8name(state, utf8lower, info); + Py_DECREF(lower); + if (found) { + return 1; + } + + // try to resolve via OpenSSL EVP interface as a last resort (slow) + return find_hash_info_by_evp_name(state, utf8name, info); + +error: + *info = NULL; + return -1; } /* @@ -363,6 +495,7 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, hmacmodule_state *state = get_hmacmodule_state(module); const py_hmac_hinfo *info = find_hash_info(state, digestmod); if (info == NULL) { + assert(PyErr_Occurred()); return NULL; } assert(info->api.compute_py != NULL); @@ -623,55 +756,6 @@ static PyMethodDef hmacmodule_methods[] = { // --- HMAC static information table ------------------------------------------ -/* Static information used to construct the hash table. */ -static const py_hmac_hinfo py_hmac_static_hinfo[] = { -#define Py_HMAC_HINFO_HACL_API(HACL_HID) \ - { \ - .compute = &Py_hmac_## HACL_HID ##_compute_func, \ - .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ - } - -#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME) \ - { \ - .name = Py_STRINGIFY(HACL_HID), \ - .p_name = NULL, \ - .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ - .block_size = Py_hmac_## HACL_HID ##_block_size, \ - .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ - .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ - .hashlib_name = HLIB_NAME, \ - .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ - .refcnt = 0, \ - } - /* MD5 */ - Py_HMAC_HINFO_ENTRY(md5, "md5"), - /* SHA-1 */ - Py_HMAC_HINFO_ENTRY(sha1, "sha1"), - /* SHA-2 family */ - Py_HMAC_HINFO_ENTRY(sha2_224, "sha224"), - Py_HMAC_HINFO_ENTRY(sha2_256, "sha256"), - Py_HMAC_HINFO_ENTRY(sha2_384, "sha384"), - Py_HMAC_HINFO_ENTRY(sha2_512, "sha512"), - /* SHA-3 family */ - Py_HMAC_HINFO_ENTRY(sha3_224, NULL), - Py_HMAC_HINFO_ENTRY(sha3_256, NULL), - Py_HMAC_HINFO_ENTRY(sha3_384, NULL), - Py_HMAC_HINFO_ENTRY(sha3_512, NULL), - /* Blake family */ - Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256"), - Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512"), -#undef Py_HMAC_HINFO_ENTRY -#undef Py_HMAC_HINFO_HACL_API - /* sentinel */ - { - NULL, NULL, - Py_hmac_kind_unknown, 0, 0, - {NULL, NULL}, - NULL, NULL, - 0 - }, -}; - static inline Py_uhash_t py_hmac_hinfo_ht_hash(const void *name) { diff --git a/configure b/configure index 78bd0c981ff002..52a13f94454755 100755 --- a/configure +++ b/configure @@ -681,6 +681,8 @@ MODULE__TESTCLINIC_FALSE MODULE__TESTCLINIC_TRUE MODULE__TESTCAPI_FALSE MODULE__TESTCAPI_TRUE +MODULE__HMAC_FALSE +MODULE__HMAC_TRUE MODULE__HASHLIB_FALSE MODULE__HASHLIB_TRUE MODULE__SSL_FALSE @@ -718,8 +720,6 @@ LIBHACL_SIMD256_FLAGS LIBHACL_SIMD128_OBJS LIBHACL_SIMD128_FLAGS LIBHACL_CFLAGS -MODULE__HMAC_FALSE -MODULE__HMAC_TRUE MODULE__BLAKE2_FALSE MODULE__BLAKE2_TRUE MODULE__SHA3_FALSE @@ -28967,8 +28967,8 @@ save_LIBS=$LIBS CFLAGS="$CFLAGS $OPENSSL_INCLUDES" LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL provides LN_* macros" >&5 -printf %s "checking whether OpenSSL provides LN_* macros... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL provides required hmac module APIs" >&5 +printf %s "checking whether OpenSSL provides required hmac module APIs... " >&6; } if test ${ac_cv_working_openssl_hmac+y} then : printf %s "(cached) " >&6 @@ -28977,12 +28977,23 @@ else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include // for LN_* macros + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x10101000L + #error "OpenSSL >= 1.1.1 is required" + #endif int main (void) { + OBJ_nid2sn(NID_md5); + OBJ_nid2sn(NID_sha1); + OBJ_nid2sn(NID_sha224); + OBJ_nid2sn(NID_sha256); + OBJ_nid2sn(NID_sha384); + OBJ_nid2sn(NID_sha512); + ; return 0; } @@ -30779,45 +30790,6 @@ fi printf "%s\n" "$py_cv_module__blake2" >&6; } - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 -printf %s "checking for stdlib extension module _hmac... " >&6; } - if test "$py_cv_module__hmac" != "n/a" -then : - - if true -then : - if test "$ac_cv_working_openssl_hmac" = yes -then : - py_cv_module__hmac=yes -else $as_nop - py_cv_module__hmac=missing -fi -else $as_nop - py_cv_module__hmac=disabled -fi - -fi - as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" - if test "x$py_cv_module__hmac" = xyes -then : - - as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$OPENSSL_INCLUDES$as_nl" - as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" - -fi - if test "$py_cv_module__hmac" = yes; then - MODULE__HMAC_TRUE= - MODULE__HMAC_FALSE='#' -else - MODULE__HMAC_TRUE='#' - MODULE__HMAC_FALSE= -fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 -printf "%s\n" "$py_cv_module__hmac" >&6; } - - LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) @@ -31564,6 +31536,44 @@ fi printf "%s\n" "$py_cv_module__hashlib" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 +printf %s "checking for stdlib extension module _hmac... " >&6; } + if test "$py_cv_module__hmac" != "n/a" +then : + + if true +then : + if test "$ac_cv_working_openssl_hmac" = yes +then : + py_cv_module__hmac=yes +else $as_nop + py_cv_module__hmac=missing +fi +else $as_nop + py_cv_module__hmac=disabled +fi + +fi + as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" + if test "x$py_cv_module__hmac" = xyes +then : + + as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$LIBHACL_CFLAGS $OPENSSL_INCLUDES$as_nl" + as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" + +fi + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 +printf "%s\n" "$py_cv_module__hmac" >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _testcapi" >&5 printf %s "checking for stdlib extension module _testcapi... " >&6; } @@ -32461,10 +32471,6 @@ if test -z "${MODULE__BLAKE2_TRUE}" && test -z "${MODULE__BLAKE2_FALSE}"; then as_fn_error $? "conditional \"MODULE__BLAKE2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${MODULE__HMAC_TRUE}" && test -z "${MODULE__HMAC_FALSE}"; then - as_fn_error $? "conditional \"MODULE__HMAC\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${MODULE__CTYPES_TRUE}" && test -z "${MODULE__CTYPES_FALSE}"; then as_fn_error $? "conditional \"MODULE__CTYPES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -32529,6 +32535,10 @@ if test -z "${MODULE__HASHLIB_TRUE}" && test -z "${MODULE__HASHLIB_FALSE}"; then as_fn_error $? "conditional \"MODULE__HASHLIB\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${MODULE__HMAC_TRUE}" && test -z "${MODULE__HMAC_FALSE}"; then + as_fn_error $? "conditional \"MODULE__HMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${MODULE__TESTCAPI_TRUE}" && test -z "${MODULE__TESTCAPI_FALSE}"; then as_fn_error $? "conditional \"MODULE__TESTCAPI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 diff --git a/configure.ac b/configure.ac index 2a719e868d0699..dd261edcfa76ba 100644 --- a/configure.ac +++ b/configure.ac @@ -7392,10 +7392,21 @@ WITH_SAVE_ENV([ CFLAGS="$CFLAGS $OPENSSL_INCLUDES" LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" - AC_CACHE_CHECK([whether OpenSSL provides LN_* macros], [ac_cv_working_openssl_hmac], [ + AC_CACHE_CHECK([whether OpenSSL provides required hmac module APIs], [ac_cv_working_openssl_hmac], [ AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include // for LN_* macros - ], [])], [ac_cv_working_openssl_hmac=yes], [ac_cv_working_openssl_hmac=no]) + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x10101000L + #error "OpenSSL >= 1.1.1 is required" + #endif + ], [ + OBJ_nid2sn(NID_md5); + OBJ_nid2sn(NID_sha1); + OBJ_nid2sn(NID_sha224); + OBJ_nid2sn(NID_sha256); + OBJ_nid2sn(NID_sha384); + OBJ_nid2sn(NID_sha512); + ])], [ac_cv_working_openssl_hmac=yes], [ac_cv_working_openssl_hmac=no]) ]) ]) @@ -7813,9 +7824,6 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) -PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], - [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) - LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) @@ -7931,6 +7939,9 @@ PY_STDLIB_MOD([_ssl], [], [test "$ac_cv_working_openssl_ssl" = yes], [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $OPENSSL_LIBS]) PY_STDLIB_MOD([_hashlib], [], [test "$ac_cv_working_openssl_hashlib" = yes], [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) +PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], + [$LIBHACL_CFLAGS $OPENSSL_INCLUDES], + [$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) dnl test modules PY_STDLIB_MOD([_testcapi], From 82c610cf06c91d563b2af2dd549df58e8427a52c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 13:11:41 +0100 Subject: [PATCH 30/36] update comment --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 42f1a462c13306..841a737fda84f5 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -145,7 +145,7 @@ # define Py_OpenSSL_NID_sha3_512 Py_OpenSSL_NID_MISSING #endif -/* Blake family */ +/* Blake2 family */ // HACL_HID = blake2s_32 #define Py_hmac_blake2s_32_block_size 64 #define Py_hmac_blake2s_32_digest_size 32 From ff8cf2fc2062ba8ef2332f54493fc2fac97e1791 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 13:37:48 +0100 Subject: [PATCH 31/36] fix configure? --- configure | 2 +- configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 52a13f94454755..e1358dc3bdcc64 100755 --- a/configure +++ b/configure @@ -31559,7 +31559,7 @@ fi then : as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$LIBHACL_CFLAGS $OPENSSL_INCLUDES$as_nl" - as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" + as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$LIBHACL_CFLAGS Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" fi if test "$py_cv_module__hmac" = yes; then diff --git a/configure.ac b/configure.ac index dd261edcfa76ba..05a858e6347097 100644 --- a/configure.ac +++ b/configure.ac @@ -7941,7 +7941,7 @@ PY_STDLIB_MOD([_hashlib], [], [test "$ac_cv_working_openssl_hashlib" = yes], [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], [$LIBHACL_CFLAGS $OPENSSL_INCLUDES], - [$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) + [$LIBHACL_CFLAGS Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) dnl test modules PY_STDLIB_MOD([_testcapi], From fba3778bc0f8351a30b46d5891d18a6b401a341a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 15 Nov 2024 10:24:12 +0100 Subject: [PATCH 32/36] sbom --- Misc/sbom.spdx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index 0d574f9569f423..cf1a385f6b6e76 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -2337,4 +2337,4 @@ } ], "spdxVersion": "SPDX-2.3" -} +} \ No newline at end of file From 5c3cbfdf9f838e6f23bced3987cba25fe4f38e63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 15 Nov 2024 10:28:50 +0100 Subject: [PATCH 33/36] remove unused imports --- Modules/hmacmodule.c | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 841a737fda84f5..0d8be53dda81c9 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -4,7 +4,6 @@ #include "Python.h" #include "pycore_hashtable.h" -#include "pycore_strhex.h" // _Py_strhex() #include // EVP_* interface #include // LN_* and NID_* macros From 379cbef23fbb16b34919310116c39f5bd0b85646 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 19 Nov 2024 12:21:15 +0100 Subject: [PATCH 34/36] cosmetic changes for future resolution --- Modules/hmacmodule.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 0d8be53dda81c9..f07d3e47244bb1 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -5,8 +5,8 @@ #include "Python.h" #include "pycore_hashtable.h" -#include // EVP_* interface -#include // LN_* and NID_* macros +#include // EVP_* interface +#include // LN_* and NID_* macros #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" @@ -200,7 +200,6 @@ typedef void (*HACL_HMAC_compute_func)(uint8_t *out, uint8_t *key, uint32_t keylen, uint8_t *msg, uint32_t msglen); - /* Function pointer type for 1-shot HACL* HMAC CPython AC functions. */ typedef PyObject * (*PYAC_HMAC_compute_func)(PyObject *module, PyObject *key, PyObject *msg); From 960aa7355c6683667f8827701f282542c38ecf76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 28 Nov 2024 12:02:16 +0100 Subject: [PATCH 35/36] fix memory leak --- Modules/hmacmodule.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index f07d3e47244bb1..3bda08cfdf4089 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -517,7 +517,10 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, "key length exceeds UINT32_MAX"); \ return NULL; \ } \ - GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ + GET_BUFFER_VIEW_OR_ERROR( \ + (MSG), &msgview, \ + PyBuffer_Release(&keyview); return NULL \ + ); \ if (!has_uint32_t_buffer_length(&msgview)) { \ PyBuffer_Release(&msgview); \ PyBuffer_Release(&keyview); \ From 074f9ab692ac8c3456f0801e38152a3332799831 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 28 Nov 2024 12:05:39 +0100 Subject: [PATCH 36/36] add #define for error messages --- Modules/hmacmodule.c | 68 +++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 3bda08cfdf4089..0a1d1439b0aa3a 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -23,6 +23,11 @@ # define Py_EVP_MD_free(MD) do {} while(0) #endif +// --- Reusable error messages ------------------------------------------------ + +#define INVALID_KEY_LENGTH "key length exceeds UINT32_MAX" +#define INVALID_MSG_LENGTH "message length exceeds UINT32_MAX" + // --- HMAC underlying hash function static information ----------------------- #define Py_hmac_hash_max_digest_size 64 @@ -507,39 +512,36 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, * lest an OverflowError is raised. The Python implementation takes care * of dispatching to the OpenSSL implementation in this case. */ -#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ - do { \ - Py_buffer keyview, msgview; \ - GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ - if (!has_uint32_t_buffer_length(&keyview)) { \ - PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_OverflowError, \ - "key length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - GET_BUFFER_VIEW_OR_ERROR( \ - (MSG), &msgview, \ - PyBuffer_Release(&keyview); return NULL \ - ); \ - if (!has_uint32_t_buffer_length(&msgview)) { \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_OverflowError, \ - "message length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ - Py_hmac_## HACL_HID ##_compute_func( \ - out, \ - (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ - (uint8_t *)msgview.buf, (uint32_t)msgview.len \ - ); \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - return PyBytes_FromStringAndSize( \ - (const char *)out, \ - Py_hmac_## HACL_HID ##_digest_size \ - ); \ +#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ + do { \ + Py_buffer keyview, msgview; \ + GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ + if (!has_uint32_t_buffer_length(&keyview)) { \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH); \ + return NULL; \ + } \ + GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \ + PyBuffer_Release(&keyview); \ + return NULL); \ + if (!has_uint32_t_buffer_length(&msgview)) { \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_OverflowError, INVALID_MSG_LENGTH); \ + return NULL; \ + } \ + uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ + Py_hmac_## HACL_HID ##_compute_func( \ + out, \ + (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ + (uint8_t *)msgview.buf, (uint32_t)msgview.len \ + ); \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + return PyBytes_FromStringAndSize( \ + (const char *)out, \ + Py_hmac_## HACL_HID ##_digest_size \ + ); \ } while (0) /*[clinic input] pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy